Top 10 Reasons Why Being an IT Auditor is So Hard

tenBefore you choose a career as an IT auditor, consider my top 10 reasons why being an IT auditor is so hard.

  1. You have to interview experts, ask them for help understanding some items, and then explain to them why their processes and methods create risks that can harm the company.
    Most people don’t like their work criticized; I don’t either. Most don’t appreciate it, even when you are really trying to help.
  2. You are often viewed as a messenger of bad news, instead of a professional who identifies risk and inefficiencies.
  3. The bad news you bear is usually due to people not following company policies, best practices, and in some cases, common sense.
  4. You are often told you are making a mountain out of a hill of soggy beans. Then your auditees check and double-check your facts. You had better have checked them first.
  5. The technical people in other departments tend to watch you like a hawk, waiting for you to make an error, so THEY can pounce on YOU.
    That’s what I feared after I stumbled at work, which is described in Mack Falls Prey to Phishing Email.
  6. You have to help non-technical people (usually management) understand how certain technology, or the way the company has implemented it, has greater risk than reward.
  7. When you’re ready to move to another department in the company, some people have a hard time forgetting all the risks you identified. They blame you for bringing to light the problems they either created, ignored, or both.
  8. Sometimes the findings you report result in people getting demoted, walked out the door, or sent to prison.
    I described my experience with this in Internal Attacker Detected and Behind Locked Doors. While both of these experiences occurred when I was in the security department, I’ve seen IT audits that had similar effects.
  9. Keeping your independence means you have to keep your distance from some individuals in the company and can’t take advantage of the perks they can provide.
  10. When risks are ignored and they become public, everyone asks,”Where was internal audit?” instead of “Why did they ignore internal audit?”

Compare these reasons to my Top 10 Reasons to be an IT Auditor.

If you’re an IT auditor or were one, what were the toughest parts of your job?

What would you add to this list?

See also:

Careers After IT Audit

My other ‘Top 10’ Posts



Filed under Audit, Employment, Technology, Top 10

3 responses to “Top 10 Reasons Why Being an IT Auditor is So Hard

  1. Pingback: Top 10 Reasons Why Being an IT Auditor is So Hard – Cyber Security

  2. Audit Monkey

    Not going to bother reading the article as I’m going tell you why. Alot of IT Auditors don’t know what they are doing as they have very little technical (IT) ability and are poor communicators.


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.