If you’re a new IT auditor or want to become one, I’ve listed a number of my earlier posts for your consideration. If you’re an experienced auditor, here’s an overview of the profession through my eyes.
These posts will:
- Provide basic information regarding IT audit and security and links to other sources.
- Help you avoid some of the hidden pitfalls that control owners and auditors face.
- Give you ideas and approaches for some common and uncommon audits.
- Give you a few chuckles.
If you start at the top and read through each post, you’ll get a good taste of the positives and negatives of IT auditing. Since you can’t do it in one sitting, yoo could bookmark the list and work your way through it as you have time.
As we all know, too few good IT audit blogs exist.
So it’s exciting when a new one is launched that shows promise.
Here’s my list of the top 10 reasons to be an IT auditor:
10. You have access to all systems, data, and people (with a business reason, of course). Employees rarely ignore you.
9. You can uncover fraud, mischief, ignorance, and just plain laziness. Either way, you “add value to the business” (yeah, I hate that term too, but it is what audit is about, and so appropriate).
I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.
If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.
I found a great graphic that documents the main steps in a typical IT audit. If you don’t find this funny, please tell me why. Check it out here.