An information technology auditor is responsible for quality assurance procedures and reviewing processes pertaining to the processing of data, data security issues and programming guidelines (for organizations with programming departments). Auditors usually work in an office and must have insight into various hardware and software platforms while providing solutions when discrepancies arise from audits. According to the Bureau of Labor, between 2008 and 2018, the career field for accountants and auditors (which includes the occupation of information technology auditor), is expected to grow by 22 percent.
Establish Audit Guidelines
An information technology auditor is responsible for establishing audit guidelines according to industry and organizational standards. Executive management defines the scope and responsibilities within the auditing function. The auditor ensures effective implementation of audit procedures. Procedures include scheduling, audit report cycles, procedures during audit reviews, steps for resolution of discrepancies found during and audit and risk management issues. Auditors develop procedures according to ISO/IEC 17799 Information Systems Audit Guidelines for compliance.
Audit scheduling establishes the annual cycle of audits for an information system or electronic data processing function. At the supervisory level, an information technology auditor establishes the audit schedule that reviews the various components of a system and how transactions are processed. The audit schedule is approved by executive management and distributed throughout an organization. If the organization has several branches with data processing capabilities, schedules are distributed to the applicable branch chief or supervisor.
The technology information auditor must have knowledge of system layouts to perform effective audits. The audit considers or reviews the system layout and prepares an engagement letter to the function to be audited. The processes of the system (transaction processing, networks, catalogue and runstream files, data security and disaster recovery) are rated by the audit after a complete review of information system or data processing operations. The auditor conducts "exit" interviews with management and prepares an audit report for submittal to management.
As a supervisor, an information technology auditor is responsible for communicating audit procedures and plans to subordinates. Supervisory duties include conducting staff meetings with executive management, reviewing audit reports, providing training to auditors, and ensuring audit work papers, checklists, procedures and audit software are updated in compliance with industry standards. The supervisor can also lead an audit team in an audit depending on the size of the organization.
Educational and Salary Requirements
A bachelor's degree in information systems management with a background in business management is sufficient for a career as an information systems auditor. There are also industry certifications that can be obtained with or without a degree such as the CISA (Certified Information Systems Auditor) certification. According to Payscale.com, an information systems auditor, with five to nine years experience, can earn between $69,078 to $89,277 annually.
- Photo Credit business colleagues preparing for business meeting image by Vladimir Melnik from Fotolia.com