Students Login 
Teacher Login
No Coding Skills or Technical Degree Needed! 100% online.
An IT audit or information technology audit is an investigation and evaluation of IT systems, infrastructures, policies, and operations. Through IT audits, a company can determine if the existing IT controls protect corporate assets, ensure data integrity and align with the organization’s business and financial controls.
While most people are familiar with financial audits that evaluate an organization’s financial position, IT audits are still a fairly new phenomenon that is now gaining more importance due to the rise of cloud technology. The purpose of an IT audit is to check on security protocols and processes in place and IT governance as a whole.
As an unbiased observer, an IT auditor makes sure that these controls are properly and effectively installed, so the company is less vulnerable to data breaches and other security risks. However, even if adequate security and compliance are provided, there has to be a line of action in case of an unlikely event that would threaten the health and reputation of the examined business.
Next, learn more about an IT auditor’s role, skills, responsibilities, and certifications.
IT Auditor role
An IT auditor develops, implements, tests, and evaluates all IT audit review procedures within a company that relies on technology. These audit procedures can extend to networks, software applications, communication and security systems as well as any other systems that are part of the organization’s technological infrastructure.
By conducting IT-related audit projects and following established IT auditing standards, IT auditors have an essential role in ensuring that an organization and its sensitive data are protected from external or internal security threats. After all, just a small technical error can have a devastating impact on the entire organization.
IT Auditor responsibilities
Now you know why IT auditors have such an important role within a company relying on technology. But what do their actual responsibilities look like in practice? Below, we’ve outlined the most important ones.
Development and planning of audit test plans
Determining audit scope and objectives
Coordination and execution of audit activities
Adhering to auditing standards established by the company
Development of detailed audit reports
Identifying best practices for meeting audit requirements
Maintain and update IT audit documentation
Communicating audit findings and recommendations
Ensuring that previous recommendations have been implemented
IT Auditor skills
The skills required for the job of an IT auditor may differ depending on which industry they work in. However, there is a general set of skills that most companies are looking for when hiring an IT auditor. These skills include:
Formal qualifications: No formal qualification necessary to start this course.
Practical experiences: Previous work experience in data security and IT auditing is always a plus.
Understanding core business processes: This helps the IT auditor in linking IT systems to the value they bring to the business.
Understanding key IT processes: This allows the IT auditor to prioritize IT risks.
Strong analytical and logical reasoning ability: IT auditors should be able to use data analysis and visualization tools.
Strong communication skills: This ability is necessary for explaining complex security issues to non-technical management teams.
IT Auditor salary
With the adoption of new cloud technologies, it does not come as a surprise that the position of an information technology auditor is in high demand. After all, companies of all sizes and across all industries have been leaning into new technology trends. So, what does an IT auditor actually earn?
Depending on experience, qualifications, and location, an IT auditor’s salary can range from $44k at the lower level to $143k for IT auditor directors or managers. This means that the average annual pay for an IT auditor working in the United States is currently at $93k per year or $45 per hour.
IT Auditor certifications
IT auditors can increase their chances of getting hired and being paid well if they acquire job-related certifications. Below are the two most common ones.
Certified Information Systems Auditor (CISA):This certification is offered through the ISACA. It is specifically designed for information security professionals and information technology auditors. Before IT auditors can earn this certificate, they need at least five years of professional experience in the field of IT auditing.
Certified Information Security Manager (CISM):This certification targets information security managers and focuses on the design and maintenance of information security programs. To earn this certificate, individuals need at least five years of IS experience and three years of working as a security manager.
Who will benefit from this course?
This course is intended to deliver a fundamental understanding of IT auditing that will help the non-IT auditor perform the ITGC components of a traditional business process audit engagement. This course will benefit non-IT auditors — with 0-2 years’ IT auditing experience.
General Course Overview
Course Objectives
Explore the steps to perform an audit of IT applications that support key business processes, utilizing general IT control audit concepts.
Examine the steps for coordinating the assessment of IT risks with the evaluation of IT general controls.
Recognize the concepts of application controls as they relate to auditing systems in development.
Identify the steps to perform a risk assessment and an evaluation of controls over end-user computer applications, utilizing general IT control concepts.
Course Topics
Overview of IT Auditing Concepts and Controls
Types of audits internal auditors perform.
The responsibilities, objectives, and skills needed to perform IT audits.
How COSO relates to IT auditing.
Commonly referenced regulations affecting IT audits.
Overview of Key Technical Processes and IT General Controls
Key technical processes: (IT governance, Project management)
Traditional IT general controls (ITGCs).
Common physical security controls.
Common environmental controls.
Administrative controls.
Computer operations controls.
Introduction to IT Change Management
The IT change management process.
Standard types of technology changes.
Risks and costs of ineffective or inefficient IT change management.
Controls by function.
Internal Audit’s role in IT change management.
Fundamentals of Logical Security
General system security concepts.
The IAAA Model.
Identification.
Authentication.
Authorization.
Auditing.
Primary activities regarding access management.
Availability and Corrective Controls
Recovery objectives.
Availability concepts.
Business continuity.
Disaster recovery.
Incident response.
Auditing availability and corrective controls recovery processes.
System Development Life Cycle
System development life cycle concepts.
System development life cycle frameworks.
Auditing the system development life cycle.
Application Controls
Types of application controls.
Purpose, risks, and control activities relating to:
Input controls.
Processing controls.
Output controls.
Interface controls.
Audit trails (log files).
General application security.
End-User Computing – Shadow IT
Overview of end-user computing.
User-developed applications (UDA) risks and controls.
Dependence on spreadsheets within financial activities.
User-acquired-systems (UAS) risks and controls.
Auditing end-user computing.
Networking Essentials
Key networking concepts and technologies.
Typical networking risks.
Traditional networking controls and tools.
Cloud Computing
Basics of cloud computing.
Cloud environments.
Benefits of cloud computing.
Cloud service risks.
Cloud controls.
Importance of the Statement on Standards for Attestation Engagements (SSAE) System and Organizational Controls (SOC) reports.
Reviews
There are no reviews yet.