Recently, I saw a job title in an ad that intrigued me, and I’ve been trying to find out more about it. The ad was for an IT auditor, and the ad specified a lot of requirements, most of which I have and some of which I don’t. The starting salary looked good, and since I’m more than a few years into my IT career, I am ready for a change. Can you tell me more about this position and what the future prospects for it are?
Like most IT job titles, the IT auditor title covers a wider variety of tasks and skills than the name would suggest. Some companies use the title to mean the person who checks to see if the company is getting the most out of its IT investment. For other companies, the person in this role is the one who makes sure the IT money was spent as promised—money invested is not the same as results reaped. Other companies use the title to designate the person who is supposed to keep watch on IT security, to keep the data and the hardware safe from harm.
Since I don’t have the exact ad that you mention, I decided to look around on the Web for IT auditor job postings. Not surprisingly, I found several different job descriptions with the IT auditor title, each with its own list of experience and training requirements. I have to say that for the salaries offered, some of the items in the list of requirements seemed fanciful at best. Most people with qualifications like these would be looking at jobs that pay much more.
Do you have a career question?
If so, send it to us. If your question is chosen as the basis for one of our Career columns, we’ll send you a TechRepublic coffee mug.
Let’s take a look at some of these job opportunities. Orange County Florida is looking for a “Senior Information Technology Auditor.” The employee would perform technical evaluations, conduct financial, compliance, and operational audits of agencies, departments, programs, activities, etc. and provide technical support (among other things). Orange County’s salary range tops out at around $65,000 for this job.
The county would like the employee to have hands-on, in-depth knowledge of all kinds of computer systems, including mainframes and PCs, along with the operating systems and major applications that run on these computers. In addition, knowledge and experience in installing and troubleshooting LANs and WANs is a must. These are only a few examples of what someone needs in order to be considered for this position.
Here’s another: A major utility company in Ontario wants to hire (for a temporary position) a “Senior Auditor, Information Technology.” The person would “plan and perform risk assessments of major processes, systems, and components throughout all areas of the company.” That’s item one on a list of six major job responsibilities. The second one on the list is “assess IT strategies to support business processes.”
Job selection criteria include experience with all of the tasks listed on the job description, five or more years of IT audit experience or related college degree, excellent communication skills, and strong writing skills. It also would help if the candidate is a really good negotiator.
I think you get the picture that the job of IT auditor is one that is difficult for mere mortals to aspire to. I don’t want you to get the idea, though, that you shouldn’t pursue these kinds of jobs if you are interested in them. IT auditing is a career path with good long-term prospects.
Although you must read the job descriptions carefully to make sure you’re applying for a job you can and want to do, you can build a nice career around IT auditing. Starting out, you should choose one of the three major areas of auditing that I outlined earlier in my answer (security, financial, and ROI analysis of IT systems) and build up your skills in those areas. If you do, you will be able to be employed as an IT auditor as long as you care to be. After a few years at your first job, you could move on to a more challenging job that pays more money.
Note: You will find that some of the job descriptions mention a certification with the acronym CISA. The acronym stands for Certified Information Systems Auditor, and it’s a certification offered by the Information Systems Audit and Control Association and Foundation. If you visit the Association’s Web site, you can learn about the certification and more about IT auditing.