An IT audit is basically the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. IT auditors look not only at physical controls as a security auditor would, but they also look at business and financial controls within an organization.
IT auditors help organizations comply with legislation, making sure they keeping data and records secure. These auditors don't actually implement any fixes; they just offer an independent review of the situation.
Fred Roth, a senior consultant at a training institute, says he believes the demand for IT auditors will continue for the next couple of years: "I talk to a lot of management from companies in the U.S., Canada and Europe. The answers are always the same — they cannot find enough good IT auditors."
So what does it take to be an IT auditor? CareerProNews says that "CIA (certified internal auditor), CISA (certified information systems auditor) and CISSP (certified information systems security professional) certifications are becoming an absolute must for IT auditors."
Roth adds: "IT auditors need to be qualified to audit the many different aspects of IT: systems, networks, databases, encryption, etc., and that they need to be proficient and stay current as the technology changes. This requires ongoing training."
Although most IT auditor positions start out on contract, many firms are realizing the need to hire full-time personnel to handle the duties.
Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.