Nobody likes the word “audit.” That is unless you are, or are thinking about becoming, an IT auditor, which is one of the fastest growing career areas in IT according to CareerProNews. Since the passage of information legislation, like Sarbanes-Oxley, IT audits have increased, and so has the need for people to do them.

An IT audit is basically the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. IT auditors look not only at physical controls as a security auditor would, but they also look at business and financial controls within an organization.

IT auditors help organizations comply with legislation, making sure they keeping data and records secure. These auditors don’t actually implement any fixes; they just offer an independent review of the situation.

Fred Roth, a senior consultant at a training institute, says he believes the demand for IT auditors will continue for the next couple of years: “I talk to a lot of management from companies in the U.S., Canada and Europe. The answers are always the same — they cannot find enough good IT auditors.”

So what does it take to be an IT auditor? CareerProNews says that “CIA (certified internal auditor), CISA (certified information systems auditor) and CISSP (certified information systems security professional) certifications are becoming an absolute must for IT auditors.”

Roth adds: “IT auditors need to be qualified to audit the many different aspects of IT: systems, networks, databases, encryption, etc., and that they need to be proficient and stay current as the technology changes. This requires ongoing training.”

Although most IT auditor positions start out on contract, many firms are realizing the need to hire full-time personnel to handle the duties.