Norman Ralph Augustine once said, “Two-thirds of the Earth’s surface is covered with water. The other third is covered with auditors from headquarters.” This highlights the rise of the auditing profession and the importance that more and more companies are placing on internal and external audits due to increasing regulatory requirements. This reliance, coupled with the ever increasing dependency on technology, requires a special skill set: the IT auditor. If you have just started down this career path, these tips, and ISACA’s CISA certification, can help you navigate the IT auditor track.
The majority of the time you will be working with people who are more experienced than you. Take advantage of their knowledge, especially when it comes to IT. Because auditing requires so much on-the-job training, one of the best ways to learn is to ask questions of the people around you, over and over again. Ask them to tell you where they think the company could improve when it comes to IT, where the company is headed in terms of technology, or how they ended up in their current role. Asking a question may seem simple, but there will definitely be times when you aren’t sure who or which question to ask. Try asking your manager or coworker to talk it out with you, create a visual, or walk them through your thinking process so far. With the emergence of new technologies at a rapid pace, inquiring minds will always want to know.
An audit requires a lot of information to flow between various people, and all parties involved want it completed in the most efficient and effective manner. Whether you are communicating to a manager, a client, or a coworker, being able to relay a message accurately and effectively will help manage that flow of information. Clients want to be able to give you what you need the first time you ask. Precisely describing what item you are requesting and why helps ensure unnecessary time isn’t spent going back and forth for clarification. Managers always want to know where things are at and how the audit is progressing. Regularly updating them on your progress better informs them on where additional help may be needed and how the strategy moves forward to meet the audit deadline. Effective communication helps build relationships and makes you an effective person to work with in the future.
Technical Versus Non-Technical
Because you will interact with various people at all levels and departments of an organization, each person’s level of IT knowledge will differ. One of the best skills you can work on is being able to “translate” IT technical terms into terms or examples that anyone can understand. For example, simply explaining what acronyms stand for can ensure everyone is on the same page. Practice this on family, friends, coworkers, etc. Be sure to know your audience when using technical terms, as IT personnel will understand without an explanation while executives may not. This is especially helpful when conveying IT findings to higher-level management and helping them understand the severity of the finding and how to mitigate this risk in the future. This skill is often developed over time and with experience, so don’t get frustrated if there is some miscommunication at the beginning.
The biggest takeaway is to be open to learning everything you can and striving to improve your skills. There is a demand for certified IT auditors, which makes this career path a great starting point.
Editor’s note: For more career insights for newcomers to the IT audit, governance, risk and security fields, visit ISACA’s Young Professionals page.