When talking about IT auditor jobs let’s not get confused about the word ‘audit’, which is generally used when talking about delving into the finances of a company. An IT audit is not wholly dissimilar, nor is it similar to a financial audit, although the IT audit may take place in conjunction with other audits for the company in order to get an overall internal operations look at the business.
An IT audit job would usually focus on finding the risks that are pertinent to the information assets in a company and in appraising the controls of the information to reduce the risks that are associated. Generally, the IT auditor will look at either a ‘general control review’ or an ‘application control review’. The audit process will evaluate the information system for availability, integrity and confidentiality.
Typically, there are five types of IT audits:
- An IT audit of the information technology systems and applications is to ensure that the systems and applications being run are sufficient and suitable to the company’s needs. The audit will look to see if the system provides security and reliability, while operating in a timely manner, and that the input and output at all the levels of the system is operating properly.
- An audit of information processing facilities is required to verify that the facility is maintained and controlled to ensure the efficacy of all the processing applications under normal conditions and in the event of a disruption.
- An audit of systems development is done to verify that the company’s systems, while under development, meet the requirements of the company and are being furbished with acceptable standards.
- An audit of the management of IT and the enterprise’s architecture verifies that the information processing is being controlled and run efficiently in an organized structure.
- Audits of the client or server, telecommunications, intranets and extranets validates that controls are in place on the client’s end, the server and on the network connecting the two and that the information being transferred is safe and secure on the IT system.
An IT auditor generally follows five steps in the process of an IT audit: planning, studying controls and the evaluation of those controls, testing and reevaluating the controls, reporting and following up at a later date to ensure all is still well.
The fundamental principle behind an IT audit job is to maintain the integrity of information stored within the system and to ensure that all the information is safe and can not be accessed by unauthorised persons. Many companies hold databases of personal information on their clients and employees and the IT auditor safeguards against that information being ‘leaked out’ or accessed by anyone other than employees of the company with rights to the information.
With information technology advancing at a rapid rate, changes can be expected in this field. As the technology world grows faster and faster with new upgrades, systems and processes, the IT auditor must keep up with the emerging trends to ensure that the companies they work for maintain a high standard in their technology and information processing environment.
Written by CareersinAudit.com, June 2008.