What are some major difficulties if one were to work for IT Audit, and Accounting? Also, what are some programming languages that suit IT Audit?
My name is David, a rising, college sophomore, who is majoring in Information Technology. As of now, my primary focus is web development, but I'm also interested in exploring my other career options that fall under the IT industry, such as IT Audit. #accounting #information-technology #accountant #it-management #risk-analysis #it-sales #it-audit
9 answers
Adam’s Answer
Hi David, I spent about 8 years as an internal auditor, and I received the Certified Internal Auditor (CIA) designation from the Institute of Internal Auditors (IIA). Most of the career IT auditors I worked with made it a point to get their Certified Information Systems Auditor (CISA) designation. You can find information about this on www.isaca.org .
When I was auditing, one of the areas I specialized in was computer assisted auditing techniques (CAATs). I would use a product called ACL to do this. There are a handful of tools on the market which accomplish the same things. Today I like to use Microstrategy for data mining and analysis. There are free tools like R which can also be used.
Anyhow, to be effective at this it is good to understand database structure, be able to access data (usually do this through sql), and be able to connect how actions in real life are represented in data form, so you can look for anomalous activity. Here's a real world example: sometimes companies limit the amount of money their managers can spend before asking for approval from someone higher than them in the organization. Let's say a manager is allowed to buy things that cost up to $5,000 without getting approval from their director. If you are using CAATs, you might look at your accounts payable data and see one manager with several transactions for $4,999. This indicates they are splitting up the cost of a much larger purchase to circumvent the internal controls (the $5,000 limit). Or, they found a way to buy an expensive item without having to ask their manager by splitting the payments up so each one falls under the $5,000 threshold.
From what I can remember, IT auditors often spend time looking at internal control design and effectiveness. Things like access controls (who can access which records within a system?), data center controls (are the servers secure and maintained with proper fire suppression, cooling, and back-up power), etc.
I was really interested in web design and ended up an auditor and did very well with it, so maybe it will work for you as well! One thing I can say is auditing won't provide the same work environment, but you will learn a ton about business and the career path and pay is rather good, especially once you get some years of experience under your belt.
Mark’s Answer
Hi David,
I work in a business team that does security, data quality, data support, reporting, and IT projects. My team is in accounting and we work really closely with the audit teams. The only difficulty in the area of IT audit and accounting is that you must be interested in both the technical side and the business side of the company. For instance, my team has to understand what the accountants need, what is required for our business controls, and be technical also. My team focuses primarily on SQL programming although we do have team members that know VBA, various reporting tools, and SQL Server coding. I would say at least at Dell, the most important thing to know would be SQL. There are audit tools that some companies use, but in the end, data is the most important part of the equation. Many of my team members have been considered for audit positions because they understand the business and can pull data to support the audit process.
I hope that helps!
Best Wishes, Mark
Joseph’s Answer
Hi David,
I have seen that you have received a lot of really good advice and I just wanted add to what some have already mentioned. The IT audit profession is growing rapidly! I have spent the last three years working in support of the financial state audit by testing system automation for processing of transactions and IT general controls.IT general controls are made up of Logical Access (how a system is accessed and who has access to a system), Change Management (the process for governing changes to a production system), and Computer Operation (how data is transfered between systems within an environment).
There is more to IT Audit though than just supporting the financial statement audit that publicly traded companies are required to obtain. Any regulation that requires compliance will require an audit and somepoint to validated that a company is in compliance with the law or standard. An example of other types of audits that an IT Auditor may preform are PCI DSS (<span style="color: rgb(34, 34, 34);">Payment Card Industry Data Security Standard </span>) or GDPR (General Data Protection Regulation). GDPR is the newest regulation that was put in place within the EU that protect EU citizens data which effects all companies that operate or perform business within the EU, which most major companies do to some degree.
My recommendations would be that you add a second major or minor in accounting as the major systems in a companies IT environment will have accounting implications and in order to best audit the system, it helps to understand its role within the environment through accounting lense.
Hope this helps!
Prithuvi Skantharajah
Prithuvi’s Answer
Highly recommend taking a class on risk management (if available), along with a class or two on MIS (Management of Information Systems) ideally with an emphasis on SQL/Mainframe. While the former will give you an appreciation for concepts over controls/risk mitigation, the latter will give you a head start, from a technical standpoint. In addition to the above, if you're interested, the CISA (Certified Information Systems Auditor) is a globally recognized certification, that'll benefit you in the long run.
Best - P
Maria Clarette’s Answer
My background is in Accounting and Supply Chain Management, along with a master's degree in Accounting and Data Analytics. Although I initially lacked experience in IT audit, I have been performing IT audits for my clients for two years now. In my experience, being eager to learn, comfortable asking questions, and engaging in self-study were crucial factors in beginning a career in IT audit. One of the biggest challenges is overcoming the feeling of not knowing everything or not contributing to the team's success due to a lack of IT audit experience. Once you move past this mindset, things will improve.
Regarding programming languages, I have primarily worked with Java and SQL for my Fortune 500 clients. It's also beneficial to familiarize yourself with applications like SAP, PeopleSoft, OneSource, and OneStream, as these are commonly used by companies nowadays. Understanding their functions and operations will be a valuable asset for you. Additionally, I recommend getting acquainted with cloud providers such as AWS and Microsoft Azure.
I hope you find this information helpful!
Nicole’s Answer
Bobby’s Answer
Amra’s Answer
Vidhya Sagar’s Answer
IT Audit:
Keeping up with rapidly evolving technology: The IT landscape changes constantly, requiring continuous learning and adaptation to new systems, regulations, and risks.
Data security and privacy concerns: IT Auditors handle sensitive data, demanding a strong understanding of security protocols, privacy laws, and emerging threats.
Bridging the communication gap between technical and non-technical personnel: Translating complex technical findings into clear and concise reports for management and stakeholders can be challenging.
Limited resources and tight deadlines: IT audits often face pressure to deliver results quickly with limited staff and budget.
Constantly evolving audit standards and regulations: Staying updated with industry standards and regulatory requirements like SOX, HIPAA, and GDPR is crucial.
Accounting:
Maintaining accuracy and precision: Accounting demands meticulous attention to detail and a low tolerance for errors.
Handling large volumes of data: Accountants work with vast amounts of financial data, requiring strong analytical and data management skills.
Meeting deadlines and regulatory requirements: Timely financial reporting and compliance with tax laws and accounting standards are critical.
Adapting to new accounting standards and technologies: The field is constantly evolving, necessitating ongoing professional development.
Preventing and detecting fraud: Accountants play a crucial role in safeguarding assets and identifying fraudulent activities.
Programming Languages for IT Audit:
Python: Highly versatile for scripting, data analysis, automation, and developing audit tools.
SQL: Essential for querying and analyzing data stored in relational databases.
ACL (Audit Command Language): Specifically designed for data analysis and manipulation for audit purposes.
IDEA (Interactive Data Extraction and Analysis): Another popular data analysis software used by auditors.
VBA (Visual Basic for Applications): Useful for automating tasks within Microsoft Excel, a commonly used tool by auditors.