What Does an IT Auditor Do?
Information technology (IT) auditors are responsible for planning, coordinating, conducting, and reporting on IT audits of networks, applications, system development, and corporate systems and processes. They must collect and evaluate data about an organization’s systems, practices, and operations, as well as to conduct fieldwork, assess the effectiveness of results, and identify issues to find resolutions. IT auditors work in myriad industries, including health care, construction, finance, and technology.
Are you a job seeker?
of job openings
and apply online
National Average Salary
IT auditor salaries vary by experience, industry, organization size, and geography. To explore salary ranges by local market, please visit our sister site zengig.com.
The average U.S. salary for an IT Auditor is:
IT Auditor Job Descriptions
This position will lead and participate in audits and consulting projects, under the oversight of the Chief Audit and Ethics Officer, with the objective of analyzing and assessing the District’s enterprise technology (ET) infrastructure and cybersecurity. Works both autonomously and with the internal audit team to execute risk-based internal audits utilizing agile auditing principles. Serves as the internal audit team’s subject matter expert (SME) in identifying ET and cybersecurity risks and recommendations for management to strengthen operations. Builds and maintains relationships within the internal audit team and other departments.
Education, training and experience
- Bachelor’s Degree in Computer Science, Management Information Systems, or another Business-related field is required
- 4+ years of experience in ET related position required
- 2+ years in internal or external auditing preferred
- Prior knowledge and experience in the following areas is preferred but not required
- Applying IT and Cybersecurity control frameworks including CIS 18, NIST, COBIT, ISO 2700
- System and software applications and related controls including Active Directory, SAP(ERP) roles, and profiles
- Data analysis and visualization tools such as ACL, MS Office, MS Business Intelligence, SAP, SAC
- Networking infrastructure and data center designing including Cloud
- Industrial computer control systems and devices including IoT, Programmable Logic Controllers (PLC)
- Agile project development and/or agile auditing principles
- Institute of Internal Auditors (IIA) International Professional Practices Framework
Licenses and/or certifications
- Certified Information Systems Auditor (CISA) or
- Certified Information Security Manager (CISM or
- Certified Information Systems Security Professional (CISSP) or
- Acquire certification within 3 years of beginning employment
Essential duties & responsibilities
- Plans, leads, and executes risk-based ET audits and consultation projects within a team based agile auditing approach using established internal and ET auditing standards
- Participates as the ET SME on team based operational, compliance, and financial audits
- Builds relationships with internal audit clients to ensure communication and delivery of value-added services
- Ensures audit documents (narratives, process flows, risk assessments, programs, workpapers, etc.) and reports, with minimal revisions required, capture the procedures performed, support conclusions reached, identify internal controls and control weaknesses, and provide value-added recommendations
- Delivers reports to communicate observations, issues, risks, and recommendations
- Assists the Chief Audit and Ethics Officer with the internal audit department’s annual audit plan and ET risk assessment
- Serves as a subject matter expert consulting management by providing direction and feedback outside of normal audit procedures
- Conducts and/or provides assistance in investigations related to ethics, fraud, and/or other issues
- Accountable for other duties as assigned
- Customer Focus
- Employees & Teamwork/Diversity & Inclusion
- Public Service/Environmental Stewardship
The IT Auditor works with internal audit, business and IT Management to plan and perform basic to complex internal and enterprise-wide IT, operational and regulatory audits. This responsibility includes performing internal audits of the development life cycle, cyber security procedures and third party risk management. Additional responsibilities of the IT Auditor include: Identifying control deficiencies, assessing exposure and significance, proposing cost effective recommendations, and preparing internal audit reports reflecting the results of the work performed. Our IT Auditor may also perform follow-up on the status of outstanding audit issues.
- Conduct IT risk assessment by understanding business objectives, internal controls, enabling technology, and IT infrastructure
- Perform audit work over various technologies utilized by the company and various IT functions. Assess both the design and operating effectiveness of internal controls
- Prioritize and assist in scheduling audit tests to be performed, and interact with auditees to obtain the necessary information
- Contribute to identification of department operational efficiencies and changes in auditing operations
- Evaluate controls designed to prevent or detect fraud, including management override of controls
- Prepare and present findings as needed
- Communicate audit results and recommendations both orally and in writing to the management
- Schedule and conduct presentations at meetings with auditees and management as needed
- Participate in audit teams and department committees
- Acquire additional knowledge of regulations and emerging technologies
- All other duties as assigned
- Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.
- 2+ years experience of experience in information systems auditing
- Ability to travel
- Excellent analytical skills
- Ability to resolve problems and make decisions independently
- Excellent verbal and written communications
- Skilled in operating personal computer and various software packages (Microsoft Office, Outlook, Excel, etc.)
- Experience with ACL, Power BI, or other data analytics software preferred
- CRISC, CISA, CISSP, CRISC, CIA, CISM, CGEIT, or other relevant certification
- Knowledge of FINRA, SEC, and compliance rules and regulations
- Knowledge of cybersecurity and IT infrastructure
- 2+ years previous financial services industry or audit experience
ABC Company has an opportunity for a IT Auditor for one of our top clients. The successful candidate will be reviewing the audits that are sent over before they are delivered to the auditors. They will also be responding to the audit queries, trying to understand what they are asking for, and ensuring the audits are correct.
Here are the details:
- Position: IT Auditor
- Location: (City, State) (100% Remote)
- Rate: Negotiable
- Duration: 6 Months – C2H
- Interacting with different folks to get artifacts and engage teams and stakeholders
- Help ensure regulations for technologies
- Control testing/framework (Version 4 or 5)
- Working with Auditors
- 5-7 years of IT Auditor experience or some sort of expert knowledge around Auditing
- IT Auditor
- 2ND Line Tech/operation Risk roles
- Strong technical background, supporting the regulations for technologies and understand the artifacts in which are being audited.
- Should have exposure to the following technologies – ITIL, SQL, and Access Management
- Must understand the SDLC process and have worked in that type of environment
- Some sort of Audit certification ( Ex. CISA) OR CISSP ( Security Cert)
Nice to haves:
- Capital Markets knowledge
- Information Security experience
How to Hire an IT Auditor
When hiring an IT auditor, first consider the following:
- Recruiting: Do you have the knowledge, tools, and resources to attract and screen candidates?
- Complexity: Do you need a senior professional, or will mid or junior-level skills and experience suffice?
- Duration: Is this a one-time project or an ongoing need?
- Management: Do you have the time and expertise to direct the work effectively?
- Urgency: How soon does the work need to be completed?
- Headcount: Do you have the budget and approval for an internal employee, or should you consider alternate options?
Answering these questions will help determine the best course of action for your current hiring need. Fortunately, great options exist for every scenario. These are our recommendations:
1. Use 4 Corner Resources (or another professional recruiting firm)
The heavy lifting is done for you when working with a top-tier staffing company like 4 Corner Resources. We source, screen, recruit, and deliver only the most qualified candidate(s), saving you significant time and effort throughout the hiring process while you remain focused on your core business. Understanding your needs and ensuring the right candidate for the position is the key to our success.
This is the best route to take when:
- You need to fill the position quickly
- You want access to a vast talent pool of high-quality, prescreened candidates
- Your position is suited for temporary hiring services, contract staffing, or contract-to-hire recruiting, and you intend to direct the work activity.
- You are hiring an employee as a direct placement but aren’t able to recruit effectively or efficiently with your internal staff.
- You aren’t familiar with current salary rates, market trends, and available skill sets
2. Advertise your opening on a top job board
Your best option may be to advertise your opening on a proven job board. There are many widely used job sites out there that draw visits from qualified candidates. If you have someone internally who can dedicate the time and energy to sort through applications and screen individuals effectively, this can be a great choice.
We recommend using a job board when:
- Your internal recruiting team has the knowledge and experience to assess candidate qualifications
- You are hiring a direct employee and have time to manage the entire recruiting effort
- You have a process for receiving, screening, and tracking all resumes and applications
- You are prepared to respond to all applicants
There are many career sites out there. Here are the two we recommend for an IT auditor opening:
CareerBuilder has been a trusted source for hiring since 1995. Reach 80+ million unique, diverse U.S. job seekers annually by posting your jobs through their talent acquisition channels. Through CareerBuilder, you can engage candidates and drive them into your sourcing pipeline. We recommend using CareerBuilder for hiring when you have the internal resources and processes to review, screen, and reply to all applicants.
LinkedIn is a social network for job seekers, professionals, and businesses. With this popular job site, you can enhance your brand and advertise your open position to a wide audience of motivated, qualified candidates. Job postings on LinkedIn are also extremely streamlined and user-friendly, making it even easier for candidates to apply. Additionally, applicants can use their LinkedIn profile instead of a resume to expedite the process.
3. Leverage your internal resources
You can utilize your own website, social media, and employees to assist in your search for top candidates.
A company website posting should be the first step in notifying prospective candidates that you are hiring. Social media can also be a powerful tool for spreading the word about your new opening. As far as exposure is concerned, this option can be as good as some job boards when you have a large enough following across various platforms, like LinkedIn, Instagram, Facebook, TikTok, and Twitter.
Current employees are every organization’s greatest asset. Encourage your internal team to promote job openings to their network by offering cash and other incentives.
We recommend these options when:
- Your brand has great name recognition
- You can consistently monitor and respond to candidate activity through your website and social media accounts
- You have a process in place to quickly and broadly communicate job openings and requirements
- You have an effective employee referral program in place
If you aren’t sure which path is best, schedule a discovery call today with our seasoned recruiting professionals. The 4 Corner team is on standby to help you find the best option for your unique hiring need.
Sample Interview Questions
- What is the primary objective of IT auditing?
- Do you have any relevant certifications for this position?
- As an IT auditor, what would you say the most important quality you have is?
- What systems and applications would you audit in order to ensure the control and security of your company?
- What is the objective of extranets and intranets?
- If you discovered a breach in the system, how would you go about resolving it?
- How do you ensure that your system remains secure?