What Does an IT Auditor Do?
A professional IT auditor (Information Technology) evaluates and assesses an organization’s information technology systems, processes, and controls to ensure that they comply with relevant regulatory, legal, and industry standards and that they operate effectively and efficiently. The role of IT auditors is to identify potential vulnerabilities, risks, and weaknesses in IT systems by reviewing their design and implementation, as well as their ongoing operations and maintenance. As needed, they give management, stakeholders, and external regulators recommendations for improvements and remediation.
IT auditors can work within an organization as part of its internal audit team or as independent contractors. As a result, this role ensures that an organization has the needed resources and protocols to carry out its operations efficiently.
Are you a job seeker?
of job openings
and apply online
National Average Salary
IT auditor salaries vary by experience, industry, organization size, and geography. To explore salary ranges by local market, please visit our sister site zengig.com.
The average U.S. salary for an IT Auditor is:
IT Auditor Job Descriptions
Crafting the perfect job description may be the key to finding an exceptional IT auditor. To help you with your recruiting search, our team has put together some examples from past openings.
[Your Company Name] is looking to hire a new IT auditor to join our company. As an IT auditor, you will be in charge of ensuring the protection of system information and controls and ensuring that data and systems are not subject to breaches of security faults. The ideal candidate for this position will have previous experience in the field and be a certified information systems auditor. Your daily tasks will include evaluating systems, resolving any breaches that take place, fixing any potential issues with the security system to prevent breaches, and auditing any network problems which may arise. You will also be in charge of managing and updating firewall software and making sure that financial software is not breached. To do this, you must manually inspect the required aspects of the system, as well as keep an eye on the latest technological developments to ensure that no security faults have been discovered. If this position is of interest to you, please apply to join our team.
Typical duties and responsibilities
- Conduct audits and assesses appropriate solutions to complex problems
- Identify risks and controls of the IT department
- Identify areas of improvement
- Perform and document audit findings
- Provide recommendations from assessments
- Audit computer systems to minimize risks
- Participate in technology audits and technology project reviews
- Maintain and revise existing compliance programs
Education and experience
This position requires a bachelor’s degree in business administration, information technology, finance, information systems management, or another relevant field. CISA or CISSP certification is a plus.
Required skills and qualifications
- Strong teamwork and interpersonal skills
- Proficient in finding creative solutions to complex problems
- Excellent verbal and written communication skills
- Detail-oriented and analytical thinker
- Proficiency in Microsoft Office Suite and other applications
- Ability to identify, assess and advise on risks for technology projects
- Bachelor’s degree in Information Systems, Accounting or Finance
- 1+ years of system auditing and programming analysis experience
- Knowledge of basic audit standards and processes, systems design, system operations, end user computing technologies, and audit software
This position will lead and participate in audits and consulting projects, under the oversight of the Chief Audit and Ethics Officer, with the objective of analyzing and assessing the District’s enterprise technology (ET) infrastructure and cybersecurity. Works both autonomously and with the internal audit team to execute risk-based internal audits utilizing agile auditing principles. Serves as the internal audit team’s subject matter expert (SME) in identifying ET and cybersecurity risks and recommendations for management to strengthen operations. Builds and maintains relationships within the internal audit team and other departments.
Education, training and experience
- Bachelor’s Degree in Computer Science, Management Information Systems, or another Business-related field is required
- 4+ years of experience in ET related position required
- 2+ years in internal or external auditing preferred
- Prior knowledge and experience in the following areas is preferred but not required
- Applying IT and Cybersecurity control frameworks including CIS 18, NIST, COBIT, ISO 2700
- System and software applications and related controls including Active Directory, SAP(ERP) roles, and profiles
- Data analysis and visualization tools such as ACL, MS Office, MS Business Intelligence, SAP, SAC
- Networking infrastructure and data center designing including Cloud
- Industrial computer control systems and devices including IoT, Programmable Logic Controllers (PLC)
- Agile project development and/or agile auditing principles
- Institute of Internal Auditors (IIA) International Professional Practices Framework
Licenses and/or certifications
- Certified Information Systems Auditor (CISA) or
- Certified Information Security Manager (CISM or
- Certified Information Systems Security Professional (CISSP) or
- Acquire certification within 3 years of beginning employment
Essential duties & responsibilities
- Plans, leads, and executes risk-based ET audits and consultation projects within a team based agile auditing approach using established internal and ET auditing standards
- Participates as the ET SME on team based operational, compliance, and financial audits
- Builds relationships with internal audit clients to ensure communication and delivery of value-added services
- Ensures audit documents (narratives, process flows, risk assessments, programs, workpapers, etc.) and reports, with minimal revisions required, capture the procedures performed, support conclusions reached, identify internal controls and control weaknesses, and provide value-added recommendations
- Delivers reports to communicate observations, issues, risks, and recommendations
- Assists the Chief Audit and Ethics Officer with the internal audit department’s annual audit plan and ET risk assessment
- Serves as a subject matter expert consulting management by providing direction and feedback outside of normal audit procedures
- Conducts and/or provides assistance in investigations related to ethics, fraud, and/or other issues
- Accountable for other duties as assigned
- Customer Focus
- Employees & Teamwork/Diversity & Inclusion
- Public Service/Environmental Stewardship
The IT Auditor works with internal audit, business and IT Management to plan and perform basic to complex internal and enterprise-wide IT, operational and regulatory audits. This responsibility includes performing internal audits of the development life cycle, cyber security procedures and third party risk management. Additional responsibilities of the IT Auditor include: Identifying control deficiencies, assessing exposure and significance, proposing cost effective recommendations, and preparing internal audit reports reflecting the results of the work performed. Our IT Auditor may also perform follow-up on the status of outstanding audit issues.
- Conduct IT risk assessment by understanding business objectives, internal controls, enabling technology, and IT infrastructure
- Perform audit work over various technologies utilized by the company and various IT functions. Assess both the design and operating effectiveness of internal controls
- Prioritize and assist in scheduling audit tests to be performed, and interact with auditees to obtain the necessary information
- Contribute to identification of department operational efficiencies and changes in auditing operations
- Evaluate controls designed to prevent or detect fraud, including management override of controls
- Prepare and present findings as needed
- Communicate audit results and recommendations both orally and in writing to the management
- Schedule and conduct presentations at meetings with auditees and management as needed
- Participate in audit teams and department committees
- Acquire additional knowledge of regulations and emerging technologies
- All other duties as assigned
- Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.
- 2+ years experience of experience in information systems auditing
- Ability to travel
- Excellent analytical skills
- Ability to resolve problems and make decisions independently
- Excellent verbal and written communications
- Skilled in operating personal computer and various software packages (Microsoft Office, Outlook, Excel, etc.)
- Experience with ACL, Power BI, or other data analytics software preferred
- CRISC, CISA, CISSP, CRISC, CIA, CISM, CGEIT, or other relevant certification
- Knowledge of FINRA, SEC, and compliance rules and regulations
- Knowledge of cybersecurity and IT infrastructure
- 2+ years previous financial services industry or audit experience
ABC Company has an opportunity for a IT Auditor for one of our top clients. The successful candidate will be reviewing the audits that are sent over before they are delivered to the auditors. They will also be responding to the audit queries, trying to understand what they are asking for, and ensuring the audits are correct.
Here are the details:
- Position: IT Auditor
- Location: (City, State) (100% Remote)
- Rate: Negotiable
- Duration: 6 Months – C2H
- Interacting with different folks to get artifacts and engage teams and stakeholders
- Help ensure regulations for technologies
- Control testing/framework (Version 4 or 5)
- Working with Auditors
- 5-7 years of IT Auditor experience or some sort of expert knowledge around Auditing
- IT Auditor
- 2ND Line Tech/operation Risk roles
- Strong technical background, supporting the regulations for technologies and understand the artifacts in which are being audited.
- Should have exposure to the following technologies – ITIL, SQL, and Access Management
- Must understand the SDLC process and have worked in that type of environment
- Some sort of Audit certification ( Ex. CISA) OR CISSP ( Security Cert)
Nice to haves:
- Capital Markets knowledge
- Information Security experience
Candidate Certifications to Look For
- Certified Information Systems Auditor (CISA). As a certified information systems auditor, candidates will be required to be at the forefront of IT auditing and information systems auditing. Because of this, this certification is one of the chief and most essential certifications for the position of IT auditor. This certification covers the latest IT auditing practices, methods, and techniques in the exam provided. Being certified as an information systems auditor can be immensely beneficial for any IT auditor looking to further their career.
- GIAC Systems and Network Auditor (GSNA). The GIAC Systems and Network Auditor or GSNA is offered by GIAC and is a forefront certification for any IT auditors working in the field. Because of this, it is widely recognized and may be useful to any IT auditor looking to expand and certify their expertise.
How to Hire an IT Auditor
When hiring an IT auditor, first consider the following:
- Recruiting: Do you have the knowledge, tools, and resources to attract and screen candidates?
- Complexity: Do you need a senior professional, or will mid or junior-level skills and experience suffice?
- Duration: Is this a one-time project or an ongoing need?
- Management: Do you have the time and expertise to direct the work effectively?
- Urgency: How soon does the work need to be completed?
- Headcount: Do you have the budget and approval for an internal employee, or should you consider alternate options?
Answering these questions will help determine the best course of action for your current hiring need. Fortunately, great options exist for every scenario. These are our recommendations:
1. Use 4 Corner Resources (or another professional recruiting firm)
The heavy lifting is done for you when working with a top-tier staffing company like 4 Corner Resources. We source, screen, recruit, and deliver only the most qualified candidate(s), saving you significant time and effort throughout the hiring process while you remain focused on your core business. Understanding your needs and ensuring the right candidate for the position is the key to our success.
This is the best route to take when:
- You need to fill the position quickly
- You want access to a vast talent pool of high-quality, prescreened candidates
- Your position is suited for temporary hiring services, contract staffing, or contract-to-hire recruiting, and you intend to direct the work activity.
- You are hiring an employee as a direct placement but aren’t able to recruit effectively or efficiently with your internal staff.
- You aren’t familiar with current salary rates, market trends, and available skill sets
2. Advertise your opening on a top job board
Your best option may be to advertise your opening on a proven job board. There are many widely used job sites out there that draw visits from qualified candidates. If you have someone internally who can dedicate the time and energy to sort through applications and screen individuals effectively, this can be a great choice.
We recommend using a job board when:
- Your internal recruiting team has the knowledge and experience to assess candidate qualifications
- You are hiring a direct employee and have time to manage the entire recruiting effort
- You have a process for receiving, screening, and tracking all resumes and applications
- You are prepared to respond to all applicants
We recommend using CareerBuilder when hiring an IT auditor:
CareerBuilder has been a trusted source for hiring since 1995. Reach 80+ million unique, diverse U.S. job seekers annually by posting your jobs through their talent acquisition channels. Through CareerBuilder, you can engage candidates and drive them into your sourcing pipeline. We recommend using CareerBuilder for hiring when you have the internal resources and processes to review, screen, and reply to all applicants.
3. Leverage your internal resources
You can utilize your own website, social media, and employees to assist in your search for top candidates.
A company website posting should be the first step in notifying prospective candidates that you are hiring. Social media can also be a powerful tool for spreading the word about your new opening. As far as exposure is concerned, this option can be as good as some job boards when you have a large enough following across various platforms, like LinkedIn, Instagram, Facebook, TikTok, and Twitter.
Current employees are every organization’s greatest asset. Encourage your internal team to promote job openings to their network by offering cash and other incentives.
We recommend these options when:
- Your brand has great name recognition
- You can consistently monitor and respond to candidate activity through your website and social media accounts
- You have a process in place to quickly and broadly communicate job openings and requirements
- You have an effective employee referral program in place
If you aren’t sure which path is best, schedule a discovery call today with our seasoned recruiting professionals. The 4 Corner team is on standby to help you find the best option for your unique hiring need.
Sample Interview Questions
- Could you tell me about your qualifications for being an IT auditor for our organization?
- Can you tell me about the types of IT systems and processes you specialize in auditing, and what makes you stand out compared to other IT auditors in this field?
- In the past, have you conducted a particularly challenging audit and how did you identify potential risks and vulnerabilities?
- What resources do you rely on for research and education, and how do you keep up with technology and IT standards?
- Describe your approach to client communication and how you ensure that your clients are informed and satisfied.
- From planning and scoping to testing and reporting, what is your process for conducting an IT audit?
- When your audit findings include conflicts or discrepancies, how do you resolve them with management or stakeholders?
- When working on multiple audits simultaneously, how do you prioritize your tasks?
- As an IT auditor, can you describe any notable achievements, such as identifying significant vulnerabilities or implementing effective controls to mitigate risks?