Skip to main content
7 answers
6
Asked 2343 views Translate

What are some major difficulties if one were to work for IT Audit, and Accounting? Also, what are some programming languages that suit IT Audit?

My name is David, a rising, college sophomore, who is majoring in Information Technology. As of now, my primary focus is web development, but I'm also interested in exploring my other career options that fall under the IT industry, such as IT Audit. #accounting #information-technology #accountant #it-management #risk-analysis #it-sales #it-audit

+25 Karma if successful
From: You
To: Friend
Subject: Career question for you

6

7 answers


2
Updated Translate

Adam’s Answer

Best of the Village

Hi David, I spent about 8 years as an internal auditor, and I received the Certified Internal Auditor (CIA) designation from the Institute of Internal Auditors (IIA). Most of the career IT auditors I worked with made it a point to get their Certified Information Systems Auditor (CISA) designation. You can find information about this on www.isaca.org .


When I was auditing, one of the areas I specialized in was computer assisted auditing techniques (CAATs). I would use a product called ACL to do this. There are a handful of tools on the market which accomplish the same things. Today I like to use Microstrategy for data mining and analysis. There are free tools like R which can also be used.


Anyhow, to be effective at this it is good to understand database structure, be able to access data (usually do this through sql), and be able to connect how actions in real life are represented in data form, so you can look for anomalous activity. Here's a real world example: sometimes companies limit the amount of money their managers can spend before asking for approval from someone higher than them in the organization. Let's say a manager is allowed to buy things that cost up to $5,000 without getting approval from their director. If you are using CAATs, you might look at your accounts payable data and see one manager with several transactions for $4,999. This indicates they are splitting up the cost of a much larger purchase to circumvent the internal controls (the $5,000 limit). Or, they found a way to buy an expensive item without having to ask their manager by splitting the payments up so each one falls under the $5,000 threshold.


From what I can remember, IT auditors often spend time looking at internal control design and effectiveness. Things like access controls (who can access which records within a system?), data center controls (are the servers secure and maintained with proper fire suppression, cooling, and back-up power), etc.


I was really interested in web design and ended up an auditor and did very well with it, so maybe it will work for you as well! One thing I can say is auditing won't provide the same work environment, but you will learn a ton about business and the career path and pay is rather good, especially once you get some years of experience under your belt.

2
2
Updated Translate

Mark’s Answer

Hi David,


I work in a business team that does security, data quality, data support, reporting, and IT projects. My team is in accounting and we work really closely with the audit teams. The only difficulty in the area of IT audit and accounting is that you must be interested in both the technical side and the business side of the company. For instance, my team has to understand what the accountants need, what is required for our business controls, and be technical also. My team focuses primarily on SQL programming although we do have team members that know VBA, various reporting tools, and SQL Server coding. I would say at least at Dell, the most important thing to know would be SQL. There are audit tools that some companies use, but in the end, data is the most important part of the equation. Many of my team members have been considered for audit positions because they understand the business and can pull data to support the audit process.


I hope that helps!
Best Wishes, Mark

Thank you comment icon Thanks for the information, Mark. May I also ask two other questions: first, what are reporting tools used for, as for the audit industry (in other words, could you provide me some examples of such tools, how they're applied, and what are some common reporting that your company do)? Second, is a business-related degree required, or would you consider having a sufficient knowledge of SQL and VBA, and the ability to keep learning about both the business and technical sides enough to fit in? David
Thank you comment icon David, I agree with Mark and would add proficiency in Excel and (to a lesser degree) Access to skills you will want to have. Quick data analysis are often accomplished with Excel these days as its the most ubiquitous tool in offices. Greg Gardner
2
1
Updated Translate

Amra’s Answer

As long as you get a degree in IT, you have a good foundation to become an IT Auditor. In the beginning, your focus is likely to be through the IT General Controls, that are not very technical in nature, and are more process like. Think of Change Management, Access Provisioning, Access Reviews, Password Management, Resiliency, Security etc....You do not have to be very technical to grasp these concepts. As the time passes, you will learn more, and can decide what you want to be your potential specialty. I also suggest taking a CISA Exam, which should prep you for the career in audit, and make you stand out from other candidates. Hope this helps, and good luck!
1
1
Updated Translate

Joseph’s Answer

Hi David,


I have seen that you have received a lot of really good advice and I just wanted add to what some have already mentioned. The IT audit profession is growing rapidly! I have spent the last three years working in support of the financial state audit by testing system automation for processing of transactions and IT general controls.IT general controls are made up of Logical Access (how a system is accessed and who has access to a system), Change Management (the process for governing changes to a production system), and Computer Operation (how data is transfered between systems within an environment).


There is more to IT Audit though than just supporting the financial statement audit that publicly traded companies are required to obtain. Any regulation that requires compliance will require an audit and somepoint to validated that a company is in compliance with the law or standard. An example of other types of audits that an IT Auditor may preform are PCI DSS (<span style="color: rgb(34, 34, 34);">Payment Card Industry Data Security Standard </span>) or GDPR (General Data Protection Regulation). GDPR is the newest regulation that was put in place within the EU that protect EU citizens data which effects all companies that operate or perform business within the EU, which most major companies do to some degree.


My recommendations would be that you add a second major or minor in accounting as the major systems in a companies IT environment will have accounting implications and in order to best audit the system, it helps to understand its role within the environment through accounting lense.


Hope this helps!

1
0
Updated Translate

Prithuvi’s Answer

David - Typically, IT Audit teams support and assist the Core financial audit teams from a Systems/ Information Technology General Controls (Logical Access, Change management and Computer Operations) standpoint. While it's an added advantage to have a stellar understanding of the business side of things, working hand in hand with the core financial audit teams, will help you get there. IT Audit is a hot industry at the moment, given that organizations are constantly seeking opportunities to automate, which in turn has increased the necessity for the same organizations be compliant from a regulatory perspective.

Highly recommend taking a class on risk management (if available), along with a class or two on MIS (Management of Information Systems) ideally with an emphasis on SQL/Mainframe. While the former will give you an appreciation for concepts over controls/risk mitigation, the latter will give you a head start, from a technical standpoint. In addition to the above, if you're interested, the CISA (Certified Information Systems Auditor) is a globally recognized certification, that'll benefit you in the long run.

Best - P
Thank you comment icon David, I agree with Prithuvis response! I am a new Risk Assurance Associate, just coming out of College and the job is really interesting, challenging, great people and there are a lot of opportunities! In college I was always drawn to IT and Accounting and this role seems just what I was hoping to find for my interest. Feel free to reach out if you have additional questions! Best, Amadea Amadea Szamosi
0
0
Updated Translate

Bobby’s Answer

This is an excellent question. I can see that you have already received some excellent responses as to the current state of Accounting and IT services. I will just add that the relationship between IT and accounting is RAPIDLY changing. The ability of systems to capture data and automate processes can be instrumental to the success of even some of the most technical accounting issues. The growing importance of AI in contract review/tagging is really paving the way for those systems to bring in additional value down the road. Furthermore, the changes that we are seeing with blockchain and startups with significant automated transaction processing is driving the IT and Technical arm of our industry to work very closely.
0
0
Updated Translate

Amra’s Answer

As long as you get a degree in IT, you have a good foundation to become an IT Auditor. In the beginning, your focus is likely to be through the IT General Controls, that are not very technical in nature, and are more process like. Think of Change Management, Access Provisioning, Access Reviews, Password Management, Resiliency, Security etc....You do not have to be very technical to grasp these concepts. As the time passes, you will learn more, and can decide what you want to be your potential specialty. I also suggest taking a CISA Exam, which should prep you for the career in audit, and make you stand out from other candidates. Hope this helps, and good luck!
0