You are interested in both auditing and systems, and witness the increasing role of IT in the accounting industry. What do you need to know when mapping your IT Audit career path?
What is IT Audit?
IT auditors look at the accounting and information systems. They determine whether controls over the system are strong enough, and whether external auditors can rely on the output of the system.
When compared to financial audit, IT audit generally relies less on accounting knowledge, and more heavily on information system knowledge (but not exactly computer science).
For junior IT auditors, work involves:
- reading through the system reports and IT policies
- pulling samples and performing testing
- doing walk-throughs
- interviews with clients
For IT audit managers, the hardest part is the first initial audit and figuring out how to test controls and how all systems fit together. Once that is figured out, the task can be done by following last year’s work. When there are changes to applications and process, a revised testing strategy has to be developed and communicated to see if this strategy is effective for the new process.
In public accounting, you work long hours regardless of which practice you are in.
IT auditors have slightly better hours than financial auditors, typically around 50-55 hours per week during busy season (e.g. from 8:45am to 8:30pm Monday to Friday). But if your firm is understaffed, it could be much worse and could work during weekends.
There are a lot of traveling, but a majority of the engagements are for 1 or 2 weeks because the work is less extensive than for external audit teams. It is also less stressful (relatively speaking) because they do not operate under hard deadlines.
IT auditors usually have 5-7 clients at the same time, vs financial auditors with 1-2 clients. Moving from client to client every week makes it easier to put the bad ones behind you.
IT Auditor Salary
IT Audit tends to pay better. The profession requires a specialized background, and there is a shortage of high performers in this area.
The following salary analysis is based on Robert Half’s latest salary report on IT audit:
Entry Level IT Auditor Salary
Entry level IT auditors joining in their first year receive a salary ranging from $63,000 to $79,000 in large companies, and $57,000 to $74,000 in medium-sized companies.
The premium of working in bigger companies is 8%.
Junior IT Auditor Salary
Those with 1-3 years of relevant experience are paid $75,000 to $100,000 in large companies, and $71,000 to $92,000 in medium-sized companies. The premium of working in larger firms remains to be 8%.
The jump from first-years to junior positions leads to a 19-28% salary increase. This is quite attractive if you do plan to stay in this niche.
Senior IT Auditor Salary
By the time you become senior IT Auditor, you can expect a salary range of $100,000 to $132,000 in large companies, and $91,000 to $114,000 in medium-sized companies.
The jump from junior to senior auditor is more significant this time at 24-33%.
IT Audit Manager Salary
IT Audit Managers get, on average, $116,000 to $166,000 if working in a large company, and $108,000 to $148,000 in medium-sized company.
The jump from senior to manager is around 17-30%.
Is there a Cost of Living Adjustment?
I am glad you asked, there surely is. The report comes with a list of percentages that you can adjust the higher cost of living in big expensive cities, and vice versa for smaller ones. Please refer to p. 26-27 in this report.
IT Audit Career Path
A typical IT audit team is a mixture of technical and accounting people. You don’t need to major in accounting to get this job. As you move up the ranks, however, having accounting knowledge becomes more useful because you will be thinking about the audit on a more conceptual basis.
The most relevant certification for IT audit is CISA. CPA license is preferred if you aspire to head the internal audit department. It is a must if you want to become a partner.
For those who have a master’s degree related to accounting and finance, and thus are qualified for the CPA exam, it would be a wise move to take the exam early in your career. IT audit work is generally counted as relevant experience towards the CPA licensing requirements.
With a dual CISA and CPA qualifications, you will be the expert in accounting with specialization in IT audit.
How about the CIA Certification?
People seem to have different opinion on this. If you foresee IT auditing as your life-long career, CISA is THE certification for this niche. If you aren’t sure, or if you prefer to have a more general certification within internal audit, CIA could be a better choice.
A few choose to get both, but it is not necessary in most firms.
Some people worry about getting too specialized and being pigeonholed, but there are actually plenty of opportunities out there. Recruiters are always looking to fill IT audit positions in industry. If you don’t want to stay in internal audit, there are other positions more IT related, such as security and privacy related work.
Most IT auditors make the jump when they become senior. It is much better to have at least 1 busy season under your belt before moving on.
How to Become a Better IT Auditor
IT audit is all about understanding the settings of various accounting and information systems, and testing access to the systems.
Most financial auditors do not understand the IT side of business. Therefore, it helps immensely if IT auditors have a good grasp of the business side. Having a CPA qualification gives IT auditors credibility with the financial team — you know what you are talking about when you push back on them!