IT Audit Career Path, Salary, Hours and Exit Opportunities

Shares

it audit career pathYou are interested in both auditing and systems, and witness the increasing role of IT in the accounting industry. What do you need to know when mapping your IT Audit career path?

What is IT Audit?

IT auditors look at the accounting and information systems. They determine whether controls over the system are strong enough, and whether external auditors can rely on the output of the system.

When compared to financial audit, IT audit generally relies less on accounting knowledge, and more heavily on information system knowledge (but not exactly computer science).

For junior IT auditors, work involves:

  • reading through the system reports and IT policies
  • pulling samples and performing testing
  • doing walk-throughs
  • interviews with clients

For IT audit managers, the hardest part is the first initial audit and figuring out how to test controls and how all systems fit together. Once that is figured out, the task can be done by following last year’s work. When there are changes to applications and process, a revised testing strategy has to be developed and communicated to see if this strategy is effective for the new process.

Working Hours

In public accounting, you work long hours regardless of which practice you are in.

IT auditors have slightly better hours than financial auditors, typically around 50-55 hours per week during busy season (e.g. from 8:45am to 8:30pm Monday to Friday). But if your firm is understaffed, it could be much worse and could work during weekends.

There are a lot of traveling, but a majority of the engagements are for 1 or 2 weeks because the work is less extensive than for external audit teams. It is also less stressful (relatively speaking) because they do not operate under hard deadlines.

IT auditors usually have 5-7 clients at the same time, vs financial auditors with 1-2 clients. Moving from client to client every week makes it easier to put the bad ones behind you.

IT Auditor Salary

IT Audit tends to pay better. The profession requires a specialized background, and there is a shortage of high performers in this area.

The following salary analysis is based on Robert Half’s latest salary report on IT audit:

Entry Level IT Auditor Salary

it-auditor-first-year-salaryEntry level IT auditors joining in their first year receive a salary ranging from $63,000 to $79,000 in large companies, and $57,000 to $74,000 in medium-sized companies.

The premium of working in bigger companies is 8%.

Junior IT Auditor Salary

it-auditor-junior-salaryThose with 1-3 years of relevant experience are paid $75,000 to $100,000 in large companies, and $71,000 to $92,000 in medium-sized companies. The premium of working in larger firms remains to be 8%.

The jump from first-years to junior positions leads to a 19-28% salary increase. This is quite attractive if you do plan to stay in this niche.

Senior IT Auditor Salary

it-auditor-senior-salary-3By the time you become senior IT Auditor, you can expect a salary range of $100,000 to $132,000 in large companies, and $91,000 to $114,000 in medium-sized companies.

The jump from junior to senior auditor is more significant this time at 24-33%.

IT Audit Manager Salary

it-auditor-manager-salary-3IT Audit Managers get, on average, $116,000 to $166,000 if working in a large company, and $108,000 to $148,000 in medium-sized company.

The jump from senior to manager is around 17-30%.

Cost of Living Adjustment

We need to adjust the higher cost of living in big expensive cities, and vice versa for smaller ones. Please refer to p. 26-27 in the report for the respective adjustment percentages.

IT Audit Career Path

A typical IT audit team is a mixture of technical and accounting people. You don’t need to major in accounting to get this job. As you move up the ranks, however, having accounting knowledge becomes more useful because you will be thinking about the audit on a more conceptual basis.

The most relevant certification for IT audit is CISA. CPA license is preferred if you aspire to head the internal audit department. It is a must if you want to become a partner.

For those who have a master’s degree related to accounting and finance, and thus are qualified for the CPA exam, it would be a wise move to take the exam early in your career. IT audit work is generally counted as relevant experience towards the CPA licensing requirements.

With a dual CISA and CPA qualifications, you will be the expert in accounting with specialization in IT audit.

How about the CIA Certification?

People seem to have different opinion on this. If you foresee IT auditing as your life-long career, CISA is THE certification for this niche. If you aren’t sure, or if you prefer to have a more general certification within internal audit, CIA could be a better choice.

A few choose to get both, but it is not necessary in most firms.

Exit Opportunities

Some people worry about getting too specialized and being pigeonholed, but there are actually plenty of opportunities out there. Recruiters are always looking to fill IT audit positions in industry. If you don’t want to stay in internal audit, there are other positions more IT related, such as security and privacy related work.

Most IT auditors make the jump when they become senior. It is much better to have at least 1 busy season under your belt before moving on.

How to Become a Better IT Auditor

IT audit is all about understanding the settings of various accounting and information systems, and testing access to the systems.

Most financial auditors do not understand the IT side of business. Therefore, it helps immensely if IT auditors have a good grasp of the business side. Having a CPA qualification gives IT auditors credibility with the financial team — you know what you are talking about when you push back on them!

For Your Further Reading

About the Author Stephanie

I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.

follow me on:
  • Elias says:

    I work in IT Field, how can I start a career in IT Audit?

    • Stephanie says:

      Hi Elias,
      You can work towards it gradually, for example, start taking a class on IT audit or take the CISA exam to show your commitment. You won’t be able to get the CISA qualification until you get the relevant experience, but the fact that you take and pass the exam show you are serious and with your existing IT knowledge it should be a smooth transition. Good luck! Stephanie

  • hannah2822 says:

    I had a bachelor degree in AIS but I started out as a general external auditor. I basically could not remember anything that I learned. I just got my CPA and have probably have 2 years experience. So, what would you suggest me to do to transit to IT or Internal audit?

    Thanks!

    • Stephanie says:

      Hi Hannah, I believe transiting from external to internal audit is pretty smooth. It’s probably the easiest route to IA in my opinion (most IA start with doing something else). As for IT, your AIS knowledge will come back once you put the theories in practice. Not a problem in my opinion as long as you have the right attitude to learn, be humble but at the same time stay positive and helpful for your team. Good luck! Stephanie

      • Hannah says:

        Thanks for your answer…
        Because I do not work in Big4, there’s no IT/internal audit department in my firm. I would have to get a new job if I want to be IT/Internal audit. However, it look like I would have to have solid 3 experience to get an entry-level?
        I do not want to start from entry-level when I am already a senior…or is it something that I have to sacrifice.?

        • Stephanie says:

          Hi Hannah, not necessarily as many companies value external audit experience as well. From my observation, many IA departments hire people in various background — some more IT oriented, some external auditors, some corporate accounting people… they like a good mix of different skills. You can start talking to a recruiter or friends in the industry to find out more.

  • Damion says:

    Hi Hannah. I’m currently a junior in college majority I’m Accounting. Should I go for a Master’s degree in Management Information Systems to better my chances in It audit?

  • Jay Bhadra says:

    I am a recently qualified Chartered Accountant from Institute of Chartered Accountants of India. I wish to pursue CISA but I would like to know how much it would help if I were to join a company giving me a Forensics related work with financial background. Would CISA be of great help in that case?

    • Stephanie says:

      Hi Jay, there are some niche qualification for forensic accounting but I don’t know enough to comment. I guess CISA is helpful if your work involves IT audit, which is possible in Forensis, but I can’t say it is directly related. Maybe you can try to get into the industry first and go for CISA later?

  • Martin says:

    Good day

    I would like to start a truly successful career in IT Auditor but i don’t have undergraduate degree. I am certified and working as an IT Technician. How would i go about starting this path?

    Regards

    • Stephanie says:

      Hi Martin,
      In terms of eventually getting the CIA certification, do you have an associate degree, or some kind of post-secondary school (post-high school) education? This is acceptable as well but you will need 5 years of IA experience down the road…

      … or see if you have start as an accountant assistant and start from there. I tend to think that, if you end up getting the CIA certification, it will put you back in the level playing field.

      Here is more info:
      https://ipasstheciaexam.com/cia-exam-requirements/

  • Jason Anderson says:

    Hello, Stephanie!

    I have a degree in accounting, and have been experimenting with I.T. for a very long time (over ten years). While I haven’t worked in the I.T. industry, I do have knowledge on how to setup and troubleshoot I.T. I’m currently pursuing a career in information system auditing (I’ve even passed the CISA exam), yet I can’t seem to find work in auditing. It’s true I’ve never worked in accounting, and I just graduated. But, apparently, no one’s hiring.

    Do you have any advice on getting an audit job?

    • Stephanie says:

      Hi Jason, your background should be great for IT audit! It is a more specialized niche so I have to say the demand is probably less than, say, external audit. But you just graduated right? No worries, take the time to network, and keep contact with recruiters (LinkedIn is a great place for that). Be a likeable person, and keep in touch with people. The opportunity will come 🙂

      Did you get called for interviews? If not, then you may want to improve your resume; if you do get interviews and not the job, then the bottleneck is more on the interview skills. Things will slow down towards the holidays. Let me know how it goes in January!

      • Jason Anderson says:

        Thank you for the reply, Stephanie. I actually graduated a year ago. As for the network, well, that’s not really helping. I am on LinkedIn, though. So you recommend looking for recruiters on LinkedIn? I shall look on that, then.

  • Geetha says:

    Hi,
    I have a bachelors in accounting and worked in auditing as well as finance associate jobs….but I do not have any knowledge about information technology……is there any degree out there to give me general idea about information systems and then I try for Cisa or with this background I would be able to do cisa…. I think an information systems degree would help me.,if it does then please suggest me one….

    Thanks

    • Stephanie says:

      Hi Geetha, there are such specialized degrees but you probably don’t need a degree for career switch? Auditing is close enough. Taking the CISA exam is the right direction with relatively time and effort and money… Having said that, if you are really serious about IT audit career you can take a master’s. I don’t have this info but depending on where you’d like to take this degree, the info shouldn’t be hard to find 🙂

  • Vasan says:

    I’m working as a IT aduiter and I have 2 year Exp in this field, Can you please suggest where i get good career and opportunity IT audit or Development(Planning to go in software development)

    • Stephanie says:

      Hi Vasan, it really depends on where you live — but this position is probably more common in bigger companies where they can afford to specialize in niches within audit. You may want to check with your local recruiters and head hunters for more info. Good luck!

  • harshit says:

    Hi, I am just about to complete my BTECH in INFORMATION TECHNOLOGY and i really want to prepare for CISA but don’t know how to start. I m also confused about the career opurtunity i will get if i pass this exam. CAN u please guide me through a bit

  • Mtha says:

    hi,

    I have been in accounting field for more than 5 years and I want to divert to IT auditing, with that I decided to enrol for a Bcom IT Management which I will be completing this year.How are the growth opportunities within this sector? What skills do I really need to have coz I don’t think I am that technical?

    regards
    Mtha

    • Stephanie says:

      Hi Mtha,
      I tried to address the growth opportunities and how one can be a better IT auditor in the above article. Don’t have anything more to add for now… but you may want to try talk to people in the industry (the professors or graduated students in the BCOM IT management for example) and get some insights. Regards, Stephanie

  • Sunaina says:

    I am a computer engineer who has more than 9 years of experience in the network security domain as a tester. I recently passed my CISA exam. I would like to know if what job roles would be best suited for me in information security/ auditing using this certification.

  • Joanne says:

    Hi,
    I’m currently an Accounting Information Systems major. I am interested in IT Auditing. Would it be worth it to have both a CPA and CISA certification even if I do not plan to become a partner for a firm or head of the IA department? I know that some people who work in IT auditing (with CISA certification) after a few years do decide to change jobs and work in the private accounting instead of public accounting. Is it still worth it though to do both examinations? Or just CISA?

    Thank you so much!

    • Stephanie says:

      Hi Joanne, I would say CISA is a technical certification while CPA would be more strategic. So when your role is technical, CISA is good and good enough. But as you move up and possibly get involved in more strategic roles, it’s the time when the CPA license shows its value. You never know where you’ll be down the road. If you can afford the time to get CPA now, I encourage you to explore that.

  • Mokona says:

    Hi. I’m a CPA with less than 1 year of experience in General Accounting. I like to be an IT Auditor someday, but my problem is that I can’t find a job for a CPA with little experience that relates to IT Auditing. I only found them at big 4 auditing firms, but sadly, It’s hard for me to enter the big 4. I already tried thrice but still no luck. Is there other positions or field that I can go to first for me to be an IT Auditor? Can I work at a small audit firm or internal audit and still acquire enough knowledge to be an IT Auditor and also to pass the CISA exam? I don’t know any IT Auditors that’s why I can’t get an advise. I’m also planning to enroll on a 1 year post baccalaureate diploma in Information Technology.

  • Arunmoy says:

    I am a b.tech(engineer) graduate in Computer Science Engineering.I recently joined IT Audit and Assurance team as a trainee in KPMG(KGS,Bangalore,India). I want to know about my career growth in this field also I want know if I want to move into technical which technical field could be the best one for me how shall I move into technical .As a company how far KPMG is good to start with this career and also in terms of salary?

    • Stephanie says:

      Hi Arunmoy,
      KPMG as one of the big 4 is among the best place to get started in audit in general. IT audit is pretty technical in nature, so I wonder what you mean by moving in technical? You can get a niche qualification such as CISA to gain the expertise level and respect. If you like the work, I encourage that you stay as long as you can to take advantage of the brand of KPMG. It’s going to be very useful down the road if you stay for at least a few more years. Regards, Stephanie

  • lee says:

    greeting am currently doing my degree in accounting and would like to major in systems audit.Which path should i take after the degree.

    • Stephanie says:

      Hi Lee, I would say try the path that you have most passion in! There may be other jobs that pay more, but in the long run, it’s much easier for you to excel when doing something you truly enjoy. Good luck! Stephanie

  • >