You are interested in both auditing and systems, and witness the increasing role of IT in the accounting industry. What do you need to know when mapping your IT Audit career path?
IT auditors look at the accounting and information systems. They determine whether controls over the system are strong enough, and whether external auditors can rely on the output of the system.
For junior IT auditors, work involves:
For IT audit managers, the hardest part is the first initial audit and figuring out how to test controls and how all systems fit together. Once that is figured out, the task can be done by following last year’s work. When there are changes to applications and process, a revised testing strategy has to be developed and communicated to see if this strategy is effective for the new process.
In public accounting, you work long hours regardless of which practice you are in.
IT auditors have slightly better hours than financial auditors, typically around 50-55 hours per week during busy season (e.g. from 8:45am to 8:30pm Monday to Friday). But if your firm is understaffed, it could be much worse and could work during weekends.
There are a lot of traveling, but a majority of the engagements are for 1 or 2 weeks because the work is less extensive than for external audit teams. It is also less stressful (relatively speaking) because they do not operate under hard deadlines.
IT Audit tends to pay better. The profession requires a specialized background, and there is a shortage of high performers in this area.
The following salary analysis is based on Robert Half’s latest salary report on IT audit:
Entry level IT auditors joining in their first year receive a salary ranging from $63,000 to $79,000 in large companies, and $57,000 to $74,000 in medium-sized companies.
The premium of working in bigger companies is 8%.
Those with 1-3 years of relevant experience are paid $75,000 to $100,000 in large companies, and $71,000 to $92,000 in medium-sized companies. The premium of working in larger firms remains to be 8%.
The jump from first-years to junior positions leads to a 19-28% salary increase. This is quite attractive if you do plan to stay in this niche.
By the time you become senior IT Auditor, you can expect a salary range of $100,000 to $132,000 in large companies, and $91,000 to $114,000 in medium-sized companies.
The jump from junior to senior auditor is more significant this time at 24-33%.
IT Audit Managers get, on average, $116,000 to $166,000 if working in a large company, and $108,000 to $148,000 in medium-sized company.
The jump from senior to manager is around 17-30%.
Cost of Living Adjustment
We need to adjust the higher cost of living in big expensive cities, and vice versa for smaller ones. Please refer to p. 26-27 in the report for the respective adjustment percentages.
A typical IT audit team is a mixture of technical and accounting people. You don’t need to major in accounting to get this job. As you move up the ranks, however, having accounting knowledge becomes more useful because you will be thinking about the audit on a more conceptual basis.
The most relevant certification for IT audit is CISA. CPA license is preferred if you aspire to head the internal audit department. It is a must if you want to become a partner.
For those who have a master’s degree related to accounting and finance, and thus are qualified for the CPA exam, it would be a wise move to take the exam early in your career. IT audit work is generally counted as relevant experience towards the CPA licensing requirements.
With a dual CISA and CPA qualifications, you will be the expert in accounting with specialization in IT audit.
People seem to have different opinion on this. If you foresee IT auditing as your life-long career, CISA is THE certification for this niche. If you aren’t sure, or if you prefer to have a more general certification within internal audit, CIA could be a better choice.
A few choose to get both, but it is not necessary in most firms.
Some people worry about getting too specialized and being pigeonholed, but there are actually plenty of opportunities out there. Recruiters are always looking to fill IT audit positions in industry. If you don’t want to stay in internal audit, there are other positions more IT related, such as security and privacy related work.
IT audit is all about understanding the settings of various accounting and information systems, and testing access to the systems.
Most financial auditors do not understand the IT side of business. Therefore, it helps immensely if IT auditors have a good grasp of the business side. Having a CPA qualification gives IT auditors credibility with the financial team — you know what you are talking about when you push back on them!
I am the author of How to Pass The CPA Exam (published by Wiley) and the publisher of this and several accounting professional exam prep sites.
CIA India: Becoming a Certified Internal Auditor in India
Certified Internal Auditor Salary: A Guide to the CIA Salary in the U.S.A.
CIA vs CPA: Deciding Between the CIA Certification and the CPA Certification
Internal Audit Jobs: What Does an Internal Auditor Do?
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.