So you want to be an IT Auditor…..

Over the course of the next few weeks, I will be posting some ten articles to help you understand what it takes to move from wherever you are to a job as an IT Auditor:

Following that will some articles on

Being an IT auditor doesn’t just mean going in and looking to see if the organization has policies and procedures. Sure it includes that. But that is just the organization saying “WHAT” they’re going to do.  IT Auditors will take that information and ask questions like, “Did you do what it says here in this procedure?”; “Can you prove that you did what it says in this procedure?”; and “Was the control you put in place, effective?”; and then follow that with the question, “Can you prove that it was effective?”


  • “Say what you do,”
  • “Do it,”
  • “Prove that you did it,” and then
  • “Prove that it was effective.”

Over the course of these articles, we’ll also talk about some specific controls that you as an IT auditor will want to look for and we’ll meld that into Industry Best Practices.  I’ll also introduce you to some of my favorite tools, which I use when doing audits.  And maybe, you’ll be able to ask the same questions of your clients.  “If you know the IT auditor is going to do a readability test of your backup media, why aren’t you doing it before the IT auditor gets here?”  One would think that if you as a client knew what the auditors were going to be looking for, you would do whatever you needed to do, so that all the answers were correct and supported.

Hopefully, at the end of these articles you will have an appreciation of IT auditing and you will be able to go into an organization, perform an audit, and add value to the business process.

Want to learn more?? The InfoSec Institute CISA Training helps you achieve the prestigious CISA certification via our highly popular 5 day CISA Boot Camp. Our boot camp is specifically designed to cover the new material that is released by ISACA every year.

Without a doubt, the gold standard credential for professional I.S. auditors is the CISA (Certified Information Systems Auditor). Because the CISA is one of the most difficult certifications to achieve, the CISA certification body, ISACA, recommends that persons sitting for the CISA exam attend a training session. Some benefits of the CISA Boot Camp are:

  • Proprietary Courseware that teaches you how to pass the CISA
  • Expert instruction from Expert Auditors
  • High energy impact approach
  • Pre-study guide prepares you to attend the boot camp prepared