

Acknowledging that owners, custodians,
and clients of information need to report
irregularities and protect its use and
dissemination
Providing users with support information
IT Auditor as Partner of Senior Management
Management needs the support of a skilled
computer staff that understands the organization’s
requirements, and IT auditors are in such a position
to provide that information.
They can provide management with an independent
assessment of the effect of IT decisions on the
business.
In addition, the IT auditor can verify that all
alternatives for a given project have been
considered, all risks have been accurately
assessed, the technical hardware and software
solutions are correct, business needs will be
satisfied, and costs are reasonable.
IT Auditor as Investigator
The IT auditor can work in the field of computer
forensics or work side by side with a computer
forensics specialist, supplying insight into a
particular system or network.
IT Audit: The Profession
The profession of IT auditing can provide a person
with exposure to the way information flows within
an organization and give its members the ability to
assess its validity, reliability, and security.
They must have interpersonal skills to interact with
multiple levels of personnel and technical skills to
understand the variety of technology used in
information
processing
activity—
especially
technology used in generating and/or processing
the company’s financial information (e.g., financial
statements, etc.).
The IT auditor must also gain an understanding of
and be familiarized with the operational
environment to assess the effectiveness of the
internal control structure.
Finally, the IT auditor must understand the
technological complexities of existing and future
systems and the impact they have on operations
and decisions at all levels.
A Common Body of Knowledge
A common body of knowledge consists of clearly
identified areas in which a person must attain a
specific level of understanding and competency
necessary to successfully practice within the
profession.
Students, especially the ones with business and
computer majors, receive a degree of base-level
training in
(1) auditing concepts and practices;
(2) management concepts and practices;
(3) computer systems, telecommunications,
operations, and software;
(4) computer
information
processing
techniques; and
(5) understanding of business on local and
international scales.
Certification
Certification is a vital component of a profession. It
will be the measure of your level of knowledge,
skills, and abilities in the profession.
In IT auditing, the Certified Information Systems
Auditor (CISA) is one of the main levels of
recognition and attainment.
There are certain requirements for candidates to
become CISA certified, such as:




Passing a rigorous written examination.
Evidencing a minimum of 5 years of
professional IS auditing, control or security
work experience.
Adhering to the ISACA’s Code of
Professional Ethics and the Information
Systems Auditing Standards as adopted by
ISACA.
Agreeing to comply with the CISA
Continuing Education Policy.
The CISA examination covers areas (or domains)
within the process of auditing IS;




Governance and management of IT;
IS
acquisition,
development
and
implementation;
IS operations, maintenance and service
management; and
the protection of information assets.
Other licenses and certifications relevant to the IT
auditor include the following:

CPA, Certified Chartered Accountant (CA),
Certified Internal Auditor (CIA), Certified