IT Audit Careers Guide
Welcome to the IT audit and information assurance careers guide, explaining what IT audit and information (or cyber security) assurance is, who does it, how to get in to it and how to progress as a specialist information systems auditor or cyber security assurance professional.
This was originally posted on a website called ISRisk, and I have now updated and reposted it here because - 15 years later - it’s still popular. So much so that people were pulling it from Wayback Machine. So now, if you like it, it’s here to stay. I hope you find it useful as you set out on your journey in audit and assurance.
PS > If you’d like to be notified when I add to and update this guide, you can enter your email at the bottom of the page.
Part 1: Intro to Audit, IT Audit & Information Assurance
-
1.1 Introduction
Find out what audit, IT Audit and Information Assurance are really about.
-
1.2 Is IT audit right for you?
What qualities are needed to be a good IT auditor or assurance pro?
-
1.3 Understanding the role of audit
How does business risk work, and what is the role of audit?
-
1.4 What makes a good or bad auditor?
Are you a good auditor or a bad auditor? Find out!
-
1.5 What do IT Auditors actually do?
What does a typical day look like as an auditor?
Part 2: Qualifications and Training
-
2.1 Choosing a path
What should we know about the services you provide? Better descriptions result in more sales.
-
2.2 CISA
ISACA’s CISA certification is the benchmark qualification for IT Audit.
-
2.3 CISM
ISACA’s CISM certification competes with CISSP as a top qualification for Information Security managers.
-
2.4 CISSP
The most recognised qualification in information security. Is it right for you?
-
2.5 ISO27001 Lead Auditor
Description goes here -
2.6 Projects & Change
With IT change projects come new risks. Are you ready to keep things on track?
-
2.7 The bootcamp experience: How to pass your qualification
Online study or an intensive course? Read my personal experience.
-
2.8 Security & Penetration Testing
Description goes here -
2.9 Professional Qualifications for IT Audit
List of key professional qualifications for IT Audit & Assurance careers
Part 3: Which type of assurance role is right for you?
-
3.1 External Auditors
What should we know about the services you provide? Better descriptions result in more sales.
-
3.2 Internal Auditors
What should we know about the services you provide? Better descriptions result in more sales.
-
3.3 IT Auditors
What should we know about the services you provide? Better descriptions result in more sales.
-
3.4 Operational Risk & Assurance
Description goes here -
3.5 Technical Security Testing
Description goes here -
3.6 Making sure you're valued
Description goes here -
3.7 Where can IT audit take you?
Description goes here
Part 4: Endnotes
-
4.1 Arthur Miller on IT Audit
What can we learn about tech audit from the great playwright?
-
4.2 Applying Cyber Security Assurance
What types of cyber security assurance apply to the business you work in?
Recommended IT Audit Careers Resources - all free to read
-
AuditGuru IT Audit Careers Guide
Lots of helpful information about careers in audit, definitely check it out.
-
CareersInAudit IT Audit
Some useful tips from this audit jobs site. Also, jobs.
-
Barclay Simpson Salary Guide
well established UK-centric salary guide covering IT audit roles. They also produce one for information security roles.
-
IIA Competency Framework
Skills and competencies required for internal audit roles from the Institute of Internal Auditors (applies just as much to IT assurance as it does finance and operational audit).
-
IT Audit Career Path
US-centric (but widely relevant) guidance for IT auditors looking to follow a CPA / CIA career path in the United States.
-
Qualifications links
Find links to relevant professional bodies and qualification providers in this list.