What do auditors do all day?
Updated from the original published on July 1, 2010
If you’ve ever sat at your desk wondering what exactly the bunch of outsiders hanging out in the audit room find to do with their time, or if you’re thinking of a career in audit but just can’t figure out what you will actually be doing all day, this is the article for you.
Here is my list of the top ten day-to-day tasks auditors undertake:
Planning audits - This means reviewing files, researching the company, reading board minutes, accounts, and news articles – trying to gain an understanding of where the company is at the time of the audit, and also so that during the audit you can assess it’s plans, direction and risks, and also consider whether their IT infrastructure and strategy are fit for purpose.
Arranging meetings - Harder than it sounds, arranging audits, planning meetings, liaising with clients and management.
Holding meetings - For most operational staff being audited, this is the visible bit. Auditors hold meetings with relevant staff to understand systems, processes and controls and to obtain evidence to support their operation.
Writing notes - Everything must be documented. That means plenty of paperwork – at least 70% of the total time. Writing up meetings, writing up fieldwork and testing, referencing files, copying documentary evidence, writing audit reports, and preparing files for review.
Closing audits – holding ‘exit meetings’ to go through findings with management, and dealing with audit file review points.
Interrogating systems and data analysis – interviews in other words, but with machines rather than people. This is generally IT auditors, or possibly general auditors using CAATs – Computer Assisted Audit Techniques.
Management – communicating with client, planning future audits, reviewing files and other such tasks.
Learning – undertaking training, wither formal or informal. Also learning ‘on the job’ with someone more experienced, or bringing a more junior colleague up to speed.
Reporting – the key deliverable for auditors is a report which normally goes to the board audit committee. First there is a draft report, for discussion with management. Responses from management, setting out what action they intend to take, are then incorporated into a final report.
Travelling – auditors often do more than most. Unless you work for a large centralised company, auditors often have to travel nationally and internationally to visit clients and conduct fieldwork.
One thing underlies all this – it’s all about producing evidenced, objective findings and communicating them effectively and constructively to both audit management and the client.
There is something in audit for everyone, but no-one would pretend that every task will have you rooted to the edge of your seat. If you enjoy communicating, think before acting, and don’t mind being organised, there should be nothing in this list to surprise you.
How do these activities reflect your role or understanding? Help others considering a career in IT audit and cyber security assurance by sharing in the comments below.
