An IT auditor is responsible for analyzing and assessing an organization's technological infrastructure to find problems with efficiency, risk management and compliance. Credit: stevanovicigo / Getty What is an IT auditor? An IT auditor is responsible for analyzing and assessing a company’s technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations. An IT auditor also identifies any IT issues that fall under the audit, specifically those related to security and risk management. If issues are identified, IT auditors are responsible for communicating their findings to others in the organization and offering solutions to improve or change processes and systems to ensure security and compliance. The IT auditor role The role of an IT auditor involves developing, implementing, testing and evaluating audit review procedures. You’ll be responsible for conducting IT and IT-related audit projects using the established IT auditing standard in your organization. The audit process can extend to networks, software, programs, communication systems, security systems and any other services that rely on the company’s technological infrastructure. It’s an essential role for organizations that rely on technology given that one small technical error or misstep can ripple down and impact the entire company. IT audits are important for evaluating internal control and processes in an effort to keep the organization and its data secure from external or internal threats. IT audit responsibilities As an IT auditor you will be responsible for running several audits of an organization’s technologies and processes. IT audits are also referred to as automated data processing (ADP) audits and computer audits. In the past, IT audits have also been labeled as electronic data processing (EDP) audits. Companies may also run an information security (IS) audit to evaluate the organization’s security processes and risk management. The IT audit process is typically utilized to asses data integrity, security, development and IT governance. There are several types of IT audits, including: Technological innovation process: an audit process that creates a risk profile for current and future projects with a focus on the company’s experience with those technologies and where it stands in the market Innovative comparison audit: an audit that looks at an organization’s ability to innovate compared to competitors and evaluates how well the company produces new products Technological position audit: an audit that examines current technology in the organization and future technologies that will need to be adopted Systems and applications: an audit process that specifically evaluates whether systems and applications are controlled, reliable, efficient, secure and effective Information processing facilities: an audit to evaluate an organization’s ability to produce applications even in disruptive conditions Systems development: an audit for verifying that systems that are being developed are suited for the organization and meet development standards Management of IT and enterprise architecture: an audit of the IT management’s organizational structure for information processing Client, server, telecommunications, intranets and extranets: audits to examine controls on client-connected servers and networks IT auditor salary According to data from the Robert Half Technology 2019 Accounting and Finance Salary Guide, the average salaries for an IT auditor ranging from entry level to manager are as follows: Seniority25th percentile50th percentile75th percentile95th percentileManager$97,500$118,250$140,750$185,500Senior$75,750$92,500$109,750$145,7501 to 3 Years$62,250$76,000$90,250$119,000Up to 1 Year$42,250$51,250$61,000$80,250 Robert Half defines the 25th percentile as candidates new to the role, still developing skills or who are working in a market with low competition or at a smaller organization. The 50th and 75th percentiles encompass candidates who range from average experience and skills to those with stronger skillsets, specializations and certifications, according to Robert Half. Both groups typically work in roles with more complexity or in markets with higher competition. Robert Half’s 95th percentile includes those with highly relevant skills, experience and expertise who are working in a highly complex role in a very competitive market. IT auditor skills The skills you need as an IT auditor will vary depending on your specific role and industry, but there’s a general set of skills that all IT auditors need to be successful. Some of the most commonly sought skills for IT auditor candidates include: IT security and infrastructure Internal audit IT risk Data analysis Data analysis and visualization tools (ACL, MS Excel, SAS, Tableau) Security risk management Security testing and auditing Computer security Internal auditing standards including SOX, MAR, COSO and COBIT Analytical and critical thinking skills Communication skills IT auditor job requirements Entry-level IT auditor positions require at least a bachelor’s degree in computer science, management information systems, accounting or finance. You’ll want a strong background in IT or IS and experience in public accounting or internal auditing. The job requires a strong set of technical skills, with a strong emphasis on security skills, but you’ll also need soft skills like communication. You’ll be responsible for not only identifying issues during an IT audit but also explaining to leaders outside of IT what is wrong and what needs to change. Analytical and critical thinking skills are also crucial, as you’ll need to evaluate data to find trends and patterns to identify IT security and infrastructure issues. IT auditor certifications If you want to get certified as an IT auditor, Robert Half Technology points to two specific certifications that are useful for IT auditors. These include: Certified Information Systems Auditor (CISA): The CISA certification is offered through the ISACA and is designed specifically for IS professionals and IT auditors. Before you can earn your CISA certification, you’ll need at least five years of professional experience in the field. Certified Information Security Manager (CISM): The CISM certification is designed for information security managers and focuses on designing, building and maintaining IS programs. To earn your CISM certification you’ll need at least five years of IS experience and three years as a security manager. More on IT audits: 10 ways you’re failing at IT audits How to survive a management audit The 11-point audit for your Salesforce.com system Related content feature Expedia poised to take flight with generative AI CTO Rathi Murthy sees the online travel service’s vast troves of data and AI expertise fueling a two-pronged transformation strategy aimed at growing the company by bringing more of the travel industry online. By Paula Rooney Jun 02, 2023 7 mins Travel and Hospitality Industry Digital Transformation Artificial Intelligence case study Deoleo doubles down on sustainability through digital transformation The Spanish multinational olive oil processing company is immersed in a digital transformation journey to achieve operational efficiency and contribute to the company's sustainability strategy. By Nuria Cordon Jun 02, 2023 6 mins CIO Supply Chain Digital Transformation brandpost Resilient data backup and recovery is critical to enterprise success As global data volumes rise, business must prioritize their resiliency strategies. By Neal Weinberg Jun 01, 2023 4 mins Security brandpost Democratizing HPC with multicloud to accelerate engineering innovations Cloud for HPC is facilitating broader access to high performance computing and accelerating innovations and opportunities for all types of organizations. By Tanya O'Hara Jun 01, 2023 6 mins Multi Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe