Spotterful

Main Responsibilities and Required Skills for IT Auditor

employer showing reporting and dashboard on a laptop

An IT Auditor is a professional who is responsible for performing audits of security, IT operations, business processes and IT projects of an organization. They assess the effectiveness and efficiency of IT systems, identify any potential risks or vulnerabilities, and ensure compliance with relevant regulations and standards. In this blog post we describe the primary responsibilities and the most in-demand hard and soft skills for IT Auditors.

Get market insights and compare skills for other jobs here.

Main Responsibilities of IT Auditor

The following list describes the typical responsibilities of an IT Auditor:

Apply

Apply professional judgement in evaluating results to determine risk, potential issues, and impact.

Assess

  • Assess the risk and control environment for processes within coverage areas.

  • Assess risks and controls, and evaluate the design of business processes with minimal guidance.

Assist in

  • Assist and provide guidance to the Audit Services Group staff, when needed.

  • Assist division management in the implementation of audit recommendations.

  • Assist in development of audit reports, and present results and recommendations to management.

  • Assist in identifying and reporting of issues during the audit.

  • Assist in identifying process gaps and inefficiencies.

  • Assist in performing assessments of technology processes, tools and technologies new to the company.

  • Assist in planning engagements based on technology and business risk.

  • Assist in the development of scope and planning for IT internal audits and integrated audits.

  • Assist in the execution of key areas of each audit engagement.

  • Assist in the planning of the annual SOX program and development of the annual test plan.

  • Assist in work paper documentation and assembly.

  • Assist Management and Sr Auditors with operational reviews.

  • Assist our DoD clients with their FISCAM IT Audit by Assessing the the current state of IT systems.

  • Assist supervisor in the drafting of IA reports based on findings and recommendations.

  • Assist the Manager with the development of the annual SOx testing plan.

  • Assist with executing internal audit procedures to identify and define audit issues and root causes.

  • Assist with special projects such as IT operational audits and other department projects.

  • Assist with testing the effectiveness of Internal Controls.

Build

  • Build and maintain relationships with local IT management.

  • Build and maintain strong relationship with internal and external business partners.

  • Build trust with others through personal authenticity and follow-through on commitments.

Capitalize

Capitalize on the diverse perspectives and talents of the whole team in accomplishing objectives.

Carry out

Carry out the vision and mission of Internal Audit to enhance and protect organizational value.

Collaborate

  • Collaborate to define IT security standards and update / develop supporting organizational policies.

  • Collaborate with management and senior leadership to improve internal controls and processes.

Communicate

  • Communicate audit results to IA Senior Management and business stakeholder.

  • Communicate complex technical issues in understandable terms to the relevant staff and management.

  • Communicate professionally with ability to effectively present to peers and management.

Complete

  • Complete assessments / training as necessary, against NIST cybersecurity standards and CMMC.

  • Complete systems, operational or compliance audits using a risk-based methodology.

Conduct

  • Conduct audits of Security, IT operations, business processes and IT projects.

  • Conduct interviews, walkthroughs and detailed testing.

  • Conduct training on security features.

Coordinate

Coordinate response to complete RFP and security questionnaires.

Create

Create detailed action plans, sets realistic goals, identifies success criteria.

Cultivate

Cultivate positive relationships with business leaders and auditees.

Demonstrate

Demonstrate accountability and promote a sense of urgency.

Develop

  • Develop and maintain strong client relationships within IT and the business units.

  • Develop collaborative working relationships within and across functions.

  • Develop recommendations for audit findings, focusing on strengthening ITGCs, quality and efficiency.

Devise

Devise and implement network security policies and procedures.

Document

  • Document audit testing and conclusions.

  • Document test results in work papers ready for audit management review.

Draft

Draft high-quality audit reports for provision to executive management.

Encourage

Encourage others to learn and continually looks for ways to improve the business.

Establish

Establish and build effective relationships.

Evaluate

  • Evaluate and influence the effectiveness of IT controls and processes.

  • Evaluate and test the design and operating effectiveness of controls and anti-fraud programs.

  • Evaluate, design and implement controls that make processes efficient or utilize new technologies.

  • Evaluate information general computing controls (GCC) and provide value added feedback.

Facilitate

  • Facilitate the control and process owner certifications.

  • Facilitate the integration of risk management into day-to-day business activities and processes.

Follow

Follow safety & environmental policies and procedures.

Follow-up

Follow-up on audit recommendations to assess appropriateness of risk mitigation measures taken.

Help

Help plan audits and perform related risk assessments in support of audit leads and management.

Identify

  • Identify and develop automation scripts to perform full or partial controls testing.

  • Identify opportunities for new services, methodologies or work process for teams and clients.

  • Identify, understand, and document processes and procedures surrounding IT internal controls.

  • Identify weaknesses in the system and create action plan to prevent security breaches.

Influence

Influence change and provide insights on business initiatives, including system implementations.

Inform

Inform audit management of project status and results.

Interact with

  • Interact well with different people and able to work in a multi-cultural environment.

  • Interact with audit project team members in working towards departmental goals.

Interface with

Interface with IT units and business partners to provide guidance and support.

Investigate

  • Investigate and develop audit solutions for unique and / or complex situations.

  • Investigate and implement straightforward problem resolution within own area of responsibility.

Keep

Keep up to date with changes in regulations, governance and best practices.

Lead

  • Lead and conduct audit engagements and follow-up reviews as determined by the internal audit plan.

  • Lead efforts related to design and execution of IT SOX audit.

Maintain

  • Maintain list of authorized vendor exceptions and compliance deadlines.

  • Maintain list of vendors and current compliance status.

  • Maintain technical and practical knowledge about clients and industry.

Make

Make recommendations on ways to improve audit processes.

Manage

  • Manage audit KPIs including deadlines and project milestones.

  • Manage internal SOX software requirements.

  • Manage vendor compliance documentation and evidence.

Obtain

Obtain appropriate training.

Offer

Offer meaningful recommendations that address the root cause rather than symptoms.

Organize

Organize and reference work papers.

Oversee

Oversee findings follow-ups to ensure implementation of recommendations.

Participate in

  • Participate in annual planning, including completion of risk assessment for assigned areas.

  • Participate in audit planning activities, including risk assessments, research and interviews.

  • Participate in a variety of special projects.

  • Participate in a variety of special projects and other duties as assigned.

  • Participate in regulatory assessments like SOX testing for Abbott.

  • Participate in the Annual Risk Assessment of Information Technology processes and systems.

  • Participate in the recruiting and onboarding of new members of the department.

Perform

  • Perform and lead internal resources and third-party auditors to conduct compliance and IT SOX audits.

  • Perform audit work as assigned leveraging a risk based methodology.

  • Perform audit work as Senior or Lead Auditor on Integrated and Application audit assignments.

  • Perform compliance assessments on new and existing systems, processes, and technology.

  • Perform integrated, operational, and IT audits.

  • Perform IT audits such as information security and IT infrastructure, network, etc.

  • Perform other duties, as assigned.

  • Perform pre and post- implementation reviews of system implementations or enhancements.

  • Perform pre-implementation and / or post-implementation reviews of IT implementations.

  • Perform related work as assigned by audit management.

  • Perform risk assessments and assist in preparing schedules or reports for executive management.

  • Perform walkthroughs with process owners to understand processes and internal control procedures.

  • Perform work from end to end under supervision of auditor in charge.

Prepare

  • Prepare and report results to CAE and Audit Committee.

  • Prepare and review audit reports that are accurate, clear, and concise.

  • Prepare audit plans and understand the specific risks / issues to be evaluated.

  • Prepare audit reports and ensure audit findings and recommendations are practical and sustainable.

  • Prepare audit reports to document audit scope, procedures, findings and recommendations.

  • Prepare audit reports with clear and concise messages, providing value added feedback.

  • Prepare audit workpapers to ensure compliance with the division's risk-based audit methodology.

  • Prepare clear, concise, and accurate documentation and audit reports.

  • Prepare crisp, concise audit reports for review by Manager, Director and Chief Auditor.

  • Prepare reports on findings for management / external auditors.

  • Prepare work papers with particular focus on documentation and analysis to support findings.

Present

Present clear and concise findings to Internal Audit leadership and the IT management team.

Prioritize

Prioritize activities to ensure achievement of engagement objectives.

Propose

Propose recommendations and solutions to issues identified during the audit.

Provide

  • Provide advisory services, investigations, and other ad hoc projects.

  • Provide concise and meaningful updates to leadership.

  • Provide effective communication and education of the internal control policies.

  • Provide effective recommendations and solutions to issues identified during the audit.

  • Provide guidance to team members.

  • Provide informal guidance to junior team members within the department.

  • Provide input for and participate in the annual IT risk assessment process.

  • Provide inputs on the annual risk assessment and plan development.

  • Provide staff and business partners guidance and feedback on effective internal control practices.

  • Provide support in the preparation of Internal Audit reports for leadership and the Audit Committee.

  • Provide support to external auditors, in matters dealing with IT system controls.

  • Provide support to the business to implement IT and operational improvements.

Pursue

Pursue work with enthusiasm, energy, drive, and team collaboration.

Receive

Receive on the job training, coaching sessions from in-charge auditor, manager.

Recommend

Recommend control improvements to mitigate key risks.

Report

  • Report all accidents, injuries and near misses, and participates in associated investigations.

  • Report findings to management and communicates recommendations for corrective actions.

Review

  • Review and evaluate IT and Process controls in compliance with the Sarbanes-Oxley Act of 2002.

  • Review and evaluate the adequacy and effectiveness of Internal Controls.

  • Review Audit test results or interpret evidence for vulnerabilities, gaps, or control deficiencies.

  • Review, evaluate, and test automated application controls.

  • Review, from a risk a control prospective, IT integration projects.

  • Review IT audit working papers in accordance with internal audit standards.

Stay current with

Stay current with the trends in the relevant industries and IT auditing.

Stop

Stop and / or report any unsafe work or conditions.

Submit

Submit staff and budget to complete the project to the Senior Manager.

Support

  • Support internal and external audit process for relevant compliance.

  • Support multiple simultaneous security audit projects to ensure time and quality objectives are met.

  • Support of Internal Audit with your knowledge of SAP and the data within the system.

  • Support other department initiatives and deliverables as needed.

  • Support others without being asked for help.

  • Support preparation of reports with guidance and follow up on implementation of recommendations.

  • Support safety & environmental goals and initiatives.

  • Support the development of other team members within the Audit Services Group department.

  • Support the development of technical subject matter expertise among others in the department.

Tailor

Tailor project approaches based on areas of key risks.

Take

  • Take a leadership role in the development and implementation of our audit methodology and program.

  • Take initiative to consider and recommend problem resolution to audit team and manager.

  • Take ownership of assigned tasks and seek out ways to improve processes.

  • Take ownership of projects and results.

Track

  • Track resolution of reported issues.

  • Track status of outstanding responses to audit reports.

Train

  • Train and coach junior team members to help their career growth.

  • Train staff during fieldwork.

Troubleshoot

Troubleshoot security network problems.

Understand

  • Understand and interpret information security policy to execute effective IT Audit procedures.

  • Understand and perform root cause analysis for issues.

Undertake

Undertake reviews of IT management policies and procedures.

Update

Update Audit Director with status of job.

Utilize

Utilize data analysis tools and provides data driven insights to support work.

Validate

Validate the completion of agreed action plans under the guidance of a supervisor.

Work with

  • Work closely with auditees to verify timely progress and completion of agreed action plans.

  • Work proactively with the business to identify the risks and challenges facing the Company.

  • Work with internal resources and third-party auditors to conduct compliance audits.

  • Work with multiple stakeholders.

  • Work with new technologies including Automation, Cloud, Digital.

  • Work with third-party co-sourced IT internal audit ("IA”) provider, under direction of supervisor.

  • Work with various business units to ensure controls are adequate, appropriate, and effective.

Write

Write clear, concise and constructive IT audit reports based on facts, severity and risks.

Most In-demand Hard Skills

The following list describes the most required technical skills of an IT Auditor:

  1. CISA

  2. CISSP

  3. Accounting

  4. CISM

  5. Cobit

  6. Project Management

  7. IT Audit

  8. Information Systems

  9. Finance

  10. Audit

  11. Coso

  12. Data Analytics

  13. ACL

  14. CPA

  15. SAP

  16. Information Security

  17. Risk Management

  18. Itil

  19. Management Information Systems

  20. Nist

  21. Compliance

  22. Business

  23. ISO

  24. Oracle

Most In-demand Soft Skills

The following list describes the most required soft skills of an IT Auditor:

  1. Written and oral communication skills

  2. Analytical ability

  3. Interpersonal skills

  4. Organizational capacity

  5. Leadership

  6. Presentation

  7. Influencing

  8. Problem-solving attitude

  9. Work independently with little direction

  10. Attention to detail

  11. Multi-task

  12. Work ethic

  13. Commitment

  14. Curious

  15. Teamwork

Restez à l'affût du marché de l'emploi dans le sport!

Abonnez-vous à notre infolettre