Most Information Management students recognize it all too well: constantly having to explain exactly what the degree entails and what kind of work might follow. Fortunately, as an IM student, you can go in many directions. One direction is IT audit. IM student Veerle Jessen explains this in more detail, after gaining some practical experience at the accounting firm BDO.
Let us first discuss “audit” in general. The purpose of an audit is to provide additional assurance to an organization’s management about the extent to which business operations are controlled and about the adequacy of risk systems. This includes related reporting, as well as related consulting. An auditor can perform their function both internally and externally, provided they remain an independent, objective observer.
There are different types of audits, but this article focuses on IT audit. IT audit is a vague term for most people. A commonly cited description of IT audit is as follows: “IT auditing is the discipline that deals with the automation of the organization and the organization of automation.” Among other things, we are concerned with assessing whether the integrity and confidentiality of data and the availability of IT systems are adequately assured. However, there is no shame in never having heard of the term IT audit. In fact, the field used to be known as EDP-Auditing (in other words, assessing Electronic Data Processing). Consequently, the focus used to be on system development departments and the computing center. With the increasing degree of automation in today’s technologies, the field now focuses more on the relationship between business processes and IT, which explains the name change to IT auditing.
IT audit is thus concerned with assessing and advising on objects of investigation in and around ICT. It often collaborates with auditors, because most administrative processes usually take place within automated information systems. As a result, it is often not possible to obtain sufficient assurance regarding the veracity of financial reports. That is where the IT Auditor comes in; he/she assesses the information systems for integrity and confidentiality. Only then can the auditor give an accurate report on the organization. Certainty about the quality of IT is not only important for the continuity and quality of vital business processes; due to today’s high demands, it is also important for transparency, IT governance and compliance. In addition to performing concrete IT audit work, you will also be involved in evaluating chosen methods and reporting and accounting for the results.
If you have completed an accredited university degree in IT auditing and have at least three years of practical experience, you are one of the Registered EDP Auditors (REs). An RE can provide more than IT assurance; an RE can also think and advise on all information technology in an organization.
So as an IT auditor, you’re dealing with processes and systems, but also with people, and that’s what makes the profession so interesting. When you are assigned a client, you ask them to provide some pieces of information (e.g., information about backups, password settings, etc.). Then you visit the client for an interview, where you often get a tour of the company in question. This way you get to see many different types of companies inside. My first client was an audiovisual company, where I got to see many gadgets and gimmicks with giant screens. The fact that you are given pieces in advance allows you to ask specific questions during the interview. You should also always stop by the server room if it’s local, to see if the necessary measures have been taken here (fire extinguisher, temperature control, locked room, etc.) Then you work out your findings in a report, and you report back to the accountant. In the first period that you work as an IT auditor, you will of course always do this together with an experienced IT auditor; you will not go to a client on your own. An IT auditor spends a lot of time working on reports, but on the other hand, he/she also sees a lot of different companies and works with a lot of different people, which makes it a versatile profession. Want to learn more about IT auditing? Then check out this link.