IT Audit For Beginners: What is an IT Audit? | ACI Learning Audit

ACI Learning | Audit

20 Oct 202112:57

Summary

TLDRIn this informative video, Chief Audit Executive Rob Clark discusses the evolution of IT auditing over the past three decades. He emphasizes the shift from segregated financial and operational audits to a more integrated approach, requiring auditors to possess both IT and security knowledge. Clark highlights the importance of continuous learning, risk assessment, and strong soft skills, including emotional intelligence and effective communication, to build trust and provide strategic advice within organizations.

Takeaways

😀 The field of IT auditing has evolved significantly over the past decades, with a shift from segregated functional focus to a more integrated approach.
🔍 Initially, IT auditing was about interfacing with systems to provide data for financial auditors, but it has since expanded to include a broader understanding of IT security and infrastructure.
📱 The prevalence of information technology has increased exponentially, with modern devices having more computing power than the large data centers of the past.
🛡️ IT auditors now need a comprehensive skill set that includes knowledge of IT security to integrate these aspects into their audits effectively.
👥 The role of an IT auditor has matured to include partnership with IT teams, emphasizing collaboration over confrontation in audits.
🌟 Emotional intelligence is crucial for IT auditors to build rapport and communicate effectively with various stakeholders, including senior leadership and boards.
📚 Continuous learning and staying updated with the latest IT and security trends is vital for IT auditors due to the rapidly changing technology landscape.
🛠️ Technical skills are essential, but they must be balanced with the ability to understand and assess risks from a strategic perspective.
📈 IT auditors should be adept at risk assessment, evaluating how technological tools and techniques can either mitigate risks or present new opportunities.
💡 Communication skills are key for IT auditors to convey complex technical information in understandable terms to non-technical stakeholders.
🚀 For those considering a career in IT auditing, having a passion for technology, coupled with strong soft skills, will set them up for success in the field.

Q & A

What is the role of an IT auditor according to Rob Clark?
-An IT auditor's role is to make a positive impact on the organization by examining IT infrastructure and security, ensuring that the organization's strategic goals are not impeded by risks.
How did Rob Clark initially get into the audit profession?
-Rob Clark got into the audit profession by mistake, not initially intending to spend a career in auditing and compliance, but finding a unique opportunity to make a positive impact.
What was the initial focus of IT auditing when Rob Clark started his career?
-Initially, IT auditing was segregated with financial auditors, operational auditors, and EDP (Electronic Data Processing) auditors, with the latter serving as an interface with systems to provide data for financial auditors.
How has the role of IT auditors evolved over time?
-The role of IT auditors has evolved from being segregated to an integrated skill set where everyone on the team has knowledge of IT security and can integrate it into audits.
What are some of the necessary skills for someone joining an IT audit team today?
-Today's IT auditors need to have a collective skillset that includes knowledge of IT security, the ability to examine IT infrastructure and security, and the emotional intelligence to integrate these skills into audits effectively.
Why is emotional intelligence important for IT auditors?
-Emotional intelligence is important for IT auditors to effectively communicate and interact with clients, technology partners, senior leadership, and the board, ensuring that technical information is conveyed in layman's terms.
What is the importance of continuous learning in the field of IT auditing?
-Continuous learning is crucial in IT auditing because technology is ever-changing, and auditors must stay updated on new tools, techniques, and security landscapes to effectively assess risks and recommend improvements.
What does Rob Clark look for in terms of technical skills for IT auditors?
-Rob Clark looks for IT auditors with a combination of technical skills and soft skills, including a passion for understanding information system structures, knowledge of cloud security, the Internet of Things, compliance regulations, and standards.
How should IT auditors approach risk assessment?
-IT auditors should approach risk assessment by starting with the organization's strategic goals and identifying what could impede the achievement of those goals, focusing on areas that could potentially impact the organization's objectives.
What is the significance of communication skills for IT auditors?
-Communication skills are significant for IT auditors to convey technical information in a way that is understood by various stakeholders, avoiding the use of jargon and ensuring that the message is clear and accessible.
What is the relationship between IT auditors and IT partners within an organization?
-The relationship between IT auditors and IT partners should be collaborative, with auditors taking on a partnership role to work alongside IT partners, fostering a 'we' rather than 'us versus them' approach.