IT Audit For Beginners: What is an IT Audit? | ACI Learning Audit
Summary
TLDRIn this informative video, Chief Audit Executive Rob Clark discusses the evolution of IT auditing over the past three decades. He emphasizes the shift from segregated financial and operational audits to a more integrated approach, requiring auditors to possess both IT and security knowledge. Clark highlights the importance of continuous learning, risk assessment, and strong soft skills, including emotional intelligence and effective communication, to build trust and provide strategic advice within organizations.
Takeaways
- 😀 The field of IT auditing has evolved significantly over the past decades, with a shift from segregated functional focus to a more integrated approach.
- 🔍 Initially, IT auditing was about interfacing with systems to provide data for financial auditors, but it has since expanded to include a broader understanding of IT security and infrastructure.
- 📱 The prevalence of information technology has increased exponentially, with modern devices having more computing power than the large data centers of the past.
- 🛡️ IT auditors now need a comprehensive skill set that includes knowledge of IT security to integrate these aspects into their audits effectively.
- 👥 The role of an IT auditor has matured to include partnership with IT teams, emphasizing collaboration over confrontation in audits.
- 🌟 Emotional intelligence is crucial for IT auditors to build rapport and communicate effectively with various stakeholders, including senior leadership and boards.
- 📚 Continuous learning and staying updated with the latest IT and security trends is vital for IT auditors due to the rapidly changing technology landscape.
- 🛠️ Technical skills are essential, but they must be balanced with the ability to understand and assess risks from a strategic perspective.
- 📈 IT auditors should be adept at risk assessment, evaluating how technological tools and techniques can either mitigate risks or present new opportunities.
- 💡 Communication skills are key for IT auditors to convey complex technical information in understandable terms to non-technical stakeholders.
- 🚀 For those considering a career in IT auditing, having a passion for technology, coupled with strong soft skills, will set them up for success in the field.
Q & A
What is the role of an IT auditor according to Rob Clark?
-An IT auditor's role is to make a positive impact on the organization by examining IT infrastructure and security, ensuring that the organization's strategic goals are not impeded by risks.
How did Rob Clark initially get into the audit profession?
-Rob Clark got into the audit profession by mistake, not initially intending to spend a career in auditing and compliance, but finding a unique opportunity to make a positive impact.
What was the initial focus of IT auditing when Rob Clark started his career?
-Initially, IT auditing was segregated with financial auditors, operational auditors, and EDP (Electronic Data Processing) auditors, with the latter serving as an interface with systems to provide data for financial auditors.
How has the role of IT auditors evolved over time?
-The role of IT auditors has evolved from being segregated to an integrated skill set where everyone on the team has knowledge of IT security and can integrate it into audits.
What are some of the necessary skills for someone joining an IT audit team today?
-Today's IT auditors need to have a collective skillset that includes knowledge of IT security, the ability to examine IT infrastructure and security, and the emotional intelligence to integrate these skills into audits effectively.
Why is emotional intelligence important for IT auditors?
-Emotional intelligence is important for IT auditors to effectively communicate and interact with clients, technology partners, senior leadership, and the board, ensuring that technical information is conveyed in layman's terms.
What is the importance of continuous learning in the field of IT auditing?
-Continuous learning is crucial in IT auditing because technology is ever-changing, and auditors must stay updated on new tools, techniques, and security landscapes to effectively assess risks and recommend improvements.
What does Rob Clark look for in terms of technical skills for IT auditors?
-Rob Clark looks for IT auditors with a combination of technical skills and soft skills, including a passion for understanding information system structures, knowledge of cloud security, the Internet of Things, compliance regulations, and standards.
How should IT auditors approach risk assessment?
-IT auditors should approach risk assessment by starting with the organization's strategic goals and identifying what could impede the achievement of those goals, focusing on areas that could potentially impact the organization's objectives.
What is the significance of communication skills for IT auditors?
-Communication skills are significant for IT auditors to convey technical information in a way that is understood by various stakeholders, avoiding the use of jargon and ensuring that the message is clear and accessible.
What is the relationship between IT auditors and IT partners within an organization?
-The relationship between IT auditors and IT partners should be collaborative, with auditors taking on a partnership role to work alongside IT partners, fostering a 'we' rather than 'us versus them' approach.
Outlines
😀 Introduction to IT Auditing
This paragraph introduces the topic of IT auditing and welcomes Rob Clark, the Chief Audit Executive, who is set to share insights on the evolution of the IT auditing profession. Rob discusses his accidental entry into auditing and how it has matured over the decades. Initially, the role was segregated with financial auditors, operational auditors, and EDP auditors. The EDP auditors were responsible for interfacing with systems to provide data for financial audits. The discussion highlights the significant changes in IT, from centralized data centers to the prevalence of IT in everyday life, and the need for a modern IT auditor to have a comprehensive understanding of IT security.
🔍 The Evolution of IT Auditing and Required Skills
In this paragraph, Rob Clark delves into the evolution of IT auditing, emphasizing the shift from segregated roles to an integrated skill set where auditors are expected to have knowledge of IT security. He discusses the importance of continuous learning and adapting to the ever-changing IT landscape. Rob also mentions the need for auditors to understand risk assessment and the application of emerging tools and techniques within an organization. The paragraph underscores the balance between technical skills and the ability to communicate effectively with various stakeholders, including IT partners and senior leadership.
🤝 Building Effective IT Audit Teams
This paragraph focuses on the soft skills necessary for IT auditors to be effective in their roles. Rob Clark stresses the importance of communication skills and emotional intelligence to interact with clients, technology partners, and senior leadership. He highlights the need for auditors to translate technical jargon into layman's terms to ensure that their messages are understood and to foster an environment where questions are encouraged. The paragraph also touches on the importance of developing communication skills to establish auditors as valued advisors and strategic thought partners within an organization.
Mindmap
Keywords
💡IT Auditing
💡Chief Audit Executive
💡EDP Auditors
💡Information Security
💡Cybersecurity Posture
💡Risk Assessment
💡Technical Skills
💡Soft Skills
💡Emotional Intelligence
💡Partnership
💡Continuing Education
Highlights
Introduction to IT auditing and the role of the chief audit executive, Rob Clark.
Evolution of IT auditing from segregated functional focus to an integrated skill set.
Historical perspective on the transition from EDP auditors to modern IT auditors.
The importance of IT auditors understanding the organization's impact on data security.
The shift from physical data center control to mobile computing capacity.
The necessity for IT auditors to have knowledge of IT security in audits.
Skills required for joining an IT audit team, emphasizing collective skills and knowledge.
The expectation for auditors to examine IT infrastructure and security.
Importance of emotional intelligence in IT auditing for effective communication.
The role of auditors as partners with IT teams for a positive impact.
The need for continuous education and expanding skill sets in IT and security.
Technical skills required for IT auditors, including understanding information system structures.
The significance of risk assessment and the balance between technology and risk management.
Importance of soft skills in IT auditing, especially communication and emotional intelligence.
The challenge of translating technical jargon into understandable terms for stakeholders.
The future of IT auditing and the combination of technical and soft skills for success.
Encouragement for those interested in IT auditing to pursue the field for its impact potential.
Call to action for viewers to subscribe for more content on IT auditing.
Transcripts
are you interested in the field of i.t
auditing do you want to become an i.t
auditor stay tuned for more information
[Music]
[Applause]
welcome to this video we're going to
talk a bit about it auditing and with us
today is rob clark he's the chief audit
executive and very knowledgeable about
the history of it auditing and i look
forward to his insights in terms of how
the profession has evolved rob can you
start out by telling us a little bit
about what has been the evolution and
how we have matured in terms of what i.t
auditing is all about well thank you dr
murdock it's a pleasure to be here and
uh yes i'd i can talk about the history
of it auditing because
i am that old i've been doing this now
for i can't even believe i'm old enough
to say that i've been doing this for for
three decades but
i got into auditing
really
kind of by mistake i really didn't think
that i was going to end up spending a
career in auditing and compliance
but what i found was a very unique
opportunity
to make a positive impact on the
organization and when i first got into
the audit profession it was it was very
segregated in terms of its functional
focus we would have
financial auditors on one side of the
audit house we would have perhaps some
operational auditors and then we would
have what was referred to as
edp auditors electronic data processing
auditors so yeah i'm kind of dating
myself
and
the function of the edp auditors back in
the day was to more or less
be the interface
and with the systems in order to provide
data
for the financial auditors so that they
could do some of their sampling and
analysis
and
and occasionally the edp auditors would
end up having conversations with and
interacting with the folks within the
data center
and computing back at that point was
largely controlled through
a key
in the door
in the lock of a door because we were
separating and controlling access to our
key data because it all resided in one
data center
and now boy have times to change right
because now information technology is so
prevalent and we have on
our phones the computing capacity that
used to take up
racks and racks and huge buildings in
and of themselves so now what we're
looking at is the migration of
uh i don't have on my teams anymore
people who just have the title of a
financial auditor or an operational
auditor or even just an i.t auditor i'm
looking for that that integrated skill
set where
everyone on the team is going to be able
to have a certain knowledge of it
security so that we can integrate those
into our audits
so what are some of the skills that are
necessary to be able to join such a team
well i think one of the things that that
i look for as when i'm building out an
internal audit team
is is really the if we're looking at it
from the perspective of the chief
auditor our responsibility is to ensure
that we have the collective skills
knowledge and competencies in order to
be able to accomplish our audit plan and
in every audit function there is going
to be
the expectation that we are going to
examine our i.t infrastructure in our
i.t security uh you you get into a board
room and you're given a presentation and
people expect you to actually speak to
what the posture of cyber security is
for your organization
so what i look for when we are building
out a team and for somebody who's
watching this who's perhaps giving
consideration to
venturing into the world of auditing
what i would say is it's a it's a
wonderful field to get into
because you have an opportunity to make
an impact on our organizations in a very
unique way
and what i look for is not only those
who have the
the skills knowledge and competencies
and awareness of the concepts of
information security and information
systems but also those who have the
the lack of a better term the emotional
intelligence to be able to figure out
how we can integrate that
the last thing we want to do is go into
an engagement and start throwing around
a bunch of buzzwords and trying to take
the position
and try to impress the i.t partners
within our organization
that we are subject matter experts in
all things i.t it's the first way to
lose credibility what we want to do is
actually come alongside of our i.t
partners and i use that term partners
intentionally because i believe that the
best way for us to be able as auditors
to be able to affect change and to have
a positive impact
is for us to take on that partnership to
get on the same side of the table as it
were
and and actually i do that in in our
entrance conferences we we don't i try
not to
sit directly across the table and have
that sort of us versus them
approach but really to get on the same
side of the table and say let's look at
these things together so the it auditor
has to be familiar with what the
landscape of risks is and those are ever
changing so i look for somebody who has
a that constant burning desire for
continuing education for always wanting
to learn and expand their skill sets in
all things related to i.t and security
so what are some of the the hot topics
these days i'm going to ask you in a few
moments so you can start getting ready
mentally for soft skills but let's start
with the technical side of the skill set
so what are some of the the technical
skills that you will wish that it
auditors who are interested in this
field will have as they begin their
journey
well uh it does have to be a combination
of the technical skills and soft skills
but let's talk about the technical
skills first
i think for somebody who is considering
entering the field of i.t auditing
chances are if i'm talking to that
person right now if we're talking to
that person it's somebody who just has a
passion for
the
maybe they
define themselves as a nerd uh and and
somebody and i use that term
affectionately i refer i put myself in
that same category so i'm not saying
that disparagingly but somebody who
really has an understanding of and a
desire to understand all of the
different aspects of what it takes to
to build an information system structure
at an organization everything from
cloud security to the internet of things
to understanding all of the compliance
regulations and the the standards the
guidance uh somebody who
is not afraid to sit down and go through
all 800 pages of the nist guidance the
national institute of standards and
technology guidance because that
actually provides a really good
framework for all of the things that we
as an organization need to be focusing
on so i look for somebody who has the
technical expertise
perhaps they have come from an i.t
background or in their education or in
prior jobs
but it doesn't necessarily require an
advanced degree in computer science in
order to be a good
it auditor it takes the aptitude and the
desire to constantly learn
because the technology is ever changing
and so i look for somebody who is
passionate about trying to expand their
skill sets on a continuing basis
you mentioned in passing just a moment
ago risk assessment and just awareness
about risk so from what you just
described it sounds to me as though they
need to be able to balance some of the
technologies and the techniques and the
different uh tools that are available
and continue to emerge just about every
day and be able to think from a risk
perspective in terms of how does this
help us either neutralize some of the
risks that can impact organization and
and threaten its is
its ability to achieve its objectives
but also as an opportunity how can this
tool technique be applied in my
organization perhaps as a recommendation
for the organization to consider uh and
perhaps adopt is that also very
important in this case oh it's critical
everything has to start from an
understanding of the risk and there's a
there's a couple words that you just
mentioned as you tee that up that i want
to be able to kind of pull out
one is just the concept of the
evaluation of risk and the other thing
that you the other word that you
mentioned is tools
so we ought to as auditors in order to
be effective at helping to identify
areas of risk or to utilize tools in the
assessment of that and when we're
talking about risk i think it's
important that we define what we mean by
risk usually if you're having a
conversation and and oftentimes when i'm
teaching classes i ask people to say how
would you define risk and typically the
first things that people come up with
are
fraud or security breach
or something that is really
you know that they would categorize as a
really adverse impact to the
organization
i like to kind of bring it back a little
bit to say let's start with defining
risk as
those things that would potentially
impede the organization's ability to
achieve its strategic goals
so starting
in the in a risk assessment process with
what are our organizational goals
and what is the the corporation the
company's goals mission vision what is
it that we are trying to accomplish and
then asking the question of
what would prevent us from achieving
that
what would impede our ability
very very good
along those lines then what kinds of
soft skills are very very important to
be able to do that effectively
uh well that that balance i'm glad we're
talking about both of those because in
order for an auditor to be effective in
order for an i.t auditor to be effective
there has to be that combination of
the the skills knowledge and
competencies so it's not just the
technical skills
the thing that i see
and i've seen over the years uh in
trying to develop our i.t audit uh staff
and that side of the house those people
who have the those those uh technical
skills is that
sometimes there is a gap in
the communication skills uh what we look
for is and i mentioned this earlier in
terms of the emotional intelligence what
we mean by that is the way that we are
able to communicate interact with uh not
only our clients and our technology
partners within the organization but the
senior leadership the board the people
to whom we're going to be communicating
and i think it's absolutely critical to
make sure that auditors have a an
ability to take the technical
and boil it down into layman's terms the
last thing that we want to do is go into
a board meeting and start throwing
around a bunch of acronyms and trying to
impress the uh the the audience the
recipients of your message with how
smart you are and how many uh you know
how technical your your knowledge is
because what i see when sitting in some
of those board meetings is that when
people's eyes begin to glaze over
because they don't quite understand what
it is that we're trying to convey
then two things happen number one they
begin to just tune out number two
they're afraid
to ask questions
because they don't want to expose
themselves as not having knowledge about
what it is that you're talking about and
so it's our job as auditors to
communicate in a way that our message is
going to be understood and received so
what i look for is the development of
those communication skills so that we
can really take on
that
perspective of being a partner a valued
advisor a strategic
thought partner with leadership
you combine those skills those soft
skills with the technical skills and
you've got a bright future in this
industry thank you so much for helping
us better understand what are some of
the key attributes skills competencies
and expectations that someone who is
contemplating joining audit and in
particular i.t auditing and how they can
become successful so your input has been
very helpful in better understanding how
technical skills need to be balanced
with soft skills and to our viewers
we have a lot more content to share with
you so please subscribe to our channel
there's a lot there for you
[Music]
you
Посмотреть больше похожих видео
Audit Risk Model
Video en Español: “Auditoría Interna: Una Carrera para Hoy, Una Carrera para Mañana”
Top 3 Issues with Audit Programs | Plexus International
Generally Accepted Auditing Standards GAAS
Delving into Key Audit Matters: auditor responsibilities under ASA/ISA701
2.3 Overview of the Audit Process Audit Planning Risk Assessment
5.0 / 5 (0 votes)