The IT Auditor
A rarer species and often seen as the least colourful, IT auditors (sometimes referred to as Computer Auditors, or Information Assurance) can often be found flocking alongside general audit cousins who they will often support in complex technical areas. The role is more closely related to the internal auditor, and you will find many IT auditors in Internal Audit teams, working to cover key areas of information technology risk. The role is requires a skills set that is both wide and deep, and therefore different IT auditors will often specialise, if informally, within their team. Reflecting the relative rarity of the skillset, IT auditors are generally a little more costly to keep.
They come from two main areas – operational IT staff, who bring a stronger technical background; and accountants and general auditors, who bring a stronger business focus and understanding of risk. As the role has developed over time qualifications have sprung up to support them – you may well find the IT auditor you are looking at has qualifications such as CISA, CISSP, Prince 2, ISO27001 Lead Auditor, QiCA, and others. They will often have technical IT qualifications such as MCSE or CCNA, or accountancy qualifications as with an external auditor.
It is not unknown for auditors to move from one group to another in the course of their lifetimes, or for them to move between audit and operational roles. The perception of audit varies very much in different organisations. In some, auditors are a revered species, groomed as future senior managers. In others, they are seen as toothless tigers, fulfilling a token role. In most cases, the truth is somewhere between the two. How you see your auditor is up to you, but if you watch them carefully you may just learn something useful.