Nobody likes the word “audit.” That is unless you are, or are thinking about becoming, an IT auditor, which is one of the fastest growing career areas in IT according to CareerProNews. Since the passage of information legislation, like Sarbanes-Oxley, IT audits have increased, and so has the need for people to do them.

An IT audit is basically the process of collecting and evaluating evidence of an organization’s information systems, practices, and operations. IT auditors look not only at physical controls as a security auditor would, but they also look at business and financial controls within an organization.

IT auditors help organizations comply with legislation, making sure they keeping data and records secure. These auditors don’t actually implement any fixes; they just offer an independent review of the situation.

Fred Roth, a senior consultant at a training institute, says he believes the demand for IT auditors will continue for the next couple of years: “I talk to a lot of management from companies in the U.S., Canada and Europe. The answers are always the same — they cannot find enough good IT auditors.”

So what does it take to be an IT auditor? CareerProNews says that “CIA (certified internal auditor), CISA (certified information systems auditor) and CISSP (certified information systems security professional) certifications are becoming an absolute must for IT auditors.”

Roth adds: “IT auditors need to be qualified to audit the many different aspects of IT: systems, networks, databases, encryption, etc., and that they need to be proficient and stay current as the technology changes. This requires ongoing training.”

Although most IT auditor positions start out on contract, many firms are realizing the need to hire full-time personnel to handle the duties.

Proactively studying “what’s out there” is increasingly important for successful IT Audits. Regular research on the following sites, in addition to periodic exploration of audit resources via Google or another Web search tool, can help you stay on top of audit tools and audit practice information. Auditors should research not only available audit tools, but also recommended professional audit practices. Both are crucial in effective auditing.

1. The Institute of Internal Auditors, including:

2. The Institute of Chartered Accountants in England and Wales (ICAEW), including:

5. The Information Systems Audit and Control Association (ISACA), including:

And for extra credit:

12. IT Compliance Institute (ITCi): Ten time saving research resources

Information and resources on this page are provided by Dan Swanson, a 26-year internal audit veteran, who most recently was director of professional practices at the Institute of Internal Auditors. Dan has completed audit projects for more than 30 different organizations, spending almost 10 years in government auditing, at the federal, provincial, and municipal levels, and the rest in the private sector, mainly in the financial services, transportation, and health sectors. He has completed nearly 100 internal audits in his career including: operational audits, system audits, financial audits, value-for-money audits, comprehensive audits, and many more. He has completed almost 50 IT conversion audits and a dozen comprehensive audits of the information technology function.