What does an IT auditor do?


In the world of cybersecurity, the position of IT auditor has become very significant and is a growing occupation, with thousands of job openings now available in the U.S. This growth has been fueled by new regulations and compliance requirements such as Sarbanes-Oxley. 

If you’re considering a career as an IT auditor, you are probably interested in what you’ll do. In this post, we’ll provide you with everything you need to know about what an IT auditor does.

What is an IT audit?

First, it’s important to define exactly what an IT audit is. Simply put, it’s the process of collecting and evaluating an organization’s information systems, practices and operations. In this process, an IT auditor not only looks at the physical controls but also the business and financial controls within a company.

The audit takes place to ensure that a business is compliant with legislation, ensuring that their data and records are secure. The IT audit is just an assessment and provides recommendations to fix any gaps or challenges.

What is an IT auditor?

While an IT auditor may have various responsibilities, their main job is to lead projects that improve internal processes and performances. They report problems related to IT systems, analyze data and increase internal controls. Much of their work time is spent collecting and reviewing data from databases, software programs and information management systems. 

An IT auditor may work in a variety of industries, with the most common being technology, finance, healthcare and education.

What are an IT auditor’s job duties?

Job duties will vary and often are dictated by the industry. For example, an IT auditor in the financial world will focus on evaluating the effectiveness and competence of the company’s IT systems and internal controls against policies and regulations. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Beth Osborne. Read the original post at:

Secure Coding Practices