Home / Resources / News and Trends / Newsletters / AtIsaca / 2022 / Volume 19 / Survival Toolkit for Information Systems Auditors

Survival Toolkit for Information Systems Auditors

Author: Veronica N. Rose, CISA, CDPSE - Board Director at ISACA Foundation and Digital Trust Professional
Date Published: 11 May 2022

Nobody starts out as an expert in their field, and work can become even scarier when switching from one career to another.

Many people join the information systems (IS) audit profession in different ways because each person’s journey is unique. For me, to become an IS auditor, I, first of all, pursued the CISA certification that introduced me to the profession. Big up to ISACA!

At the beginning of my career in IS audit, I started with a lot of passion and enthusiasm, but one big challenge was that I didn’t have a mentor, coach or sponsor to walk with me in the new journey. Well, mentorship is quite broad, and you can be mentored either directly or indirectly depending on the professional communities you are acquainted with, the content you watch or listen to, etc. I am hoping to write a future article on mentorship but, in this one, I would like to share with you what I have in my IS audit career toolbox that has always been handy in turbocharging my skills and competencies while executing my audit engagements with confidence.

  • CISA Review Manual – Usually I call it my audit bible. It comes in handy whenever I need guidance when developing IS audit plans and programs, and when making recommendations on an audit finding.
  • Use of ISACA audit programs and other templates accessible under ISACA resources and in the ISACA Engage Audit & Assurance Community library. There is a lot to learn from the discussions posted on the forum. The audit programs are well-defined and have a process flow on how to perform each audit procedure systematically. There is a lot to learn from the discussions posted on the Engage Audit & Assurance forum.
  • Knowledge of audit frameworks and standards – These provide you with an implementation guide on control assessment and provide insights on control changes that you can easily refer to when issuing recommendations to your audit clients.
  • Getting CISA-certified – Despite having a bachelor’s degree in computer science with education (BCS.ED) and a master’s of science in information systems (MSc.IS), and not discrediting my degrees because I worked so hard to acquire them, earning the CISA certification was my career game-changer. In today’s job postings, the CISA certification is often one of the requirements or added advantages to land a job in the IT industry, especially for an IS audit role.
  • Industry experience has now reduced the time I take to execute a task. For new entrants to the field, this may not assist you much, but be willing to learn as much as you can to equip your toolbox. Taking steps to better understand the business environment is a great way to make relevant recommendations. People can go about this through conducting thorough research about the company’s operations, related industry regulations, and by interviewing business process owners.
  • Knowledge of use of audit software – IS audit is about reviewing systems, people and tools. So, for an audit to provide assurance on effectiveness, existence, and completeness of controls on automated processes, you need knowledge of the use of audit tools like IDEA, KPMG Clara, etc.
  • Auditor instinctJust like passion, this instinct also comes as you continue practicing in the IS audit profession for a while. After gaining enough experience, the auditor instinct comes in handy when applying professional judgment during your audit engagements.
  • ISACA Journal: Reading the ISACA Journal, which is in its 50th year, is a privilege of being an ISACA member. The ISACA Journal has a wealth of articles and resources that will help you excel across the digital trust domains.
  • Training – On a monthly basis, I attend audit training despite my busy schedule. This may be in the form of webinars, chapter training, internal trainings from employers, conferences and online training through ISACA.
  • Soft skills – These include a variety of sometimes overlooked skills, such as communication, negotiation, presentation, courteousness, listening, self-awareness, assertiveness, open-mindedness, emotional intelligence, networking, etc.
  • Mastering digital body language skills – This is something I learned recently from a webinar. After the disruption of the pandemic, you notice that most audits are remote and agile, which calls for IS auditors to sharpen their digital body language to avoid misunderstanding our audit clients, and vice versa. Auditors should ask the client about their preferred mode of communication and avoid use of technical jargon.
  • Research and read to understand – It is said that the smartest person in the room is the one who reads. This tool will help you when making a judgment on several areas while you carry out your engagements. Always do your homework before meeting an audit client for an interview. After all, IS auditors must be credible.
  • Joining audit community groups – We become the people we surround ourselves with and what we consume. Being in a community of like-minded professionals will help you make consultations to avoid career mistakes by learning from their experiences. In these groups, you can even find mentors/sponsors/coaches.
  • Loving your profession – If you love your profession as I do, it will not feel like a job, but rather something you do effortlessly.

All in all, be the best IS auditor you can be – and train your way to the top.