It's a career that few have heard of outside of the technology industry, but it's growing quickly. Though the job is not immune to downsizing during recessions, it's certainly holding its own, particularly compared to most other professions worldwide.
The career is IT auditing, and while that may sound boring at first glance, the professionals in this field are actually at the cutting edge of computer science, corporate risk management and, increasingly, corporate strategic planning.
At the heart of the job is ensuring that every corporate system linked to computers does exactly what it's designed to do – and that the additional technology needed to protect those systems from internal or external threats also works as designed.
If that doesn't sound strategic enough, some IT auditors find themselves reviewing controls from the get-go as new systems are designed, becoming part of new product development teams and C-suite discussions about a company's future and strategic vision.
No wonder, then, that enrollment in IT audit classes and programs is growing at an extraordinary clip, attracting students who first hear of the career as they enter traditional management information systems courses – and, alternatively, as they pursue careers in accounting and internal auditing, or even a much more nascent professional opportunity, forensic accounting and auditing. (For more on career ideas, check out Finding Your Place In The Financial Industry.)
History of IT Auditing
IT auditing – a profession first recognized as such in the mid 1960s - was originally taught by public accounting firms and the Big Four in particular. It took a couple of years before universities and colleges with management information systems (MIS) programs started offering their own courses. Most recently, university and college accounting departments have either started offering their own IT courses or entire programs, or have coordinated with MIS educators in a more formalized way that allows students to obtain bachelor's and master's degrees that open doors extending well beyond the internal audit department. (For more read Should You Head Back To Business School?)
Some professionals see IT auditors going even further educationally, purposefully combining their CPA and CISA pedigrees with more formalized business education. (For more see An Inside Look At Internal Auditors.)
The Future of IT Auditing
The combination of IT and business backgrounds can provide a very valuable mix for those pursuing jobs in this field, and is critical to understanding the trends that drive the IT industry. Demonstrating just how dynamic IT auditing has become – and how in demand these students with the right pedigrees are – those in forensic accounting, the newest of all auditing-related professions, are scrambling to join forces with those in the IT space.
What's next: introducing IT audit into the overall accounting program, offering students in "generic" accounting and forensic accounting the ability to obtain IT audit credentials – and the reverse, of course.
Who's really driving the educational push toward IT auditing? A professional group in Rolling Meadows, Ill., called ISACA (originally known as the Information Systems Audit and Control Association now known only by the abbreviation), launched in 1967 under the name EDP Auditors Association. ISACA's greatest claim to fame is that it developed the Control Objectives for Information and related Technology (COBIT), the IT control framework - endorsed by the U.S. government - that serves as the basis for the controls behind both Health Insurance Portability and Accountability Act (HIPPA) and the Sarbanes-Oxley Act (SOX) which controls financial reporting.
Today the association offers three certificates – the Certified Information Systems Auditor (CISA), the Certified Information Security Manager (CISM) and, most recently, the Certified in the Governance of Enterprise IT Audit (CGEIT); its membership, particularly outside the United States, has skyrocketed
Just as telling about the spread of IT audit worldwide: the number of foreign students in the U.S. – and students overseas – getting involved far outstrips that of U.S. and other citizens in North America.
A Growing Field
Meanwhile, internal auditing and IA auditing student chapters on campuses are growing both in number and size. One example: In 2004, the Institute of Internal Auditors' "international auditing education partnership" (IAEP) student program at the University of Texas at Dallas had 50 members.
Of course, the latest recession did have a noticeable impact on the immediate demand for IT professionals, but that's not to say that demand is not there for this promising profession. (For more on other designations, check out CPA, CFA Or CFP® - Pick Your Abbreviation Carefully.)