If you read my “About Me,” you will know I’m currently in a Cyber Risk Consultant at a large professional services firm. If you haven’t, I suggest you click here. But do you really know what I do? For the majority of the professional experience, I was an Information Technology Auditor (IT Audit).
Before I tell you what an IT Auditor is and how I became you, I want to shout out Ari. Her tweet is the reason I’m sitting on my couch, watching the Opening Night of NBA, and typing this blog post.
I have a blog and I’m in a segment of tech that most people overlook or never heard of before. Might as well help out and write a blog on it from #BlackTechTwitter right
First, what is an IT Auditor? An IT Auditor evaluates the adequacy and effectiveness of an organization’s IT systems and internal controls against policies and regulations. Prior to joining my current employer, I was a Senior Associate – I started off as a paid intern, received a full-time offer, and was promoted after one year – at a small Public Accounting Firm. When people think of CPA firms, they think of number crunching, spreadsheet wielding, no life financial auditors.
What people don’t know, financial auditors don’t completely trust data and the reports that are generated from that data. How can you, potential investors, trust financial statements? I’ll be nice and share GOOGL (Google) 10-K that can be found on sec.gov. That data, whether it’s Revenue, Fixed Assets, Payroll, or etc., are inputted in/transferred to multiple applications and eventually stored in databases.
What’s the risk? Let us walk through an example. You’re performing an IT Audit for a large company. As you now, the majority of the data in the company flows into a data warehouse which is then used to generate reports in order to perform required reconciliations. During your audit, you noticed a new user with VP level access was created in the AP system in the last month of the fiscal year (12/30). You traced that user back to the HR system and noted there were no current employees with that name nor any new hires during that month. You keep following the rabbit trail and noted that the user updated an address for a record in the AP system. That user created and approved its own payment for a fake service. In the end, you concluded a staff accountant was able to create a fake user to pay themselves. Only an IT Auditor with knowledge of the IT environment, IT General Controls (ITGC), and functional segregation of duties was able to conclude this. And don’t worry, there are many other IT risks that need to be addressed.
I wanted to keep this short but it takes a lot to explain this career and it’s easy to nerd out.
So, how did I become an IT Auditor? I was an accounting major during undergraduate school. We were required to take an Accounting Information Systems course which changed my life. I enjoyed learning about risks, the CIA triad, XBRL, and SAP. My classmates hated it, yet, I loved it. You know it’s real when you go to graduate school and the program you enroll in is basically IT Audit on steroids. The job market is fire for IT Auditors too. I started my career at a small firm after I spoke to a Senior Manager that presented a topic to my class. Yes, no job application needed.
In conclusion, my segment in Tech is IT Audit. It’s different. You’re maybe not developing code (actually you’re not developing code but you will audit that code), but you are auditing technology. You have the ability to learn numerous applications (internally developed or bought), Operating Systems, Databases (including cloud products), IT processes, and maybe some cyber concepts which can be used to transition into other parts of tech. I like what I do. Every day is different. I learn a new thing daily. And wouldn’t change it for the world.
Feel free to reach out to me via Twitter if you ever have any questions.