IT Audit For Beginners: What is an IT Audit? | ACI Learning Audit

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
are you interested in the field of i.t auditing do you want to become an i.t auditor stay tuned for more information [Music] [Applause] welcome to this video we're going to talk a bit about it auditing and with us today is rob clark he's the chief audit executive and very knowledgeable about the history of it auditing and i look forward to his insights in terms of how the profession has evolved rob can you start out by telling us a little bit about what has been the evolution and how we have matured in terms of what i.t auditing is all about well thank you dr murdock it's a pleasure to be here and uh yes i'd i can talk about the history of it auditing because i am that old i've been doing this now for i can't even believe i'm old enough to say that i've been doing this for for three decades but i got into auditing really kind of by mistake i really didn't think that i was going to end up spending a career in auditing and compliance but what i found was a very unique opportunity to make a positive impact on the organization and when i first got into the audit profession it was it was very segregated in terms of its functional focus we would have financial auditors on one side of the audit house we would have perhaps some operational auditors and then we would have what was referred to as edp auditors electronic data processing auditors so yeah i'm kind of dating myself and the function of the edp auditors back in the day was to more or less be the interface and with the systems in order to provide data for the financial auditors so that they could do some of their sampling and analysis and and occasionally the edp auditors would end up having conversations with and interacting with the folks within the data center and computing back at that point was largely controlled through a key in the door in the lock of a door because we were separating and controlling access to our key data because it all resided in one data center and now boy have times to change right because now information technology is so prevalent and we have on our phones the computing capacity that used to take up racks and racks and huge buildings in and of themselves so now what we're looking at is the migration of uh i don't have on my teams anymore people who just have the title of a financial auditor or an operational auditor or even just an i.t auditor i'm looking for that that integrated skill set where everyone on the team is going to be able to have a certain knowledge of it security so that we can integrate those into our audits so what are some of the skills that are necessary to be able to join such a team well i think one of the things that that i look for as when i'm building out an internal audit team is is really the if we're looking at it from the perspective of the chief auditor our responsibility is to ensure that we have the collective skills knowledge and competencies in order to be able to accomplish our audit plan and in every audit function there is going to be the expectation that we are going to examine our i.t infrastructure in our i.t security uh you you get into a board room and you're given a presentation and people expect you to actually speak to what the posture of cyber security is for your organization so what i look for when we are building out a team and for somebody who's watching this who's perhaps giving consideration to venturing into the world of auditing what i would say is it's a it's a wonderful field to get into because you have an opportunity to make an impact on our organizations in a very unique way and what i look for is not only those who have the the skills knowledge and competencies and awareness of the concepts of information security and information systems but also those who have the the lack of a better term the emotional intelligence to be able to figure out how we can integrate that the last thing we want to do is go into an engagement and start throwing around a bunch of buzzwords and trying to take the position and try to impress the i.t partners within our organization that we are subject matter experts in all things i.t it's the first way to lose credibility what we want to do is actually come alongside of our i.t partners and i use that term partners intentionally because i believe that the best way for us to be able as auditors to be able to affect change and to have a positive impact is for us to take on that partnership to get on the same side of the table as it were and and actually i do that in in our entrance conferences we we don't i try not to sit directly across the table and have that sort of us versus them approach but really to get on the same side of the table and say let's look at these things together so the it auditor has to be familiar with what the landscape of risks is and those are ever changing so i look for somebody who has a that constant burning desire for continuing education for always wanting to learn and expand their skill sets in all things related to i.t and security so what are some of the the hot topics these days i'm going to ask you in a few moments so you can start getting ready mentally for soft skills but let's start with the technical side of the skill set so what are some of the the technical skills that you will wish that it auditors who are interested in this field will have as they begin their journey well uh it does have to be a combination of the technical skills and soft skills but let's talk about the technical skills first i think for somebody who is considering entering the field of i.t auditing chances are if i'm talking to that person right now if we're talking to that person it's somebody who just has a passion for the maybe they define themselves as a nerd uh and and somebody and i use that term affectionately i refer i put myself in that same category so i'm not saying that disparagingly but somebody who really has an understanding of and a desire to understand all of the different aspects of what it takes to to build an information system structure at an organization everything from cloud security to the internet of things to understanding all of the compliance regulations and the the standards the guidance uh somebody who is not afraid to sit down and go through all 800 pages of the nist guidance the national institute of standards and technology guidance because that actually provides a really good framework for all of the things that we as an organization need to be focusing on so i look for somebody who has the technical expertise perhaps they have come from an i.t background or in their education or in prior jobs but it doesn't necessarily require an advanced degree in computer science in order to be a good it auditor it takes the aptitude and the desire to constantly learn because the technology is ever changing and so i look for somebody who is passionate about trying to expand their skill sets on a continuing basis you mentioned in passing just a moment ago risk assessment and just awareness about risk so from what you just described it sounds to me as though they need to be able to balance some of the technologies and the techniques and the different uh tools that are available and continue to emerge just about every day and be able to think from a risk perspective in terms of how does this help us either neutralize some of the risks that can impact organization and and threaten its is its ability to achieve its objectives but also as an opportunity how can this tool technique be applied in my organization perhaps as a recommendation for the organization to consider uh and perhaps adopt is that also very important in this case oh it's critical everything has to start from an understanding of the risk and there's a there's a couple words that you just mentioned as you tee that up that i want to be able to kind of pull out one is just the concept of the evaluation of risk and the other thing that you the other word that you mentioned is tools so we ought to as auditors in order to be effective at helping to identify areas of risk or to utilize tools in the assessment of that and when we're talking about risk i think it's important that we define what we mean by risk usually if you're having a conversation and and oftentimes when i'm teaching classes i ask people to say how would you define risk and typically the first things that people come up with are fraud or security breach or something that is really you know that they would categorize as a really adverse impact to the organization i like to kind of bring it back a little bit to say let's start with defining risk as those things that would potentially impede the organization's ability to achieve its strategic goals so starting in the in a risk assessment process with what are our organizational goals and what is the the corporation the company's goals mission vision what is it that we are trying to accomplish and then asking the question of what would prevent us from achieving that what would impede our ability very very good along those lines then what kinds of soft skills are very very important to be able to do that effectively uh well that that balance i'm glad we're talking about both of those because in order for an auditor to be effective in order for an i.t auditor to be effective there has to be that combination of the the skills knowledge and competencies so it's not just the technical skills the thing that i see and i've seen over the years uh in trying to develop our i.t audit uh staff and that side of the house those people who have the those those uh technical skills is that sometimes there is a gap in the communication skills uh what we look for is and i mentioned this earlier in terms of the emotional intelligence what we mean by that is the way that we are able to communicate interact with uh not only our clients and our technology partners within the organization but the senior leadership the board the people to whom we're going to be communicating and i think it's absolutely critical to make sure that auditors have a an ability to take the technical and boil it down into layman's terms the last thing that we want to do is go into a board meeting and start throwing around a bunch of acronyms and trying to impress the uh the the audience the recipients of your message with how smart you are and how many uh you know how technical your your knowledge is because what i see when sitting in some of those board meetings is that when people's eyes begin to glaze over because they don't quite understand what it is that we're trying to convey then two things happen number one they begin to just tune out number two they're afraid to ask questions because they don't want to expose themselves as not having knowledge about what it is that you're talking about and so it's our job as auditors to communicate in a way that our message is going to be understood and received so what i look for is the development of those communication skills so that we can really take on that perspective of being a partner a valued advisor a strategic thought partner with leadership you combine those skills those soft skills with the technical skills and you've got a bright future in this industry thank you so much for helping us better understand what are some of the key attributes skills competencies and expectations that someone who is contemplating joining audit and in particular i.t auditing and how they can become successful so your input has been very helpful in better understanding how technical skills need to be balanced with soft skills and to our viewers we have a lot more content to share with you so please subscribe to our channel there's a lot there for you [Music] you
Info
Channel: ACI Learning | Audit
Views: 30,641
Rating: undefined out of 5
Keywords: it auditing, it auditing training, what is it auditing, skills for it auditor, technical skills for it auditor, technical skills for it auditors, soft skills for it auditors, soft skills for it auditor, skills for it auditors, how to it audit, how to perform it audit, how to get into it auditing, how to become it auditor, how to conduct it audit, it audit classes, it audit courses, it audit course, it audit certification
Id: oMM-pn2iZ18
Channel Id: undefined
Length: 12min 57sec (777 seconds)
Published: Wed Oct 20 2021
Related Videos
How to Conduct Internal Audit Step by Step Process
Prabh Nair
81K
CISA Training Video | Process of Auditing Information Systems - Part 1
Simplilearn
361K
How to get started in Auditing | ACI Learning Audit
ACI Learning | Audit
2.7K
What does an IT Auditor Do? | Salary, Certifications, Bootcamps, Skills & Tools, Education, etc.
Sandra - Tech & Lifestyle
21K
What is an IT Audit? | Tech Talk
Aldridge
47K
IT controls - General vs Application Controls
AmandaLovesToAudit
92K
The RIGHT way to study AUDIT - 6 tips for deep learning
AmandaLovesToAudit
24K
Code of Ethics for Auditors: Identify, Apply & Report - ACI Learning's Webinar Series
ACI Learning | Audit
1.8K
3 methods to identify internal control weaknesses
AmandaLovesToAudit
56K
Top Interview Questions For GRC , Auditor , Consultants Learners
Prabh Nair
14K
Get into Tech Fast: IT Auditing
The Only Girl in the Room
15K
Control Frameworks: COSO & COBIT | Fundamentals of Internal Auditing | Part 5 of 44
ACI Learning | Audit
9.2K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.