In the two decades that I have been an IT Audit recruiter, the field has come a long way, and there is now much more recognition for the IT Audit profession. Going back to 1995, whenever I speak at an ISACA gathering I’ve always asked how many knew in college that they wanted to be an IT auditor. Just 10 years ago, no one ever raised their hand. About five years ago, hands started to go up. That IT Audit is now considered a viable career choice has been helped considerably by the steady increase in college curriculum focused on IT risks and controls.
As an IT Audit recruiter I am often asked by individuals at various stages of their IT Audit journey—from college to mid-career—what they can do to jump-start their IT audit careers and stand out from the pack. Here are some suggestions.
IT Audit Internships for Newbies
Let us start with those still in college. I strongly recommend you get into a good internship program to gain experience and “try before you buy” to help you decide if IT audit is something you are truly interested in. A good place to look for these programs is with the Big 4 accounting firms, but also with Fortune 500 companies, more and more which are developing audit internship opportunities.
ISACA Membership/CISA Highly Recommended
For those starting out or at mid-career looking to get into the IT audit field, my first suggestion: You need to become a member of ISACA. To get a foothold in the IT Audit world, ISACA can be invaluable particularly for the networking opportunities an ISACA membership affords. Robust ISACA chapters can be found in most major cities.
You should approach every chapter meeting as a networking opportunity. Yes, those events are great for learning more about the profession through training and presentations, but networking is key for those looking to break into the IT audit field. Sit with people you do not know. Move around the room. Introduce yourself to the chapter president or vice president. Ask for 30 seconds to a minute to introduce yourself to the entire group and present your stump speech/elevator pitch to make everyone aware of who you are and that you are looking to get into the IT audit field. How many times will you need to introduce yourself and network your way to an opportunity? Maybe once, maybe one hundred times…but if you put in that level of effort to go beyond the comfort zone and market yourself, you will eventually win somebody over.
Next: It is critical that you sit for the CISA certification. It sends a clear message to prospective employers that have mastered the IT Audit body of knowledge, but even more important, it shows you have taken initiative in your professional development. It demonstrates that you have bought into IT audit, which is something potential employers need to know, especially if they are going to take the risk of hiring someone who needs additional time and training to get up to speed. The CISA has gone from a “nice to have,” to a “Why in the world do you not have your CISA?” CISA is a door opener if you have it and a door shutter if you do not….so dig into your wallet and pay for the exam. If you are serious about the IT Audit field, this is an investment that will definitely pay off.
As for other ISACA certifications, both the CISM and CRISC are continuing to gain recognition. Non-ISACA certifications I recommend include the CISSP from the International Information Systems Security Certification Consortium and the CIA from the Institute of Internal Auditors (IIA).
To sum up, with IT audit candidate scarcity as significant as it has been since the initial years of Sarbanes-Oxley compliance, demand for qualified IT audit professionals will likely continue to exceed supply for the foreseeable future. This creates opportunities for those looking to break into the field, and an ISACA membership and certification are the keys to doing just that.
Derek Duval is the owner of Duval Search Associations, which is devoted exclusively to enhancing careers of IT audit, risk management, compliance, and advisory professionals.
Derek Duval, CPC
Duval Search Associates, LLC
[ISACA Now Blog]