Gone are the days when a successful business just needed a solid product and someone to make it and sell it. Today, almost every company—large and small—relies on robust and secure information technology (IT) to ensure their business thrives in a global marketplace. Of course, with that reliance comes the threats that could derail everything from cyber threats to software vulnerabilities to outdated hardware and even to employees who deliberately or inadvertently put the company at risk. Who can save the day?

IT Auditors!

What they do

IT Auditors essentially seek out pain points and potential vulnerabilities in their company’s IT systems and infrastructure. They make sure systems are compliant with regulations and company protocols. Global professional services group Deloitte describes IT auditors’ daily tasks as the review and evaluation of “automated information pros, their relation to automated processes, and the interfaces among them.”

How they can help

Unlike other IT specialists who may identify and fix issues, auditors don’t make fixes themselves. This seems like a strange division of labor, but this allows the auditors some degree of autonomy, sticking to the letter of each regulation or protocol, and stating the issue dispassionately without leaning toward one solution or another. This dynamic also necessitates that IT auditors collaborate heavily with other teams, translating techspeak into easy-to-understand guidance and evaluating the compliance of every team to ensure their audits are well-informed and comprehensive. They are also likely to be in regular contact with management, serving as a conduit between colleagues seeking a change in policy and management who must evaluate that change.

What tools they can use

Not surprisingly, IT auditors use a lot of IT to accomplish their work, mostly targeted software that helps them streamline (and even automate) their audits. Most rely on audit management tools like TeamMate and Galvanize, risk analysis software like LogicGate, and data analysis/reporting software like Power BI which helps present the results of their audit in ways lay people will understand and be able to act upon.

How they got there

Because the general process of auditing is similar across many disciplines, those with experience in finance or law may find the leap to IT auditing not such a large one. They already have many of the investigative and compliance skills necessary. However, at the crux of IT auditing is, well, IT so candidates will need either/both hands-on experience in roles like database admin, systems admin, or systems analyst or a Bachelor’s degree in a related field like cybersecurity.

Where you can start

In addition to a BS from an online university like Maryville University, a number of certifications will help fill out your resume. Check out the Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC) certifications, both from the Information Systems Audit and Control Association (ISACA) as a great place to start.