geeks

IT Geeks don’t always make for good auditors…

I like most my time spent blogging on R3S to focus on Information Technology and Security. As an Information Systems auditor, my IT/IS knowledge definitely makes me stand out against many of my peers in public accounting. With that being said, today I’d like to shift gears a bit and explore what I think it is that makes me effective in my career.

Being IT/IS savvy isn’t what makes me a good auditor. In fact, once I started my career in Information Systems audit not too long ago, my boss urged me to go sign up more of my friends! I went looking, eager to cash in on some referral bonuses only to discover that your typical IT minded individual does not tend to make a very good auditor.

So what does make for a top notch Information Systems auditor? Or, to make this more relevant to our audience- what key characteristics should you look for in the next individual you  may consider hiring to either work for you or perform an IT/IS audit for your organization?

Key Characteristic Explanation
Curiosity A good auditor is a polymath and lifelong learner. Consider all the areas of expertise an information systems auditor is required to touch upon. This individual will be expected to be familiar not only with Information Systems but also SDLC processes, Accounting Principles, Legal and Regulatory Matters, Human Resources management and more.
Flexibility The Information Systems auditor may be expected to show up at the office of a CTO one day in suit and tie, and don a hardhat and steel toe boots on the factory floor the next. Hours and location of work shifts from client to client. A good consultant/auditor should never expect show up to the same desk and office day after day.
Strategic Thinker A strong Information Systems auditor should be adaptive. Technology changes quickly, legal and regulatory matters effect internal controls and ever evolving economic conditions impact the operations of all competitive organizations. A strong auditor recognizes these external forces and considers them during internal risk assessment.
Observant Auditors must be keen on paying attention to details and identifying patterns, whether that be observing the same hash repeatedly while reviewing a dozen different router configuration files, or just being an amazing proof reader of reports.
Personable/Agreeable A strong consultant/auditor should be effective at building relationships. They should be flexible, strategic, and observant enough to read the temperament of their client and adapt to them, in order to foster a productive professional relationship.

Have any key characteristics of your own to share? Let’s here them!