Editor’s note: Jeff Burke, a first-year IT auditor with Protective Life, had little exposure to the field during his academic career, but has been pleasantly surprised by how his first several months in the audit profession have progressed. Burke recently visited with ISACA Now to discuss what he has learned in the initial stages of his career, why IT audit is a promising career path for early-career professionals and dispels a misconception that many people – himself included – have had about IT audit. Read on for Jeff’s early impressions of IT audit below, and find out more about ISACA’s new IT Audit Fundamentals Certificate for industry newcomers here.
ISACA Now: What interested you in the IT audit profession?
After college, I wanted to find a position that met a few of the following criteria:
- A role that challenges my critical thinking skills and decision-making
- A role that challenges my technical skills
- A role that remains interesting and engaging
- A role that promotes career growth and development
At the time I applied, my assumption of an IT auditor’s responsibilities were mostly around cybersecurity and completing various reviews of departments and their systems. I figured, at the very least, this would provide an interesting environment to work in. After only five months into my IT audit position, I can assure you that all these criteria have been met.
ISACA Now: What are some skills and areas of knowledge that are important for audit professionals to develop early in their careers?
I would encourage anyone interested in IT audit to become familiar with analytics, cybersecurity and software development lifecycles as these have been my primary areas of responsibility. For those who are early in their IT audit careers, I have found success by improving my data analysis skills through online courses and software tutorials. It is very beneficial to continuously learn new skills, methodologies and technical knowledge because every audit is different.
ISACA Now: How much awareness was there among your peers about IT audit as a potential professional path?
To be honest there was very little awareness of what IT audit was amongst my peers. Audit was generally understood by my friends from a financial perspective, but there wasn’t much exposure to it from an IT standpoint. One of my cybersecurity courses briefly mentioned some general practices of IT audit but only at a surface level. Much of my cybersecurity curriculum has proved useful in my day-to-day responsibilities, but in school it was never correlated with audit.
ISACA Now: Why do you think IT audit is a promising path for early-career professionals?
I think audit gives a promising career path because of the amount of experience one can gain from conducting audits and reviews of key departments within a company. I have already learned so much about how departments individually operate, the systems they use, and how they communicate amongst one another. This role could even allow someone to discover a potential career path that they never considered but found interest in after an audit. The beauty of audit is that it’s up to the individual to decide their career path, and you are given so many options to choose from.
ISACA Now: What are some trends in the profession that you’re excited to explore further as your career moves along?
I am excited to innovate! IT audit not only assesses IT infrastructure, policies, and operations for compliance, we also seek out new methods for the client to increase efficiency. The ability to innovate and explore new systems and ideas that can improve operations is very encouraging to me. I believe it adds a great sense of purpose to this role!
ISACA Now: What is one misconception many people have about the audit field that you wish would go away?
I’ll admit that this misconception is one that I am guilty of assuming. What I have always worried about is that the clients, or management, will be constantly annoyed by auditors. I used to think that auditors appear out of nowhere only to invade your space and tell you how to do your job, but I have not seen a single instance of frustration or irritation from a client. I have discovered that, in my company, there is a very genuine and healthy relationship between the auditor and auditee. I was worried that this job might be like pulling teeth, but both parties generally have the same goal in mind, and that is, ‘How can we improve?’