Expectations of an entry-level sox IT auditor? 979



  • I wanted to know what the main qualities an entry-level sox IT auditor should have in terms of technical or classroom knowledge and what to expect from a 4-6 month internship?
    Also, is it recommended to take the CISA without professional experience?
    Thanks



  • Please wait on taking the CISA exam at least to make sure you like the auditing work.
    some ideas on knowledge and skills that I’ve seen as requirements for entry level include:

    • good communication skills (written and verbal)
    • understanding controls and processes or able to learn quickly
    • understanding control frameworks (COSO and COBIT) or able to learn quickly. a membership to isaca could be helpful.
    • understanding the basics of auditing or able to learn quickly
    • understanding the basics of SOX or able to learn quickly, includingthe phases of the project
    • some IT experience and background can be helpful
    • ability to follow test scripts, gather evidence, interview staff, make evaluations, write up test results, report deficiencies, staying objective, delivering bad news without damaging relationships
    • ability to understand or learn quickly what is in scope for sox and what is out of scope. also the difference between best practice and a control that works.
    • familiarity with resources available for reference (websites, books, etc)


  • I echo ugogirl’s response in regards to holding off on the CISA certification/exam: I have had team members who thought they might like SOX and auditing and after the projects (or in the middle of the projects), they all wanted to run the opposite direction. Not all of them but some, so wait until you are certain before you proceed.
    Passing the CISA exam is one thing but after that, you will have to have enough auditing experience to meet the certification requirements, I believe.


Log in to reply