IT Auditor Certification
An information technology auditor analyzes a company's information systems and financial records. Find out about the education and experience you'll need for professional certification in this field, and get information on the certification exam that's required.
What Is an IT Auditor?
According to the U.S. Bureau of Labor Statistics (BLS), an IT auditor is a type of internal auditor. In this role, you are responsible for analyzing a company's financial records and information systems to ensure that everything is in order and managed responsibly. Because you base your analyses and actions on data, you may also need to organize and update computers and computer security. The BLS states that most auditors, as a general field, have at least a bachelor's degree in accounting or a related field. According to more specific job descriptions for IT auditors on Monster.com and Careerbuilder.com, this includes information technology and computer engineering.
Certification isn't necessary to become an IT auditor, but becoming certified can lead to career and salary advances. One option is the Certified Information Systems Auditor (CISA), a merit available through the Information Systems Audit and Control Association (ISACA). It confirms your ability to apply your knowledge of auditing, controls and security. A second option is the Global Information Assurance Certification (GIAC) Systems and Network Auditor (GSNA) certification, which reflects your ability to audit computer components and includes router-auditing training.
|Job Duties||Organizing and updating computers and security, analyzing company financial records and information systems|
|Prerequisites||GSNA requires no educational prerequisites; CISA required a minimum of five years professional experience (four with bachelor's degree)|
|Exam Topics|| GSNA: Open-book, 150 question multiple choice exam covering auditing and computer networks |
CISA: 200 question multiple choice exam concerning auditor job requirements and network security and acquisition
|Median Salary (2018)||$72,208 (for all IS Auditors)*|
|Job Outlook (2016-2026)||10% growth (for all accountants and auditors)**|
*Payscale, ** U.S. Bureau of Labor Statistics
What Are Certification Requirements?
According to the GIAC, from your registration date, you have four months to take the exam to earn the GSNA certification. You can prepare by gaining practical experience or by participating in seminars. There is no formal schooling required for the GSNA.
To earn ISACA's CISA certification, you must have at least five years of professional experience--but many people take the exam before meeting the experience requirements and are granted the certification later. The CISA has no specific educational requirements, but a bachelor's degree can substitute a year of professional experience.
What Does the Exam Cover?
The GSNA exam is offered in a 150-question, multiple-choice, open-book format. You have four hours to complete it. It tests your understanding of auditing databases, strategies and concepts. You must also demonstrate you can use and protect computer networks. The fee you pay for the certification and exam includes the cost of two practice exams. Your GSNA certification must be renewed every four years.
The CISA certification exam is offered twice per year. It consists of 200 multiple-choice questions and is based on IT auditors' job requirements, according to ISACA. It assesses your ability to protect information assets and identify how information systems are acquired, implemented and developed. It also tests your knowledge for providing support and maintenance for information systems. Online webinars and review courses are available. The CISA certification must be renewed every three years.