WHAT DOES AN INFORMATION TECHNOLOGY AUDITOR DO?

Published: Sep 19, 2025 - The Information Technology Auditor develops and executes detailed approaches to general IT controls assurance, ensuring the correct tests are applied and high-quality audit evidence is obtained. This role involves completing IT audit work in accordance with established procedures, managing engagements to time and budget, resolving issues, and producing accurate reports and deliverables. The auditor also mentors junior staff, contributes to proposals and team development, and ensures that all audit work is technically sound, well-presented, and ready for senior review.

A Review of Professional Skills and Functions for Information Technology Auditor

1. Information Technology Auditor Key Accountabilities

  • Risk Assessment: Conduct annual risk assessments to identify and prioritize IT-related risks.
  • Control Evaluation: Evaluate IT controls, including general control environments, to determine adequacy and effectiveness.
  • Policy Documentation: Document an understanding of departmental policies, procedures, and internal control frameworks.
  • Audit Execution: Execute audit program steps to assess both control design and operational performance.
  • Work Paper Preparation: Prepare detailed audit work papers that meet departmental and industry documentation standards.
  • Exception Reporting: Record audit procedures, identify exceptions, and conclude clearly in work papers.
  • Engagement Support: Support engagement planning and execution under management supervision.
  • Compliance Testing: Lead assessments and perform on-site control testing to validate compliance.
  • Scoping Facilitation: Facilitate scoping discussions to define system boundaries and audit coverage.
  • Client Communication: Communicate with clients to obtain evidence and clarify requirements.

2. Information Technology Auditor General Responsibilities

  • Audit Program Development: Assist in the development of risk-based audit programs to meet specific CAS needs, including scope, test strategy, and test procedures.
  • Audit Performance: Perform IT audits, SOX audits, and ISO 27001 reviews.
  • Advisory Support: Assist in business and advisory engagements.
  • Risk and Control Evaluation: Identify risks and controls within business processes and contribute to their evaluation to form an audit opinion.
  • Findings Communication: Communicate findings clearly to senior management.
  • Time Management: Effectively manage time and prioritize tasks related to operational and SOX audits.
  • Task Delivery: Manage the delivery of assigned tasks under minimal supervision, including interviewing IT and business managers and controlling owners.
  • Process Documentation: Observe and document processes through flowcharting.
  • Control Testing: Test and document controls.
  • Evidence Maintenance: Maintain evidence of audit testing within the audit program.
  • Report Preparation: Document reportable audit findings and contribute to the creation of audit reports.

3. Information Technology Auditor Role Purpose

  • Risk Planning: Assist the Internal Audit Head in IT risk assessment and the formulation of risk-based plans to determine departmental priorities consistent with organizational goals.
  • Audit Execution: Use a risk-based approach to plan and execute all internal IT-related audit activities.
  • Control Assessment: Assess information technology control elements to mitigate IT risks regarding confidentiality, integrity, and availability of business information.
  • Policy Development: Assist in the establishment of policies and procedures to guide internal audit processes and activities, particularly IT audit.
  • Audit Program Coordination: Coordinate and compile risk analysis and audit programs in accordance with audit standards.
  • Access Control: Control access to engagement records, develop retention requirements, and establish policies governing custody and retention.
  • Results Communication: Communicate the results of internal audit engagements to the appropriate parties.
  • Monitoring System: Establish and maintain a system to monitor the disposition of results communicated to management.
  • Performance Standards: Set and establish standards or benchmarks for performance appraisals of IT auditors and internal auditors.
  • Record Maintenance: Ensure thorough records of training, counseling, and disciplinary actions are maintained.

4. Information Technology Auditor Essential Functions

  • Audit Planning: Support audit management in developing the annual IT audit plan covering infrastructure, applications, security, and integrated audits.
  • Stakeholder Relations: Build and maintain strong working relationships with stakeholders across departments and business lines.
  • Findings Documentation: Document and communicate audit results and findings clearly.
  • Technology Auditing: Plan, lead, and execute technology audits in line with internal policies, external regulations, and industry standards.
  • Risk Assessment: Perform risk assessments and provide actionable recommendations to guide remediation.
  • Engagement Oversight: Oversee the full lifecycle of audit engagements, from planning to monitoring.
  • Security Guidance: Provide recommendations and guidance on security and control risks.
  • Deliverable Preparation: Draft deliverables and supporting materials, primarily in presentation format.
  • Stakeholder Engagement: Engage stakeholders with professionalism, ensuring clear communication.
  • Trusted Partnership: Act as a trusted partner representing internal audit within the organization.

5. Information Technology Auditor Additional Details

  • Audit Execution: Plan, coordinate, execute, and report on systems, compliance, and security audits of online businesses in line with regulations and standards.
  • System Review: Review IT systems, operations, and processes against international benchmarks and best practices.
  • Regulatory Monitoring: Monitor and identify relevant statutory and regulatory changes.
  • Client Relations: Build strong client relationships while ensuring timely delivery of assignments.
  • Issue Analysis: Analyze issues methodically to determine root causes and propose corrective solutions.
  • Risk Advisory: Advise clients on risk management and compliance requirements.
  • Assignment Management: Manage multiple audit assignments simultaneously.
  • Audit Strategy Development: Develop risk-based system audit strategies and programs with input from subject matter experts.
  • Test Design: Design and execute tests for critical application processes.
  • Issue Follow-up: Follow up on project audit issues and escalate emerging risks on demand.

6. Information Technology Auditor Roles

  • Audit Completion: Ensure the effective completion of audit phases (planning, execution, completion, and draft reporting) for assigned elements, including complex audits, while delivering timely, complete, and accurate outputs.
  • Status Communication: Communicate effectively with IA management and leadership on audit status, issues, and reporting.
  • Report Quality: Produce high-quality internal audit outputs requiring minimal rework before presentation to the senior audit manager.
  • Auditor Support: Provide support and guidance to group and local auditors on the review and testing of IT systems, processes, and controls.
  • Standards Compliance: Adhere to Internal Audit departmental audit standards and external professional auditing standards, such as IIA professional standards.
  • Methodology Development: Assist in the development of Internal Audit departmental methodologies, processes, and tools, particularly those related to IT and change.
  • Risk Assessment: Support the completion of annual risk assessments for assigned business units.
  • External Liaison: Support liaison with external service providers and external auditors in the execution of internal audit activities.
  • Remediation Testing: Assist with the follow-up of management’s remediation efforts and conduct testing of actions taken to address internal audit findings.
  • Stakeholder Relations: Maintain excellent working relationships with key stakeholders in the organization.

7. Information Technology Auditor Tasks

  • IT Audit Execution: Conduct all aspects of IT audit engagements (ITGC and ITAC Sarbanes-Oxley and operational audits), including meetings, scope development, evidence gathering and analysis, data analytics, and report writing.
  • Risk Communication: Interpret the risk-based implications of audit findings and communicate recommendations to various levels of management clearly and effectively in oral and written form.
  • Documentation Development: Evaluate the need for formalized documentation and provide technical writing expertise to create essential documentation, such as diagrams and workflows.
  • Follow-up Procedures: Perform follow-up procedures on management commitments to mitigate IT risks and verify timely resolution.
  • Control Advisory: Serve as an advisor to management on internal controls impacted by information systems through project involvement.
  • Technical Support: Support other members of the internal audit team with technical IT matters or the execution of data queries that facilitate their audits.
  • Trend Monitoring: Monitor current trends in IT auditing and adopt best practice procedures.
  • Professional Development: Pursue professional development opportunities, including internal and external training and professional association memberships, and share acquired knowledge with co-workers.
  • Control Reviews: Perform reviews of information security risk, project management, change management controls, pre- and post-implementation processes, and application controls.
  • Knowledge Management: Provide support and best practice guidance for the Knowledge Management framework, including IT Knowledge Base architecture review and content analysis.

8. Information Technology Auditor Details and Accountabilities

  • Engagement Management: Assist in planning and managing audit engagements, including developing work programs for testing and reporting results under the IT Audit Manager's supervision.
  • Regulatory Compliance: Evaluate compliance with security and privacy regulations such as CMS-Medicare, DHA-Tricare, HIPAA, ERISA, and Model Audit Rule.
  • System Auditing: Audit complex information systems to assess IT operations, financial reporting reliability, regulatory compliance, and asset protection.
  • Security Assessment: Assess the effectiveness of security controls, including access management, service delivery, third-party oversight, system availability, configuration, incident handling, disaster recovery, and business continuity.
  • Risk Assessment: Support risk assessments related to IT functions, general controls, and applications.
  • Remediation Testing: Perform and document follow-up testing to track the status of remediation efforts.
  • IT Expertise: Maintain expertise in IT control environments, risk management, and insurance-related requirements.
  • Work Paper Preparation: Prepare audit work papers in compliance with departmental policies and IIA standards.
  • Data Analytics: Develop and apply data analytics and continuous auditing techniques.
  • Findings Presentation: Present conclusions and risk perspectives clearly to Practice Leadership and client senior management, including audit committees.

9. Information Technology Auditor Overview

  • Audit Planning: Assist and support the development of the internal audit plan, including risk assessments and engagement with key stakeholders to shape the IT audit plan.
  • Audit Scoping: Plan and scope IT internal audit reviews by meeting stakeholders, drafting, and agreeing on audit Terms of Reference.
  • Control Testing: Meet with stakeholders to understand the design of key controls and carry out detailed testing to identify control gaps.
  • Stakeholder Management: Manage relationships with business and IT stakeholders to ensure awareness of issues identified through the audit.
  • Data Analytics: Champion the use of data analytics techniques for delivering assurance.
  • Fieldwork Coordination: Work with co-source resources to deliver audit fieldwork.
  • Report Drafting: Draft high-quality, clear, and concise audit reports that identify issues, root causes, risks, and recommendations for the business.
  • Control Monitoring: Monitor implementation of control recommendations and assist in reporting status to the Board and Audit Committee.
  • Risk Guidance: Guide stakeholders to assess and manage risks, identify potential process failures, and recommend improvements, including where key controls are IT-enabled.
  • Project Support: Work with the business to ensure key IT projects and critical change activities are appropriately supported.
  • Function Development: Develop the Internal Audit function by suggesting and driving improvements to auditing practices, methods, procedures, and documentation, with emphasis on data analytics, integrated audits, and agile auditing.

10. Information Technology Auditor Functions

  • Controls Assurance: Produce a detailed approach to general IT controls assurance, including potential difficulties encountered during previous audits, and ensure correct tests are applied to obtain sufficient appropriate audit evidence while discussing with the Partner, Director, Senior Manager, or Manager.
  • Audit Execution: Complete IT audit work in accordance with MHA MacIntyre Hudson audit procedures with assistance from staff.
  • Work Review: Sign off on IT audit work, resolve problems or queries, and complete the file before passing it to the Partner, Director, Senior Manager, or Manager for review.
  • Report Management: Manage and create reports while reviewing to ensure the highest quality deliverables.
  • Proposal Support: Contribute to the creation of proposals and marketing material.
  • Engagement Management: Manage engagements to time and budget.
  • Team Development: Contribute to the development of the IT Risk Assurance team by acting as a mentor and coach to junior members and leading by example.
  • Job Monitoring: Monitor the progress of jobs, ensure budgets are met, and address encountered problems to complete IT audit work within budget and timeframe.
  • Work Allocation: Plan the allocation of testing work among junior team members.
  • Staff Briefing: Brief junior staff on expectations, answer questions, and produce review points.
  • Query Clearance: Monitor the clearance of queries and ensure work is well presented and technically accurate.
Relevant Information
What Does An Information Technology Do?
What Does An Information Technology Administrator Do?
What Does An Information Technology Analyst Do?