WHAT DOES AN IT AUDITOR DO?

Published: Oct 24, 2025 - The Information Technology (IT) Auditor plans, leads, and executes complex audits of IT general controls, application controls, security, and governance processes to assess the effectiveness and efficiency of the IT control environment. This role involves supporting IT compliance efforts, evaluating internal controls, identifying risks related to emerging technologies, and promoting best practices to enhance audit and business performance. The auditor also builds strong partnerships with management, mentors audit staff, and contributes to continuous improvement within the audit function.

A Review of Professional Skills and Functions for IT Auditor

1. IT Auditor Duties and Roles

  • Audit Planning: Plan, prepare, and complete the assigned IT audit plan in accordance with defined quality standards and deadlines.
  • Quality Assurance: Set and promote high standards of audit work, ensuring high-quality audit reports are delivered on a consistent basis.
  • Audit Reporting: Communicate and report audit findings to management.
  • Action Monitoring: Monitor management’s responses and implementation of agreed management actions.
  • Change Management: Ensure effective business changes are introduced as a result of audit findings.
  • Stakeholder Communication: Continuously communicate with Internal Audit Management on the progress of audit assignments.
  • Business Partnership: Work as a partner to the business in identifying significant process and structure improvements to assist the business in meeting its corporate objectives.
  • Process Improvement: Suggest beneficial changes to audit methodologies and procedures.
  • External Coordination: Liaise with external auditors.

2. IT Auditor Roles and Responsibilities

  • IT Audit: Audit the performance of IT Marketing and General Controls with a focus on risk, compliance, and security.
  • Compliance Review: Audit business marketing systemic assets and activities in the context of consumer protection compliance processes.
  • Data Process Audit: Audit processes such as consent management, data enrichment, data governance, data segmentation, scrubbing, and hygiene.
  • Security Assessment: Audit systemic access and security and all IT General Controls for each of the applicable Marketing applications used.
  • Control Evaluation: Design and evaluate the effectiveness of IT and Marketing controls.
  • Gap Remediation: Remediate IT control gaps associated with ITGC, PCI, GLBA, GDPR, and TCPA requirements.
  • Process Collaboration: Work closely with the Business Process Analyst to implement and gain process owner buy-in of new and changed controls.
  • Evidence Management: Support the collection and evaluation processing of evidence.
  • Data Analysis: Develop, build, and implement tools to analyze data to improve audit efficiency and effectiveness.
  • Risk Management: Support the IT Marketing Risk Management program.

3. IT Auditor Responsibilities and Key Tasks

  • Audit Principles: Develop a good understanding of group audit principles, based on engagement standards and methodology.
  • Risk-Based Auditing: Participate in risk-based IT and integrated audit activities.
  • Risk Evaluation: Identify key risks and evaluate the effectiveness of IT governance, IT risk management, and IT control processes.
  • Stakeholder Engagement: Meet with IT stakeholders to ensure a deep understanding of the risks faced by the organization.
  • Fieldwork Execution: Perform fieldwork activities, including client interviews, inspection of evidence, and observation of complex IT control procedures.
  • Data Analytics: Utilize data analytics to improve the effectiveness and efficiency of audits.
  • Independent Operation: Operate with minimal supervision on straightforward assignments, subject to guidance and subsequent review.
  • Reporting and Follow-Up: Agree on corrective actions and deliver the final audit report with portfolio manager support for more technically challenging or sensitive assignments.
  • Action Tracking: Track the implementation of agreed actions.
  • Team Contribution: Contribute to the Group Audit global team through professional skills, technical knowledge, energy, and motivation.

4. IT Auditor Roles and Details

  • Audit Execution: Execute audits according to departmental guidelines, including Institute of Internal Auditors (IIA) standards.
  • Control Assessment: Assess the adequacy and effectiveness of internal controls, validate compliance with corporate procedures, and address potential risks.
  • Audit Planning: Plan, scope, implement, and execute tasks required to complete audits as defined in lead or support auditor roles.
  • Procedure Implementation: Execute audit procedures, including leading interviews, requesting, reviewing, and analyzing evidence, and documenting test steps in detailed, well-supported work papers.
  • Issue Evaluation: Identify and evaluate audit issues and gaps using a risk-based approach.
  • Stakeholder Communication: Meet with process management to discuss audit findings and gain agreement on management action plans.
  • Solution Partnership: Partner with audit clients to identify constructive and value-added solutions to address identified issues.
  • SOX Coordination: Coordinate business process audit testing with SOX Testing to increase productivity.

5. IT Auditor Duties

  • Issue Remediation: Perform issue remediation, follow-up, and testing.
  • Process Assessment: Perform process assessments and provide advisory services as requested by clients.
  • Relationship Building: Develop relationships with primary contacts for focus areas to promote dialogue and share information.
  • Knowledge Sharing: Share process knowledge and key learnings with other Audit employees through training or mentoring.
  • Project Contribution: Contribute toward departmental projects and initiatives.
  • Process Improvement: Identify opportunities that improve departmental processes and support corporate strategy.
  • Automation Enhancement: Find improvement opportunities where automation and data analytics tools could help automate procedures and analyze results.
  • Audit Communication: Identify and communicate IT audit findings to senior management.

6. IT Auditor Details

  • IT Audit Execution: Execute assigned internal IT audit tests to time and quality standards in line with AXA Group and IIA standards and the approved audit plan.
  • Program Development: Assist in the development of internal audit programs.
  • Risk Understanding: Gain and maintain an understanding of key business risks and regulatory requirements in the areas or entities covered.
  • Stakeholder Interaction: Interact efficiently and empathetically with management during audit fieldwork.
  • Action Tracking: Work with management in tracking action plans to assist with timely resolution.
  • Methodology Compliance: Ensure application of GIA (Group Internal Audit) standards and CAPT Methodology during audit reviews.
  • Professional Development: Take responsibility for personal professional growth and proactively identify relevant training and development needs.
  • Networking: Develop and maintain a professional network.

7. IT Auditor Responsibilities

  • Risk Assessment: Complete annual business profile risk assessments for the Bank's IT functions.
  • Audit Execution: Perform audit work, including planning, conducting, documenting, and reporting results.
  • Audit Liaison: Serve as a knowledge source for multiple bank operations or functions by acting as an audit liaison.
  • Audit Leadership: Serve in the role of AIC to lead audits of low to moderate risk and complexity.
  • Control Testing: Create various testing methods to evaluate the adequacy of controls.
  • Operational Improvement: Identify operational improvement needs and recommend solutions.
  • Issue Follow-Up: Perform follow-up activity on issues reported by audit and external parties.
  • Audit Planning: Provide input to the department's annual audit plan.

8. IT Auditor Job Summary

  • SOX Assessment: Participate in the annual SOX risk assessment, mapping IT assets and technologies to key financial processes and controls.
  • Control Testing: Support the design and execute tests of controls used to evaluate the operating effectiveness of IT General Controls within the SOX scope.
  • Process Evaluation: Evaluate and document process, system and control effectiveness through the application of information technology, auditing and business knowledge.
  • Data Analysis: Collect, analyze, and document information to support audit results.
  • Operational Improvement: Recommend operational improvements which ensure that proper controls are exercised over all aspects of the information systems and that company assets are conserved, protected and accurately presented.
  • Deficiency Assessment: Assess the overall significance of the control deficiencies identified during the audit.
  • Best Practice Evaluation: Provide perspective for evaluating the audit deficiencies against evolving industry best practices.
  • Action Monitoring: Monitor the status of action plans arising from audits.
  • Project Coordination: Coordinate/complete special requests, projects and reports as directed by Internal Audit Management.
  • Confidentiality Maintenance: Maintain the confidentiality of audit findings and the company's proprietary information.
  • Stakeholder Relations: Develop and maintain effective working relationships with Internal Audit’s stakeholders.
  • Professional Standards: Conduct work in accordance with the Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors.
  • Continuous Improvement: Participate in the continuous improvement of the Internal Audit Department, including providing training and feedback related to audit activities.
  • Corporate Support: Support company-wide initiatives, such as sustainability practices, enterprise risk management programs, and other projects at the company.

9. IT Auditor Accountabilities

  • Audit Execution: Perform audit work efficiently and effectively in accordance with established audit programs.
  • Documentation: Document audit procedures performed in support of audit conclusions.
  • Standard Compliance: Adhere to department workpaper standards.
  • Report Drafting: Assist in drafting clear and concise audit reports.
  • Issue Verification: Verify that audit issues are adequately supported and evidenced in workpapers.
  • Workpaper Submission: Submit completed workpapers to managers and senior auditors for review.
  • Control Review: Review company processes and controls against industry frameworks, identifying gaps in design and execution, and communicating issues and recommendations to the client.
  • Client Advisory: Act as a valued business advisor, build relationships, and communicate effectively with internal clients, audit teams, and external auditors.
  • Professional Judgment: Demonstrate a high degree of initiative and professional judgment.
  • Project Participation: Participate in other special projects, including compliance with Sarbanes-Oxley 404.
  • Technical Development: Continue to develop knowledge and experience working with a variety of technical environments, platforms, applications, and tools/utilities.

10. Technical IT Auditor Functions

  • IT Audit Execution: Conduct a broad spectrum of IT audits with a focus on IT Process, IT Controls, Application Controls, Web application controls, based on applicable IT standards, good practices and regulations like COBIT, ISO, NIST, GDPR, ITIL, CIS, etc.
  • Audit Planning: Take part in planning an IT audit, defining and documenting audit scope, after evaluating key IT and development risks across the group, along with the VP of Tech Audit.
  • Reporting: Document and report findings and recommendations in an audit report in a concise, easily understood manner to relevant parties, with supporting documentation and evidence to back up the findings.
  • Program Management: Develop, execute and maintain relevant IT audit RCMs and work programs and conduct the IT audit in accordance with the program.
  • Issue Follow-Up: Follow-up on O/S Audit Issues on specific prior audit business units and provide status data on Open/Closed issues to the IA Manager/Deputy/CIA.
  • Industry Awareness: Keep up to date with the IT and technology industry trends and advancements by investing in self-learning and being an active member and contributor at organizations such as ISACA, IT Audit and IT emerging technologies.
  • Project Support: Support the VP of Tech Audit on non-audit-related projects and initiatives.
  • Best Practice Sharing: Accumulate and share good practices within the DPW terminal portfolio and external entities.
  • Relationship Management: Develop and maintain professional relationships with auditees’ IT teams.
  • Networking: Create an expert network, leverage the global expert network, and promote synergy within various DPW IT departments.
  • Representation: Act as an ambassador for DP World at all times when working.
  • Cultural Alignment: Promote and demonstrate positive behaviors in harmony with DP World’s Principles, values and culture.
  • Safety Compliance: Ensure the highest level of safety is applied in all activities.
  • Ethical Conduct: Understand and follow DP World’s Code of Conduct and Ethics policies.

11. IT Auditor Job Description

  • Project Supervision: Work on project-specific teams and provide supervision and direction.
  • Risk-Based Auditing: Perform risk-based audit work, including detailed walkthrough meetings, documentation review, and substantive testing.
  • SOX Testing: Perform Sarbanes-Oxley control testing for key business processes.
  • Control Assessment: Assess control strengths and weaknesses and determine compliance with policies and procedures.
  • Report Preparation: Draft and present comprehensive management action plans and audit reports as final deliverables.
  • Coordination: Coordinate work with Risk and Compliance and other control-related activities, including Internal Audit.
  • Relationship Management: Utilize relationship management skills to build business relationships with audit clients.
  • Team Participation: Positively participate as part of the wider Internal Audit team in all situations.
  • Issue Management: Ensure outstanding issues are clearly positioned with senior stakeholders to enable management to resolve them in a reasonable timeframe.
  • Audit Delivery: Ensure that audits are delivered on time and to a high standard.

12. IT Auditor Overview

  • IT Audit Leadership: Plan, lead, execute, and report on medium to complex IT general and application control audits, IT security and governance reviews, and drive control/process optimization.
  • Control Assessment: Assess the existence, effectiveness, and efficiency of the IT control environment.
  • IT Compliance: Help drive the Company’s IT compliance programs by inspecting policies and procedures, evaluating control design, and assessing the effectiveness of internal controls related to IT systems and processes.
  • Business Partnership: Proactively develop business partnerships with management and maintain a presence with management in order to understand business strategies, challenges, and risks.
  • Best Practices: Champion best practices for procedures and standards that will add value and improve the effectiveness and efficiency of the IT Audit function and the business.
  • Technology Risk: Identify emerging technologies and assist in the development of audit plans to meet the risks associated with using such technologies within the IT environments.
  • Team Leadership: Lead the team to achieve higher levels of competency, effectiveness, and internal process improvement.
  • Coaching and Mentoring: Coach and mentor staff, responsible for their technical development.

13. IT Auditor Details and Accountabilities

  • IT Control Auditing: Perform audits and reviews of IT general computing controls.
  • SOX Testing: Assist with audits of SOX 404 key control testing across the enterprise.
  • Control Design Review: Review the suitability of internal control design.
  • Audit Testing: Conduct audit testing to identify and report issues or risks.
  • Compliance Assessment: Determine compliance with policies and procedures.
  • Findings Communication: Draft and communicate audit findings to management.
  • Client Audit Execution: Responsible for conducting IT audit work and reviews on behalf of a number of clients within the local authority, central government, and NHS sectors.
  • Standards Compliance: Ensure work is conducted in line with the Public Sector Internal Audit Standards, undertaken to budget, meets client KPIs, and annual plans are completed to the required deadlines.
  • Stakeholder Relationship: Build and develop long-term relationships with senior stakeholders across client organizations.
  • Audit Planning: Plan IT's internal audit work programs and a set of control objectives.
  • Meeting Leadership: Lead closing meetings with management.
  • Client Liaison: Act as a point of contact for both Partner and client, ensuring both are kept fully informed of any issues arising and the progress of the audit.

14. IT Auditor Tasks

  • Audit Execution: Ensure all audit work within personal responsibility is completed effectively and efficiently and meets the requirements of the Audit Office’s audit methodology, professional standards, and legislation.
  • Competency Development: Build personal competency, knowledge, and technical proficiency to contribute to more complex audit assignments.
  • Staff Supervision: Supervise and train staff to achieve quality audit results and to improve their skills and knowledge.
  • Stakeholder Communication: Ensure quality and timely audit outcomes are achieved by maintaining strong and professional relationships with clients and proactively communicating with internal and external stakeholders.
  • Issue Escalation: Identify critical issues that may adversely impact outcomes and escalate them appropriately.
  • Documentation Support: Assist in providing sound and well-reasoned audit documentation to support assurance opinions and reports to parliament.
  • Change Management: Embrace audit and other strategic change initiatives.
  • Data Analytics: Contribute and support the forefront position the department has in applying data analytics in its activities.
  • Process Review: Perform full-scope business process reviews and other types of engagements such as fraud investigations, post-acquisition reviews, and theme reviews.
  • Business Alignment: Align audit outcomes and recommendations with local management, with the ambition and drive to bring the quality of business processes within FrieslandCampina to a higher level.
  • Risk Identification: Deep dive into operational processes, identifying arising risks and bringing solutions that can be put into practice.
  • Strategic Contribution: Contribute to different internal projects supporting department strategy, e.g., risk management, continuous auditing and monitoring, soft controls, etc.

15. IT Auditor Roles

  • Risk Identification: Identify financial, operational, compliance, and reputational risks through assurance, consulting, and solutions management activities.
  • Governance Improvement: Improve the effectiveness of Alphabet’s governance, risk management, and internal control activities.
  • Data Analysis: Lead ad hoc analyses of financial and IT data to assist other areas of the audit function, and develop repeatable methods.
  • Knowledge Management: Ensure a consistent result and help develop an internal knowledge base.
  • Report Preparation: Prepare audit reports to document audit scope, procedures, findings, and recommendations.
  • Findings Interpretation: Interpret the significance of audit findings, conclude on findings, and make practical recommendations for remediation.
  • Stakeholder Communication: Lead meetings involving various levels of management to effectively communicate audit status, align on audit issues, and recommend corrective action.
  • Audit Reporting: Prepare audit reports, including audit observations that communicate identified issues and their related corrective actions in both technical and non-technical terms to key stakeholders.
  • Control Assessment: Assess the effectiveness of controls over key IT areas using a risk-based approach.
  • Exposure Identification: Identify significant IT exposures.
  • Information Evaluation: Collect and analyze complex data, evaluate information and systems, and draw logical conclusions.

16. IT Auditor Essential Functions

  • Risk Identification: Identify risk areas and audit tests to be performed within the assigned areas of scope for IT audits or IT areas of operational audits.
  • Test Development: Develop independent and in-depth audit testing and define documentation and information requirements.
  • Result Analysis: Carry out tests, analyze results, and validate findings.
  • Report Preparation: Submit written reports of findings and recommendations.
  • Finding Validation: Proactively validate and discuss audit findings with auditees and the audit team lead prior to the final meeting.
  • Presentation: Present audit findings in the final meeting in an accurate and concise manner to Management.
  • Training Support: Participate in maintaining the IT Audit Training Material and perform training to Operational Auditors.
  • Priority Management: Plan and manage multiple priorities.
  • Problem Resolution: Negotiate issues and resolve problems.
Relevant Information
What Does An Internal IT Auditor Do?
What Does An IT Audit Manager Do?