Risk Advisory Partner at Deloitte offers advice to aspiring IT Auditors

Articles Posts about SCS, IT Audit, SCS blog

By Brittany Shapovalov

Baskaran Rajamani - Advisory Council IT Audit Execution
Baskaran Rajamani – Advisory Council Member, Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit)

When Baskaran Rajamani, Partner, Risk Advisory at Deloitte signed on to guide the creation of our new Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit), he knew that the program had the potential to transform the careers of professionals in IT Operations,  Cyber Security, Auditing and Consulting across the GTA and beyond.

With the first session of the program set to start this September, we asked Baskaran to tap into his extensive experience and offer some sage advice to anyone considering becoming an IT Auditor, Specialist or Portfolio Manager; the most sought-after specialization in the Auditing field!

Studies show that ¾ senior leaders struggle to find IT Auditors with the right skills and experience. What do you look for when hiring, and how do many candidates fall short of these requirements?

It depends on which level and what drives the need. In general IT Auditors fall into three categories: a) Those who can audit various components of IT Infrastructure; b) Those who specialize in auditing applications; and c) Those who have experience in auditing IT projects.

Within (a), there are some who have deep security skills who can audit Cyber Security; this has been in high demand recently.  There are also other related areas of demand, like Supplier audits, Cloud, Agile and other disruptive technology audits.  Most Hiring Managers tend to look for that niche specialized domain knowledge based on immediate need, which become hard to find.

In many cases, Hiring Managers are looking for soft skills, like the ability to deal with senior level auditees, negotiate findings and write high-quality reports. These “human skills” are an integral part of what makes an exceptional IT Auditor.

Many IT Auditors lack the necessary real-world experience to succeed on the job, and quickly get overwhelmed. Why is it so important for IT Auditors to have practical experience before starting work?

Real-world experience, like the kind offered by the Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit), builds confidence in the end-to-end process of planning, executing and reporting on an audit, which is important to “hit the ground running” and be productive and useful to the employer from day 1. It allows the auditor to ask the right questions and have a degree of professional skepticism in interpreting what auditees say, and to have a heightened sense of where to look and where to spend more time. These attributes make for a high-quality audit, and a better return on investment for the employer.

This is why Hiring Managers look for, and respect, real world experience when considering job applicants.

Analytical thinking, ethics and decision making and logical problem solving are all cross-functional “human” skills required of IT Auditors. Why are these skills so important to you when hiring?

Analytical thinking and logical problem solving are so critical to successful Auditors because that’s most of what they do. They make observations and have to analyze why, and if, the findings are an issue.

Ethics is a foundational requirement for Auditors to perform their job with a sense of due professional care, due diligence and independence in thought; this allows IT Auditors to not get swayed by what they hear from auditees, keeping auditees at arms length and remaining objective.

Decision making skills help in concluding on audit findings and whether to escalate or  consult others on the team. Indecisive auditors get stuck during an audit and struggle, which employers don’t like.

As a member of the Advisory Council for the Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit), you’re helping guide the curriculum and learning outcomes of this program. Why do you feel it’s so important for IT Auditors to pursue continuing professional education to stay competitive in their careers?

As everyone knows, technology is changing so fast. With new technologies (e.g. Automation, AI, Blockchain, Cloud), new risks are emerging every day and the level of inherent risk of conventional risks are transforming. IT Auditors therefore have a higher need to continuously catch up, compared to many other professionals.

IT Auditors need to prioritize and do this continuous learning in a strategic fashion depending on what is relevant to their area of specialization and what their respective organization is likely to implement in the near future.

Why should hopeful IT Auditors take this program, rather than just writing the CISA exam?

In my view, the Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit) gives IT Auditors four main benefits: a) They learn a body of knowledge through various subjects covered by the program in a systematic and complete manner; b) They have the opportunity to interact with Faculty, guest lecturers and other professionals inside and outside the classroom, which enriches their textbook knowledge and learning, allowing them to benefit from the practical experience of others (this is huge!);  c) The practical case studies and research assignment components of the program further enhances their practical application knowledge; and finally d) They develop a fantastic and rich network of professionals in their area of specialization, which helps them become part of a professional community and, more importantly, boost their confidence and ability to tap into it as needed.

From a career progression standpoint, the Certificate in IT Audit Execution (now changed to Certificate in Information Security Audit) is far superior to just taking the CISA exam alone.

Hear more from Baskaran

Baskaran is speaking at our upcoming IT Audit Program Night; an exclusive networking and educational event on August 15th. Reserve your spot now.