[jlondon]

Which do you prefer and Why? Also, could you please let me know which will actually go further career wise?

My understanding/analysis and opinion for each is below..

IT Audit – Looks at how a business process is done, so mostly involves IT skills. taking screen shots all day, and making sure it is in compliance with SOX/SOC etc…

Financial statement audit – Looks at the ledger lines, testing, what if things are right?

My ultimate question: How far (career wise ) does each get you.. What I mean is, so for F/S audit, it would mean like ultimately learning how to dissect a financial statement right, learning how each line is, and how it would affect certain accounts.. so ultimately, this would reach to like corporate controller level?

What about IT audit, how far would one go with this? It looks at how each process is done, so in short, to me, it just seems like really simple (well of course not simple), but it just seems like.. having a “procedure” for stuff. Which , makes me feel like, it wouldn’t go far? but of course I”m wrong… please let me know your insight..

Thanks,

BEC: 69, 57, 72, 73, (anticipated for 4/4/2015)
AUD: 65, 63, 74, 84!!! (expires 7/31/2015)
FAR: 63, 57, (scheduled for 4/1/2015)
REG: ... 42, (Anticipated to be around 5/20~)

-Every Set Back is a Set Up for a Major Come Back #motivation

"I've missed over 9,000 shots in my career. I've lost over 300 games. 26 times I've been trusted to take the game winning shot, and missed. I've failed, over and over and over again in my life. And that is why, I succeed." - Michael Jordan

"You are not your past, but the resources and capabilities you glean from it" -Jordan Belfort

[jlondon]

The reason why I ask is because I'm an accounting information systems major, but haven't exactly been doing that the past few years. I've been more like a staff accountant… and now I'm reconsidering a career path..

Any advice ? please.

BEC: 69, 57, 72, 73, (anticipated for 4/4/2015)
AUD: 65, 63, 74, 84!!! (expires 7/31/2015)
FAR: 63, 57, (scheduled for 4/1/2015)
REG: ... 42, (Anticipated to be around 5/20~)

-Every Set Back is a Set Up for a Major Come Back #motivation

"I've missed over 9,000 shots in my career. I've lost over 300 games. 26 times I've been trusted to take the game winning shot, and missed. I've failed, over and over and over again in my life. And that is why, I succeed." - Michael Jordan

"You are not your past, but the resources and capabilities you glean from it" -Jordan Belfort

[jlondon]

The reason why I ask is because I'm an accounting information systems major, but haven't exactly been doing that the past few years. I've been more like a staff accountant… and now I'm reconsidering a career path..

Any advice ? please.

BEC: 69, 57, 72, 73, (anticipated for 4/4/2015)
AUD: 65, 63, 74, 84!!! (expires 7/31/2015)
FAR: 63, 57, (scheduled for 4/1/2015)
REG: ... 42, (Anticipated to be around 5/20~)

-Every Set Back is a Set Up for a Major Come Back #motivation

"I've missed over 9,000 shots in my career. I've lost over 300 games. 26 times I've been trusted to take the game winning shot, and missed. I've failed, over and over and over again in my life. And that is why, I succeed." - Michael Jordan

"You are not your past, but the resources and capabilities you glean from it" -Jordan Belfort

[Anonymous]

Since I am in the IT Audit field, I'll talk about that. However, I have also been involved with a handful of Financial Audits so you can take that for what it's worth.

IT Audit has two main aspects, on a high level (SOX compliance and Internal Audit). SOX Audits are basically done to support Financial Audits i.e. As an IT Auditor, you test only those technologies (ERP applications, Operating Systems, Databases etc.) that are used to generate financial data. Such types of audits are done to get comfort that systems holding financial data are secure, processes exist of managing the systems etc. Of course depending on the complexity of the systems and the risk level, you can perform further testing such as SOD. In a nut shell, SOX audits are to support financial audits and if the controls for those systems are weak, then the financial auditors will increase their sample size. Not rocket science.

Internal Audit has a lot more to it. The audits are not done to support financial audits/statements (although results could provide some idea on financials but that's not the goal) but to identify risks within the company's IT environments. The scope is much broader and deeper (for each technology audited). You can perform a variety of audits such as network security, disaster recovery audits, infrastructure audits, mobile application security, web security etc. Internal IT Audits can be very interesting especially because technology keeps evolving. New threats come up. There is cybersecurity, cloud computing etc. So I would not say it is boring 🙂 . It is also challenging coz you have to keep yourself updated with the latest.

The financial audits I was involved with were pretty standard. They involved understanding a process, obtaining evidence and ticking/tying numbers. Pretty straightforward but like I said, I have very minimal exposure with financial audits so take what I say with a grain of salt.

[Anonymous]

Since I am in the IT Audit field, I'll talk about that. However, I have also been involved with a handful of Financial Audits so you can take that for what it's worth.

IT Audit has two main aspects, on a high level (SOX compliance and Internal Audit). SOX Audits are basically done to support Financial Audits i.e. As an IT Auditor, you test only those technologies (ERP applications, Operating Systems, Databases etc.) that are used to generate financial data. Such types of audits are done to get comfort that systems holding financial data are secure, processes exist of managing the systems etc. Of course depending on the complexity of the systems and the risk level, you can perform further testing such as SOD. In a nut shell, SOX audits are to support financial audits and if the controls for those systems are weak, then the financial auditors will increase their sample size. Not rocket science.

Internal Audit has a lot more to it. The audits are not done to support financial audits/statements (although results could provide some idea on financials but that's not the goal) but to identify risks within the company's IT environments. The scope is much broader and deeper (for each technology audited). You can perform a variety of audits such as network security, disaster recovery audits, infrastructure audits, mobile application security, web security etc. Internal IT Audits can be very interesting especially because technology keeps evolving. New threats come up. There is cybersecurity, cloud computing etc. So I would not say it is boring 🙂 . It is also challenging coz you have to keep yourself updated with the latest.

The financial audits I was involved with were pretty standard. They involved understanding a process, obtaining evidence and ticking/tying numbers. Pretty straightforward but like I said, I have very minimal exposure with financial audits so take what I say with a grain of salt.

[fuzyfro89]

It definitely depends on what type of things interest you. Personally, of the two I would dislike IT audit more… but that's just because I'm not patient with systems and I also don't understand them very well. Mostly, I don't have a desire to be an expert in them either. SOX is usually not too enlightening, whether IT or financial. Internal audit can go either way and overall is more interesting.

Working in IT audit, you have (somewhat) less expertise in the financial statements than in financial audit. The majority of your work doesn't directly involve the financials as an IT auditor.

As a financial auditor, it is true that you are ticking/tying/recalculating things in order to see how they work and if they are as expected. It really depends on what you want to do. If you want to be a controller, you need financial audit experience… HOWEVER, having IT audit experience will be very valuable because you are also in charge of the control environment (so you need to understand the involvement of IT issues).

You could probably become a controller if you had only financial audit experience, but it would be more difficult if you only had IT audit experience (someone please correct me if I'm wrong).

Internal audit is a good move from either strict IT audit or financial audit, as it sort of merges in between but also takes a different point of view by looking at processes more than just the financial statements.

[fuzyfro89]

It definitely depends on what type of things interest you. Personally, of the two I would dislike IT audit more… but that's just because I'm not patient with systems and I also don't understand them very well. Mostly, I don't have a desire to be an expert in them either. SOX is usually not too enlightening, whether IT or financial. Internal audit can go either way and overall is more interesting.

Working in IT audit, you have (somewhat) less expertise in the financial statements than in financial audit. The majority of your work doesn't directly involve the financials as an IT auditor.

As a financial auditor, it is true that you are ticking/tying/recalculating things in order to see how they work and if they are as expected. It really depends on what you want to do. If you want to be a controller, you need financial audit experience… HOWEVER, having IT audit experience will be very valuable because you are also in charge of the control environment (so you need to understand the involvement of IT issues).

You could probably become a controller if you had only financial audit experience, but it would be more difficult if you only had IT audit experience (someone please correct me if I'm wrong).

Internal audit is a good move from either strict IT audit or financial audit, as it sort of merges in between but also takes a different point of view by looking at processes more than just the financial statements.

[Mayo]

IT audit seems marginally better than Tax. Isn't like 90% of the job testing ITGCs, reading SOC reports, or writing SOC reports?

Mayo, BBA, Macc

[Mayo]

IT audit seems marginally better than Tax. Isn't like 90% of the job testing ITGCs, reading SOC reports, or writing SOC reports?

Mayo, BBA, Macc

[Author]

Replies