In my pursuit to get into the information technology (IT) audit field, I must learn about setting controls for securing IT assets, minimizing risk, and eventually testing that said controls work. In major organizations where information flows constantly and is utilized to advance the organization’s goals, ensuring that the information and knowledge are accurate, intact, timely, and secure are important. To secure them, though, management must know how this information and knowledge can be lost. Once they understand this, controls must be put into place so as to prevent this loss. But management cannot always safeguard these assets.
As a company moves along in its financial year, these controls can break down. For example, backups can be corrupted (losing information), and employees may leave the company (thus losing knowledge). So it is also good to reassess whether these controls are working as intended. This is where the IT auditor steps in, to evaluate these controls, and see to it that that continue to do the job.
Though I know of some ways of testing these controls (e.g. vouching, interviews, and walkthroughs), I have never carried them out. All I have done is study them. While studying textbooks is fine, some would say the true teacher is experience, and I have not done so. For the most part, I have managed a couple of websites (this one included) so that they cannot be hacked. I have put controls in place to ensure that my website is not compromised. But to make sure they work, I must turn to someone who has had experience in managing a website. Not just that, but an IT auditor who will teach me what to exactly do so that this website is not damaged. Eventually, I would learn more from them so that, when I am on an audit engagement, I can ensure that the company’s valuable assets are kept safe.