Auditor training

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello,
does anyone know of a certification in IT audit that requires no experience? I've seen the CISA, but it does require experience.
Thanks!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I have to ask, why do you think you can be an auditor without any experience? After all you're supposed to actually know what you're talking about and that generally comes from experience.

I for one wouldn't want an auditor with no experience coming in and telling me I was doing it wrong, first of all I would just bloody laugh at him and then I would throw him off site and tell the auditor to get someone with some experience in.

Sorry to be harsh but would you trust someone who is supposed to be coming in advising you on something if they didn't have the relevant experience?

 

So, which are the pathways to enter the audit profession? And we come back to the eternal question:
1. If a certificate by itself is no warrant of knowledge (I agree with this to some extent), then you don't get the job.
2. If you have no experience, then you don't get the job.

So how do you get the required experience?

 

You work around the field, not directly in it.

If you want to be doing security work for instance you don't just walk in to a security role, you tend to come in to it from a sys admin type role or something similar, the security guys I work with and I work with a lot as I work in an industry that requires a lot of active security (financial related) all have back grounds in systems work, whether that's as a Systems Admin, Help Desk (one of the guys worked EUC before moving into a junior Security role) to get some experience.

I would expect the same approach with an auditor, he needs to have an understanding of the technologies that he is supposed to be advising against, what's possible or not possible, obviously he isn't the font of all knowledge when specific technologies are concerned but he needs to be the kind of person that knows that something is possible or not.

And I am sorry for this to sound harsh but certification isn't used as a means of getting a role, it should be there as a means of proving your experience.

 

Thanks, that's very informative.
I don't currently work in the field, though, but I'm studying 2 Masters:
* MSc in Information Security. The Royal Holloway, University of London.
* Advanced Computer Security and Digital Forensics MSc. Edinburgh Napier University.
Plus preparing some certifications on my own (Security+, ITIL foundation, etc.).
Ideally, I'd like to move into the industry next year, once I finish one of the dissertations.