What would be the most appropriate designation for a professional who serves as an IT auditor?

The objective of auditor rotation is to promote independence. Auditor rotation requirements apply to individuals who have played a significant role in the audit of listed companies or listed registered schemes.

A significant role in the conduct of an audit is defined by s.9 of the Corporations Act 2001 (the Act) as: 

• the lead auditor (i.e. audit engagement partner)
• the review auditor
• a registered company auditor appointed as the auditor of the audited body.

Auditor rotation requirements

APESB Q&A: Audit Partner rotation requirements (PDF, 1.1MB)

An individual may not play a significant role in the audit of a listed entity for more than five out of seven successive financial years. Refer to section 324DA(1) and (2) of the Act. 

Auditors may take steps to manage and mitigate any adverse impact on audit quality, especially when developing a rotation succession plan. This will require long-term planning. For example, it may be beneficial to plan for overlapping terms for the lead and review auditors so that both are not rotated simultaneously.

APES 110 Code of ethics for professional accountants prohibits a person from participating in the audit engagement for not less than two years after the end of the financial year representing the end of the five years' service as lead or review partner. APES 110 applies to members of CPA Australia. 

Section 323D(3) of the Act permits the synchronisation of financial years. The financial year may be extended up to 18 months.

NZAuASB: Auditor rotation FAQs

Relief from auditor rotation requirements 

ASIC can grant relief if there is an unreasonable burden on the auditor or audit firm, or the audited body. ASIC Regulatory Guide RG 187 Auditor rotation outlines the criteria and cautions that limits relief under s. 342A of the Act.

Exemptions from the auditor rotation requirements

The Corporations Act's s. 342A does not provide for an exemption from the auditor rotation requirements. However, it does provide ASIC with limited power to modify the rotation requirements. It can:

1. extend the period by not more than two successive financial years before the time-out rule applies
2. extend the period by allowing an auditor to play a significant role in the audit for not more than one additional financial year before the '5/7 rule' applies

Where an auditor has played a significant role in the audit for five continuous financial years, the relief stipulated in (1) applies. Where an auditor has played a significant role in the audit for five out of seven successive financial years, the relief stipulated in (2) applies. The five out of seven successive financial years ('5/7 rule') applies to lead auditors who were not involved with the client during some years out of the total period of seven years.

An auditor or accountant may hold multiple professional certifications.   Many certifications are job specific while others are general designations related to auditing.   The two most common certifications held by University of Alaska auditors are the CIA, Certified Internal Auditor, and the CISA, Certified Information Systems Auditor.   In addition to these certifications, an individual may hold a CPA, Certified Public Accountant, designation as well as other more general private industry certifications.

Audit and Consulting Services follows GAGAS requirements for continuing professional education (CPE) credits.   Eighty CPE credits must be acquired every two years in order to maintain certifications in good standing.   These CPE credits may be earned by periodic training sessions offered by the various credentialing organizations in the list below.

Audit and Consulting Services supports and encourages professional certification for its auditors as it relates to the position.   Certifications typically supported are:

• Certified Internal Auditor (CIA)
• Certified Information Systems Auditor (CISA)
• Certified Public Accountant (CPA)
• Certified Fraud Examiner (CFE).  

To provide support, the department will assist staff by providing:

1. The cost of review materials.
2. Travel costs associated with taking the exam
3. Time for sitting for examinations will be considered authorized and will not require the use of annual leave.
4. Maintenance fees for licenses once achieved, usually including cost of fulfilling CPE requirements.

In recognition of the benefit derived by the employee for attaining these certifications, the staff member will provide:

1. The cost of registration and fees for the exam.
2. Membership fees for professional organizations.

About the Professional Certifications

CFE

Sponsored by the ACFE (www.acfe.org)

Certified Fraud Examiners are professionals with significant experience in their own field of fraud prevention who have passed the CFE examination.   Certificate holders are required to continue their education and maintain high professional standards to maintain certification.

CIA

Sponsored by the IIA (www.theiia.org)

The Certified Internal Auditor credential is one of the hallmark credentials of the internal auditing profession.   Achieving this certification requires an individual to have graduated with an accounting degree from an accredited college, requires the individuals to have character references, have significant work experience and pass an examination.   Holding the certificate requires the individual to obtain continual professional education each year.

CISA

Sponsored by ISACA (www.isaca.org)

The Certified Information Systems Auditor is meant for those auditors who specialize in the auditing of information systems.   The certification requires the applicant to be an experienced professional, pass an exam and submit an ethics certification.   Like other certifications, it requires the individual to complete continual professional education on a yearly basis.

CPA

Exam administered by the AICPA (www.aicpa.org).

Note: The CPA designation is granted by individual state boards, not the American Institute of Certified Public Accountants (AICPA). Membership in the AICPA is not obligatory for CPAs, although some CPAs do join.  

Certified public accountant is the most often seen certification in the public arena. These individuals have graduated with an accounting degree, usually with at least 150 credit hours, passed a multi-part examination, become members of the AICPA, and obtained sufficient professional experience in order to be awarded the designation of CPA.   CPA’s typically work in the public sector, but can be seen anywhere in the industry.   Experienced CPA’s outside of CPA firms, in many cases, may be seen as department heads of accounting/audit departments, controllers or CFO’s.   The certification requires continual professional education courses to be taken on a yearly basis to maintain the designation.

If you are interested in dissecting the inner workings of almost any aspect of a company, a career as an auditor may be for you. Auditing offers a wide variety of career opportunities, with potential for work in and out of the financial industry. As an auditor, you may work in different areas, including internally within companies or externally with government agencies.

Regardless of what type of auditor you are, you'll find yourself poring over financial statements and expense reports to ensure that companies and agencies are compliant with government regulations. But you'll need to have the educational background and requisite experience to enter the workforce. Read on to see if you have what it takes to succeed in this in-demand career.

• An auditor reviews financial statements to ensure that companies and agencies comply with government regulations.
• You'll need a degree in accounting, finance, economics, or a related field and may require special certification to work as an auditor.
• Auditors must be team players and tend to require several characteristics, including professionalism and communication skills.
• The types of auditors include internal, external, government, and forensic auditors.
• Duties include reviewing, analyzing, and evaluating financial statements, products, systems, and organizations.

Auditors typically have an undergraduate degree in business-related majors such as accounting, finance, or economics. Some auditors may even pursue graduate degrees in these fields to command a higher salary.

Larger accounting firms and internal audit departments typically want their auditors to possess special certifications as well. These include (but aren't limited to):

One of the key characteristics that an auditor should possess is being a team player. As the scope of the audit can be fairly large, it is beneficial to help in other areas of an audit when resource constraints warrant it.

Here are a few other key qualities that potential auditors should bring to the table:

• Ethics: Auditors should possess a strong ethical framework and report on issues (or anticipated issues) as they come across them. There may be a temptation to let things go as further investigation may require more work or reveal embarrassing processes, performance, and/or fraud.
• Professionalism: This is an important trait for auditors to have. That's because they have to deal with different types of people—some who may be tough to handle. Professional skepticism is also key, especially when reviewing a company's internal controls. Auditors need to assess how perpetrators of fraud can beat a company's controls, and auditors need to design and implement a system that can effectively protect the organization's assets.
  
• Communication Skills: Good communication skills allow auditors to have a rapport with a variety of employees, managers, directors, and external parties. This means being able to articulate requests and findings accurately and concisely verbally and in writing.
• Interpersonal Skills: Strong interpersonal skills are very important in this role. That's because of the variety of informational requests (and often, the resistance to those requests) required from various sources. Strong and/or ambitious types may attempt to dissuade auditors from revealing embarrassing findings.

Some auditors may be tempted not to report certain findings because they want to establish a good rapport with different individuals. But they should remember to focus on the objectives of the audit, including the reliability, verifiability, accuracy, and timeliness of the information in the report.

Internal controls help prevent the theft of a company's assets and, if properly designed and executed, prevent data manipulation by employees.

Before we get into what it means to be an auditor, it's important to highlight some of the types of auditors that exist within the professional world.

• Internal Auditors: Hired by companies, internal auditors evaluate financial and operational activities, including corporate governance. Internal auditors report their findings to senior management.
• External Auditors: These professionals provide an objective financial opinion about an organization's financial statements. This opinion states whether the statements represent the organization's financial position fairly and accurately.
• Government Auditors: These individuals ensure that government agencies, organizations, and private individuals are executing their duties and actions as per government regulations.

Some auditors work with or for law enforcement agencies. They are called forensic auditors and specialize in crime, especially financial crime.

Companies that hire auditors should remember that internal or external auditors can be expensive. As such, constraints in resources necessitate that an audit provides only reasonable assurance that statements are free from significant errors. Due to the high cost of audits and the fact that auditors cannot possibly verify every transaction, auditors use statistical sampling and make a determination (with management) as to the key focus areas.

Auditing is a complex career that involves many different job responsibilities. Some of the main ones include:

• Reviewing, analyzing, and evaluating processes, products, services, systems, organizations, and employees.
• Assessing the accuracy, validity, reliability, verifiability, and timeliness of organizational information.
• Assessing the sources and processes by which the information is produced.
• Inspecting internal controls and the extent to which these controls manage an organization's exposure to risk.
• Ensuring checks are in place to help with the effectiveness of financial and operational reporting.
• Making sure that controls are in place to protect an organization's assets.
  

An audit is not a guarantee that financial statements provide a perfect snapshot representation of the organization, only a reasonable assurance that the statements are free of material misstatements.

Virtually any part of an organization is subject to an audit. Managers, the board of directors, or external parties can help determine the priority areas based on their organization's unique circumstances. A helpful way to determine what is a priority is to determine the effects and amount of recurrence due to failed processes. Managers should generally focus on first fixing areas where this impact is high.

As a sample of areas in which audits can be conducted, consider the following:

• Financial reporting
• Information technology
• Supply chain
• Inventory management
• Transfer-of-payment processes
• Administrative procurement
• Expense accounts
• Revenue management
• Employee performance
• Environmental impact
• Hiring practices
• Internal controls
• Tax and government compliance

Because of the large quantities of information and processes within an organization and the limited human resources (HR) with which to inspect and assess these at any given time, auditors often address only specific key areas as part of the audit scope. This means that material and important data are usually addressed, while less significant areas are placed on hold.

Auditors often use statistical sampling to help identify focus areas and also evaluate processes based on tests. For instance, controls on an IT system designed to prevent unauthorized access to petty cash balances on a bank account can be checked by testing the software system.

Public companies in the U.S. follow rules set forth by the Public Company Accounting Oversight Board (PCOAB), a body established by the Sarbanes-Oxley Act of 2002. This act is an especially relevant, thorough, and costly set of regulations to which managers and decision makers of public companies must adhere.

Section 404 of the act requires that:

• Management and external auditors report on the adequacy of internal controls over financial reporting
• Management report on the effectiveness of the company's internal controls over financial reporting

The documentation and testing work conducted across an organization required by this section takes an immense amount of effort by employees, management, and auditors. Sarbanes-Oxley is considered a controversial requirement because of the burdens placed on public organizations and its high cost in terms of dollars and time. But under proper compliance, companies also enjoy better processes, controls, risk management, and financial and operational assurance.

The Bureau of Labor Statistics (BLS) groups accountants and auditors in one group. The median annual salary for this group was $77,250 in 2021. The job market for accountants and auditors is expected to grow 6% in the decade between 2021 to 2031, which is as fast as average.

The following are several examples of the duties that auditors perform in various areas of the financial industry.

Internal auditors are dedicated to assessing the company's internal controls. They can serve as full-time staff or temporary workers who improve the efficiency and effectiveness of processes, find fraud and provide periodic assessment reports to management and the board of directors.

Small organizations may not be able to afford a year-round internal audit staff. They may choose to outsource a portion (or all) of their auditing needs to external auditors. External auditors assess their clients' operational systems and financial statements based on agreed-upon project scope and engagement costs.

An audit may be executed on IT financial-reporting mechanisms, where auditors assess whether the numbers that are processed and reported by the IT/accounting software are reliable, accurate, and timely. A walk-through test may be conducted in some cases. This is a procedure used during the audit of an entity's accounting system to gauge its reliability. 

For instance, the income statement or balance sheet may be significantly distorted (if the transactions are large) if there are delays or errors in the accounting system to report product shipments or receipt of raw materials. Significant distortions mean that management may not be able to properly run the company, or investors may incorrectly value the organization.

Auditors may ascertain a company's inventory management system as well as its current inventory count. Obsolete inventory or inventory that is essentially worthless may still be on the books as regular finished-goods inventory. This overstates a company's assets on the balance sheet and provides a misleading picture for management and investors.

Auditors need to understand the root causes for the overstatement and recommend periodic inventory accounts or security measures (depending on the cause) to management by way of an audit report. For instance, a supervisor may have to periodically sign off on inventory counts by junior personnel and apply a common sense test.

Division managers may make large refund payments to customers on a recurring basis. These may stem from a variety of reasons, such as volume discount programs, claims of damaged shipments, goodwill gestures, or aggressive quarterly revenue management.

For instance, auditors may recommend that the system automatically require a finance manager's approval for transfers over $50,000 when they identify risks of impropriety. This may go along with monthly reviews for transfers that exceed $100,000 per month for the division.

In certain cases, the company may be a multinational corporation generating billions of dollars in revenues, and it may not be worth the managers' time to conduct transfer reviews of amounts falling below these thresholds.

Auditing is a growing field, thanks to stricter government regulations, and offers a surprising variety of job responsibilities for those inclined to deal with the details of a company's operations. If liaising with company management and regulating a variety of business and financial processes appeal to you, consider an in-demand career as an auditor.