Sarbanes-Oxley compliance, globalization and technology-related risk place information system auditors (IT auditors) in high demand. Graduate students of the Master of Accounting program at Florida International University (FIU) are getting an opportunity to receive hands-on experience using a simulated client within the banking industry to strengthen their skill sets. They also are getting a leg up on others who are interested in IT auditing or other related career paths.
“For my graduate-level class, I wanted to simulate an actual IT audit process to expose and equip students with a strong foundation of knowledge and skills to become successful auditors,” said Antoinette Lynch, who teaches IT audit courses in FIU’s School of Accounting in the College of Business Administration.
To accomplish this, Lynch teamed with Silka M. Gonzalez (MACC ’05), president and founder, Enterprise Risk Management, to design an IT audit case study that took the students through the standard process phases——from meeting the client and preparing an engagement letter to conducting a risk assessment, developing the audit program and issuing a report to management with findings, risks and recommendations.
“We focused on general control risk areas that students would most likely encounter as a user of the system, IT auditor or financial auditor—Microsoft Windows 2003, IBM AS/400, networking components, firewalls, routers and other IT control areas,” Lynch said.
In addition to preparing the materials and delivering the lecturers, Gonzalez and three colleagues from her firm provided ongoing guidance to the students.
Case study proves relevant to a variety of accounting roles.
“At some point, these students will be exposed to IT audits and controls,” Gonzalez said. “Whether they work as auditors, controllers, CFOs, CEOs, consultants or business owners, they will be able to use the basic concepts provided by this class throughout their careers.”
This certainly proved true for Annette Jernigan (MACC ’09, BBA ’07), director of property administration, Baptist Health Enterprises, who immediately applied what she learned.
“Before I took this course, IT auditing was intimidating,” she said. “That’s no longer the case. I now have a much deeper understanding of what the IT department needs from me on a day-to-day basis—and the relationship of IT governance to Sarbanes-Oxley and other compliance and security requirements.”