5 skills to look for when hiring an IT Auditor

By Robert Half on 10 July 2023
Estimated Read Time: 3 minutes

IT Auditor roles demand skilled technical workers, who can work either internally (within the organisation) or externally. What’s more, these roles are in high demand across industries – so salaries for this role run equally high.

According to the Robert Half 2023 Salary Guide, the midpoint salary for an IT Auditor in Hong Kong in $708,000 and can hit a high of $925,000.

Why it is crucial you hire the right person for the job

Since an IT Auditor in Hong Kong will be responsible for ensuring your organisation’s IT systems and infrastructure run as efficiently as possible, it is imperative that you hire a candidate who will look towards the long-term wellbeing of the organisation’s IT ecosystem.

In addition to hiring a candidate who is well-trained  who can ensure your IT systems are in compliance with government and internal regulations, a skilled IT Auditor will be able to identify potential issues before they arise and offer solutions to them.

Vulnerabilities, attacks, and confidentiality leaks can cost organisations thousands, if not millions. For this reason, it is also important that your organisation’s IT Auditor is comfortable with risk assessment and data analytics.

An experienced candidate will have a proven track record of performing risk-based audits to reduce risk, deploying IT compliance framework (per industry standards) for secured operations, risk mitigation, and most ideally, a year-on-year improved audit plan. 

Skills to look out for on IT Auditor resumes

Technical skills

Since the role requires auditing – specifically, data analysis and risk assessment – candidates need to be comfortable using tools to analyse large data sets. Subsequently, Hong Kong IT Auditor candidates will need to be able to take the findings of their analyses and make adjustments or suggestions where needed.

The tools required for this can be as basic as Excel or as advanced as Audit Command Language (or ACL). In addition, most experienced candidates will also have résumés that showcase several frameworks (including COBIT and PCI), databases (including Oracle, DB2, SQL, SOAP), and an assortment of programming languages.

Communication skills

“IT Auditing is a lot more teamwork than you’d expect – so it really helps to have a team player,” says Amy Wong, Division Manager and specialised technology recruiter at Robert Half. Since IT Auditors work across multiple teams in an organisation, it is essential that candidates are able to communicate their needs and any technical requirements and expectations with those they interact with. 

“Apart from the fact that IT audits – like financial ones – are intimidating,” says Amy, “it’s in everyone’s best interest that the IT Auditor can communicate well.” Primarily, this ensures that employees the IT Auditor encounters are cooperative, and their concerns, suggestions, and feedback is heard. 

Project management skills

Candidates must be able to carry out audits in a timely manner within a set budget. Thus, it’s important that candidates have a demonstrable history of project management – being able to plan and organise an audit as well as evaluate outcomes and adjust results. 

Additional skills that an ideal candidate will possess 

Critical thinking skills

Critical thinking skills are really what set good candidates apart from excellent ones.

- Amy

While many candidates are able to follow standard operating procedure before, during, and after an audit, quality candidates can think outside the box. “An IT Auditor who is able to identify potential problems and risks – and advise their employers on their best course of action – can save an organisation resources and time down the road,” adds Amy. 

Business savvy

Although not technically a skill, the ability for an IT Auditor to understand both their industry and day-to-day goings on within an organisation can allow for a smooth workflow. An IT Auditor who has a sense of budgetary constraints for a business, for instance, is more attuned to the business’s auditing needs. Additionally, this makes it easier for the IT Auditor to communicate the organisation’s requirements to executives. 

External IT Auditors vs Internal Auditors

Typically, external IT Auditors in Hong Kong work for consulting firms and assess control environments of public companies (with regulatory reporting guidelines). On the other hand, internal IT Auditors assess an organisation’s internal controls, to strengthen its control environment.

While there is certainly an overlap in skill, it often benefits companies to use both. However, an internal IT Audit minimises overall costs, and partners with business, accounting, and financial audits for “integrated” audits. 

Certifications to look out for

Lastly, when distinguishing between candidates who are on par in every other aspect, it is highly worthwhile looking out for specialised certifications. Apart from validating  a candidate’s skillset, certifications ensure increased knowledge and skill development, and more robust security training. 

4 common certifications for IT Auditors include Certified Information Systems Auditor (CISA), Certified IT Auditor (CIA), Global Information Assurance Certification (GIAC) Systems and Network Auditor Certification (GSNA), and Certified Information Systems Security Professional (CISSP).

Related: Hiring and management advice

Need help finding an IT Auditor for your company? Contact Robert Half to help you find the right candidate.

More From the Blog...