Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors' opinions or evaluations.
An auditing career requires many competencies, including desparate analytical skills, strong communication skills and technical proficiencies with the subject matter under audit.
Auditors play a key role in validating the integrity of an organization’s processes, systems and information, both financial and non-financial. Professional auditors also provide advice and consultation to business leaders on how to better manage and control risks within an organization.
Auditing is a rewarding and well-regarded career, whether you are a member of an in-house auditing team or you work with a variety of clients. If you’re intrigued by a career in auditing, here’s all you need to know about stepping into the position.
What Does an Auditor Do?
An auditor conducts assessments of processes, systems and information to validate their integrity and conformance to established policies and other criteria. To understand how to prioritize auditing efforts, an auditor might perform a risk assessment before conducting an audit. Most auditors specialize in particular subject areas, such as financial statement auditing, IT auditing or process auditing.
Though some auditors are external, it’s not uncommon for companies to employ in-house auditors. Auditors are also responsible for noting where an organization can Improve its processes, become more efficient and decrease risk.
Advising Oversight Bodies
The results of an audit are typically provided to an oversight body, such as an audit committee, a governing board or an outside regulatory agency. For this reason, an auditor may also be known as an assurance provider. The assurance work provided by an auditor helps oversight groups fulfill their responsibilities, and the auditing profession is often seen as a pillar of good governance.
Skills for Auditors
Auditors must be detail-oriented and enjoy problem-solving. They must also be able to think strategically and relate the results of their work to the broader objectives of the organization subject to audit. It’s important for an auditor to have a high ethical standard due to the nature of their work. Many professional audit associations require their members to conform to a code of ethics.
What Is an Audit?
Auditing approaches can vary greatly, but a typical audit can be divided into three phases:
- Planning. During this phase, an auditor obtains an understanding of the activity under audit. They note areas of heightened risk and develop the objectives, scope and procedures that inform their audit testing. External auditors commonly perform materiality assessments during planning to identify high-risk financial accounts to include within the scope. The auditor schedules meetings with managers of the activity subject to the audit to communicate expectations and request necessary information.
- Fieldwork. During this phase, the auditors will execute their planned audit test procedures. This phase may require traveling to the physical location or operating site of the activity subject to audit. Some auditors travel extensively over the course of their careers, and the position may require travel to international or remote destinations.
- Reporting. During this phase, the auditor will draft the results of the audit, often in a written report, and may provide recommendations to address any issues noted. Once finalized, the report is often distributed to managers of the activity subject to audit and made available to the appropriate oversight body.
A typical audit report includes the objectives and scope of the audit, plus any issues identified, which can be referred to as audit findings. Common audit findings include:
- Errors or inaccuracies in financial accounts or data
- Non-compliance with policies or operating procedures
- Deficiencies in the internal controls that would prevent or detect fraud, errors and other issues
Auditors often issue recommendations and propose action plans to address their findings. In the case of financial statement audits, an auditor might ask management to adjust certain financial accounts found to contain errors before issuing a financial statement.
Auditors may also conduct post-audit follow-up procedures to confirm that their recommendations have been implemented or appropriate actions have been taken to address the identified findings. Internal audit professional standards require that monitoring and follow-up procedures be in place.
Where Do Auditors Work?
An auditor works either as part of an organization’s internal auditing team or for an outside firm.
Most audit work is performed in an office environment. Many audit test procedures involve the examination of documents and interviews or inquiries with the business managers subject to audit. However, there are times when an auditor may be expected to work outside of an office. For example, an inventory count may require an auditor to physically count inventory that is in stock and compare the quantities observed to financial records.
Other audit test steps may require an auditor to physically observe a process, such as validating that activities conducted on an assembly line conform to standard operating procedures. Environmental auditors may visit facilities to confirm that specific environmental compliance equipment is in place and is operating as intended to prevent pollution or ensure compliance with other environmental matters.
Types of Auditor Careers
Careers in auditing can be quite diverse. Take some time to explore the different specialties you can pursue within the auditing field.
Note that while the U.S. Bureau of Labor Statistics (BLS) does not break down projection data among the various types of auditors, the BLS projects jobs for all accountants and auditors to grow by 6% from 2021 to 2031.
Education Needed: An internal auditor should have a business administration bachelor’s or a similar degree. However, internal auditors can come from a broad variety of educational backgrounds, including IT, engineering and legal fields.
Salary: An internal auditor can expect to earn around $70,000 per year.
Job Description: An internal auditor is usually employed by the organization subject to auditing. Internal audit departments play a broad role. They conduct risk assessments to understand the risks that could negatively impact the organization. They also validate that appropriate risk management and internal control practices are in place.
Due to the varying nature of potential risks faced by an organization, internal audit teams often comprise experts in a variety of subjects, including business operations, accounting/finance, IT and regulatory compliance. The collective competencies of the internal audit team should match the risk profile of the organization they work for.
In addition to audits of financial information and controls, internal auditors often evaluate the company’s processes for operational efficiency/effectiveness, proper safeguarding of assets from fraud and abuse and compliance to internal company policies, among other things. Internal auditors may also support and provide input to the organization’s enterprise risk management program and on the ethical culture of the organization.
While internal auditors are often employed by the organization, they must meet certain standards regarding independence and objectivity. According to these standards, internal auditors cannot be responsible for managing the activities they audit, and they must maintain a functional reporting relationship with the governing body of the organization.
Professional internal auditors should be proficient with the International Professional Practices Framework, which involves authoritative standards and guidance for the professional practice of internal auditing. After obtaining the Certified Internal Auditor (CIA)® qualification, internal auditors can be employed by corporations, the government and not-for-profit organizations.
Education Needed: An external auditor position often requires a bachelor’s degree in accounting or a related field.
Salary: An external auditor can expect to earn around $65,000 per year.
Job Description: An external auditor works at a firm external to the organization subject to auditing. This position typically focuses on accounting and financial reporting topics.
The primary objective of an external audit is to confirm that the financial statements produced by an entity are reliable and fairly presented in conformance with applicable accounting principles. External auditors may also review the adequacy of financial reporting controls, which are the controls in place at the entity to ensure financial statements are accurately produced.
It is also common for external auditors to provide assurance and consultation on other financial topics, including tax and statutory reporting.
The external audit profession is more highly regulated than other forms of auditing, and strict independence requirements prohibit external auditors from being employed by the company they are auditing.
Investors and other users of the entity’s financial statements place great reliance on the work and opinion issued by an external auditor. External auditors must be proficient in relevant accounting principles, such as US GAAP or IFRS, as well as any applicable external auditing standards.
Becoming a Certified Public Accountant (CPA) can demonstrate proficiency in these principles. External auditors are commonly employed by public accounting firms.
Information Technology (IT) Auditor
Education Needed: An IT auditor must hold a bachelor’s degree in accounting, computer science or a similar field.
Salary: An information technology auditor can expect to earn around $75,000 per year.
Job Description: IT auditing is a specialized form of auditing that focuses on assessing an organization’s IT infrastructure and business applications. In modern times, it can be said that all forms of auditing require competency in IT courses due to the ever-increasing reliance on technology to manage business operations and information.
IT auditors typically receive more extensive training on IT courses and often focus their audits on IT systems and applications. IT auditors may work alongside other internal or external auditors who are reviewing other aspects of an activity subject to auditing.
IT audits may entail assessments of financial reporting applications, cybersecurity, information security, systems development processes and broader assessments of overall IT governance. Prospective IT auditors may pursue the Certified Information Systems Auditor (CISA)® qualification, which demonstrates proficiency in IT auditing.
IT auditors can be employed by public accounting firms, consulting firms, corporations, government bodies or not-for-profit organizations.
Education Needed: A forensic auditor must hold a bachelor’s degree in accounting or a related field.
Salary: A forensic auditor can expect to earn around $65,000 per year.
Job Description: A forensic auditor is a specialized auditor who focuses on fraud and financial crimes. Forensic auditors commonly work with courses such as financial statement fraud, embezzlement, bribery, money laundering, insider trading and other forms of fraud.
A forensic auditor may assist with investigations conducted in response to an allegation of fraud or red flags or concerns reported by employees in a company. Since the work of forensic auditors may be used in a trial, these professionals must have a strong knowledge of relevant laws, legal procedures and the rules of evidence.
Forensic auditors commonly testify in court and work alongside law enforcement. In addition to serving in an investigative capacity, forensic auditors may provide assurance and consultation regarding fraud risk management strategies, including assessments of the internal controls that prevent or detect fraud.
Individuals interested in careers in forensic auditing can pursue the Certified Fraud Examiner (CFE) qualification, which demonstrates proficiency in conducting fraud examinations. Forensic auditors can work for large organizations, government entities or insurance companies.
Environmental, Health and Safety (EHS) Auditor
Education Needed: An EHS auditor typically has a bachelor’s degree in health and safety or environmental sciences.
Salary: EHS auditors earn around $98,000 per year on average.
Job Description: EHS auditors review matters that are key to protecting, managing and enhancing the health and safety of people and the environment. Unlike other forms of auditing where most work is spent in an office environment, EHS auditing involves spending extensive time on-site at physical locations to conduct inspections of EHS-related matters.
Individuals interested in EHS auditing careers can consider pursuing a certification from the Board for Global EHS Credentialing.
Other Forms of Auditing
The careers listed above describe some of the most common types of auditors, but the auditing field is quite large. Wherever there is a need for assurance, there can be a need for auditing.
Tax examiners are employed by the IRS to validate the proper filing and payment of taxes by individuals and entities. Quality auditors may inspect processes, goods and services to confirm conformance to defined quality standards.
Compliance departments, which are responsible for regulatory compliance, may incorporate auditing procedures as part of their monitoring responsibilities. Many other professions also employ techniques that can be seen as forms of auditing.
Auditor Certifications and Licenses
An auditor certification is a great way to set yourself apart as an expert in the field. Earning certification or licensure can increase earning potential as well.
Check out a few common auditor certifications below.
If your goal is to become a Chief Audit Executive, consider adding a CIA certification to your repertoire. This certification is administered by the Institute of Internal Auditors to demonstrate that recipients are proficient in mandatory internal audit professional standards. CIAs have the technical competencies necessary to successfully conduct or lead internal audit engagements.
To earn the CIA credential, you must have a bachelor’s degree or higher, or five years of internal auditing experience. Each year your certification is active, you are responsible for accumulating 40 continuing education credits.
Before becoming a CISA, you need at least five years of experience working as an information technology auditor or in a related field. CISAs must have extensive knowledge in computer systems, security and, of course, auditing.
Individuals can become CISAs through the Information Systems Audit and Control Association (ISACA) To maintain certification, ISACA requires members to complete 120 continuing education credits every three years.
If you are interested in forensic auditing or would like to pursue a career in fraud examinations, then the CFE may be a good fit for you. To be eligible for the CFE certification, you must be a member of the Association of Certified Fraud Examiners, have two years of fraud-related work experience and meet other eligibility requirements based on a point system.
CPA licensure is the accounting profession’s highest standard of competence, denoting achievement and assurance of quality. Each state sets separate requirements for CPAs, including stipulations around residency, citizenship, education and work experience. After meeting the state eligibility requirements and passing the Uniform CPA Exam®, a candidate can apply to become a CPA.
For more information, check out our guide on how to become a CPA.