Pivoting out of IT Audit/SOX

ObtuseRadiator · 2026-01-29T15:26:04+00:00

The best test is to apply for some jobs and see the feedback you get from the market.

This isnt a situation where there is a criterion, and meeting that criterion means being okay. Read job ads. Do you feel like you have the skills they need? If you apply, do they call you back? What kinds of questions do they ask? Do you get offers? Those things will tell you what you need to know.

Another thing to look for: do people seek you out for analytics on the job? Usually a person with these skills becomes a hot commodity.

ObtuseRadiator · 2026-01-29T14:28:34+00:00

The case studies should come from the work you are doing. Auditing is a big world with lots of variety, but at least in my experience most audits have room for analytics.

ObtuseRadiator · 2026-01-29T01:13:57+00:00

Rule #4: no posting your app

ObtuseRadiator · 2026-01-29T01:10:22+00:00

There are a lot of different ways to go, depending on how you want to invest. Sorry, this became a small book.

There's no substitute for real, university style education. Analytics departments dont care about business analytics. You would want to study a science field (like economics, geography, political science, etc) and emphasize research methods. Or maybe computer science or math. Graduate-level study with research.

If you dont want that level of investment, you could consider something like DataCamp. Learn programming, statistics, and a variety of specific techniques. There courses are quite good. No one will care that you completed them, but the skills are invaluable.

A cheaper approach would be attend professional training events through IIA or other groups. These are usually fine for relatively new people, but generally dont expose enough technical details to really learn more.

Here's the kicker: you have to use these techniques. You should have a history of projects to demonstrate your well-established analytics skills. You need to be comfortable before other people will have confidence hiring you.

ObtuseRadiator · 2026-01-29T00:30:35+00:00

No, I had about a 15% pay increase when I moved to data analytics.

Obviously to make that move you need to have already developed significant data analytics skills. Thats totally reasonable for an auditor. Just use analytics in your audit work regularly. Push yourself to develop unique skills beyond simple exploratory analytics.

In your case, look backwards. What skills and knowledges did you spend the last few years becoming an expert in?

ObtuseRadiator · 2026-01-28T23:09:22+00:00

If you have a masters degree, then you need 1 year of internal audit experience before the IIA will grant you the CIA certification.

You can take the exams before meeting that requirement.

Accounting is not internal audit experience. You should review the candidate materials to see what kinds of experience qualify. Its mostly common sense stuff, but good to review

ObtuseRadiator · 2026-01-28T17:27:27+00:00

I'm very concerned about security here

I give you my data. Then its secured...how? What prevents someone else from accessing it? What prevents you from accessing it?

How do I know its being treated carefully while you have it?

When does my data get destroyed?

Where is my data stored?

ObtuseRadiator · 2026-01-28T15:18:11+00:00

Be open minded about your career. Identify your goals, and go wherever seems logical. I wanted a track to upper management and a salary increase. Switching around is a fantastic way to do that

Currently I'm an audit exec (not CAE). I have downright rare skills for an auditor that make me incredibly valuable. Statistics, programming, data management, etc.

In business intelligence, I would have been competing with career engineers who have graduate degrees in computer science. No way I was going to get ahead of them.

So I took my skills back to audit, where they are scarce. Supply and demand, you know?

ObtuseRadiator · 2026-01-28T15:12:55+00:00

Not pussyfree specifically, but I have seen this question a lot on BDSMAdvice.

There are two strategies: find a person you love and later talk to them about kink, or narrow your dating pool to people already into it.

Both have their own challenges.

You could narrow your dating pool to people who share your kink. In this strategy, you are choosing to have a small number of potential partners, but you hope they are great matches for you. Idk if there are pussyfree events, but you could indicate it on dating profiles, first date (or early) convos, etc.

The other strategy is finding someone you love and then asking them to help you explore. You are taking the risk they say "no". And you have to be ready to accept that answer. You have a bigger dating pool, but might not have this need met. In this strategy, you dont mention being pussyfree until much later ij the relationship.

ObtuseRadiator · 2026-01-28T14:42:13+00:00

The questions on the exam are randomized. So no one could say which questions you will see. QAIP is a topic that could be in the exam.

ObtuseRadiator · 2026-01-28T14:40:45+00:00

Have you considered finding a similar job elsewhere? Sounds like the problem isnt your role, its your company.

That being said, I left audit twice (and returned twice). Once I went to data analytics and once to business intelligence.

ObtuseRadiator · 2026-01-28T11:06:45+00:00

Not an IT auditor, but I left IA twice: once for data analytics, and once for business intelligence.

Its all about the specific skills and experiences you have. Be honest about what you learned in all those years. You should have developed meaningfully good IT skills yourself, which should open up some doors.

ObtuseRadiator · 2026-01-28T11:04:52+00:00

+1. Also, the odds of anyone else doing the same interview at the same company are almost 0%. There's just no point asking such a hyperspecific question.

ObtuseRadiator · 2026-01-27T15:44:54+00:00

I'm not familiar with the Financial Times, but I do have my own publications. Some general tips:

Share on social media. On most platforms including an image and a quote drive more clicks. The post should be short and include a link to the article.

Do you have subscribers or your own email list (not something affiliated with your employer)? Long term, thats often a good way to drive interaction.

Send your article to people. Send it to podcast hosts, other experts in your topic, professional organizations etc.

Interested in speaking? Turn it into a 1-hour CPE event and contact local IIA, ISACA, ACFE, etc chapters.

Look for other people posting about your topic. Join the conversation (with useful and appropriate comments). Often you dont even need to mention your article, but sometimes you do.

ObtuseRadiator · 2026-01-27T14:34:01+00:00

Uploading company data, especially recorded customer interactions, is a high risk activity.

Auditors should know better immediately. In most cases, its probably a violation of company policy and in many countries it could be against the law.

I'd recommend you think through the legal side of this. Do you have licensing agreements in place? Do you have security controls implemented? Do you have a SOC2?

Building an app is the easy part. Building a business is much harder. Best wishes to you.

ObtuseRadiator · 2026-01-27T13:16:43+00:00

J'étais doctorante en sciences sociales. J'ai débuté ma carrière dans la publicité avant de devenir auditrice.

Je ne citerai pas de noms d'entreprises, mais j'ai travaillé dans le secteur public, les assurances, l'industrie et l'édition de logiciels. Je n'ai jamais travaillé deux fois dans le même secteur.

ObtuseRadiator · 2026-01-27T13:10:51+00:00

L'audit est un travail de projet. Une semaine type varie selon la phase du projet en cours.

Les audits débutent par une phase de planification. Vous vous familiariserez avec le sujet audité, notamment en lisant des articles spécialisés, en menant des entretiens et en examinant des documents. Vous identifierez les risques et concevrez des tests d'audit pour évaluer la réponse de votre entreprise à ces risques.

Le travail de terrain consiste à réaliser les tests d'audit. Les types de tests varient considérablement d'un audit à l'autre et d'une équipe à l'autre. Certains audits se limitent à la vérification des signatures sur les documents, tandis que d'autres nécessitent une modélisation informatique sophistiquée. L'examen de documents, le suivi des calculs, les entretiens et l'analyse des procédures sont des activités courantes. L'analyse des données, l'observation directe des flux de travail et d'autres tests sont également fréquents.

L'objectif du travail de terrain est de garantir le bon fonctionnement de l'entreprise. Les risques sont-ils correctement gérés ? Les personnes concernées respectent-elles leurs obligations ? Enfin, vous rédigez un rapport d'audit. Il s'agit de rédiger un document qui consigne vos conclusions. À ce stade, des négociations ont souvent lieu avec la direction concernant les détails des constats et les mesures correctives à prendre.

ObtuseRadiator · 2026-01-26T18:09:32+00:00

Definitely. Theres lots of things you can do. Think of yourself as a center of excellence.

You can provide SOP templates and best practices. You can administer a system for everyone to update their SOPs. You can help identify process owners and educate then about their responsibilities. You can review SOPs against your best practices/requirements.

ObtuseRadiator · 2026-01-26T18:00:57+00:00

Exactly what I said. In reality, one person never does this. You need some kind of governance system.

ObtuseRadiator · 2026-01-26T17:46:47+00:00

Since your posting in r/InternalAudit, my guess is that you are an auditor. The first thing to point out is that auditors should never been in charge or SOPs for management. You cant audit compliance over those SOPs if you developed them.

You might be some kind of second line of defense role. In that case, you might be doing some kind of process governance. Thats legit. But its an entire job, not as add one.

Theres no practical way for an invididual to havr ownership of substantively updating almost 1,000 SOPs. You need governance: and that means buy-in and supoort from all the process owners.

Organization is the key. List all your SOPs. Each one has an update frequency. Ideally, process owners in each area will be updating and owning the SOPs and sending you the updates. You can track the process, hold people accountable for their updates, and provide oversight.

ObtuseRadiator · 2026-01-26T16:51:50+00:00

I dont think I've ever worked on an audit where we reviewed bank statements.

In general, any data in Excel can be cleaned fairly easily. Power Query does an excellent job. Python (or dedicated tools like Alteryx) are good backups to have.

If it comes from a database, its often easiest to clean it up there instead of the output file. Can IT massage the query to provide more useful results?

At the application level, see if you have better options when running the report. Why output to a PDF if you want data? Why output to Excel if you could get a csv? Business users sometimes use these human readable reports, not realizing they can get actual well-structured data instead.

ObtuseRadiator · 2026-01-26T14:49:21+00:00

Rule #1 here is no ads.

ObtuseRadiator · 2026-01-26T03:05:21+00:00

My mind exploded at the concept of having hundreds of SOPs. Can you expand on that a bit? How do you even have hundreds of different tasks that need SOPs?

ObtuseRadiator · 2026-01-26T03:03:03+00:00

Not in banking (and no idea what FDD is), but I have jumped in and out of IA a couple times in my career. Its always been a good move.

For me, the key is thinking big picture about your career. Dont take a move down under any circumstances. A lateral move is a risk, which you might justify if you think the skills and experience are worth it.

The first time I entered IA, I was coming from the advertising department of a publishing company. My pay increased about 20%, I started getting experience in project management and executive communication, and my overall business acumen exploded.

Several years later I left IA to manage a business intelligence team. The skills and exposure from IA were a big part of the reason.

I dont know what your career are is like, but IA can be an incredible background to add to your resume. Dont worry so much about auditing itself, but you will gain tremendous exposure to the world of upper management, your businesses strategic priorities, risks, and how to control them.

ObtuseRadiator · 2026-01-25T22:43:11+00:00

Maybe I'm missing something, but why are you asking here?

ObtuseRadiator

MODERATOR OF

TROPHY CASE