Case study

IT internal auditor — Emilie-Marie

Emilie-Marie didn't plan to go into internal auditing but is pleased she did and now feels it has set her up to work in many different areas of a business...

I did a degree in information management and computing but never really knew what I wanted to do as a career. I was puzzled by which area of IT I should go into or what really motivated me. Even after a fantastic industrial placement year where I enjoyed working on projects for manufacturing floor systems, I didn't get any closer to knowing where I should go other than the fact I knew I didn't want to code all day long.

This is what led to me joining a three-year graduate scheme that gave me the opportunity to experience three different areas of the pharmaceutical business in completely different IT roles and not have to make my real decision yet.

Each year on the graduate scheme we were able to give preferences to the roles and opportunities we wanted the following year, this is when I came across the role of IT internal auditor during my second-year rotation decision. One of the big incentives for me to give it a go was the opportunity to get a view across the organisation of what was going on in IT and learn risk management skills that I knew would be beneficial no matter what role I ended up in.

The placement was challenging having to manage expectation of key stakeholders and having difficult discussions when issues were found. However, I enjoyed the work so much that when I'd finished my three years on the graduate scheme I returned into a full-time auditor role.

Since joining the internal audit and assurance group I have been given the opportunity to look at IT in many different parts of the organisation. This ranges from systems that support our R&D business to get our drugs out for production, to third parties that look after our firewalls.

It also gives me the opportunity to look at a variety of IT-related risks such as information protection, continuity planning and looking at the oversight of IT third parties. Doing a degree that spanned computing and management has helped me with a base of knowledge that I'm able to build on in each audit where I gain new experiences and I'm always learning new things.

To develop my specific audit skills further I've recently completed by Certified Information System Auditor (CISA) exam offered by the ISACA group and am working towards gaining my experience to apply to become accredited.

My advice for anyone looking to become an internal auditor is to give it a go. Not everyone is looking for a long-term career in audit but no matter what, internal audit will give you the opportunity to get a broad oversight and experience of what is happening throughout an organisation. You also gain key stakeholder and risk management skills that are transferable to whatever other career paths you may follow in the future.