For most accountant and auditor positions, a bachelor's degree in accounting or a related field is a must. Some advanced positions, or positions in highly competitive, top-level companies, may require a master's degree in accounting, though a master's in business administration with a concentration in accounting will usually suffice as well. As the field continues to grow, more schools are now offering specialized programs to prepare students for professions such as internal auditing. Auditors will need a minimum of two years of work experience in the field before applying for certification. For information and systems auditors, you must possess one of the following: a minimum of one year of information systems experience, the equivalent of a two- or four-year degree, a bachelor's or master's degree that adheres to the Information Systems Audit and Control Association's curricula, or a master's degree in information security or information technology from an accredited university.
What we are finding is that we must require internal auditors to stay up on what is going on in their field and in the business environment. If someone just gains a certification, but does not do anything to maintain it, what does it say about that certification?
Scott McCallumCorporate Communications Manager for the Institute of Internal Auditors
Getting Auditor Licensure and Certification
Internal auditing was created as a way for companies and organizations to gain an independent and objective way to improve operations. Auditors bring systematic and disciplined methods to improve an organization's risk management processes, financial control, and management processes. While it is important for many companies to have a strong system of auditors to keep their organizations running at maximum efficiency, it is equally important for auditors to gain certification. Internal auditors should obtain Certified Internal Auditor (CIA) designation, the only globally accepted designation in the field. Administered by the Institute of Internal Auditors (IIA), this certification requires auditors to graduate from an accredited college and gain two years of work experience as internal auditors before passing a four-part examination. The IIA also offers three other certifications to provide for more specialized departments of internal auditing — the Certified in Control Self-Assessment, Certified Government Auditing Professional, and Certified Financial Services Auditor.
For IT systems auditors, the ISACA provides the Certified Information Systems Auditor (CISA) designation for those who pass an examination and have five years of experience working with information systems. The CISA was created to provide a globally respected designation for experienced IT systems audit, and control and security professionals.
Maintaining Auditor Licensure and Certification
For those who already possess a IIA certification, you must maintain your knowledge and stay current with changes in the industry in older to keep your certification. To do so, IIA certification holders must participate in Continuing Personal Education (CPE), and then report their CPE to the IIA every two years. Before the end of May each year, 80 hours of CPE must be completed and reported through the IIA's Certified Candidate Management System.
"What we are finding is that we must require internal auditors to stay up on what is going on in their field and in the business environment," said Scott McCallum, the corporate communications manager for the IIA. "By completing constant continuing education, they are better able to serve the institution they work for, and also protect the value of their designation. If someone just gains a certification, but does not do anything to maintain it, what does it say about that certification?"
CPE can include seminars and conferences and technical sessions provided by national, state, and local auditing and accounting organizations and chapters, formal in-house training programs, programs of other sponsors, and college or university courses (except for courses already taken to gain a certification through the IIA). For college or university courses, the IIA awards 15 hours of CPE credit to each completed semester hour and 10 CPE credit hours for each quarter hour of college or university credit earned.
In addition, information and security audit professionals who hold an ISACA certification must also adhere to a program in continuing education in order to maintain their certification. Similar to the IIA, students must participate in CPE and meet a specified number of hours both annually and over every three-year time frame. To maintain any of the ISACA’s four certifications, certificate holders must complete and submit 20 CPE hours per year, 120 CPE hours per three-year reporting period, and pay a certification fee of $40 for ISACA members (or $80 for non-members) annually.