Certifications to take for a new IT auditor with no IT background

I'm blessed with this opportunity to join a firm as a junior IT audit & risk personnel soon.
I'm from an Accounting & Finance background and do not have any prior IT related education.
I understand that there tonnes of certifications which will be of great benefit for me, but I'd like to know which is the most relevant certification that I can prioritize to give me the relevant knowledge to kick start my career in this field.
My own research says CISA, but I'd like to know your opinions too.
What other practical knowledge or projects that a beginner like me can attempt?
Many thanks!
I'm from an Accounting & Finance background and do not have any prior IT related education.
I understand that there tonnes of certifications which will be of great benefit for me, but I'd like to know which is the most relevant certification that I can prioritize to give me the relevant knowledge to kick start my career in this field.
My own research says CISA, but I'd like to know your opinions too.
What other practical knowledge or projects that a beginner like me can attempt?
Many thanks!
Comments
Security+ would be a good technical starter imo. Then on to CISA.
Your research is correct, you can take the CISA but you will not be granted the certification. As per the the ISACA website, you need a minium of 5 years experience on the job on the below areas. With that said, you can go for the Security+, it will help you more because it is a bit more technical and will be a good foundation for the CISA.
How to Become CISA Certified
Job Practice Areas 2016
Applying that to my current situation, should I focus more on theoretical concepts first or technical knowledge to make myself useful as early as possible?
I would definitely focus your efforts on the "IT" part as the "auditor" part you'll get pretty quickly on the job. I've been an IT Auditor for four years, and my certification path has been Security+ > CIA > CISA > CISSP. I would definitely recommend this path with the possible exception of the CIA as there will be some overlap with your accounting background, and probably unnecessary if you have a CPA.
You probably don't have to dive in so deep that you get Network+ certified, but the knowledge will help you with Security+ because it will test your understanding of how computers communicate (such as routing through a network to a firewall and out to the Internet). I would look at getting Security+ certified, especially since you don't have the CISA prerequisites yet. Security+ is actually pretty good stuff; I think it should be mandatory for IT staff but that's just me.
CISA can be done a little later; I found that having IT auditing experience definitely helps prepare you for the CISA and by the time you get 1+ years of experience in IT audit your firm will likely start angling your progression goals towards CISA but is not something you need to have with 0 years of experience--I think the sec+ will help connect a lot of the terminology and general practices together that you can use right away.
Coursera may have some other smaller courses and certifications related to your audit career that also may be of interest if it relates to whom your auditing. Later on these two companies make submitting CPEs and CEUs a breeze - particularly for non direct requirements like the CISSP. Argumentation alone satisfies three years of requirements in one course.
Check out Cybrary and YouTube for more courseware that may or may not be related to audit.
Look beyond just certs there is a ton of free courseware out there for you to improve your career.
Audit is by far the best place to start an InfoSec career, by the way.
- b/eads
Feydrax is indicating that he's a fresher and about to start his audit career so shockingly he's trying to do things right. He has not IT audit background but a CPA. Good news is InfoSec and audit in particular is largely based on IACPA financial controls back in the mid 1960s.
Yes, back before 2000 IT security, if it existed, worked for a CPA and likely the CFO - not IT, MIS or DP.
- b/eads
@beads
Interestingly I find your answer to be the most relevant to me!
TBH I'm not in a particular rush to acquire any certification, as the firm will be funding me on the relevant certifications.
The recommendations in favor of Security+ have been helpful, and I've just read through the index of the syllabus, it certainly looks like a good introductory material for someone like me.
I'm looking for avenues to gain the relevant knowledge make myself relevant to the job scope, and I find your answer to be very practical and suitable for me!
If financial controls are still relevant, I guess that gives me some level of comfort. At least I have something to offer.
P/S : the word "shockingly" gave me a chuckle, I've been trying to make this jump to IT audit for a while, from Financial Audit > Finance Analyst > Finance Application Support > IT audit. I was actually expecting to spend some time in the support role and do some self study, but this firm is actually willing to invest in me for the IT audit role. That's why I'm totally caught by surprise.
I actually went ahead and took CISA, and I passed!!! However, passing CISA doesn't really give me that much of a confidence
Once you get started, you'll figure out what you want to learn next.