Skip to content
ESCO occupation

IT auditor

Back to ESCO occupations

IT auditors perform audits of information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security. They evaluate ICT infrastructure in terms of risk to the organisation and establish controls to mitigate loss. They determine and recommend improvements in the current risk management controls and in the implementation of system changes or upgrades.

2511.18 ISCO 2511 ESCO source
Competences
37
Groups
4
Essential
19
Optional
18

Competences and skills

37 ESCO relations
Essential knowledge 11 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

7 competences
engineering processes

The systematic approach to the development and maintenance of engineering systems.

ESCO source
ICT process quality models

The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

digital
ESCO source
ICT quality policy

The quality policy of the organisation and its objectives, the acceptable level of quality and the techniques to measure it, its legal aspects and the duties of specific departments to ensure quality.

digital
ESCO source
ICT security legislation

The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.

digital
ESCO source
ICT security standards

Best practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementing effective security controls, including access control, risk assessment and incident management, as well as to provide compliance of anorganisation.

digital
ESCO source
organisational resilience

The strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

ESCO source
product life-cycle

The management of the life-cycle of a product from the development stages to the market entry and market removal.

ESCO source

Cross-sector

4 competences
audit techniques

The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.

digital
ESCO source
legal requirements of ICT products

The international regulations related to the development and use of ICT products.

ESCO source
quality standards

The national and international requirements, specifications and guidelines to ensure that products, services and processes are of good quality and fit for purpose.

ESCO source
systems development life-cycle

The sequence of steps, such as planning, creating, testing and deploying and the models for the development and life-cycle management of a system.

digital
ESCO source
Essential skills and competences 8 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

4 competences
analyse ICT system

Analyse the functioning and performance of information systems in order to define their goals, architecture and services and set procedures and operations to meet end users requirements.

digital
ESCO source
ensure adherence to organisational ICT standards

Guarantee that the state of events is in accordance with the ICT rules and procedures described by an organisation for their products, services and solutions.

digital
ESCO source
execute ICT audits

Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

digital
ESCO source
perform ICT security testing

Execute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols to identify and analyse potential vulnerabilities.

digital
ESCO source

Cross-sector

4 competences
develop audit plan

Define all organisational tasks (time, place and order) and develop a checklist concerning the topics to be audited.

ESCO source
improve business processes

Optimise the series of operations of an organisation to achieve efficiency. Analyse and adapt existing business operations in order to set new objectives and meet new goals.

ESCO source
perform quality audits

Execute regular, systematic and documented examinations of a quality system for verifying conformity with a standard based on objective evidence such as the implementation of processes, effectiveness in achieving quality goals and reduction and elimination of quality problems.

ESCO source
prepare financial auditing reports

Compile information on audit findings of financial statements and financial management in order to prepare reports, point out improvement possibilities, and confirm governability.

ESCO source
Optional knowledge 7 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

6 competences
cloud technologies

The technologies which enable access to hardware, software, data and services through remote servers and software networks irrespective of their location and architecture.

digital
ESCO source
cyber security

The methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.

digital
ESCO source
ICT accessibility standards

The recommendations for making ICT content and applications more accessible to a wider range of people, mostly with disabilities, such as blindness and low vision, deafness and hearing loss and cognitive limitations. It includes standards such as Web Content Accessibility Guidelines (WCAG).

digital
ESCO source
ICT network security risks

The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.

digital
ESCO source
ICT project management

The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.

digital
ESCO source
information security strategy

The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

digital
ESCO source

Cross-sector

1 competence
World Wide Web Consortium standards

The standards, technical specifications and guidelines developed by the international organisation World Wide Web Consortium (W3C) which allow the design and development of web applications.

digital
ESCO source
Optional skills and competences 11 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

5 competences
apply information security policies

Implement policies, methods and regulations for data and information security in order to respect confidentiality, integrity and availability principles.

ESCO source
communicate analytical insights

Obtain analytical insights and share them with relevant teams, in order to enable them to optimise supply chain (SC) operations and planning.

ESCO source
develop ICT workflow

Create repeatable patterns of ICT activity within an organisation which enhances the systematic transformations of products, informational processes and services through their production.

digital
ESCO source
identify ICT security risks

Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

digital
ESCO source
manage IT security compliances

Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.

digital
ESCO source

Cross-sector

6 competences
define organisational standards

Write, implement and foster the internal standards of the company as part of the business plans for the operations and levels of performance that the company intends to achieve.

ESCO source
develop documentation in accordance with legal requirements

Create professionally written content describing products, applications, components, functions or services in compliance with legal requirements and internal or external standards.

ESCO source
identify legal requirements

Conduct research for applicable legal and normative procedures and standards, analyse and derive legal requirements that apply to the organisation, its policies and products.

ESCO source
inform on workplace safety standards

Inform managers and staff regarding workplace health and safety standards, especially in the case of dangerous environments, such as in the construction or mining industry.

ESCO source
monitor technology trends

Survey and investigate recent trends and developments in technology. Observe and anticipate their evolution, according to current or future market and business conditions.

ESCO source
protect personal data and privacy

Protect personal data and privacy in digital environments. Understand how to use and share personally identifiable information while being able to protect oneself and others from damages. Understand that digital services use a “Privacy policy” to inform how personal data is used.

digCompdigital
ESCO source