RA has many business lines, and the business of each group is different. Unlike auditing, different audit teams do similar things, all of which are financial audits, but the industries are different. But RA is different. Colleagues in two different groups may be doing exactly the same thing, just like two departments.
What is the main job of RA?
As far as I know, RA's work consists of three parts, namely EA(ITGC+ITAC+ interface testing, etc. ), internal control and other projects (OAS).
First of all, please make it clear that both RA and traditional auditing belong to the category of authentication in the internal classification of firms. From the positioning, we can know that RA's work and audit are always inseparable. So, if you want to bid farewell to the review (farewell to the manuscript) completely, go out and turn right for consultation.
However, RA's audit business is actually a supplement and assistance to financial audit, and it is the most basic ITGC (IT General Control). The general explanation should be: test the information system and related systems of the audited customers to ensure that the output data, especially the financial data, are accurate, complete and reliable.
Therefore, it will be found that the final delivery object of ITGC work is neither the customer nor the audience of financial reports, but the financial audit, that is, the test results of core assurance. ITGC determines the risk measurement of financial auditors, which in turn affects their testing workload.
It sounds much more interesting than the traditional financial audit. In contrast, the actual workload is also easier than the financial audit (less overtime). However, the most criticized point of ITGC is that most of the people who do it are not "experts" who really understand the operation of information systems, so they are doing this job with a relatively guilty attitude.
However, whether you can learn something depends on your attitude: I have met people who just want to complete the manuscript according to the established process, and I have also met friends who will catch the customer teacher and ask them what concepts they don't understand, or must explore for themselves. Therefore, the value and growth that a job can bring to people may ultimately depend on their own behavior.
As for the internal control project, I can't write it because I haven't touched it yet. However, from the information learned by some friends, the work intensity of internal control projects will be slightly greater than that of ITGC.
However, compared with ITGC focusing on assisting financial audit, the construction of internal control is more complete and can cover more contents. At the same time, we can have a deeper understanding of the institutionalized operation of a company or even an industry, which should be more challenging and growing.
Other projects of the Organization of American States will be more extensive and complex. For example, there will be a network security team within RA, focusing on projects in the field of network security, most of which should be compliance consulting or SOC audit of some cloud service providers.
Or having a data team will involve some data analysis work. In addition, there are some sustainable development research, food safety and other projects, which will be classified as OAS.
Therefore, in RA, the contents of the projects involved are extremely diverse, but as other interviewees said, if you can't find your own track and dig deep into a field, it is actually not good for personal development.