[kettlecorn]

What is the difference between SOC assurance vs IT audit when it comes to hours, work life balance, travel and other things? I know the nature of the work is different. SOC is for 3rd party service organizations and you write and read those reports. I imagine there’s more reading and writing. Controls testing probably is different. But I’m not so much interested in the actual work I think I know enough. More about the difference/similarities working on a SOC assurance team vs an IT audit team. IT audit is known to have the least hours out of financial audit and tax but more narrow focus on what you exit to. How does SOC fit into all this?

Is SOC really that boring? I either read SOC or SOX was boring. I dont remember which.

[TNCPA16]

Let me preface by saying I’ve never worked on a SOC engagement, but I am pretty familiar with them. I’ve also never known anyone who has worked exclusively on SOC engagements – it’s always been a combo of SOC/IT audit. That said, here are my $0.02…

If you work in public accounting, it doesn’t matter what group you are in – you will work a lot. The IT auditors I know work just as much as the financial auditors I know, albeit in different settings. The financial auditors tend to work from their one or two clients, sometimes late into the night (which is why they probably have the reputation of working more hours than anyone else!) The IT auditors might spend half a day at one client, half a day at another client (while taking calls on the drive between the two), and then go home and work some more. How much you travel depends on your clients. For example, my company’s office is within a 30 minute drive for all of the external IT auditors, however, due to some recent acquisitions, that team will have to make several trips this year to different countries. Up until this year, that team has never had to travel anywhere other than our corporate office.

IT auditors do have less exit opportunities, but there are still opportunities – mainly in internal audit or security/IT (and there is a high demand for internal IT auditors). Although SOC work is similar to ITGCs testing, there is (obviously) not a demand for SOC work in industry – but that doesn’t mean that some of those skills would not translate into industry. If I had to rank them, I would put financial audit as having the most opportunities, followed by IT audit, followed by SOC.

If you are looking for an exciting career, then you probably wouldn’t want to do either SOC or SOX testing 🙂 Auditing isn’t exactly the most glamourous job! Personally, SOX testing is the least favorite part of my job. I get much more satisfaction out of the other projects I work on – like helping the IT department improve their processes or helping the accounting department with some data analysis, since these things add value to the company.

[MaLoTu]

I was interviewing for an SOC audit position and it seems like they work more hours than normal auditors. This position was for a mid-size national firm, so a relatively big firm. They said that busy season is the last quarter of the year because SOC audits have to be done before financial audits. They were already busy traveling in May, so it looked like, to me, that they are busy with travel almost all year. I do not know if all companies are the same, I am sure there are differences though. I think it will also make a difference if you are doing SOC assurance for an integrated audit or just pure attestation engagements of SOC. This particular group I interviewed with was not part of the integrated audit.

Don't know if that helped! Oh and BTW, I didn't get the impression it was boring at all … they said that every audit they do is different and that made it a little more interesting than financial audit.

[Author]

Replies