Exporting the Dutch IT auditing profession

IT auditing has been part of the audit profession in the Netherlands since the early days of introducing information technology. Where in the sixties and seventies of last century the first IT audits were performed in the large mainframe environments of (international) companies and the larger audit firms recognizing that this required specific skills as an add-on to the financial audit skills it triggered in the eighties the more specialized IT audit profession. 

Development of IT Audit education and the role of NOREA

In the mid-eighties dedicated IT audit curricula were developed at several Dutch universities and around 1988 these programs started jointly with the introduction of the professional body NOREA. NOREA being the body at which IT auditors could register themselves and a body for developing IT audit standards and methodologies. The (post) master programs of IT auditing are the prerequisite for entering this professional register in combination with practical experience. 

Over the years the educational programs became more mature and covered the full life cycle of information technology of which different components can be audited. NOREA became member of IFAC and as such a fully recognized professional body. In parallel stakeholders were asking for more comfort about controlling the risks in and around information technology and IT assurance becoming a recognized instrument to inform Board members, society, and other stakeholders. 

Comparing Dutch IT Audit education to international standards

Internationally, IT auditors are organized in ISACA and the professional education focuses on becoming a Certified Information System Auditor (CISA). Looking at the details of this international program and what is established in the Netherlands there is a difference. The Dutch educational programs, often being a Master of Science program requiring 60 ECTS of study load (an equivalent of in total 1680 study hours) are far more intense than the international CISA one.  
Of course, the achievements in the Netherlands are something to be proud of, but it does not automatically mean that the Dutch IT auditors deliver a better quality in performing IT audits. However, it is at least interesting to explore what we could learn from this. 

The Dutch always have been a trading country and we like to bring our products, knowledge, and services across the globe. Given the ongoing demand for IT audit services, the increasing impact of law and regulations in the field of security, privacy, artificial intelligence and the like asking for more IT assurance and the ask for global consistency in the way IT audits are performed we seem to be at a crossroad. Joining forces with the ambition to profile a high-quality IT audit profession or working in ‘silos’ on country level.

IT Auditing: the common body of knowledge approach

A common body of knowledge for IT auditors could be beneficial and could help in developing and finetuning educational programs. The ambition is to increase the amount of professionally skilled and trained IT auditors who can provide assurance to society and other stakeholders. Ideally, we do not do this on a country-by-country basis or per university in isolation but together on a global scale.

Recent discussions between Universities in the Netherlands and the professional body NOREA are exploring this and the dialogue is promising. Hope we can bring this message to the next level.

Executive Master of IT Auditing

Are you interested in joining a profession that plays a critical role in today’s tech-driven world? The Executive Master of IT Auditing at TIAS School for Business and Society offers a comprehensive and internationally recognized program to help you become a leader in IT auditing.

Learn more about the Executive Master of IT Auditing and how it can prepare you for a successful career in IT auditing.