Related Posts
More Posts
Looking for risk and compliance analyst job
Additional Posts in Accounting
If you are starting as an Audit Associate some time from now with Deloitte or any of the big 4, do they expect you to have passed/completed all 4 parts by the time you start? Received the Becker Reimbursement email from the recruiter not too long ago but have yet to start. I’ve seen plenty of people get to Senior at a big 4 firm without the CPA so I am a bit confused in that aspect. Any helpful feedback will be very much appreciated.
How y’all spending your bonus this year?
New to Fishbowl?
unlock all discussions on Fishbowl.
You take a lot of screenshots of client configurations, ask a lot of questions about client passwords, and take a lot of crap from the core team.
Lots of emails. Lots of controls testing. Lots of coordination between 173926920 clients
I've been doing it for 3 years, I absolutely hate IA. Coming in each day to test controls makes me want to put my head through a wall. All we do is test controls that nobody at the client wants to test, nag people for support they don’t have time to pull, and argue with auditors. It’s awful
At EY if you’re in Risk Assurance you’ll probably do both IA and external audit (IT). External audit is way better. Working as IA you’re basically the external auditors outsource person for shit they don’t wanna do.
It makes more sense to have Risk be part of advisory because most of the large IA accounts are the largest (everything else advisory) accounts. IA is what gets the firm into these companies to sell other work.
Though sometimes you get to look at code and that's pretty neat
I’m at Deloitte. My plan is as follows: to get out, capitalize on Advisory being broad and not mention anything about IA in my resume or job search, and get overpaid. It’s working thus far
1 more year til manager, collect my 20% bonus from PwC and start looking for exit ops - transfer to either to an Advisory vertical that does system implementations or leave the firm altogether for cyber or compliance role.
Having worked with external IT auditors from each of the Big 4 I can confirm pwc is the only one that looks at code.
The firms really all need to stop calling risk / controls work “advisory” and put it under an assurance BU where it belongs. Personally, it’s not for me. I find anything 404 mind numbing.
It’s not just 404 work. That is only 1 type of risk engagement. Not sure why other b4 consider it advisory either. Internal audit and readiness assessments can be similar to advisory, but yes controls testing is not really advisory
I’ve been on both core and RA. The work is a lot easier in RA, but the teams are way smaller and audit teams are notoriously bad at identifying key reports and (especially) relaying that info to the RA team (shout out to PwC1; those dudes get a lot of emails).
It's so boring
Like others have said - ITGCs, key reports and controls testing non-stop. Overall, SOX readiness and SOC1 reports are quick and easy, some of my favorite engagements. 404 stuff is awful and core audit is always pissed about how risk assurance blew the budget. Actually had an opportunity to travel internationally for an Advisory project May – Aug this year, so I’ve been 100% utilized since May. Partner told me last week that our “busy season” (in air quotes) is year round, although 50-55 hour weeks are only mandatory beg of Sept – mid Feb. Unlike core audit, you’re staffed on multiple clients at a time and it’s honestly overwhelming. So.many.emails.
There’s also opportunities to lateral into other Advisory/Consulting practices but it’s like pulling teeth. The firm will do it if you give them an ultimatum though
SOX testing is boring, yes, but easy. You’re basically a punching bag though; client IA will take easy controls and leave you with ones that have known issues or deal with difficult control owners, control owners don’t seem to be able to grasp the concept that attaching a file in an e-mail takes literally 12 seconds, and auditors will constantly tell the client your testing is shitty and they can’t rely on it.
But SOX readiness/implementation is a lot more interesting and consultative. Here at the K we just combined with ERM so I’ve worked on an enterprise risk assessment before, which was also interesting work.
Best part: the highest our expected busy season hours go is 50, and that’s only for the months of September and October. November-January is 45s and I wanna say August was like 48. Then February-July if you work a 50 (and I do because I have a client with a 3/31 FYE) you just get a nice little utilization boost.
Bottom line, IA is great if you get put on good engagements, and exit opportunities could be anything from internal audit to compliance to regular accounting depending on your experience.
IA is a good life man. we have a shit ton of clients so it's exciting and SOX work isn't that hard. Most I have ever done is 55 hours. Couldn't pay me to leave SOX testing
PwC1 do you like your job?
I do. I get to travel here and there and don’t work as many hours as financial audit. I feel like it can be more laid back. You can also have multiple clients throughout the year in different industries which can keep things interesting.
IA > external. You guys are slaves