IT Security Auditing helps students understand security from management and policy perspective rather than from technological perspectives. In this paper, we brainstorm the common body of knowledge on IT Security Auditing after elaborating its importance in IA. We also share our course design and implementation from our teaching this course for the last five years to our undergraduate and graduate students in the Cybersecurity degree programs. We want to emphasize that IT Security Auditing course should be different from computer forensic courses. Lastly, we will discuss our continuing project on self-learning and self-auditing tool that is being used by our students.