Primary Purpose of the Position:
Responsible for managing and completing all phases of information technology audits, including Sarbanes Oxley Section 404 (SOX 404), in accordance with department, regulatory, and professional standards. Collaborate with IT Audit team members in other geographical locations.
Essential Responsible Areas:
- Assists Director, IT Audit in:
- identifying and evaluating the company’s audit risk areas and providing significant input into the development and execution of a risk-based audit plan
- reviewing policies and procedures and systems controls to assure compliance with management’s stated objectives
- reviewing financial and information systems controls to assure that corporate assets are properly protected
- assessing the adequacy of risk management systems and policies associated with information technology
- assisting in the design and assessing the effectiveness of management information reporting systems
- conducting special projects assigned by management and the Audit Committee of the Board of Directors
- coordinating the audit plan with the external auditors to promote efficient use of resources and personnel by maximizing audit coverage
- developing and adhering to the internal audit department methodology to ensure internal audits are conducted in a consistent and quality manner
- Manages and supports company efforts for testing SOX 404 compliance in information technology.
- Leads and conducts all phases of information technology audits in accordance with department and professional standards. Specifically, the Manager, IT Audit will:
- determine audit scope through discussion with the director, information technology audit and management; prepare detailed audit programs to cover the audit objectives included in the scope of the audits
- schedule internal audit staff and/or co-sourcing partners (when applicable) to ensure timely completion of audits
- perform and document, in conjunction with other audit staff, all procedures necessary to satisfy the identified audit objectives
- supervise the performance and documentation by the internal audit staff of all procedures necessary to satisfy the identified audit objectives
- clearly communicate audit findings to management in a timely manner; prepare formal audit reports, including findings, impact and management’s action plans, for distribution to management and the Audit Committee of the Board of Directors
- ensure that audit findings receive appropriate management attention and that needed corrective action is implemented in a timely manner
- Works with the Data Analytics team to implement new computer assisted audit tools and techniques to aid in the productivity of the department that is consistent with the rapidly changing computer technology being used by the organization for information processing.
- Executes integrated audit planning, testing and reporting in concert with core audit team’s project objectives.
- Develops internal training plans and trains internal audit staff on relevant topics.
- Hires, motivates and timely evaluates internal audit staff as applicable.
Position Requirement & Competencies:
- Broad training in a related field usually acquired through college level education or work-related experience
- Job related experience for 8 year(s) minimum
- Certifications/Licenses/Other: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA), or equivalent.
- Experience with computer-assisted audit tools and techniques (ACL)
- Experience in auditing midrange, local area networks and client server environments and their associated applications
- Well-developed interpersonal skills and confidence dealing with all levels of personnel.
- Good planning, project-management, and organizational skills with an ability to balance multiple accountabilities.
- Advanced knowledge and experience in performing audits on ERP applications like SAP, JDE or Oracle including SOX IT testing, security related reviews and implementation reviews.
- Familiarity with common indicators of fraud.