Performs and leads assigned IT audits including reviews of general controls, application controls, technical controls, and systems implementations. Maintain IT related SOX cycles including participation in risk assessment, control updates, and control testing. May lead process walkthroughs and review the work of peers. Position may require approximately 10% travel, both domestic and international.
Tasks and Responsibilities
- Plans and executes assigned tasks and activities in support of information systems audits to determine the adequacy and effectiveness of internal controls.
- Plans and maintains IT SOX cycles including participation in risk assessment, control testing, updating narratives, and control matrices; reviewing work of peers; evaluation of identified deficiencies.
- Develops relationships with management personnel to build rapport and to better understand company operations.
- Lead audit kick-offs, closing, and other client meetings, presenting observations and conclusions relevant to the overall scope of the review.
- Participates in integrated financial and operational audits to review automated application controls, critical system functionality, and other IT related areas of risk.
- Prepares automated workpapers in accordance with the Department’s standards and reviews work of peers.
- Leads the gathering and organization of background and other information to properly plan the audit and any special reviews.
- Leads walkthrough meetings with business unit contacts and assesses the design of internal controls for IT audits and SOX cycles.
- Prepares Internal Auditreports summarizing the scope of reviews conducted and noted observations. Works with business unit management to obtain action plans to address reported issues.
- Develops, presents, and works with business units to design effective controls and/or implement value-added recommendations to strengthen internal controls, prevent fraud, and improve operating processes.
- Consults on changes to policies and procedures, identifies exceptions to policies and procedures, and recommends solutions and reports issues to supervisors and management. Conducts control reviews on new processes and procedures.
- Participates as a team member on projects related to the improvement of the control environment.
- Prepares or contributes to weekly status reports for internal and external audiences on Internal Audit progress.
- Collaborates with internal and external consultants and auditors on control-related matters.
- Prepares Control Impact Evaluation Memos for SOX deficiencies, as needed. This involves a discovery and interview process with executive and senior management to codify the background; an internal controls appraisal; an assessment of the quantitative and qualitative considerations for the deficiency evaluation; and a conclusion or judgment as to the significance of the deficiency.
- Provide coaching to audit staff regarding work paper standards as needed.
Qualifications, Skills and Abilities
- Bachelor’s degree in an IT related field, accounting, finance, business, or a related discipline.
- 5+ years of experience in public accounting, internal audit, information technology-related fields, or a combination thereof, including a minimum of 3 years of auditing experiencerequired. Master’s degree in related discipline or CISA may be substituted for 1 year of requiredexperience.
- CISA or CIA strongly preferred.
- A minimum of 2 years of experience directly related to IT Audit, IT Security, or related field.
- Master’s degree, MBA, ‘Big 4’ financialauditing experience, and/or continuous monitoring/data analytics experience including experience using Computer Assisted Audit Techniques (CAAT) preferred.
- Energy or utility experiencepreferred.
- Proven technical understanding and demonstrated command of accounting principles, audit techniques, risk management processes and procedures, information technology and automated system controls.
- Demonstrated ability to present ideas logically and concisely to diverse internal and external audiences at all organizational levels, both verbally and in writing
- Demonstrated excellent interpersonal skills, including the ability to resolve conflicts, persuade decision makers, motivate people, inspire teamwork and influence groups.
- Proven strong aptitude for problem solving and root cause analysis, including the demonstrated ability to conceptualize and analyze multiple scenarios in solving business problems.
- Proven strong project management and organizational skills complemented by a keen sense of personal responsibility and initiative. Demonstrated ability to write and present diverse ideas in a logical and concise manner.
- Demonstrated ability to work independently and proactively identify opportunities for improvement.
- Proficient with Microsoft Office suite (Word, Excel, Access, etc.), as well as Visio, and able to understand the concepts of and efficiently use technology. Able to use electronic document management systems or audit work paper software.