Performs assigned audits in conformity with
the departmental objectives, goals and standards. Ensures that work papers are completed and
audit reports are issued within established timeframe.
DUTIES AND RESPONSIBILITIES:
1. Performs quarterly risk
assessments for assigned operating companies to help determine areas of focus
for audits. Recommends suitable
corrective action to the appropriate level of management for the operating
company location under review.
2. Develops risk based audit
programs that address risk areas for an Information Technology environment.
3. Takes complete ownership of
the audit life cycle from developing the scope, sending the engagement letter,
performing audit, documenting work papers, coordinating the closing meeting
with operating company management and issuing the final report. Performs IT audits independently.
4. Actively assists other
auditors with peer reviews of audit reports or as needed, and participates in
5. Prepare, review, and analyze
audit work papers to determine their adequacy to support the work performed and
the audit conclusions.
6. Prepares a comprehensive
written audit report and executive summary communicating the results of the
audit highlighting the overall business risk.
7. Researches and communicates
security advisories that may affect each operating company’s environment. Partner with assigned operating company
management and maintain open communications in order to current on environment
changes and/or strategies.
8. Stays current with IT best
practices and new technologies through industry associations, internet
research, self-study and formal training.
Ability to evaluate complex IT systems and identify risks through
research and extrapolation of issues reported for similar environments.
10. Ability to interpret data
beyond the normal reporting capabilities of audit tools and determine the
extent of the risk to the business.
11. Review business processes, IT applications, and
financial practices enterprise-wide to ensure the use of compliant and best
practices, procedural efficiency, and accuracy
12. Participate consultatively in implementing changes to
the extent possible
13. Conduct or assist in conducting studies to assess the
soundness, adequacy, compliance and cost-effectiveness of the enterprise's
operational, financial, and information systems' controls
14. Devise and recommend remedies to faulty systems and
procedures; to the extent possible, consult in their implementation
15. Experience with business operations for I.T.,
including business continuity, high availability.
16. Maintain a positive working relationship with the IT
groups from our Operating Companies and an ongoing relationship with key
17. Responsible for special
projects as assigned.
18. Must be able to travel up to 25%.
in Information Technology with at least 5-8 years of related experience or
identifying SOX risks and controls are a must.
excellent verbal and written communication skills, and ability to interface
effectively with senior management.
understanding of IT general controls (security, change management, disaster
backup recovery, data center, etc.); system development lifecycle methodology,
database design, operations management
hands on experience in Programming, Analysis, Security Administration, Project
Management, and Systems Development.
practical experience in dealing with:
o Unix, Linux,
Windows, OS400, Active Directory, VMware, Citrix, Solaris
o Oracle, SQL, MS
o Oracle EBS,
Great Plains, SAP, MS Share Point
MCSA, MCTS, MCSD,
Knowledge of generally accepted audit standards