We are currently seeking to fill an IT Auditor position for our client in CITY, STATE. We invite you to review the position requirements below and apply today if your skills match our need.
Overview:
The IT Auditor will be responsible for executing information technology audits and support operational and financial audits from an IT perspective. The role will also include identifying risks and controls that may impact on the integrity of reported financial information, the effectiveness and efficiency of business processes and controls and/or the achievement of business objectives. Candidates will require strong analytical, execution and presentation skills. This role will focus primarily on integrated and SAP audits.
Business Knowledge:
- Document understanding of business processes as they relates to IT using Visio, PowerPoint and other workflow tools.
IT Knowledge:
- Review IT plans and strategies prior to the start of the audit. Prepare questions to gain an understanding of IT and interrelated business processes (scope of responsibility, supporting technologies, current projects, and the AOP and Strategic Plan. Determine the impact of systems development and the implementation and use of technology on the operational and control environment (both technology and business functions). Present to management during the audit. Cross-reference findings with other auditors (Finance and Operations).
- Understand managements primary metrics and reports used for evaluating their accomplishment of business objectives and assess reasonableness of related processes.
Planning:
- Prepare overview notes related to the use of technology to support the business, using information gained during plant visits, market tours, route rides and other business review opportunities. Record using defined PCA procedures.
- Review planning memo. Fully understand audit scope and audit expectations.
- Prepare risk/control matrix template for each key business or IT process, and/or relevant audit section outlined in the planning memo.
- Review IT Self-Assessment Questionnaires and other planning information (e.g., Assessment of Basic Controls (ABCs)) and incorporate results into the risk/control matrix.
- Review Annual Operational Plan objectives relating to audit scope and identify potential risks. Include in risk/control matrix.
- Note any relevant risks identified in divisional risk maps in risk/control matrix.
Audit Execution:
- Understand and document assigned business process steps. Assess risks and document controls. Check linkage with entity and AOP risks identified from reviews of divisional risk maps, and AOP and Strat plans. Clearly identify manual and automated controls.
- Discuss processes and risk assessment with other staff members.
- Identification of application controls, IT dependent controls and manual controls.
- Test high-risk areas to validate controls are working and clearly document the results of testing activities. Assess design and operating effectiveness of controls.
- Calibrate preliminary findings at the end of the first week with rest of team to verify that scope of work and timeline are appropriate.
- Discuss Risk Assessment and Management with Clients during audits and assist in identifying new risks.
- Use business and IT knowledge to identify control and efficiency opportunities.
Audit Reporting:
- Communicate findings to client management as they occur. Only issue findings or business and technology process improvements after agreeing on action plans with the relevant functional owner.
- Accurately record all findings and action plans using status-meeting agendas.
- Complete and agree on all findings, action plans and owner/completion dates in the draft detailed audit report before the close meeting to minimize post-audit management discussions.
Teamwork within audit:
- Actively participate in audit planning discussions.
- Proactively discuss audit findings and business process improvements with the rest of the audit team at least weekly before each status meeting.
- Ability to supervise other team membersShare knowledge with other team members (e.g., sharing of best practices).
- Continually assess progress of audit during fieldwork and assist on other audit sections where work may be completed early.
- Actively participate in rating and priority assignment during the close week.
- Actively participate in completing the job summary report.
- Provide feedback on each assignment and suggestions on improvements to the process.
Required:
- 4-8 years (part in IT audit). Additional experience in IT risk, IT operations, IT consulting preferable.
- Bachelor's Degree (Information Management, MIS, Finance with IT minor, Accounting with IT minor or related combinations or degrees with business and technical mix).
- SAP Technical Skills
- Broad understanding of business functions and processes and how they are supported by IT.
- Understanding of core IT general control processes (e.g., Change Management, System Development Lifecycle, Information Security, IT Operations etc.).
- Up to 70% travel (Domestic and/or International).
- Knowledge of CobiT, ISO, Sarbanes Oxley, COSO.
- Relevant certification (e.g., CPA, CISA, CISSP, CISM, CGEIT, CCSA, CIA, CPE etc.).
Preferred:
- Knowledge of Computer Assisted Analysis Tools (CAATS) such as ACL, Security Scanning Tools, MS Access, SQL.
- Masters in Information Management, MIS or similar field.
- Fluent in English and Spanish.
- Experience in a public company environment as it relates to risks and controls in the Sarbanes Oxley realm.
- Working knowledge of manufacturing, consumer products or other consumer production workflow and business processes.
- Knowledge of ITIL, CMMi, Six Sigma.
Apply now if your skills and experience are a good match for the position and remember this: At Harvey Nash, the door to opportunity is always wide open.
To Apply to this job go to http://www.GadBall.com or click here