- Information Systems Auditor
- Go to our website »
Information Systems Auditor
Internally, the IS auditor deals directly with all levels of management in the university. The incumbent works with the audit staff, managers and senior officers of the universities and System Office, especially with information systems. The incumbent must maintain a good working knowledge of the information systems developments at the university. Consideration should be given to attending IS steering committee meetings. Externally, the IS auditor maintains close relationships with the ISACA organization in order to keep abreast of trends and developments in the IS auditing profession. He/she has regular dealings with managers and partners of the university's external auditors to obtain material including information that should be disseminated to the audit staff and management of the university. He/she maintains contact with audit software vendors to stay abreast of development in the field.
The individual will have primary responsibility for reviews of the university's information systems environment and will conduct independent reviews and evaluations of management operations and activities to appraise: Controls for confidentiality, integrity, and availability (reliability) related to and within information systems (IS), data governance, and IT-dependent compliance requirements. Adequacy of and compliance with policies, plans, standards, laws, and regulations which could have significant impact upon IS systems or operations, data governance, or IT-dependent compliance requirements. Effectiveness in accomplishment of the University's IS objectives and goals. Measures taken to safeguard assets, including tests of existence and ownership as appropriate, Economy and efficiency in use of IS resources. The systems development life cycle (SDLC) methodology, providing for internal audit input at key points in the process. For all Assigned Audits: Develop the Scope and Objectives: Utilizing a sound, documented risk assessment process and incorporating stakeholder feedback, develop the audit scope and objectives for manager approval. Preliminary Survey: Development and preparation of the survey to gain an overview of the IS environment (functions and operations) of the area being audited. Audit Time Budget: Establish a practical budget, complete work on time, evaluate performance, and document rationale for time budget variances. Audit Program Development/Changes: Develop audit programs and procedures necessary to promote effective audit coverage for the approved scope and objectives. Obtain manager approval for audit program changes made after initial approval was obtained. Entrance Conference: Upon manager's approval of audit planning, ensure that audit scope and objectives have been clearly and completely provided to the customer before audit field work begins. Field Work: Perform all fieldwork in a competent, diligent, and professional manner. Utilize critical thinking when assessing whether an audit observation exists, its severity, and possible solutions or mitigating factors. Discuss these points with the customer to identify or confirm root cause. Assess Governance: Demonstrate comprehension and ability to (1) assess adequacy of existing policies and procedures, reporting lines/organizational structure, and training; and (2) recommend sound alternatives. Identifying Process and System Control Points: Document controls thoroughly but concisely. Work papers: Prepare selected work papers. Audit Conclusions: Demonstrate capacity for effective documented decision making and drawing sound conclusions. Organize evidential support for all audit observations and report recommendations. Rely only on evidence that is sufficient and relevant to the audit observations. Interim Recommendations: Prepare recommendations for customer consideration, considering materiality, risk, and pertinence to audit and documentary evidence. Document customer feedback, possible solutions, and relevant mitigating factors. Exit Conference: Prepare preliminary agenda of observations, recommendations and comments to review with customer(s) and obtain feedback (agreement, disagreement, questions, etc.) Report Preparation: Prepare written observations and recommendations that are clear, concise, and factual. Awareness of the State-of-the-Art: Demonstrate an advanced understanding of current developments, associating that understanding with university audit applications. Recommend adaptation, where appropriate, in our audit approach. Customer relationships: Ensure continuing development of effective professional relationships with customers and stakeholders. Professionalism: Demonstrate superior performance in all attributes of professional conduct, to include maintaining confidentiality and objectivity. Encourage others towards comparable performance.
Committee Participation: Participate in an advisory capacity. Committees may include HIPAA, PCI, CIRT, CMMC, etc. Utilize department template(s) for documenting meeting notes and sharing pertinent information with the audit staff.
Administer the Continuous Controls Auditing program for the department. Use results to inform auditors on risks related to their audits and for the development of the annual audit plan.
Continuing Education: Pursue departmental approved program for continuing education for self and maintaining professional certifications.
Department IT: Monitor and assist with the department's requirements for electronic tools including audit software and administrative packages.
Project Management and Quality Assurance: Participate in the department's project management and quality assurance activities to assist in the effective realization of the department audit plan with quality audit services provided.
Special Projects and Investigations: Recommend special projects, based upon experience and or business need. Possess ability to carry out assignments discreetly, effectively, and efficiently in sensitive, confidential circumstances, when needed.
Knowledge, Skills, Abilities:
- Knowledge of generally accepted auditing and accounting principles and standards obtained through formal education.
- Experience implementing, operating or auditing enterprise systems and networks.
- Knowledge of risk assessment and risk mitigation theory, frameworks, and processes.
- Knowledge of IT standards and frameworks.
- Ability to interpret and apply policies, regulations, standards, and frameworks.
- Have strong skills in the areas of:
- Written and verbal communication.
- Technical writing and editing.
- Critical thinking.
- Project management.
- Advanced proficiency in spreadsheets, database applications, and data analytics.
- Ability to work independently and take initiative as needed to perform work timely within established protocol and framework.
- Ability to work collaboratively and productively with stakeholders, audit customers, and other auditors, both in person and virtually.
- Ability to travel independently for business.
Four years of experience in internal auditing and external auditing.
Required Education or Training:
This individual will have at least a four-year college degree with an accounting or information systems emphasis and a CISA, CISM, or similar professional technical certification.
This is a full-time, 12-month, exempt staff position complete with both a competitive salary and full employee benefits package. New hires will be placed on the UA staff salary schedule, Grade 80, based on education and experience.
Special Instructions to Applicants:
Please attach a resume, cover letter, and the names and contact information (email address and phone number ) for three (3) professional references with your application.
Applications will be accepted for review on 02/03/2023, to ensure consideration, please apply by 11:55 PM, Alaska Standard Time on 02/02/2023).
*To be eligible for this position, applicants must be legally authorized to work in the United States without restriction. Applicants who now or may in the future require visa sponsorship to work in the United States are not eligible.
The University of Alaska (UA) is responsible for providing reasonable accommodations to individuals with disabilities throughout the applicant screening process. If you need assistance in completing this application or during any phase of the interview process, please contact UA Human Resources by phone at 907-450-8200.
UA is an AA/EO employer and educational institution and prohibits illegal discrimination against any individual: www.alaska.edu/nondiscrimination
The successful applicant is required to complete a background check. Any offer of employment is contingent on the background check.
Your application for employment with the University of Alaska is subject to public disclosure under the Alaska Public Records Act.
If you have any questions regarding this position, please contact Sarah Morisky, HR Generalist, UA Human Resources, at firstname.lastname@example.org or (907) 450-8245.
Applications Close: Open until filled
To apply, visit: https://careers.alaska.edu/en-us/job/523648/information-systems-auditor
Copyright 2022 Jobelephant.com Inc. All rights reserved.
Posted by the FREE value-added recruitment advertising agency