Information Technology Auditor

Information Technology Auditor

Nature of Work

The IT Auditor position is responsible for performing information systems audits of a variety of process environments throughout the county while working under general supervision. Duties will include assessing control environments, performing risk assessments, and conducting reviews of data processing applications, systems and networks. The auditor may train other office staff assigned for specific projects. Work involves planning and conducting technical audits and data analysis of information systems, platforms, and operating procedures and preparing working papers, audit findings, and audit reports, in accordance with established information system audit standards, regarding

  • the efficiency, accuracy, and security of financial and non-financial programs.
  • compliance with applicable laws, regulations, procedures, and management objectives
  • detecting data and procedural errors and preparing recommendations for corrective measures and improved internal controls

Essential Job Duties

  • Participates in and executes audits of technology platforms, information systems, and information technology operating procedures; evaluates information technology internal controls. Performs audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.
  • Performs information technology security reviews and general information technology or application control reviews, as needed, to address audit objectives. Reviews and recommends information technology control elements to mitigate information technology risks regarding the confidentiality, integrity, and availability of business information.
  • Tests county transactions; ensures compliance with laws, regulations, and policies on privacy and public access to data; and tests controls over online services. Reviews and analyzes system and data diagrams to identify manual and systems process interactions and critical controls. Assists in preparing and reviewing audit reports dealing with complex and sensitive issues for internal and external audiences.
  • Provides technical support for financial, compliance, and performance audits; performs information technology audits and computer assisted audits. Conducts data extraction, analysis, and security reviews. Evaluates and provides the appropriate levels of consulting, testing, assistance, and recommendations for the utilization, integration, maintenance, and enhancement of an entity’s information technology systems.
  • Prepares work paper documentation to support audit work with evidence of deficiencies in controls, duplication of effort, extravagance, fraud, or lack of compliance with laws, government regulations, and management's policies or procedures. Work paper documentation must comply with industry standards.
  • Assists in the development of audit and analytical programs as directed.
  • Makes presentations to various county groups and departments on internal controls and audit findings and recommendations.
  • May serve as subject matter expert on information technology security issues.
  • Performs other related duties as assigned.

Essential Knowledge, Skills & Abilities

Knowledge of

  • generally accepted information technology audit and financial standards and practices
  • IIA’s International Standards for Professional Practice of Internal Auditing and Code of Ethics, ISACA’s IS Audit and Assurance Standards and code of Professional Ethics, and GAO Standards
  • financial and non-financial systems, processes, and practices
  • information technology security and control practices
  • information technology management practices
  • computer Assisted Audit Techniques (CAATs) • standard techniques and methods for detecting fraud

Skill in:

  • collecting and analyzing complex data
  • evaluating information and systems
  • drawing logical conclusions
  • assessing the effectiveness of internal controls over key information technology risks
  • identifying significant exposures
  • analyzing transactions and management information
  • detecting changes in key risks and/or control effectiveness
  • developing appropriate recommendations to address exposures
  • using analytical software tools, data analysis methods, and other computer applications
  • developing audit programs
  • managing audit projects
  • applying standards
  • using effective written and verbal communication to convey information in a clear, concise manner (Communication)
  • identifying and resolving problems by using strong analytical techniques, innovative approaches and taking initiative in preventing and solving problems (Problem Solving)

Ability to:

  • display a high level of self-motivation
  • work in a team environment as well as individually
  • utilize resources and training to perform reviews
  • research, comprehend and apply Florida Statutes, County Ordinances, and County policies and procedures.
  • work on multiple assignments within agreed upon priorities and timelines
  • establish and maintain working relationships with co-workers, county staff and management to achieve common goals (Teamwork)
  • plan, organize, and prioritize multiple assignments to effectively manage a fast paced and changing work environment without compromising accuracy (Adaptability)
  • consistently meet internal and external customer needs and expectations in a professional manner (Customer Service)
  • act in the best interest of the county, maintain confidentiality and continually strive to improve self and job performance (Professional Conduct and Development)
  • maintain confidentiality and protect the privacy of county employees, taxpayers and other members of the public (Privacy and Information Security)
  • apply information system auditing skills to a wide variety of policies, practices, and systems found with county government. (Adaptability)

Qualifications

Education:

  • Bachelor’s Degree in Computer Science, Information Technology or related field.

Minimum Experience:

Two (2) years full-time experience as an Information Technology Auditor.

Preferred Experience:

  • Specialized experience with computers, information security, network, websites, and/or other related technical audits.
  • Experience auditing systems including accounting systems, administrative systems, property accounting, or payroll/personnel reporting systems.
  • Experience in government auditing
  • Experience in project management of audits
  • Experience in analyzing internal controls
  • Experience using AutoAudit
  • Experience in performing risk assessments
  • Experience in writing and finalizing audit reports

Licenses or Certifications: (one or more of the following)

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Risk and Information Systems Controls, (CRISC)
  • Certified Public Accountant (CPA)
  • Certified Internal Auditor (CIA).

Working hours:

A 40-hour work week, Monday through Friday, 8 a.m. – 5 p.m. Additional weekend, holiday and/or late-evening hours may be required. Hours may change based on business needs.

Travel:

5% or less

Physical Requirements:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position requires the incumbent to primarily perform sedentary office work; however, mobility (standing and walking) is routinely required to carry out some duties. It requires extensive computer, telephone and client/customer contact. It requires the ability to bend, stoop, kneel, and reach as needed for filing and similar routine office duties. The job also requires normal cognitive abilities requiring the ability to learn, recall, and apply certain practices and policies. It requires the stamina to maintain attention to detail despite interruptions. Marginal or corrected visual and auditory requirements are required for reading printed materials and computer screens and communicating with internal and external customers. The individual must be able to transport a laptop computer and printer to the various audit locations to conduct the necessary field work. The individual must be able to lift, pull, physically handle, and transport records, documents, boxes, and all related information, weighing up to 30 pounds when required.