The IT Internal Auditor is responsible for conducting and documenting IT audit projects. Establishes and assesses adherence to the key controls and efficient procedures and processes in various business lines and IT components throughout North America.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following:
Understand and evaluate the processes and controls designed to reduce risk to an acceptable level.
Designs and executes audit programs to validate process performance measures and business controls.
Sources root causes of process deficiencies and propose solutions.
Identifies what operating or IT controls are lacking and are required to manage risks and support a particular product or process or technology and participates in the makes recommendations to correct deficiencies.
Provides audit assurance about process effectiveness and efficiency in reference to best practices and make recommendations to improve business/IT process performance and escalate significant findings as appropriate.
Prepares and collaborates with the business in drafting Observation Memorandums for any findings noted during the audit for review by the Audit Manager.
Completes audit work papers providing full and complete detail in each section referencing when applicable, backup or source documentation.
Completes projects assigned on time and within budget, as agreed upon at the time of assignment.
Decides on the correct content and substance of reports, specifically the pertinence or relevance of findings and his/her recommendations or whether to escalate the findings.
Monitors audit findings and the timely completion of action plans and ensure that all concerns or deficiencies reported are solved.
Contribute where appropriate, to investigations relating to fraudulent or suspicious activities, coordinating efforts and forensics with internal and external sources as required while maintaining complete discretion and confidentiality.
Establish and maintain a professional rapport with management to develop the controls culture within the business.
Acts as consultant to the business on risk and control matters and responds to risk and control queries from the business, such as queries resulting from changes to procedures or the establishment of new procedures.
The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE:
Bachelors Degree in Business, Management Information Systems, Accounting, Computer Science or related field; a professional designation (CA, CPA, CGA, CMA, CIA, CISA, CISM, CISSP) preferred, but not required.
A minimum 1-5 years of experience in IT or IT audit, preferably with related experience and/or knowledge of CoBiT, ISO27001/2 audit, operational effectiveness techniques, market place trends & technological advancements. Training or equivalent combination of education and experience.