*For full consideration, applications must be received by February 8, 2019. POSITION SUMMARY: The Office of Audit, Risk and Compliance (OARC) provides an independent, objective assurance and consulting activity. The OARC strives to maximize the resources deployed toward the core academic, research, and public service missions of the university by identifying ways to avoid and reduce losses and promote efficient and effective processes. The OARC also seeks to continually improve the productivity of the OSU learning and work environment by promoting compliant and ethical practices that reinforces the university’s core values of accountability, diversity, integrity, respect, and social responsibility. The senior information technology (IT) auditor acts as the in-charge auditor for IT audits at the university. The senior IT auditor applies IT audit principles, skills, and techniques to review and test computer applications and information systems technology of varying complexity. The senior IT auditor plans, administers, and conducts assignments, and is responsible for the overall completion of the engagement. The position reports to the deputy chief audit, risk and compliance executive (deputy).The senior IT auditor will supervise interns when they are directly assigned to IT engagements. The position is responsible for keeping abreast of the IT audit profession and emerging risks facing the university. The senior IT auditor understands the financial, operational, and compliance risks facing the university and is able to apply internal control concepts to formulate solutions to mitigate risks in the IT environment. The senior IT auditor is the key point of contact for information regarding the practice of IT auditing. POSITION DUTIES: 70% Audit Examinations The senior IT auditor’s primary responsibility is to provide independent reviews and evaluations of the university’s information technology environment related to: - the availability, confidentiality and integrity of information technology,
- compliance with policies, plans, standards, laws, and regulations which could have significant impact,
- the effectiveness of IT strategy in meeting university goals and objectives,
- actions taken to safeguard assets and utilize IT resources effectively and efficiently, and
- implementation of the systems development life cycle (SDLC) process.
The senior IT auditor’s duties and responsibilities will include the following: - Establish the scope of the IT audit procedures in accordance with IIA
- Interview auditees, review policies, and test procedures for the safeguarding of the university’s major network and computer-related assets including hardware, software, and data.
- Complete detailed audit procedures and working papers in accordance with the audit objectives and the OARCpolicies and procedures manual.
- Communicate progress and audit concerns to the deputy.
- Effectively identify recommendations for improving the control structure of the university.
- Prepare the initial draft of the audit report, which formally documents the scope of the engagement, the auditor’s opinion, and recommendations to strengthen IT internal controls and improve operating efficiencies. Submit all draft and final reports and work papers to the deputy for review.
- Lead exit conferences with the deputy to present findings and recommendations to auditee management and senior leadership, including the Executive and Audit Committee of the Board of Trustees, as deemed appropriate by the deputy.
- Demonstrate the effective direction and control of the IT audit field work in connection with audit examinations, network and computer operational audits, pre-implementation reviews, and special investigations.
- Maintain budgetary control of work hours spent on the audit engagements. Monitor the schedule of budget versus actual hours. At the conclusion of the audit, the senior IT auditor documents all major variances.
- Provide supervision, training, development, and evaluation of assigned student interns on IT projects. These responsibilities include providing daily direction and guidance on audit problems and a continuing evaluation of performance to promote development. Assignment of interns is determined by the Deputy.
- Coordinate activities to the extent possible with the external auditors to enhance audit efficiency.
- Monitor the OARC’s requirements for electronic tools including audit software and administrative packages.
- Comply with The IIA Code of Ethics and maintain confidentiality.
30% IT Quality Control and Consulting - Demonstrate a thorough knowledge of the Committee of Sponsoring Organizations (COSO) internal control framework, The Institute of Internal Audit (IIA) standards, generally accepted auditing standards, and generally accepted accounting principles, and recognize deviations that pose risks to the university.
- Maintain a current understanding of IT audit procedures and techniques, the COBITframework, and information technology systems throughout the university. Pursue an OARC-approved program for continuing education.
- Monitor current developments in administrative and academic IT environment.
- Participate in the OARC’s project management and quality assurance activities to assist in the effective realization of the department audit plan with quality audit services provided.
- Participate in the development process for future OSUIT initiatives. The senior IT auditor may discuss appropriate controls for the design of planned applications and systems with campus committees and groups and recommend university policies to increase control within the IT environment.
- Interact with university management and staff to promote an environment of effective and efficient IT-related internal controls and operating procedures.
- Ensure continued development of effective professional relationships with customers and actively participate in university-wide committees in an advisory role.
- Demonstrate superior performance in all attributes of professional conduct, including maintaining confidentiality and objectivity.
- Prepare the IT section of the audit-planning document and present to the deputy and chief audit, risk and compliance executive for approval. This plan defines the scope, timing, and FTErequirements for IT audit support.
- Perform other duties as assigned.
|