Manages the information technology (IT) aspects of the internal audit function, including annual and ongoing risk assessments, Sarbanes-Oxley (SOX) general computer controls compliance and testing program, IT-related internal audit projects, and supervision of the IT internal audit function by performing and/or supervising project execution, ensuring quality of work, providing guidance and training and identifying needs for audits/reviews. Also manages the relationship with the external auditors with regard to SOX general computer controls work and ensures that testing and documentation meets requirements for the external auditors to place maximum reliance on internal audit’s work.
Essential Duties and Responsibilities
Develops IT-related internal audit plans and participates in and directs the execution of such plans. Areas of emphasis include: operational, compliance, and regulatory audits, as well as assessing system configurations, settings, security, data integrity, user access, system implementations, program and project management, and other generally accepted IT controls in accordance with professional standards, including the ISO 27001 – Information Security Standards and the Center for Internet Security Top 20 Critical Security Controls.
Manages and directs a comprehensive SOX general computer controls program, including appropriate approach and test plans to meet compliance requirements and external auditor expectations. Serves as a liaison with the external auditors as required.
Supports the internal audit compliance audit manager in coordination of the overall SOX program and maintenance of related documentation (i.e., master control list, process narratives, flow charts and testing workpapers).
Identifies significant processes and applications that impact internal control over financial reporting.
Works with all levels of management and general computer control owners to identify key and compensating controls. Assesses existing and proposed controls, as well as any changes to controls. Provides guidance and training to management and control owners, as needed.
Directs and performs testing efforts and reviews test plans and results to verify that tests are properly designed and executed. Provides guidance and training to internal audit staff.
Assesses potential deficiencies, classifies deficiencies based on Public Company Accounting Oversight Board (PCAOB) standards and aggregation criteria, and evaluates remediation.
Performs or supervises the planning, fieldwork and reporting phases of IT-related internal audit projects to ensure projects are appropriately designed to identify and assess risks, verify compliance, and evaluate controls and monitoring processes.
Ensures preparation of workpapers and reports in accordance with applicable internal audit standards and department policy.
Executes projects such that they result in recommendations to strengthen internal controls, ensure compliance with regulations, standards and company policy, and enhance management processes to meet the company’s business objectives.
Performs or supervises follow-up testing and documentation to ensure that management takes appropriate actions to mitigate risks as identified in the internal audit reports and communications.
Directs the work of others and performs related administrative tasks such as counseling on the job training, approval of timesheets and expenses, etc.
Assists internal audit management in recruiting and maintaining an effective and efficient workforce, including contracted resources if applicable.
Monitors and enforces all compliance requirements for area of responsibility.
Ensures all compliance aspects of position are known and followed; understands and complies with all policies, codes and regulations applicable to position and company.
Performs related duties as assigned.