The Senior Auditor position is responsible for performing internal audit work throughout the University of Minnesota. The University encompasses a wide array of diverse activities including academic support functions, sponsored research, large scale business operations, academic health care, intercollegiate athletics, and municipal/utility operations. The complexity and size of audit assignments will vary significantly and will encompass audits of University units and processes, investigations, and other special projects. Incumbents are expected to have two or more years of audit experience and be able to demonstrate proficiency in performing internal audit work that conforms to the Institute of Internal Auditor?s professional standards. Work assigned to incumbents will generally be well-defined and is expected to be carried out with limited supervision. Decisions regarding the scope of work to be performed, the nature of testing to be completed, and the reporting and disposition of results will be delegated to this position with oversight by supervisors or managers.
60% Perform audit testing of both University units and processes to evaluate the efficiency and effectiveness of internal control, risk management and governance processes. This includes assessing whether:
? Risks are appropriately identified and managed by the process owners and/or University management.
? Interaction between governance groups occurs as needed.
? Employees? actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
? Resources are acquired economically, used efficiently, and adequately protected.
? Programs, plans, and objectives are achieved.
? Quality and continuous improvement are fostered in the University?s control processes.
? Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
This work will include:
? Use of accepted audit procedures and techniques during the audit, and performing audit steps in the programs established to evaluate the adequacy of controls, risk management and/or governance processes.
? Documenting, reviewing and assessing internal controls and the efficiency and effectiveness of business practices used in the units/processes being audited. This typically is accomplished through the use of questionnaires, interviews and flowcharts, data analytics and also through the testing of transactional activity.
? Obtaining, analyzing and appraising transactions, documents, records, reports and methods that provide the basis for our conclusions on the effectiveness and efficiency of controls over the unit or process being audited.
? Collecting and analyzing, through the use of data analytics and other methods, sufficient competent evidence to serve as a basis for our conclusions.
? Preparing detailed, clearly labeled work papers that record and summarize data on the audit work assigned.
? Reviewing work completed by other audit staff for quality assurance purposes.
10% Plan and develop the overall audit plan and specific audit tests and procedures to be used for audits of University units and processes. The plans and procedures are to be developed using a risk-based methodology, focusing our audit effort on those activities creating the greatest risks to the institution. Plans must be developed in recognition of the limited audit resources available for each audit engagement. This will include:
? Collecting background material needed for defining the scope of planned audits based on risk analysis and management needs.
? Summarizing discoveries during the planning process.
? Drafting engagement letters, audit programs, time budgets and work schedules for the audit.
10% Perform engagement management activities associated with audits of University units or processes, generally those of medium and low risk. This will include:
? Managing work assignments and evaluating work product of staff assigned to audits the incumbent is charged with leading. The incumbent will be responsible for ensuring the work product is complete, logical and complies with both the Institute of Internal Auditor?s professional standards and department practices. The incumbent will be responsible for ensuring staff are using appropriate audit judgment when drawing conclusions and evaluating the significance of audit findings. The incumbent will provide coaching to staff regarding completion of audit processes, evaluation of the units and business processes being reviewed, and creation of recommendations which are both actionable and cost-effective.
? Coordinating work effort and communication with line management responsible for areas the incumbent has been assigned to audit.
10% Communicate the results of the audit work performed, using both verbal and written skills (10%). This will include:
? Developing and documenting findings and recommendations in a manner that allows for proper review and assessment of the risks identified and the conclusions drawn.
? Meeting with the audit client(s) to discuss both the preliminary and final audit results.
? Drafting the initial audit report document.
? Using appropriate audit judgment in evaluating the significance of audit findings.
? Ensuring recommendations made are both actionable and cost-effective.
10% Conduct and/or oversee the performance of audit work needed for investigating allegations financial or operational misconduct. In addition, work on special projects as needed to complete projects both within and external to the Office of Internal Audit (10%). This will include:
? Gathering, reviewing and assessing audit evidence as part of investigating allegations of misconduct
? Working on both internal and external project teams to accomplish the objectives established for the assigned special projects.
1. Conduct follow-up work to determine the current status of prior recommendations made to management.
2. Complete training and other activities to maintain and enhance professional skills and abilities.
3. Provide work direction and serve as a resource for other senior and staff auditors.
4. Perform basic audit work related to information technology matters. This will include, but is not limited to: physical security, change control, access controls, disaster recovery and application reviews.