Information Systems Audit Analyst

 Information Systems Audit Analyst

 

GENERAL DESCRIPTION:

Provides technical support for financial and performance audits and attestation engagements, and performs entry?level up to advanced information technology (IT) audits and computer assisted audits. Uses technology to audit effectively and gain assurances regarding IT systems at state agencies and institutions.  Work includes statistical and non-statistical data analysis using various software applications and programming techniques.  Provides expertise in IT auditing and data analysis techniques.  May plan, assign, or supervise the work of others.  Works under minimal to limited supervision with considerable to extensive latitude for the use of initiative and independent judgment.  Willing to travel within Texas.

 

ESSENTIAL JOB FUNCTIONS: Performs general IT, application, and security control reviews and system development methodology reviews as needed to address audit objectives.Uses computer-aided audit tools and techniques (e.g., software and hardware) to gather information and perform audit testing (e.g., security and vulnerability) of information systems used by the audited entity.Coordinates with audit project manager to determine audit scope and type of IT audit to perform.Develops information technology audit programsDevelops and applies knowledge of e-government and e-commerce to audit projects in order to provide appropriate levels of assurance as to the reliability of e-government systems.Tests e-government transactions; compliance with laws, regulations, and policies on privacy and public access to data; and controls over online services.Prepares system and data diagrams to identify manual and systems process interactions and critical controls.Develops and maintains professional relationships with internal clients (team members, other project teams, SAO management and support services) and external clients (legislators, agency board members, management, and staff) needed to successfully complete a project.Displays effective interviewing techniques that communicate respect and objectivity.Serves as an advisor to external clients beyond completion of the project.Provides constructive and timely feedback to fellow team members and accepts constructive feedback on performance.Serves as subject matter expert on information technology security issues at agencies.Produces results consistent with the Office?s vision and mission.Seeks opportunities to serve in leadership roles and takes charge when in that role.Assesses and provides the appropriate levels of consulting, testing, assistance, and recommendations for the utilization, integration, maintenance, and enhancement of an entity?s IT systems. Evaluates entities? current IT project management processes and procedures.Conducts effective audits and reviews of entities? management of their financial and non-financial resources and determines whether the entities economically and efficiently accomplish their missions, goals, and objectives.Analyzes data, and designs and conducts interviews, tests, and procedures to evaluate program operations including financial and non-financial processes.Uses technology and other resources to analyze data, conduct research, evaluate systems, controls, and information. Identifies issues, assesses risk, and gathers convincing evidence to support audit issues or fraud. Develops critical audit issues, findings, and recommendations that result in cost savings, service improvement, or revenue enhancement.Conducts working paper reviews and correctly determines sufficiency, competency, and relevancy of evidence.Collects information sufficient to gain an understanding of systems related to audit objectives, and prepares a preliminary assessment of risks and controls.Correctly identifies and develops methodologies required to meet the objectives with existing data and resources.Writes accurate audit findings, including identifying relevant criteria and writing effective recommendations.Writes accurate reports, including the IT section of the audit report as requested by the project manager, dealing with complex and sensitive issues in a timely manner for internal and external audiences. Makes technical information understandable.Includes all significant issues and communicates useful information in a compelling manner, including quantifying the fiscal impact of issues.Identifies and uses appropriate methods and tools to gather, test, report, and draw sound conclusions from quantitative data and its analysis.Enhances the technical capability of auditors and clients through effective presentation and accurate course content. Utilizes network vulnerability scanning tools to determine the patching level and configuration of network resources to assess the security and operations of various network environments.Could include developing new and less experienced staff through effective mentoring, work review, and coaching

 

 

MINIMUM QUALIFICATIONS:

Graduation from an accredited four-year college or university (copy of transcript required) with major course work in information systems, accounting, business administration, finance, economics, public affairs/administration, or a related field.  Zero to six years? experience in auditing information systems preferred.

 

 

KNOWLEDGE, SKILLS, & ABILITIES:

? Skill in dealing with difficult people and situations

? Skill in effective situational communication and situational leadership

? Skill in making effective presentations, including at entrance and exit conferences

? Knowledge of financial and non-financial systems, processes and practices

? Knowledge of information technology management practices

? Knowledge of network and infrastructure security (including telecommunication)

? Skill in using risk assessment techniques (identifying, measuring, and prioritizing risk)

? Knowledge of various audit methods

? Knowledge of management and information system controls, processes, and practices

? Skill in using analytical software tools (e.g., ACL) and other computer applications (TeamMate, Word, Excel,

Access

? Knowledge of various data analysis methods (e.g., trend and fluctuation analysis)

? Skill in researching and analyzing relevant standards, industry practices, and benchmark information

? Knowledge of fraud identification techniques

? Knowledge of process mapping

? Ability to manage multiple priorities and tasks, to prioritize and to make assignments

? Skill in clear and concise verbal and written communication (status reports, justifications)

? Skill in effective project management and personnel monitoring

? Knowledge of auditing and financial reporting standards (e.g., GAAS, GAGAS, AICPA, SAS, SSAE)

? Knowledge of technical issues and systems (e.g., mainframe, client-server, LAN)

? Knowledge of financial and non-financial controls, including controls over information systems

? Knowledge of grammar and effective word usage

 

 

 

 

PREFERRED QUALIFICATIONS:

 

? Graduation from an accredited four-year college or university (copy of transcript required) with major  coursework in computer information systems (CIS) or management information systems (MIS)

? Certification as a Certified Information Systems Auditor (CISA)

? Certified Information Systems Security Professional (CISSP)

? Certified Internal Auditor (CIA)

? Understanding of Texas state government

? Knowledge of IT and financial auditing procedures and processes

? Experience accessing statewide databases such as USPS, USAS, HRIS, SPA, ABEST, or PEIMS

? Demonstrated knowledge and skill in using SAS, ACL, or MS Access 

? Knowledge of or training in statistical analysis



 

Visit the SAO Website for a complete posting and more information about the SAO. Apply online by visiting the SAO Career Board.






An Equal Opportunity Employer.




APPLY ONLINE - www.sao.state.tx.us/careers