STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B23

Class No. 0248

 

INFORMATION TECHNOLOGY AUDITOR II

GENERAL DESCRIPTION

Performs complex (journey-level) information systems auditing. Work involves planning and conducting technical audits of information systems, platforms, and operating procedures. Prepares audit findings regarding the efficiency, accuracy, and security of financial and non-financial programs. May train others. Works under general supervision, with moderate latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Evaluates information technology control elements to mitigate information technology risks regarding the confidentiality, integrity, and availability of business information.

Evaluates and provides the appropriate levels of consulting, testing, assistance, and recommendations for the use, integration, maintenance, and enhancement of an entity’s information technology systems.

Conducts data extraction, analysis, and security reviews.

Participates in audits of technology platforms, information systems, and information technology operating procedures; and evaluates information technology internal controls and security.

Performs audit work, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.

Performs information technology security reviews and general information technology or application control reviews, as needed, to address audit objectives.

Prepares system and data diagrams to identify manual and systems process interactions and critical controls.

Provides technical support for financial and performance audits and performs information technology audits and computer-assisted audits. 

Tests e-government transactions; ensures compliance with laws, regulations, and policies on privacy and public access to data; and tests controls over online services.

Assists in preparing audit reports dealing with complex and sensitive issues in a timely manner for internal and external audiences.

May serve as a subject matter expert on information technology security issues at agencies.

May train others.

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in information systems, auditing, control, or security work. Graduation from an accredited four-year college or university with major coursework in information systems, accounting, business administration, finance, economics, public affairs/administration, or a related field is generally preferred. Experience and education may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of generally accepted information technology audit and financial standards and practices; of information technology security and control practices; of financial and non-financial systems, processes, and practices; and of information technology management practices.

Skill in collecting and analyzing complex data; in evaluating information and systems; in drawing logical conclusions; in assessing the effectiveness of internal controls over key information technology risks; in identifying significant exposures; in analyzing transactions and management information; in detecting changes in key risks and/or control effectiveness; in developing appropriate recommendations to address exposures; and in using analytical software tools, data analysis methods, and other computer applications.

Ability to communicate effectively, and to train others.

Registration, Certification or Licensure

May require certification as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA).

 


State Auditor’s Office

Revised 9-1-15