STATE CLASSIFICATION JOB DESCRIPTION


Salary Group B25

Class No. 0249

 

INFORMATION TECHNOLOGY AUDITOR III

GENERAL DESCRIPTION

Performs advanced and/or managerial (senior-level) information systems auditing. Work involves leading and conducting technical audits of information systems, platforms, and operating procedures. Prepares audit findings regarding the efficiency, accuracy, and security of financial and non-financial programs. May assign and/or supervise the work of others. Works under limited supervision, with considerable latitude for the use of initiative and independent judgment.

EXAMPLES OF WORK PERFORMED

Coordinates the execution of audits of technology platforms, information systems, and information technology operating procedures and evaluates information technology internal controls and security.

Coordinates testing of e-government transactions; ensures compliance with laws, regulations, and policies on privacy and public access to data; and tests controls over online services.

Evaluates data extraction, analysis, and security reviews.

Performs audit work including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.

Performs information technology security reviews and general information technology or application control reviews, as needed, to address audit objectives.

Prepares and reviews system and data diagrams to identify manual and systems process interactions and critical controls.

Prepares and reviews audit reports dealing with complex and sensitive issues in a timely manner for internal and external audiences.

Provides consultation and assesses the appropriate levels of testing, assistance, and recommendations for the use, integration, maintenance, and enhancement of an entity’s information technology systems.

Provides technical support for financial and performance audits and performs complex-to-advanced information technology audits and computer-assisted audits. 

Reviews and recommends information technology control elements to mitigate information technology risks regarding the confidentiality, integrity, and availability of business information.

May serve as a subject matter expert on information technology security issues at agencies. 

May assign and/or supervise the work of others. 

Performs related work as assigned.

GENERAL QUALIFICATION GUIDELINES

Experience and Education

Experience in information systems, auditing, control, or security work. Graduation from an accredited four-year college or university with major coursework in information systems, accounting, business administration, finance, economics, public affairs/administration, or a related field is generally preferred. Experience and education may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of generally accepted information technology audit and financial standards and practices; of information technology security and control practices; of financial and non-financial systems, processes, and practices; and of information technology management practices.

Skill in collecting and analyzing complex data; in evaluating information and systems; in drawing logical conclusions; in assessing the effectiveness of internal controls over key information technology risks; in identifying significant exposures; in analyzing transactions and management information; in detecting changes in key risks and/or control effectiveness; in developing appropriate recommendations to address exposures; and in using analytical software tools, data analysis methods, and other computer applications.

Ability to communicate effectively, and to assign and/or supervise the work of others.

Registration, Certification or Licensure

May require certification as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA).

 


State Auditor’s Office

Revised 9-1-15