Salary Group B27

Class No. 0250




Performs highly advanced and/or managerial (senior-level) information systems auditing. Work involves overseeing technical audits of information systems, platforms, and operating procedures. Prepares audit findings regarding the efficiency, accuracy, and security of financial and non-financial programs. May plan, assign, and/or supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.


Oversees the execution of audits of technology platforms, information systems, and information technology operating procedures and evaluates information technology internal controls and security.

Oversees the testing of e-government transactions; ensures compliance with laws, regulations, and policies on privacy and public access to data; and tests controls over online services.

Oversees the evaluation of data extraction, analysis, and security reviews.

Oversees information technology security reviews and general information technology or application control reviews, as needed, to address audit objectives.

Oversees and/or performs audit work including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.

Prepares and reviews system and data diagrams to identify manual and systems process interactions and critical controls.

Prepares and reviews audit reports dealing with complex and sensitive issues in a timely manner for internal and external audiences.

Provides consultation and assesses the appropriate levels of testing, assistance, and recommendations for the use, integration, maintenance, and enhancement of an entity’s information technology systems.

Provides technical support for financial and performance audits and performs complex-to-advanced information technology audits and computer-assisted audits. 

Reviews and recommends information technology control elements to mitigate information technology risks regarding the confidentiality, integrity, and availability of business information.

Serves as a subject matter expert on information technology security issues at agencies. 

May plan, assign, and/or supervise the work of others. 

Performs related work as assigned.


Experience and Education

Experience in information systems, auditing, control, or security work. Graduation from an accredited four-year college or university with major coursework in information systems, accounting, business administration, finance, economics, public affairs/administration, or a related field is generally preferred. Experience and education may be substituted for one another.

Knowledge, Skills, and Abilities

Knowledge of generally accepted information technology audit and financial standards and practices; of information technology security and control practices; of financial and non-financial systems, processes, and practices; and of information technology management practices.

Skill in collecting and analyzing complex data; in evaluating information and systems; in drawing logical conclusions; in assessing the effectiveness of internal controls over key information technology risks; in identifying significant exposures; in analyzing transactions and management information; in detecting changes in key risks and/or control effectiveness; in developing appropriate recommendations to address exposures; and in using analytical software tools, data analysis methods, and other computer applications.

Ability to communicate effectively; and to plan, assign, and/or supervise the work of others.

Registration, Certification or Licensure

May require certification as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA).


State Auditor’s Office

Added 9-1-15