The purpose of this classification is to perform complex internal IT audits for the County.
The following duties are normal for this position. The omission of specific statements of the duties does not exclude them from the classification if the work is similar, related, or a logical assignment for this classification. Other duties may be required and assigned.
Duties and Responsibilities
Assists the IT Audit Manager in executing the information technology audits on the audit plan. Coordinates, conducts and lead audits and reviews of DeKalb County’s information technology operations, programs, risks, controls, contracts and agreements. These projects will be completed in compliance with professional audit and office standards, to promote accountability, integrity and process improvement in DeKalb County. Monitors compliance of work products with appropriate professional audit standards.
Assists the IT Audit Manager in planning audit projects by developing risk-based scopes, methodologies, and audit programs. Prepares, researches and designs evaluations of programs, systems, controls, policies, procedures and other functions using audit and analytical techniques. Executes complex information technology tests of controls associated with applications, system operations, and supporting infrastructure. Analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations.
Ensures audit conclusions are based on a complete understanding of the process, circumstances, and risk to the organization. Prepares thorough, complete and accurate documentation of work performed. Prepares oral and written briefings. Prepares draft and final reports. Establishes good working relationships with IT and business units at various levels to identify and understand process changes or system implementations that are relevant to areas identified in the audit plan.
Tracks and follow-up on audit findings and recommendations. Perform management requested reviews and other special projects as assigned by the IT Audit Manager and the Chief Audit Executive.
Bachelor’s degree in Finance, Public/Business Administration, Information Technology or a related field; and four years of related professional auditing, evaluation or analysis experience, including at least two years auditing Information Technology General Computing Controls (ITGC’s) and knowledge of government compliance and accounting laws and regulations.
Ability to conceptualize and analyze business procedures and prepare detailed data and process flow diagrams using graphical depiction and data analysis tools.
Knowledgeable in IT Project Management methodology, including Systems Development Life Cycle (SDLC) and Oracle IT application and accounting system control configurations. Understanding of network, server, database and application system configuration methodologies.
Able to ascertain control integrity, perform risk assessments and analysis and make recommendations for strengthening control environments.
Specific License or Certification Required
Must possess and maintain a valid driver's license.
Information Technology audit certification such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional, knowledge of COSO and experience with Sarbanes Oxley (SOX) audit control testing methods are desirable.