Job Purpose Performs complex-level professional internal auditing work. Work involves leading or conducting information technology (IT) audits and assessments as well as performance, operational, and compliance audit and projects; designing and conducting data analyses; developing ad hoc reports; providing IT consulting services to the organization's management and staff; providing key input to development of the annual audit plan; and providing training and coaching to internal audit staff. Responsible for identifying audit scope based on technology risks and independently evaluating the efficiency and effectiveness of information technology infrastructure and application controls, including security and internal IT controls. Maintains all organizational and professional ethical standards. Works independently under general supervision with considerable latitude for initiative and independent judgment.
Conducts IT risk assessments to mitigate IT risks regarding the confidentiality, integrity, and availability of business information. Provides key input to the development of the annual audit plan for IT audits and/or projects.
Develops and performs IT audit procedures of systems, applications, and IT environments, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.
Conducts interviews, reviews documents and related data, develops audit metrics for data analytics, conducts data analysis and interprets results and their impact on the control environment, develops and administers surveys, composes summary memoranda, and prepares automated working papers.
Conducts data extraction, analysis, and security reviews utilizing software tools.
Identifies, develops, and documents audit issues and recommendations using audit evidence and independent judgment concerning areas being reviewed.
Communicates or assists in communicating the results of audit and consulting projects via written reports, charts/graphs, and oral presentations to management and the Board of Governors.
Develops and maintains productive client and staff relationships through individual contacts and group meetings.
Leads and supports the implementation of the continuous monitoring/auditing program.
Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.
Represents the Office of Internal Audit on organizational project teams, system development initiatives, at management meetings, and with external organizations.
Provides or assists in providing training, coaching, and guidance to internal audit staff in conducting IT audits and other audit-related issues.
Plans and executes audits of client/server technology platforms (Windows, SQL, Linux, Unix, LDAP, AD and VM) and evaluates IT internal controls and works collaboratively with management to identify actions needed.
Supports audits and consulting engagements related to programming, online processes, client-server architecture, cloud services, database extraction, technology strategy, and data communication and network security.
Acts as liaison with IT business partners to ensure full understanding of data flow, data integrity, and system security.
Perform other related duties as assigned
MINIMUM QUALIFICATIONS Education: Bachelor's degree from an accredited college or university, certification as a CISA, and four years of full-time experience in auditing, accounting, business analysis, or program evaluation, including two years' experience conducting information technology audits.
A graduate degree in computer science, computer engineering, information system management, business administration, or a related field, or a second certification (CIA, or CISM) may each substitute for one year of required experience (for a maximum substitution of two years).
Experience: Experience in industry auditing or accounting and in conducting audits in information systems and other areas pertinent to the industry. Eposure to CAAT (Computer Assisted Audit Techniques). Experience with enterprise systems and their database Experience with report writing and developing specialized ad hoc reports Experience in performing new systems development audits, or related work experience. Experience with network controls. Exposure to security software and controls.
Knowledge, Skills and Abilities Considerable knowledge of and skill in applying IT internal auditing principles and practices, and management principles and preferred business practices.
Knowledge of generally accepted IS audit standards, guidelines and practices, IS security and control practices, and code of professional ethics.
Knowledge of The IIA's International Standards for the Professional Practice of Internal Auditing of Internal Auditing (Standards) and Code of Ethics.
Knowledge of IT professional terminology, concepts, and practices based on NIST, CIS, COBiT, and ISO.
Knowledge of tools to query and manipulate data including advance excel and SQL database.
Knowledge of generally accepted IT industry standards, policies, procedures, controls, regulations, and laws.
Skill in conducting quality control reviews of audit work products.
Skill in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
Considerable skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines.
Skill in negotiating issues and resolving IT business problems.
Strong knowledge of Microsoft Office Suite, accounting systems, and other business-related software to prepare reports, memos, summaries, and analyses.
Considerable skill in effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations.
Ability to establish and maintain positive, collaborative working relationships with co-workers, staff and external contacts, and to work effectively in a professional team environment.
Considerable knowledge of OS technology (i.e., Unix and Windows), web-based technology, and basic infrastructure control issues.
Considerable skill in assessing the effectiveness of internal controls over key IT risks, identifying significant exposures, analyzing transactions and other management information, and detecting changes in key risks and/or control effectiveness.
Skill in developing appropriate recommendations to address exposures.
Ability to learn new operations quickly and work independently is a must.
A premier research university serving a diverse body of motivated students in vibrant Midtown, the cultural center of Detroit.
Founded in 1868, Wayne State University is a nationally recognized metropolitan research institution offering more than 370 academic programs through 13 schools and colleges to nearly 29,000 students. Wayne State’s main campus in Midtown Detroit comprises 100 buildings over 200 acres; its six extension centers offer higher education to students throughout Southeast Michigan.