Come join the University of Minnesota’s widely respected Office of Internal Audit (OIA) as the principal information technology (IT) auditor! The University’s technology portfolio is vast, with thousands of technologies that include cloud-based applications, in-house infrastructure and data centers, and cutting-edge supercomputers and research systems. In this role, you will perform internal audit work related to these and other technologies supporting the wide array of operations throughout the University system.
Additionally, the OIA will fund training and exam fees for key certifications such as the CIA, CISA, CFE and CPA, and you’ll earn bonuses for achieving certifications. Flexible work arrangements are available.
Essential Responsibilities: 1. (~25%) Perform engagement management activities associated with IT audits of University units or processes. This will include: • Managing work assignments and evaluating work product of staff assigned to the audit. This includes being responsible for ensuring the work product is complete, logical and complies with both the Institute of Internal Auditor’s professional standards and department practices. • Ensuring staff are using appropriate audit judgment when drawing conclusions and evaluating the significance of audit findings. • Coaching staff regarding completion of IT audit processes, evaluation of the units and IT business processes being reviewed, and creation of recommendations. • Coordinating work effort and communication with line management responsible for assigned areas. • Performing reviews of others’ audit work to ensure it contains relevant facts to support audit scope and conclusions and adhere to internal audit policies and procedures. • Managing client interaction during course of audit. • Providing guidance to non-IT auditors (i.e., generalist auditors) leading audits where IT concerns are only a subset of the overall project. The incumbent will be assigned to review the IT audit planning, field work and reporting material associated with these audits. For these audits, the incumbent will normally consult with the IT Audit Manager before and after field work is performed for advice and concurrence on planning and reporting strategies.
2. (~25%) Plan IT audits of all levels of complexity independently with minimal supervision from audit management. The plans and procedures are to be developed using a risk-based methodology, focusing our audit effort on those activities creating the greatest risks to the institution. Plans must be developed in recognition of the limited audit resources available for each audit engagement. This will include: • Collecting background material needed through a variety of mechanisms including interviews and data queries for defining the scope of planned audits based on risk analysis and management needs. • Summarizing discoveries during the planning process. • Drafting engagement letters, audit programs, time budgets, and work schedules for the audit.
3. (~15%) Communicate the results of the audit work performed, using both verbal and written skills. This will include: • Developing and documenting findings, and recommendations that properly address risks and conclusions. • Meeting with the audit client(s) to discuss both the preliminary and final audit results. • Using appropriate audit judgment in evaluating the significance of audit findings and the impact/risk of the issue. • Drafting the initial audit report in a clear, concise, manner that effectively communicates results to all relevant levels of management. • Ensuring recommendations made are both actionable and cost-effective, and that they identify appropriate root cause.
4. (~25%) Perform IT audit testing of both University units and processes to evaluate the efficiency and effectiveness of internal control, risk management, and governance processes independently with minimal supervision from audit management. This includes assessing whether: • Risks are appropriately identified and managed by the process owners and/or University management. • Employees’ actions comply with policies, standards, procedures, and applicable laws and regulations. • Resources are acquired economically, used efficiently, and adequately protected. • Programs, plans, and objectives are achieved. • Quality and continuous improvement are fostered in the University’s control processes. • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
Other responsibilities: • Conduct follow-up work to determine the status of prior recommendations made to management. • Complete training and other activities to maintain and enhance professional skills and abilities. • Gather, review, and assess audit evidence as part of investigating allegations of misconduct. • Provide consultative advice and recommendations to business areas and clients to improve processes and controls as needed.
Required:
A bachelor’s degree, with a major in technology, technology management, accounting, finance, business management, or similar emphasis preferred
Six or more years of audit, IT or other related experience to include project management experience
Understanding of standard IT audit principles, including IT general controls
Knowledge of IT systems and system security audit principles and techniques (e.g., server and database configuration reviews)
Preferred:
Professional certification (e.g., CISA, CPA, CIA, CFE) and/or an advanced degree, with a CISA particularly desired
Experience with enterprise resource planning (ERP) systems’ (e.g., PeopleSoft) financial, human resource, and student components
Advanced data analytic skills including experience with data analytics and visualization tools and techniques such as SQL and Tableau to query, analyze and present data
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.
