You are viewing a preview of this job. Log in or register to view more details about this job.

Assistant State Auditor III - Information Systems Audit Division

North Carolina Office of the State Auditor
Email
Description of Work
The Information Systems Audit Division of the Office of the State Auditor is responsible for assessing IT risk and the effectiveness of the information technology control environment for the State of North Carolina. The ISA division performs perform detailed evaluations and audit reviews of computer information systems including IT governance, IT policies and procedures, pre & post implementations (IV&V), general controls, system development standards, operating procedures, networks, operating systems, database management, system security, programming controls, communication controls, backup and disaster recovery and system maintenance to ensure the efficiency, effectiveness of systems and to minimize risk. Information systems audits range from moderate to highly complex. Information systems audit work and associated recommendations add value by providing improvements around managing the integrity, confidentiality, and availability of information as well as the effectiveness and efficiency or IT operations in North Carolina.

Positions at this level are professional auditors who are primarily responsible for assisting with various audits as a member of an audit team. Auditors at this level have the ability to work independently on both familiar and unfamiliar tasks. Providing guidance to other team members is expected for this position, including applying leadership concepts. There is an increased involvement and responsibility in planning, methodology discussions, risk assessments, and monitoring the audit progress. Auditors at this level provide assistance in all aspects of the audit and staff such that the burden on the audit supervisor is reduced.

Knowledge, Skills and Abilities / Competencies
  • Demonstrated knowledge of professional standards, techniques, practices and procedures, knowledge of local, state, and federal regulations, and statutes governing area of work, including governmental accounting and auditing, sampling, and writing findings
  • Demonstrated knowledge of audit techniques, methodologies, and standards: ISACA, Generally Accepted Auditing Standards (GAAS), Government Auditing Standards (GAS - Yellow Book), Federal Information System Controls Audit Manual (FISCAM)
  • Demonstrated knowledge of various IT technologies: Security Management Systems, Operating Systems, Networks, Database Management Systems, and ERP systems.
  • Demonstrated knowledge of IT control frameworks and security standards: Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), International Organization for Standardization (ISO) Standards 27002 and/or 27005, and/or National Institute of Standards and Technology (NIST), HIPAA/HITRUST, SOC 2/3, or other relevant IT control frameworks, preferred
  • Documented proficiency in applying IT project management methodologies such as PMBOK
  • Demonstrated ability to independently execute highly complex automated data retrieval and analyses tasks with large data sets and sources
  • Demonstrated ability to design and develop complex Computer Assisted Audit Techniques (CAATs) using tools such as ACL, IDEA, Tableau, and other big data tools
  • Demonstrated knowledge of information technology areas such as information security, IT general controls, configuration management, disaster recovery, systems development life cycle, application level controls, etc.
  • Ability to interpret and apply knowledge of complex laws, regulations, and procedures, generally accepted accounting principles, technical and professional standards, and serve as technical resource for unprecedented issues
  • Ability to develop and follow work plan, apply sampling techniques, design test procedures and assist others in design
  • Ability to audit various complex financial, systems, and/or program information and confirm accuracy, integrity, and conformance to rules, regulations, and standards
  • Ability to identify substantive issues requiring research and analysis and recognize deficiencies in controls or other weaknesses and suggest solutions
  • Ability to recognize complex problems, identify reportable issues and underlying problems, propose solutions, and to serve as resource for others on unprecedented, non-standard issues and problems
  • Ability to communicate complex issues in writing and verbally in a clear, concise, and organized manner, make recommendations on policy impact and/or operations, reviews and edits others' communications, and conducts effective interviews of auditee personnel
  • Solicits ideas and suggestions from team members, treats team members with respect in a cooperative manner, and does not introduce negativity into the work environment
  • Ability to follow audit procedures as planned and offer suggestions for improvements to plan and/or work papers, reviews work for completeness and accuracy, and ensure work papers are clear and understandable and support audit objectives
  • Provides instruction of office policies and procedures to new or less experienced team members and assists in planning and coordination of assigned tasks
  • Documented ability to provide guidance to others within the team, including reviewing work, training staff, setting an example, and demonstrating a positive attitude in difficult situations.
  • Proven record of functioning independently on familiar and unfamiliar assignments/issues.
  • Demonstrated an increased involvement and responsibility in planning, methodology discussions, risk assessments, and monitoring the audit progress. 
  • Proven ability to provide assistance in all aspects of the audit and staff such that the burden on the audit supervisor is reduced.
  • Proven ability to communicate effectively, both in oral and written forms.

Minimum Education and Experience Requirements
Bachelor's degree with 24 semester hours in accounting and 12 semester hours in information technology or computer & information security from an appropriately accredited institution and 3 years of experience in auditing/accounting or information technology/computer security; OR

Bachelor's degree with 24 semester hours in information technology or computer & information security and 12 semester hours in accounting from an appropriately accredited institution and 3 years of experience in auditing/accounting or information technology/computer security; OR an equivalent combination of education and experience.