Internal IT Auditor Job Description
Internal IT auditor
provides oversight regarding audit, regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance, PCI, CCPA / GDPR Compliance).
Internal IT Auditor Duties & Responsibilities
To write an effective internal IT auditor job description, begin by listing detailed duties, responsibilities and expectations. We have included internal IT auditor job description templates that you can modify and use.
Sample responsibilities for this position include:
Perform reviews of IT policies, standards, and procedures
Identifying, assessing and testing IT and automated controls and processes in various system environments, including ERP, network, OS, applications and databases
Evaluate the efficiency and effectiveness of the information technology infrastructure
Lead design of IT Audit plan
Responsible for all phases of an audit or project (either solely or working with an audit team)
Evaluate the significance of audit findings, and review findings, recommendations and correction action with Internal Audit management and auditees
Develop and manage cross functional relationships in order to ensure desired project outcomes
Lead team assigned to work on IT audits to ensure accurate results and completion of audit engagements or projects within prescribed timeframes
Evaluate the general information technology control (GITC) environment
Assist the Internal Audit Department in the design and performance of financial, operational, and compliance audits and train audit staff on IT issues as appropriate
Internal IT Auditor Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Internal IT Auditor
List any licenses or certifications required by the position: CISA, CISSP, CIA, CPA, CISM, CIPT, CRISC, PMP, SOC, ISO
Education for Internal IT Auditor
Typically a job would require a certain level of education.
Employers hiring for the internal IT auditor job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and University Degree in Accounting, Computer Science, Finance, Information Systems, Business, Information Technology, Business/Administration, Education, Management Information Systems, MBA
Skills for Internal IT Auditor
Desired skills for internal IT auditor include:
COBIT
COSO
Data analysis tools and techniques
ACL
ISO 27000 series
PCI
Sarbanes-Oxley
Areas of auditing
Attestation standards established by the Public Company Accounting Oversight Board
Audit procedures
Desired experience for internal IT auditor includes:
A Certified Information Systems Auditor (CISA) or similar professional certification is a plus
Public audit experience desired, Big 4 experience preferred
3-5 years’ experience auditing banking, lending, card management, financial applications (e.g., Oracle Financials, VisionPLUS, ICBS, online banking applications) or similar applications
Bachelor's Degree, preferably in an area of Computer Science or Engineering, Information Systems, Accounting/Finance, or Business
Internationally recognized auditing qualification such as CIA, CISA, CRISC, GSNA, or GSAE
Thorough knowledge of Microsoft applications
Internal IT Auditor Examples
1
Internal IT Auditor Job Description
Job Description Example
Our company is searching for experienced candidates for the position of internal IT auditor. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for internal IT auditor
- Seek to actively participate and contribute in various training, functions/initiatives which promote your own personal development, , the profile of the department
- Performing and documenting processes and drafting risk and control matrices
- Lead team efforts and as a result will be responsible for the logistics, planning and scoping of scheduled audits
- Coordinate and execute opening, update, and closing meetings
- Assess the reliability and integrity of IT and operating information and the means used to identify, measure, classify, and report such information
- Present audit findings or other relevant information to key stakeholders with respect to the effectiveness and adequacy of risk management, governance, and internal control procedures
- Actively develop, train, and supervise internal talent on a regular /daily/ basis
- Serve as a mentor and coach to staff members
- Drive planning, execution and management of information technology audits IT components of integrated audits
- Depending on assigned engagement, reports to member(s) of the internal audit management team
Qualifications for internal IT auditor
- Minimum 5-7 years IT / IT Audit experience in top tier or international public accounting firm or manufacturing operations
- Currently working within an audit / assurance role in industry or professional services
- Have exposure to dealing with senior stakeholders within a business
- Related tertiary qualification and a possible extra qualification such as CISA
- Relevant Degree, CIA / CISA Qualified or with a desire to study
- 3 - 10 years in Operational Audit and SOX (IT audit ok) in public OR internal audit
2
Internal IT Auditor Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of internal IT auditor. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for internal IT auditor
- Participate and lead integrated and IT audit engagements focusing on critical applications, trade execution, trade processing, IT core infrastructure, and IT general controls
- Support the Global Head of MCIA with audit planning, scope design, internal control assessment, escalation and reporting of issues, and monitoring of remediation plans
- Manage the semi-annual IT review conducted by the external auditors during the financial statement audit, including, but not limited to, documentation gathering, issue escalation, and management reporting
- Becoming a member of IT audit interest groups
- Performs Internal IT and Operational audit projects including audits of policies & procedures, processes, security, network, system configuration, database, application, and operating system specific audits SOX and other regulatory compliance audits
- Execute integrated IT audits of technology application and configuration controls
- Primarily responsible for leading the execution of IT audits from planning to report
- Examines information technology (IT) processes and systems by evaluating control risks and providing management with recommendations for improvements to policies, procedures and practices
- Evaluates the adequacy and effectiveness of general and key controls around IT systems and applications for SOX compliance and may develop and/or evaluate SOX test plans
- Actively communicates status and results with the project manager and other auditors assigned to the same audit
Qualifications for internal IT auditor
- Knowledgeable of change management techniques used to ensure application program changes are appropriately authorized, tested and approved for release to production
- Basic knowledge of Windows, Unix, Linux operating systems, and logical access controls, in order to understand how they compliment or enhance application logical access controls
- Basic knowledgeable about relational databases
- Able to effectively interact with senior management and maintain strong relationships with clients
- Able to travel up to 50-60% globally
- Minimum 2 years of information systems auditing or other relevant experience
3
Internal IT Auditor Job Description
Job Description Example
Our innovative and growing company is searching for experienced candidates for the position of internal IT auditor. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for internal IT auditor
- Reviewing and completing IT audit program steps
- Evaluating general computer and automated internal controls
- Identifying control and system weaknesses and control process improvements
- Identifying improvements in operational efficiencies
- Provide real time feedback to the plan or function for ways to make identified control or operational improvements
- Be aware of and address cyber security concerns that are applicable to the Company
- Document clear and concise work papers to support the audit work performed including evidencing the testing samples or procedures performed
- Perform data analytics and utilize data analytics software (IDEA)
- Prepare audit comments recommending improvements in IT internal controls and IT processes
- Actively participating in and/or leading opening audit meetings
Qualifications for internal IT auditor
- Programs and System Knowledge - Experience in auditing applications, interfaces, system infrastructure, information processing and general IT controls
- Ability to manage multiple projects concurrently with proper time and project management skills (e.g., following up on open items, meeting deadlines)
- Two (2) or more years of relevant audit work experience, preferably within a Big 4/5 environment, financial services industry
- Ability to apply auditing protocols
- IT security and control practices for relevant platforms and systems
- Bachelor's degree in Accounting /Finance, or Computer Science or related field
4
Internal IT Auditor Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of internal IT auditor. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for internal IT auditor
- Communicate with management and those subject to audit
- Coordinate and work with finance and operational auditors
- Conduct timely and effective audit planning, execution and reporting
- Contribute to the audit planning and audit reporting for specific audits
- Assist with other audit matters and projects as needed
- Performs/documents system and application walkthroughs
- Appraises adequacy of internal control systems by reviewing process flowcharts for appropriate design, policies and procedures and risk-based audit programs, and recommends enhancements to the system of internal controls
- Conducts interviews with auditees to understand processes and gather information to support audit scope and objectives
- Conducts Sarbanes Oxley 404 (SOX) and operational audit tests timely and accurately, documenting the audit results and related conclusions
- Ensures IT audit testing utilizes appropriate sampling techniques and data analysis (in accordance with Internal Audit's policies and procedures and IIA standards)
Qualifications for internal IT auditor
- Must be able to work as an individual contributor team player
- Four year degree in Accounting, Information Systems or related degree required
- Minimum of 1-2 years of auditing experience with a public accounting firm, preferably one of the “Big Four”
- Retail industry knowledge and experience preferred
- Strong accounting skills including general knowledge of generally accepted accounting principles (GAAP) preferred
- Virginia-licensed CPA or CISA preferred
5
Internal IT Auditor Job Description
Job Description Example
Our growing company is looking for an internal IT auditor. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for internal IT auditor
- Prepare written draft audit reports for IT senior management
- Interact with senior levels of management (CIO, CFO, Controller, ) to communicate audit risks, issues and related corrective actions
- Interface with the external auditors to ensure adequate IT audit coverage and to encourage the sharing of information where practicable
- Play an important role in the administration of the Company’s control self-assessment program and various education efforts related to SOX 404, internal controls, and fraud risk management
- Contribute to IA Department management strategy to develop, sustain, and continuously enhance the image and perceived value of the IA within the Company
- Provide robust challenge on major projects
- Undertake investigation or special reviews
- Assist with the execution of the Company’s internal control testing program (SOX)
- Participate in IT operational audits based on a risk approach of the Company’s mills, corporate processes and other specific areas pursuant to the annual audit plan
- Identify instances of non-compliance with the Company’s policies, guidelines and procedures
Qualifications for internal IT auditor
- Plan and execute audits of client/server technology platforms (e.g., UNIX, Windows, and Mainframe) and evaluate IT internal controls and work collaboratively with management to identify actions needed
- Support audits and consulting engagements related to software development, general computing controls, client-server and open systems architecture, internet and intranet functionality, database extraction, technology strategy, data communication and network security
- Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information
- Acquire knowledge of departmental standards, develop an understanding of CA’s business, seek direction in prioritizing and managing time and comply with various project administrative responsibilities
- Provide or assist in providing training, coaching and guidance to Internal Audit staff in conducting IT audits and other audit-related issues
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology