A class incumbent is responsible for organizing, performing and/or supervising audits of information systems and applications.
Nature and Scope
An incumbent in this class works with general direction from an administrative superior. Work involves organizing, performing and/or overseeing the examination, analysis and verification of information systems and related records, reports, files and procedures of State government agencies, institutions and data centers to ensure appropriate internal and administrative controls and systems integrity are in compliance with applicable laws and regulations. An incumbent prepares audit reports and recommends action necessary to correct any deficiencies found. Incumbents also perform computer programming to copy, summarize and extract information.
Essential functions are fundamental, core functions common to all positions in the class series and are not intended to be an exhaustive list of all job duties for any one position in the class. Since class specifications are descriptive and not restrictive, incumbents can complete job duties of similar kind not specifically listed here.
Organizes, performs and/or oversees information systems audits in accordance with auditing standards methods and procedures.
Participates in the development and determination of audit scope and objectives. Prepares audit plans and coordinates work with appropriate personnel.
Develops audit programs to determine the adequacy of the controls in complex information systems and data centers.
Documents, tests, reviews and analyzes information system applications, controls, and procedures and the management, access and control of records, reports and files generated by the systems. Identifies system and control deficiencies and incidents of actual and suspected fraud, waste, and abuse/misuse. Recommends and ensures corrective action.
Conducts interviews to collect technical data from technical staff to understand and evaluate various information systems and program codes.
Reports progress of audits to administrative superior. Conducts update conferences and meetings with agency staff.
Prepares routine and special letters, reports and analyses.
Writes programs to copy, summarize and extract data. Utilizes audit software to perform analyses, statistical samples, and file comparisons.
May assist in providing training in the area of information systems auditing.
May review working papers and/or reports of other staff for technical accuracy and adequate documentation and adherence standards regarding information systems auditing.
Knowledge, Skills and Abilities
The intent of the listed knowledge, skills and abilities is to give a general indication of the core requirements for all positions in the class series; therefore, the KSA’s listed are not exhaustive or necessarily inclusive of the requirements of every position in the class.
Knowledge of information systems auditing principles, practices and procedures.
Knowledge of information systems technology, operations and applications.
Knowledge of State standards, policies and procedures relating to data processing.
Knowledge of the concepts, methods and techniques of testing software programs and operating systems.
Knowledge of applicable laws, rules and regulations, reporting requirements, and various guidelines and procedures.
Knowledge of audit plans, goals, objectives, timeframes and scopes.
Skill in analyzing and interpreting technical data and in preparing clear and concise reports for review.
Skill in explaining and demonstrating control procedures to all levels of management.
Skill in gathering information, analyzing and evaluating compliance or performance.
Skill in writing clear and concise working papers; analyzing summaries, drafting findings and recommendations.
Skill in interviewing and investigation techniques and procedures.
Ability to recognize deficiencies in internal and administrative controls and procedures and to recommend corrective action.
Ability to construct and design flow charts.
Ability to communicate effectively both orally and in writing.
Ability to provide training in computer information systems auditing methods and techniques.
JOB REQUIREMENTS for Information Systems Auditor Applicants must have education, training and/or experience demonstrating competence in each of the following areas:
At least two years experience in information systems technology concepts such as computer operation systems, computerized business applications, telecommunications, data structures and database management systems, system development, disaster recovery or business continuity planning.
Six months experience in interviewing which includes using structured or unstructured interview techniques to obtain facts, explore issues and identify courses of action.
Six months experience in interpreting laws, rules, regulations, standards, policies, and procedures.
Six months experience in narrative report writing.
Knowledge of analyzing, testing and reporting on information systems such as information systems applications, computer operation systems, computerized business applications, telecommunications, data structures and database management systems, system development, disaster recovery or business continuity.