Note: For questions about the job posting, please contact the agency that posted this position by using the contact information provided on the "Contact" tab for the position.
Minimum Qualifications A Bachelor’s Degree and three years of IT auditing experience*.
*IT auditing experience must have been gained in any one or combination of the following:
• An auditor with responsibility for the audits of system development life cycle, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor with responsibility for the audits of physical and logical access controls, general IT controls, and application controls, including the writing and presentation of findings reports of technical issues to a non-technical audience.
• An auditor principally engaged in audits of IT project management, telecommunication networks, software, and business continuity preparedness.
• An information systems professional with responsibility for the analysis and evaluation of information systems, including platforms; network infrastructure; and operational practices.
• As a field auditor with federal, state, or municipal agency, with the responsibility for performing comprehensive IT audits to determine the compliance of individuals or businesses.
Education/Experience Substitution: J.D. or Master’s Degree may substitute for one year of technical experience; Ph.D. may substitute for two years of technical experience.
Duties Description Under the direction of an Information Systems Auditor 2 ITS, SG-27, within ITS Internal Audit, the incumbent conducts technical and operational audits and assesses the effectiveness of controls for all ITS applications and network systems, ensuring effectiveness, efficiency, confidentiality, integrity and overall compliance with required laws and regulations.
Illustrative duties include, but are not limited to, the following:
• Develop and/or follow audit plans of computer systems and/or operation in accordance with applicable auditing standards (e.g. Institute of Internal Auditors, ISACA [formerly known as Information Systems Audit and Control Association], etc.).
• Obtain prior working papers, reports, and other documents and materials to gather an understanding of areas under audit.
• Analyze business unit activities and assess risk levels to determine areas for audit.
• Review and evaluate computer systems to determine if applications system controls are adequate.
• Analyze and evaluate the adequacy of IT policies and procedures.
• Evaluate systems and procedures relating to audit areas for compliance with applicable laws, rules and regulations and contract terms.
• Evaluate agency systems and IT operating practices for efficiency and effectiveness in meeting agency and legislative goals and priorities.
• Examine internal controls to evaluate the extent to which proper and effective controls are in place for areas under audit.
• Prepare and organize audit working papers to document the work performed and conclusions drawn during the audit.
• Write and/or prepare narratives, preliminary audit findings, and conclusions based on the findings derived from the audit procedures.
• Participate and/or conduct interviews with client personnel and perform walk-throughs to assist in the evaluation of internal controls.
• Examine transactions including purchases, contract payments, and personnel hiring to determine legitimacy, fraud, waste and abuse.
• Interpret technical IT matters that comprise the documented control deficiencies for purposes of classifying significant deficiencies, material weaknesses, and exit conference points.
• Review and evaluate the implementation of new systems to ensure that controls in the system are adequate and project management is utilized effectively.
• Use computer-assisted auditing tools and techniques across various platforms to meet audit objectives.
• May be assigned as a lead auditor and oversee the work of trainees and students assistants on small, low risk or fairly routine assignments.
• Discuss with audit team and auditee highly technical IT matters relating to deficiencies observed during control reviews.
• Under the supervision of the Information Systems Auditor 2 ITS, develop and perform adequate tests of control procedures to determine whether they have been placed in operation and are operating effectively.
• Make assessments of the effectiveness of the overall design and operation of related control procedures as it relates to the reduction of control risk. Prepare summaries of control deficiencies observed during IT control reviews which require the IT auditor to understand complex control procedures and determine whether they have achieved their objectives.
• Conduct data analysis and data mining.
• May perform tasks assessing program risks to plan potential audits, and work on special or audit research projects.
• Establish and maintain good working relations with the auditee.
Some positions may require additional credentials or a background check to verify your identity.
PO Box 2062
Notes on ApplyingTo apply for this position, please send a cover letter
and resume indicating that you are applying for Info Sys Auditor 1 ITS, Ref #94806M. In your cover letter, please clearly indicate how you meet the minimum qualifications as stated above, and describe
relevant experience for this position.