General Summary The Senior IT Auditor position is responsible for performing internal audit work throughout the University of Minnesota. The University encompasses a wide array of diverse activities including academic support functions, sponsored research, large scale business operations, academic health care, intercollegiate athletics, and municipal/utility operations. The complexity and size of audit assignments will vary significantly and will encompass audits of University units and processes, investigations, and other special projects. Incumbents are expected to have two or more years of applicable IT audit experience or a combination of: audit, IT and other relevant experience. Incumbents must also be able to demonstrate proficiency in performing internal audit work that conforms to the Institute of Internal Auditor’s professional standards. Work assigned to incumbents will generally be well-defined and is expected to be carried out with limited supervision. Decisions regarding the scope of work to be performed, the nature of testing to be completed, and the reporting and disposition of results will be delegated to this position with oversight by supervisors or managers.
1. (~80%) Perform IT audit testing of both University units and processes to evaluate the efficiency and effectiveness of internal control, risk management and governance processes with guidance. This includes assessing whether:
• Risks are appropriately identified and managed by the process owners and/or University management. • Auditees’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations. • Resources are acquired economically, used efficiently, and adequately protected. • Programs, plans, and objectives are achieved. • Quality and continuous improvement are fostered in the University’s control processes. • Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.
2. (~20%) Communicate the results of the audit work performed, using both verbal and written skills. This will include:
• Developing and documenting findings and recommendations that properly address risks and conclusions. • Meeting with the audit client(s) to discuss both the preliminary audit results. • Draft audit report issues and recommendations. • Using appropriate audit judgment in evaluating the significance of audit findings and the impact/risk of the issue.
The above audit work should be carried out by: • Using accepted audit procedures and techniques during the audit, and performing audit steps in the programs established to evaluate the adequacy of controls, risk management and/or governance processes. • Documenting, reviewing and assessing internal controls and the efficiency and effectiveness of business practices used in the units/processes being audited. This typically is accomplished through the use of questionnaires, interviews and flowcharts, data analytics and also through the testing of transactional activity. • Obtaining, analyzing and appraising IT controls, transactions, documents, records, reports and methods that provide the basis for our conclusions on the effectiveness and efficiency of controls over the unit or process being audited. • Collecting and analyzing, through the use of data analytics and other methods, sufficient competent evidence to serve as a basis for our conclusions. • Preparing detailed, clearly labeled workpapers that record and summarize data on the audit work assigned. • Exhibiting flexibility and agility in daily tasks and overall schedule. • Working effectively and efficiently in a team environment or individually as needed. • Reviewing some work completed by other audit staff for quality assurance purposes. • Assessing whether data analytics can be used and properly interpreting and concluding on data.
• Conduct follow-up work to determine the current status of prior recommendations made to management. • Complete training and other activities to maintain and enhance professional skills and abilities. • Gather, review and assess audit evidence as part of investigating allegations of misconduct. • Perform audit work related to non-IT audit activities.
The results of the audit work performed by this position is ultimately reported to the highest levels within the University, including the President and the Board of Regents Audit and Compliance Committee.
The audit workproduct produced by this position is considered public data, exists in the public domain and is subject to review and scrutiny by external parties, including the news media and state and federal regulatory agencies.
This position regularly works with both sensitive and confidential information and operates in settings involving confidential interactions.
This position, while based in the Twin Cities, has system-wide responsibilities for all University locations and activities.
• A BA/BS in accounting, finance, management, IT management, or related fields and two or more years of audit experience or a combination of related work experience and education to equal six years.
Preferred Qualifications: • Professional certification (e.g. CISA, CPA, CIA, CFE) and/or an advanced degree is highly desired and a CISA is preferred. • Basic computer skills (Microsoft Word, Excel, etc.) are required. • Effective interpersonal and communication skills are required. • Understanding of standard IT Audit principles, including IT General Controls, is highly desired. • Knowledge of IT systems and system security audit principles and techniques (e.g., server and database configuration reviews) is desired. • Good analytical skills with high attention to detail and accuracy is essential. • A working knowledge of the University of Minnesota: its business processes; policies and procedures; governance practices; and regulatory obligations is desired. • Experience with PeopleSoft financial, human resource and student systems is desired. • The ability to query databases to extract data needed for audit work is desired.
Internal Number: 330111
About University of Minnesota, Twin Cities
The University of Minnesota, founded in the belief that all people are enriched by understanding, is dedicated to the advancement of learning and the search for truth; to the sharing of this knowledge through education for a diverse community; and to the application of this knowledge to benefit the people of the state, the nation, and the world.