Job Opening: Senior Auditor I - IT Audits

(Grade 12A) CSA326: $54,344.42 to $81,517.26/yr. (Commensurate with experience)

Supervise and/or participate in the development of information technology (“IT”) performance audits of state agencies, departments, programs, and vendors who contract with the Commonwealth. Contribute to efforts that lead to quality IT audit work and the preparation of IT audit reports in accordance with generally accepted government auditing standards (GAGAS.) Incumbent will maintain independence and objectivity while conducting studies and performance audits of IT general controls, CIS Critical Security Controls and the NIST Cybersecurity Framework for state agencies, authorities and contract providers. IT auditors perform IT focused audits such as, but not limited to, general and application control reviews, system security reviews, and disaster recovery and business continuity reviews. The incumbent in this position will also be tasked with assisting audit staff by providing technical expertise on IT aspects of assigned audits to support data reliability assessments.

Work under the general supervision of either an IT Audit Supervisor or an IT Audit Manager who reviews work products for accuracy and completeness.

May provide supervision to member(s) of the audit team

Senior Auditors in the Office of the State Auditor are expected to carry out the following work:

On smaller, less complicated IT audit engagements, oversee all aspects of the day-to-day activities of the audit, including the planning, supervision of the filed staff, the conduct of all audit work, and the preparation of comprehensive audit reports in accordance with generally accepted government-auditing standards.

• On larger, more complex audits, work under the supervision of an IT Audit Supervisor, performing various assigned audit tasks that include, but are not limited to, the following:
   

• Sections of audits of the accounts and related activities and systems of Massachusetts state departments, institutions, authorities and/or contractors, and other activities and functions of the Commonwealth which are subject to state and federal rules and regulations.
   
  • Assist audit staff in the IT aspects / findings or detail of their assigned audits by providing technical expertise
     
  • Researching pertinent laws, regulations, policies, procedures, and other criteria relevant to the IT audit
     
  • Completing standard audit forms and documents relevant to the audit
     
  • Assigning audit procedures to staff members to complete and monitoring their progress, ensuring the accurate and timely completion of the audit work in accordance with applicable standards.
     
  • Providing on-the-job training to Field Auditors in all aspects of the audit process, including the development of Audit findings, interviewing, report writing, problem resolution, etc.
     
• Prepares stand alone, complex work papers that adequately document IT work performed and conclusions reached and are properly SPAC'ed  Helping develop and prepare audit findings and corresponding comprehensive recommendations that improve performance, provide cost savings and increase accountability
   

• Review audit reports and supporting work papers for content, accuracy and completeness
   
• Evaluate or compare IT data in order to provide information to management for making sound conclusions to solve problems, to plan course of action and/or to recommend / or refine agency policies and procedures
   
• Participate in meetings/presentations with agency representatives relative to the conduct of the audit
   
• Conduct performance evaluations of assigned audit staff members
   
• ​​​Maintain awareness of budgeted audit days and carefully track budget to actual for assigned audit work
   
• Ensure that reporting staff have sufficiently documented entrance and exit conferences and other meetings as assigned
•  
• Work collaboratively with the IT Audit Supervisor in fostering positive relationships among the audit staff and auditees.
   
• Perform other duties as assigned

The successful candidate will possess and/or demonstrate the following:  

• BA/BS in Computer Science, Information Systems Administration, Business Administration, Accounting or related field
   
• CISA or CIA certification is required
   
• Demonstrated experience with internal controls, risk assessments, business process and internal IT control-testing or operational auditing
   
• Strong background in auditing techniques and/or computer control environments
   
• Successful experience identifying controls, developing and executing test plans
   

• Demonstrated ability to write report segments and to participate in presentations 

• Proficiency in Microsoft Word, Excel, and Access,  Preference may be given to candidates who are also familiar with the Teammate audit software
   
• Strong analytical, problem-solving, and organizational skills and ability to think critically and creatively
   
• The ability and desire to be a self-starter and follow through with assigned tasks within established timeframes with a minimum amount of supervision
   
• Strong collaboration, interpersonal management, and relationship skills
   
• Ability to exercise sound judgment
   
• Ability to analyze and determine the applicability of data, to draw conclusions and make appropriate recommendations
   
• The ability to travel within state to audit assignments and trainings.

Experience and expertise in the following areas will also be important considerations:

• Masters in Computer Science, Information Systems Administration
   

• Knowledge of management structures and operations;
   
• 1 - 3 years of related experience within professional services, IT organization, or internal audit.
   
• Working knowledge of social science research tools and information sources;
   
• Experience in auditing
   
• Knowledge of the fundamentals of information technology auditing and accounting theory and practice
   
• Basic knowledge of the Office of the State Auditor’s manuals and working knowledge of the Massachusetts Management Accounting and reporting System (MMARS) and the Commonwealth’s Information Warehouse (CIW)
   
• Understanding of information technology audit processes
   
• Understanding of generally accepted auditing standards and related guidelines
   
• Understanding of IT-related objectives, risks, and control practices
   
• Understanding of the fundamentals of related control models, such as COSO and CobiT
   
• Knowledge of generally accepted government auditing standards (GAGAS), CIS Critical Security Controls and the NIST Cybersecurity Framework• Knowledge of Microsoft Word, Excel and Access, TeamMate and audit software, such as ACL
   
• Working knowledge of state and federal laws as they relate to the IT audit function
   
• Knowledge of the mission and structure of State government, and knowledge of the State budget process and related deliverables
   
• Basic knowledge of IT processing environments, data communications, networking functions and emerging technologies
   
• Effective oral and written communication skills
   
• Ability to prepare complete, accurate, and valid work papers in an orderly and logical manner in accordance with professional auditing standards.
   
• Ability to apply professional training to the audit effort and follow oral and/or documented instructions
   
• Ability to apply knowledge gained through attendance of meetings, conferences, or supervisory instruction
   
• Ability to research applicable laws, rules, and regulations as they pertain to specific agencies under audit
   
• Ability to exercise independent and professional judgment in an acceptable and professional manner
   
• Ability to assist in the pre-planning of audits, performance and completion of risk analysis, and the development of audit programs to achieve audit goals and objectives.
   
• Ability to work as a contributing team member as well as independently
   
• Ability to establish and maintain a good professional relationship with departmental and auditee staff
   
• Ability to prepare clear, logical and coherent audit conclusions and findings.
   
• Ability to assess risks to IT systems and data
   
• Possess a basic understanding of disaster recovery and business continuity planning.
   
• Ability to perform data reliability testing on application systems

Salary is commensurate with experience.

We require that all applicants have a valid Massachusetts driver’s license and that they maintain a safe driving record.

No Phone Calls Please:

To apply, please submit an electronic copy of a cover letter and resume, no later than September 27, 2019 via the MassCareers website: Click Here

The Office of the State Auditor is committed to providing equal employment opportunities. Employment actions such as recruiting, hiring, training, and promoting individuals are based upon a policy of non-discrimination. Employment decisions and actions are made without regard to race, color, gender, religion, age, national origin, ancestry, sexual orientation, gender identity and expression, disability, military status, genetic information, political affiliation, or veteran’s status.