SOX IT Auditor
Posted 17 days ago
The SOX IT Auditor is focused on leading information technology (IT) general controls testing support for both Sarbanes-Oxley (SOX) and non-SOX environments. The SOX IT Auditor will develop and execute the SOX IT key control testing plan, which may include but is not limited to system development frameworks and standards, operating policies and procedures, system security and programming, backup and disaster recovery, and system maintenance controls.
Principal Duties and Responsibilities
As an IT Auditor, your responsibilities include:
- Complete annual IT SOX audit plan within assigned deadlines.
- Exhibit a strong understanding of business risks, controls, and testing methodologies as they related to auditing of IT SOX controls.
- Review key IT controls based on Internal Controls over Financial Reporting (ICFR) program requirements and discuss related testing approaches with Internal Audit and SOX Audit management.
- Execute IT general controls and application controls testing including System and Organization Controls (SOC) Reports at all in-scope properties in support of the SOX compliance program.
- Develop and execute testing of key SOX reports.
- Work with departmental management to design and implement spreadsheet testing used in the execution of key controls.
- Perform IT internal control and business process walkthroughs to evaluate the design effectiveness of general and automated IT controls.
- Identify internal control deficiencies, inadequate documentation/evidence, and other irregularities.
- Analyze potential financial statement exposure as it relates to IT control deficiencies.
- Follow-up on control deficiencies and gaps identified through IT assessments to ensure that management has taken corrective action. Perform remediation testing as applicable.
- Perform IT application and control assessments for new in-scope applications/processes to identify controls to be tested.
- Assist management in updating current process documentation over internal controls and actively partner with management to ensure controls are in place to address key IT risks.
- Track and maintain evidence request list items.
- Prepare high-quality, well documented work papers to ensure consistency between test objectives, evidence obtained, and test results, in accordance with department standards.
- Work with the Sr. SOX Business Analyst to implement and maintain SOX IT narratives, RCMS, test plans and supporting documentation into the SOX tool.
- Keep the SOX Audit Manager apprised of the testing status and escalate exceptions/key issues for review.
- Maintain up to date knowledge of compliance guidelines, interpretations, and standards.
- Assist team members in various internal audit projects as applicable.
- Technical Capacity
- Communication Proficiency
- Problem Solving/Analysis
- Organization Skills
- Teamwork Orientation
- Time Management
- Customer/Client Focus
- Strategic Thinking
Education and Experience
- Bachelor’s degree in Accounting, Finance or Management Information Systems, required. A concentration in Information Technology, preferred.
- 2+ years of experience in IT audit, or other relevant areas, required. Relevant certificates or license indicating knowledge of internal controls/internal audit concepts (CPA, CIA, CISA, etc.), preferred.
- 2+ years of experience evaluating the design and effectiveness of IT processes and controls over financial and operational functions.
- Strong understanding of control procedures, frameworks, risk assessment practices.
- Experience designing and implementing SOX/IT Controls.
- Strong verbal and written communication skills.
- Experience working with external auditors and being the point of contact for addressing IT SOX related questions.
- Proficiency in Microsoft Office applications.
- SQL, UNIX, Windows skills preferred.
- ACL, IDEA, and/or other analytical software skills preferred.
- Oracle, Hyperion, and other ERP software skills preferred.
- The SOX IT Auditor is focused on leading information technology (IT) general controls testing support for both Sarbanes-Oxley (SOX) and non-SOX environments. The SOX IT Auditor will develop and execute the SOX IT key control testing plan, which may include but is not limited to system development frameworks and standards, operating policies and procedures, system security and programming, backup and disaster recovery, and system maintenance controls.