Job Specification
Position Title:
Amended - Senior IT Audit Specialist
Job Code:
6A001 - Finance06
Purpose :
- To plan, lead and/or conduct information technology audits and consulting assignments.
- To assist ministries in improving the effectiveness of risk management, control and governance.
Key Responsibilities :
1. Audit
- Leads and conducts a broad range of complex information technology audits; determine scope and requirements, develop terms of reference and audit plans.
- Conducts special investigations related to information technology and systems; prepares and presents reports to senior management to communicate significant and sensitive issues.
- Researches, identifies and implements best practices for current and future audit projects (e.g. develops new audit techniques), seeking ways to improve integrity, value, and quality of the audit process.
- Negotiates with client management to provide resolution to areas of concern; builds and sustains positive client relationships with all levels of Ministry management to establish professional trust and credibility, facilitate the conduct of audits, and resolve contentious issues arising from audit and audit recommendations
2. Risk Management
- Assists senior management and client business management in risk identification and assessment; recommends practical improvements for effective controls to mitigate risk.
- Identifies flexible and innovative service delivery approaches that include techniques relating to control and risk assessment, and proactive control design.
- Assists in the annual risk-based audit planning for fiscal projects, including the development of audit scope and objectives to ensure high-risk information technology projects, systems processes and infrastructure are reviewed.
3. Project/Contract Management
- Leads information technology projects within Ontario Internal Audit (OIA) utilizing staff resources and external service providers; provides team leadership, technical advice and direction to multi-disciplinary teams conducting projects, including training and coaching.
- Manages and reviews work performed by external service providers for third party reviews and audit projects to ensure delivery of quality service and products.
- Assesses Requests For Proposal (RFP) responses from external resources for various program areas as required and develops annual Vendor Of Record (VOR).
4. Advisory and Support Services
- Provides technical expertise, consultation and advice to clients on major systems development projects and methodologies to ensure planned systems are cost beneficial, meet user needs, and are developed and documented according to established standards or industry best practices; undertakes consultation, review, analysis and reporting to ensure systems have built-in controls for data integrity, security, recoverability and auditability to prevent/minimize costly retrofitting or business disruption.
- Provides technical direction to less experienced auditors and staff within unit on the conduct of technical/administrative assignments.
Creates and presents reports to senior management to communicate identified vulnerabilities so that corrective action can be implemented. Researches and provides advice on effectiveness of proposed directives; participates as a member of various Ministry and government-wide committees to provide input to government and ministry audit, and business planning activities and initiatives.
Knowledge / Skill :
Knowledge of and skills in:
- governance and accountability controls for the effective management of large-scale I&IT projects.
- generally accepted professional auditing and I&IT standards, practices and methodologies, to plan and conduct information technology audits; develop I&IT audit plans and Terms of Reference based on I&IT audit standards and control frameworks.
- system development methodologies, current IT best practices framework, current operating and data management systems to conduct audits and risk assessment analyses.
- current and emerging technology, I&IT business processes, business application systems, IT infrastructure, and related issues to conduct assessments and develop responsive recommendations.
- risk management concepts, methodologies and strategies, to assess risk management practices and provide advice to senior officials and client management.
- provincial government administrative policies and procedures governing service procurement and contract administration to acquire and manage service providers.
- program and project planning, development and evaluation techniques to devise, implement and monitor effective audit procedures.
- statistical methodologies and techniques.
- oral and written communication techniques to prepare audit reports, reviews, research and statistical reports, briefing materials and correspondence; presentation skills to present information and audit findings, options and recommendations to senior officials and managers.
Interpersonal / Influencing Skill :
- Consultation and negotiation skills to advise ministry managers on audit findings, current practices and proposed options to improve security, audit and controls.
- Facilitation skills to address and resolve contentious issues arising from audits and audit recommendations.
- Mediation and persuasion skills to deal with difficult Ministry clients in the sign-off of audit objectives and to respond to audit conclusions.
- Interviewing skills to collect information from management and staff.
- Relationship management skills to build and sustain positive relationships with clients and ministry management, and establish trust and credibility with senior management.
- Facilitation, instructing and communication skills to provide technical advice, direction, training and coaching to multi-disciplinary project teams.
- Persuasion and negotiation skills to advise and elicit support from senior management of the merits of implementing controls to mitigate risks and ensure the implementation of recommendations and actions.
Analyzing / Problem Solving Skill :
Analyzing and problem-solving skills to:
- determine audit requirements and develop plans.
- document and analyze system process flows.
- identify control points, discrepancies and weaknesses, assessing their level of adverse impact; conduct audit and risk management research.
- assess viable options and identify the most effective way to mitigate risk and assist clients to achieve their goals and objectives.
- evaluate current and future audit program and risk management needs.
Decision Making / Responsibility :
Responsible for:
- leading complex information technology audits by determining resource requirements, terms of reference, and work plans.
- ensuring individual projects are completed on time and within budget, seeking out opportunities to add value, improvement and suggestions concerning the audit function.
- providing expertise to client management concerning audit processes, results, and risk management; addressing sensitive situations resulting from audit, resolving if possible and escalating if required.
- Has latitude to make recommendations to management on specific IT activities and policies, within the framework of the professional auditing and I&IT standards.
- Decision-making is guided by Memoranda of Understanding, generally accepted audit principles and practices, IT audit standards, risk management standards and strategies, provincial legislative requirements, the corporate I&IT strategy, corporate and related directives, cluster and Ministry policies and guidelines, and OPS policies and procedures.
Contacts / Stakeholder :
- Senior management in client ministries, to present audit reports, conduct informational interviews, advise on improvements to security, audit and controls, and negotiate the implementation of recommendations and action plans.
- Program area management to provide technical guidance, solicit information for specific audits, seek approval for Terms of Reference/Memoranda of Understanding, conduct informational interviews, present audit reports, advise on improvements to security, audit and controls, and negotiate the implementation of recommendations and action plans, and resolve issues.
- IT peers to consult, exchange information on audit and risk management matters, and to solicit/recommend improvements in design, processes and procedures.
- External service providers and external audit professionals to provide technical advice and direction.
Guidance / Supervision :
- Provides technical advice and guidance to less experienced auditors and staff within unit to conduct technical/administrative assignments, and technical direction to multi-disciplinary project teams.
- Provides guidance and leadership to audit clients and multi-disciplinary teams in audit procedures and issues.
Demands / Pressures :
Work Demands :
Occasional unexpected changes to deadline; tight time pressures; travel to client sites
Mental / Sensory :
Frequent periods of listening intently during client interviews, reading without interruption, inspection of clients' computer facilities.
Conditions / Environment :
Work is performed in a typical office environment.