Job Specification

Purpose of Position :

To plan, lead and/or conducts information technology audits and consulting assignments for the ministry in the following areas new systems under development, information security, E-commerce, telecommunications and networks, computer operations and existing applications.

Duties / Responsibilities :

1. Plans, leads and/or conducts a broad range of complex information technology audits. Consults with audit management and a variety of clients to assess risk and perform reviews to help management implement controls to effectively mitigate risk.

2. Leads information technology projects using both staff resources, and external service providers.

3. Builds and sustains positive client relationships with all levels of ministry management including seeking out opportunities to add value.

4. Identifies flexible and innovative service delivery approaches that include techniques relating to control and risk assessment and proactive control design.

5. Develops for the approval of the IT audit management team new audit techniques that will contribute to more effective and efficient audits.

6. Researches best practices and applies them to current and future audit projects. Seeks ways to constantly improve the audit process in order to increase value of the audit process.

7. Advises and researches on the effectiveness of any proposed directives related to information technology.

8. Conducts special investigations related to information technology and systems. Works with clients management to provide resolutions to specific issues.

9. Provides consulting, technical expertise and support on major systems development projects to ensure planned systems are cost beneficial, meet user needs, and are developed and documented according to established standards. Ensures that system has built in controls for data integrity, security, recoverability and auditability in order to prevent costly retrofitting. Provides technical expertise, consultation and advice to clients on systems development methodology.

10. Leads and facilitates control and risk assessment sessions for ministry management groups.

11. Delivers control education and helps clients design control portfolios to effectively mitigate risk.

12. Negotiates with clients, the recommendations and action plans required to address issues identified during the audit. Develops suggestions for improvement that are both practical and useful to the client.

13. Prepares reports and gives presentations to effectively communicate the important issues to the client.

14. Participates with either the Manager IT Audits or the Director, IT Audit in performing enterprise wide audits.

15. Participates as a member of various ministry committees and government wide committees. Provides input to government and ministry audit, business and planning initiatives and provides advice on the development of policy.

16. Assists the Manager - Information Technology Audits in yearly audit planning and development of procedures/guidelines for Information Technology Audit projects.

17. Acts as a back up to the Manager - Information technology Audits in attending meetings and participating in committees.

Knowledge :

Position requires through knowledge of and proven extensive experience in generally accepted auditing standards (IIA, ISACA), practices, methodologies (including risk management strategies, control strategies, structures and systems) to plan and conduct multiple information technology audits. Specialized knowledge and understanding of and proven recent experience in systems development methodologies and practices and technical knowledge (consistent with the Ontario Government's Information and Information Technology Strategic Planning). Through understanding of current and emerging technology and related issues to utilize knowledge in the audit of such areas as: new systems under development, information security, emerging technology, e-commerce, telecommunications and networks, computer operations and existing applications and to ensure effective evaluation and recommendations regarding ministry systems, information technology policies and procedures.

Proven and extensive experience in conducting/managing complex projects in a state of the art information technology environment. Knowledge of technology infrastructure including capacity and connectivity of hardware and software in an enterprise environment including: mainframe, web-based, client server platforms, networks, security and connectivity. Experience with service delivery options, personal computer and WEB information technology platforms.

Experience in the processes of procuring the services of external service providers. Extensive knowledge of the business, programs, policies and legislative authorities unique to client group(s) and the relationship between business issues and the application of technology to ensure the legislative and statutory requirements that effect client business, programs and services are addressed in all audits. Analytical skills to apply analytical methods to multi-dimensional problems and issues. Proven recent consultative and customer service skills to provide consulting, technical expertise and support on major systems development projects and to present senior management with significant risk and control issues.

Strong oral, written and presentation communication skills to ensure reports are clear and concise and effectively communicate important issues to the client. Proven relationship management skills to build and sustain positive relationships with clients and network with ministry management and cluster colleagues and to deal effectively and discretely with senior management. Negotiation skills to negotiate recommendations and action plans with clients for complex audit projects. Ability to adapt to changing priorities and circumstances, handle concurrent projects, meet deadlines and manage projects within budget.

Judgement :

Position works under the general direction of the Manager IT Audit and the Director IT Audits and within generally accepted audit standards of the Institute of Internal Auditors (IIA) and the Information Systems Control Association (ISACA). Position exercises a high level of decision making in independently conducting complex audits within the context of specific audit projects with freedom in performing IT audits based on understanding of the ministry(ies) Technology environment and business direction.

Judgement is exercised in planning audit projects, identifying internal and external resource needs and resolving all problems during the course of an audit; in determining resource requirements, terms of reference and workplans for all assigned audits. Judgement is required in seeking out opportunities to add value, improvement and suggestions regarding the audit function and to address trends and issues that impact positive client relationships.

Position exercises judgement in identifying and implementing service delivery approaches to communicate information and advice to client management. Judgement is exercised in providing expertise on major systems development projects to ensure planned systems are cost beneficial, meet user needs, are developed and documented according to established standards and to ensure the integrity and security of major information technology initiatives across the OPS and within IAD.

Accountability - Programs :

Accountable for planning and performing information technology audits , consulting assignments and other IT projects for the Cluster consistent with generally accepted audit standards with projects reviewed by the Manager - IT Audits and in some cases as appropriate by other Divisional management. Ensures quality of work meets client needs and audit projects and completed on time and within budget. Provides IT and project management expertise and leadership in the development of business process and technology solutions.

Accountability – Personnel :

Provides team leadership to multi-disciplinary teams including technical IT support to a number of projects at the same time. May be required to provide training and coaching to non-IT audit staff to assist them in completing their projects.

Accountability - Finance and Materials :

Responsible for ensuring individual projects are completed on time and within budget. Participates in the development of a costing model(s) to support internal IAD systems.

Accountability - Impact of Errors :

Poorly executed audits could result in an inaccurate assessment of controls for a particular process, activity or program. This could result in risk not being effectively mitigated that could lead to financial loss or public embarrassment.

Contact - Internal :

Frequent contact with clients including senior management and staff, primarily in the information systems and technology areas of the ministry. Contact required to provide consulting, technical expertise and recommendations regarding the functioning and adequacy of the organizations control strategies and systems; with clients, ministry management and cluster colleagues to foster alliances and facilitate co-operative relationships.

Frequent contact with senior ministry officials (i.e. Director, ADM's) to provide information on results of audits and to problem solve issues. Participates as a member of various ministry committees and government wide committees to provide input to government and ministry audit, business and planning initiatives.

Contact - External :

Occasional contact with consultants and frequent contact with external audit professionals to share ideas and concepts.