IT Auditor

A Staff Information Technology (IT) Auditor 1 is a training and evaluation position.  During the first year, the auditor develops an understanding of Louisiana Legislative Auditor policies and procedures, and a good working knowledge of how to plan, conduct, and document processes and controls involving IT on a wide variety of computer platforms.  In addition, a Staff IT Auditor I is expected to be actively working to take and pass one of the primary IT audit certifications (CISA, CISSSP, CPA), if not already certified.

The position requires a working knowledge of IT auditing techniques; IT good practices and criteria, including Control Objectives for Information and Related Technology (COBIT); computer assisted auditing techniques (CAATs); as well as a basic knowledge of governmental accounting, to the work is performed in accordance with governmental auditing standards, as well as IT auditing standards issued by the Information Systems Audit and Control Association (ISACA).

The Staff IT Auditor I position differs from the IT Audit Intern position by the obligations to rapidly expand knowledge and skills in the application of professional standards and by the level of technical work performed.  It differs from the Staff IT Auditor 2 position by the lesser degree of technical knowledge and skills, and by receiving more direct supervision and more detailed review of work performed.

Communication (written and verbal)

• Demonstrates the ability to effectively communicate with supervisors, co-workers, and auditee personnel, including communicating technical matters in a non-technical form.
• Demonstrate the ability to follow instructions and accept constructive feedback from supervisors.
• Conducts inquiries of auditee personnel to gain an understanding IT processes and controls and is able to clearly document that understanding.
• Exhibits self-confidence in interviews with clients.

Job Knowledge and Skills

• Demonstrates appropriate attention to detail.
• Organizes audit documentation in a logical order that can be easily followed by supervisors and other members of the audit team.
• Organizes work flow to ensure meeting established time budgets and required deadlines, including the timely submission of completed audit documentation for supervisor review.
• Obtains relevant audit evidence and makes a preliminary evaluation of that evidence to reach logical conclusions.
• Obtains and documents an understanding of IT controls and procedures.
• Identifies, assesses, and documents risks that may prevent achievement of IT goals and objectives.
• Assesses IT control environments and IT procedures implemented by the auditee to maintain integrity of programs, processing, and data.
• Designs and performs tests of controls.
• Develops recommendations to strengthen the auditee’s IT internal control.
• Seeks supervisor guidance in applying judgment in a manner commensurate with experience.
• Maintains knowledge of governmental auditing standards and ISACA standards, commensurate with experience.
• Uses audit computer hardware and software proficiently.
• Uses a variety of data extraction, analysis, and reporting software, including a working knowledge of Structured Query Language and various CAATs.
• Researches applicable standards, criteria, and regulations.
• Acquires and maintains a basic working knowledge of governmental accounting to enable consideration of the IT risks that affect financial engagements and the potential impact of IT audit issues on financial audits.

Professional Conduct

• Accepts responsibility for actions.
• Adheres to LLA standards of conduct and protocols.
• Maintains a positive, constructive attitude and works well with others.
• Maintains confidentiality of client information.
• A first year staff, meets productivity level of 64%. Otherwise, meets productivity level of 75%.
• Remains flexible to changing work schedules and tasks, including working overtime when necessary and/or traveling out-of-town on assignments.
• Actively works to take and pass the CISA, CISSP, or CPA exam, as demonstrated by scheduling one or more exams or exam parts, if not already certified.

A baccalaureate degree or advanced degree in IT (various IT-related degrees are acceptable), accounting, or other degree with IT work experience from an accredited college or university with eligibility to take either the CISA, CISSP, or CPA examination, if not already certified.