Conduct internal audit activities within the organization, including providing independent, objective assurance and consulting activity designed to add value and improve the organization's operations. Internal audit is intended to assist the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit is accountable for developing and implementing a risk-based internal audit plan, assisting management in complying with applicable internal control policies and regulations, and working with management to bring cost effective and efficient leading practices. Internal Audit has the authority to perform internal audit and consultative services, have access to necessary data when requested, obtain assistance of Authority personnel as needed. Activities may include audits of financial, operational, IT, compliance/regulatory, or strategic business functions and related risks and controls. May also include execution of special investigations/audits involving cases of fraud, waste, and abuse and/or ethical/regulatory complaints. Operate as ambassador and champion of the Internal Audit vision and strategy by demonstrating support and actively communicating with the audit team and the business.
Lead high quality, professional day-to-day execution of IT internal audit engagements including audits of, networks, security, internet/intranet infrastructure, system implementations and IT general controls.
Lead projects within established timelines and budgets working with the Technology Audit Manager.
Evaluate key risks and internal controls, develop and/or review audit programs/risk & control matrices, including adapting an audit program to align withthe client’s specific control environment and design controls evaluation and test procedures to address risks within assigned areas of the audit, benchmark IT operational processes and controls, and identify opportunities for efficiencies/performance improvement based on leading practice; work with Director, Internal Audit - Technology/Technology Audit Manager to communicate findings/recommendations to senior management and client personnel.
Assist in annual risk assessment activities, as appropriate, including leading interviews and/or survey processes.
Lead audit opening and closing meetings and work assigned as appropriate.
Perform/review testing procedures including, but not limited to, detailed tests of controls including sampling/confidence levels, analytical procedures, Computer Assisted Audit Techniques (CAATs), and other audit procedures to address risks identified and to test internal controls; responsible for directing work conducted by Auditors on the team.
Create high quality deliverables using appropriate business and technical language, documenting audit work performed and results by preparing/reviewing work papers.
Identify/document audit issues clearly articulating issue/root cause, risk/exposure, and recommendations for improvement. Lead the drafting of complex internal audit reports and other audit deliverables, directing the work conducted by Auditors on the team.
Document processes and sub-processes in the form of walkthrough narratives, and flow charts for audit areas in scope, with the assistance of Auditors, as applicable.
Lead interactions with clients to collaborate directly with them and identify client concerns through building solid relationships.
Work with clients in an organized and knowledgeable manner andactively lead client discussions and meetings.
Organize and maintain client documentation in a manner consistent with safekeeping practices.
Use available technical resources and tools to research and expand knowledge and enhance audit value; remain up-to-date on industry trends and NYPA-related strategic initiatives while sharing the knowledge amongst the team where applicable.
Lead team in prioritizing and completing tasks; communicate potential conflicts to Technology Audit Manager and audit teams.
Lead “integrated” internal control audits as necessary including evaluating IT general controls to assist the business auditors with completion of their audits.
Lead, coach, and mentor auditors, interns, and new hires; provide constructive on-the-job feedback/coaching to team members.
Develop and execute complex data analysis routines and visualize the results of analytics, interpret the results and train team members in data analysis techniques and tools.
Work primarily on auditing IT systems and practices, including audits of networks, security, IT infrastructure, system implementations, IT operations and governance and IT general controls.
Analyze standards, processes, and procedures of IT activities to assess IT controls and compliance with generally accepted IS standards.
Assist the Technology Audit Manager and Director, Internal Audit - Technology with development of CAATs, including selection and maintenance of audit software to ensure maximum efficiency and use by audit staff.
Knowledge, Skills and Abilities
The level of job complexity is intermediate.
Demonstrated integrity, values, principles and work ethic.
Thorough familiarity with Information Systems auditing concepts and techniques with ability to apply to specific audit assignments.
Good working knowledge of COBIT, NIST, ITIL.
Progressing understanding of IT general controls.
Strong working knowledge of relevant auditing concepts and techniques and thoroughly familiar with COSO, IIA Standards.
Working knowledge of GAAP, GAGAS, FERC, NERC, FASB
Familiar with varied Internal Audit functions and operations.
Good understanding of electric utility industry functions preferable.
Ability to plan, organize, control and execute large complex audits while maintaining cordial and professional relationships with clients.
Strong analytical abilities and ability to interpret large volume of data to identify potential audit issues and develop practical cost-effective solutions; experience acquiring client data, then transforming, mapping, cleansing, and preparing data for analysis.
Strong ability in recognizing audit issues and developing realistic and practical recommendations.
Strong negotiation skills.
Demonstrates high level of competence with interpersonal, oral and written communications skills.
Excellent organization skills; ability to plan, manage time budget and administer segments of audits to bring projects to closure within context of overall audit plan.
Exhibits a professional attitude and work ethic and has ability to interface effectively with peers and clients.
Strong understanding of sampling strategies and confidence levels and use of data analytics.
Working knowledge and experience with auditing tools such Microsoft Access, Word, Excel, PowerPoint, SharePoint, and Visio.
Education, Experience and Certifications
Bachelor degree in MIS, Accounting, Finance, Business or equivalent discipline.
Minimum five years of Information Systems Technology audit experience preferable from a combination of Big 4 organization and/or major corporation.
CISA is required, CISSP designation preferable, MBA, CPA or CIA, CISM, CGEIT, ITIL designation a plus.
Experience auditing some of the following: SAP, Windows, UNIX, Oracle, SQL, LANs, WANs, Internet/Firewalls, Network Security and Infrastructure, Cybersecurity.
Some experience performing audits of business applications and conducting application reviews and system implementation audits.
Working knowledge and experience with auditing tools such as IDEA, Audit Control Language (ACL) and Tableau preferable.