Assistant State Info Sys Auditor II

Job Code: 32004655
Salary Grade: NC19
Revision Date: 03/2022

Class Concept

Positions at this level are professional auditors who are assigned responsibilities at the full performance level for completing or participating in a wide range of audit assignments which includes independent responsibility for conducting their assigned portion of the audit or review of various functions or activities. Additionally, this position may conduct more complex areas of the audit or review with limited supervision. Positions at this level may work with limited supervision to evaluate and review systems or programs and determining possible solutions which could include areas such as information technology (IT) governance, IT policies and procedures, pre- and post-implementations, general controls, system development standards, operating procedures, networks, operating systems, database management, system security, programming controls, communication controls, backup and disaster recovery and system maintenance. These positions examine and analyze risks, internal controls, moderately complex source records and reports, programmatic data, financial information and/or systems for accuracy, completeness, and conformance to guidelines, regulations, and best practices. Work may include assisting other divisions with data retrieval and analysis and may include activities related to communication and instruction.

Positions at this level draft more complex engagement scopes, objectives, plans, and programs, and evaluate, administrative, and internal controls for compliance with state and federal legal requirements with limited supervision and independently on less complex areas. Engagements are conducted in accordance with generally accepted government auditing standards as prescribed by the United States Government Accountability Office, generally accepted auditing standards as prescribed by the American Institute of Certified Public Accountants, and other applicable laws, regulations, and professional standards, as applicable.

Positions at this level work independently subject to general review of an Assistant State Audit Supervisor or Auditor-In-Charge. The expectation is that the employee will need to ask questions and make corrections but should not need to repeat questions and corrections and will consistently transfer knowledge gained from one audit to the next.

Recruitment Requirements

Knowledge, Skills, and Abilities

• Knowledge, skills, and abilities required at the prior position level, plus additionally; Ability to interpret and apply knowledge of laws, regulations, procedures, generally accepted accounting principles, technical and professional standards such as Generally Accepted Government Auditing Standards and Generally Accepted Auditing Standards, IT general and application controls to evaluate and review a range of mainframe, PC, and distributed environments, audits over systems development, operation, programming, control, and security procedures and standards (on-premise and cloud, commercial-off-the-shelf (COTS) solutions and custom software development, etc.)
• Ability to interpret and apply knowledge to audit operating systems, system backup, disaster recovery, business continuity planning, and maintenance procedures, security and regulatory frameworks, such as HIPAA, ISO27002, IRS 1075, and NIST 800 series, tenets of security: confidentiality, integrity, and availability (CIA)., network infrastructure, including routers, switches, firewalls/DMZ and associated network protocols and concepts, network/systems controls, patching and mitigation of vulnerabilities, data analytics, CAATs, robotics, and data retrieval techniques to enhance the audit effectiveness for all types of audits.
• Demonstrates intermediate-level knowledge of programming languages & libraries (ACL, R, Python, SQL, etc.), different visualizations, dashboards, and the creation of necessary visuals in associated software (HighBond, SAS Visual Analytics, Tableau, PowerBI, Python, etc.), different data analytics techniques (AI, Machine Learning, etc.), and data literacy, ETL, architecture and systems.
• Ability to follow work plan, apply and execute sampling plans, assist in design of test procedures, audit various financial systems and/or program information with limited supervision on moderately complex areas or independently on some smaller, more focused areas, confirm accuracy, integrity, and conformance to rules, regulations, standards.
• Ability to recognize moderately complex problems, identify reportable issues and underlying problems, and propose solutions with limited supervision and independently on some smaller, more focused areas and identify substantive issues requiring research and analysis and recognize deficiencies in internal controls or other weaknesses.
• Ability to communicate moderately complex issues in writing and verbally in a clear, concise, and organized manner with limited supervision.
• Ability to gain the confidence, work effectively, and promote strong working relationships with audit/investigative team.
• Ability to treat team members with respect in a cooperative manner, and not introduce negativity into the work environment.
• Ability to follow audit/investigative/review procedures as planned and review the work for completeness and accuracy.
• Demonstrates example for other team members in manner by which tasks are completed, open to feedback and suggestions for improvement, and assists in technical supervision and development of lower-level auditors/investigators.

Minimum Education and Experience

Bachelor's degree with 24 semester hours in accounting and 12 semester hours in information technology or computer & information security from an appropriately accredited institution and 2 years of experience in auditing/accounting or information technology/computer security; or Bachelor's degree with 24 semester hours in information technology or computer & information security and 12 semester hours in accounting/business from an appropriately accredited institution and 2 years of experience in auditing/accounting or information technology/computer security; or an equivalent combination of education and experience.