Manages own time and audit activities / participants per strict schedules
Demonstrates ability to communicate clear and concrete audit requirements to audit members.
Ability to multitask and work on various audits and projects in different phases
Ability to make good judgments based on observations and supporting information
Good interpersonal skills, including oral and written communications, listening, interviewing, fostering open communications, facilitating and influencing
Analytical and inquisitive, dig deep to obtain a solid understanding of business processes and IT controls
Take responsibility for assigned tasks, understanding and achieving expectations
Recognize opportunities and propose solutions to improve business processes
Responsible for coordination of IT Control assurance audits
Interacts with external auditors and internal delivery personnel to ensure timely and accurate delivery of audit evidence / control testing.
Maintains regular contact with external Auditors, internal management, and Service Delivery regarding status, issues and risks
Common activities could include :
Maintain audit scope document
Maintain client application matrices and exemptions
Formal annual review conducted in Q4
Maintain audit Team room and security to the individual TROOMs
Maintain control owner list
Meet with external auditor to review request list and address any issues / concerns;
Coordinators own the request list and all updates until first Tuesday after fieldwork begins
Send out request items to controls owners, providing location to populate evidence and when required
Review audit evidence when received to verify accuracy and completeness
Provide status report to audit lead, IT Controls lead, and external auditor field lead with status of evidence obtained.
Weekly meeting with external auditor, IT Controls lead, and audit coordinators to review issues and risks, not detailed activities
Weekly meeting with external auditor, audit leads to review detail status items
Create control objective testing schedule : based upon defined control priorities. This schedule also used as input into the timeline required for audit evidence (populations and samples) including follow up
Monitor, report status and escalate issues or risks within the plan; internal metrics to include : actual vs. Planned, accuracy of testing (i.
e. Does External auditor India or External auditor US disagree with the results)
ISO 27K / PCI added Advantage
Experience with IT Controls testing / auditing (SSAE 16 SOC reports)