Under the direction of the Director of Enterprise Risk Management, within the Office of the Chief General Counsel, Enterprise Risk Management Bureau, the Director of Internal Audit will manage the internal audit program for the Office of Information Technology Services (ITS), responsible for reviewing agency operations and IT systems to assure compliance with management policies, federal and state laws, rules, and regulations, and the effectiveness of internal controls.
Duties include, but are not limited to:
- Develop, receive approval for, and execute an annual audit plan, aligning it with the agency's mission and goals to ensure objectives are being met and linking strategic initiatives to the key audit, cyber security, and technology risks;
- Provide objective, independent assurance by evaluating and making recommendations to improve the effectiveness of agency operations, internal control functions, and program efficiencies;
- Help the agency achieve its mission by providing consulting services designed to identify and mitigate risk;
- Meet with Executive staff and program managers to discuss audit findings and recommendations, including but not limited to in periodic formal meetings of an agency audit committee;
- Establish audit schedules for agency operations, modifying as needed to meet priorities or address identified and potential problems;
- Develop, review, and modify audit policies, standards, procedures, guidelines and practices;
- Direct and conduct audits of internal operations and IT systems in accordance with generally accepted professional auditing standards, identify control weaknesses, and recommend corrective actions;
- Prepare and approve detailed reports of findings, with supporting documentation for management and recommendations to resolve problems identified;
- Evaluate the costs and benefits, both short and long term, of auditing modifications and new systems, including various alternatives, to improve compliance with financial standards;
- Advise ITS executive team of effects proposed policy changes might have on internal accounting and auditing controls;
- Develop, revise, and implement training of staff to ensure they have an understanding of management standards and their roles and obligations to ensure adherence to the standards;
- Work with external auditors when they are conducting audits, and contribute to the responses to external audit findings and the processes for implementing corrections for deficiencies;
- Perform regular follow-up on audit findings and recommendations to evaluate the adequacy of corrective actions;
- Prepare, review, and approve an annual independence statement identifying actual and potential impairments to independence;
- Meet with Directors of Internal Audit from other state agencies as needed to share audit resources and best practices with them;
- Perform full range of supervisory responsibilities.