Information Technology Audit Support Services
- Identifies and recommends that the auditee resolve technical weaknesses using various tools and assets (e.g., vulnerability scanners and a technology research facility).
- Applies applicable IT security requirements such as New York State Technology Law, publications from the State Office of Information Technology, and National Institute of Standards and Technology (NIST), for example. Further, conducts audit work in conformance with Generally Accepted Government Auditing Standards (GAGAS), and Division and Applied Technology Unit policies.
- Provides consultation to other OSC/Division audit teams, and auditees as necessary, on IT areas during a risk assessment, financial or performance audit and provides expertise on highly technical IT matters, such as those relating to issues and deficiencies observed during risk assessments, audits and/or accessing systems and data.
- Performs, or assists other Division audit teams in performing, the following:
o Develops or follows IT audit programs of computer systems or operations in accordance with applicable auditing and technology standards.
o Inspect data, systems, and controls to assess risk and determine areas for audit and other projects.
o Develops and performs tests of IT controls to determine whether they have been placed in operation and are operating effectively and if there are adequate controls in place.
o Reviews general and application controls of auditee’s information security programs.
o Performs various IT testing methodologies during audits using vulnerability scanners and other network management tools as needed. This includes assisting in technical aspects of work such as vulnerability assessments, use of technical software programs, and performing complex segments of the work.
o Analyzes and evaluates the adequacy of auditee’s IT policies and procedures.
o Evaluates data, systems, and procedures relating to audit/special project areas for compliance with applicable laws, rules, and regulations.
o Evaluates auditee’s systems and IT operating practices to assess compliance with applicable requirements and for efficiency and effectiveness in meeting operational and legislative goals and priorities.
o Examines internal controls to evaluate the extent to which proper and effective controls are in place for areas under audit.
o Participates and/or conducts interviews with auditees and perform walk-throughs to assist in the evaluation of system controls.
o Attends audit team meetings.
o Examines transactions and supporting documentation to help assess whether there is a risk for fraud, waste, and abuse.
o Assesses the accuracy of the auditee’s IT processes.
o Prepares and organizes work papers to document the work performed and conclusions drawn during the audit project.
- Works on specialized IT audits, projects, and studies that incorporate, for instance, advanced computer programming, complex IT matters, emerging technologies such as Artificial Intelligence (AI), machine learning algorithms, web-based technologies, and/or cloud-based computing for secure information sharing.
- Writes or assists audit teams with writing preliminary audit findings, discussion documents, draft reports, and/or special project reports that are clear, concise, objective, complete, well organized, meet professional requirements and prepared within the assigned time budget.
- Keeps up to date on emerging technologies.
- Develops documentation supporting recommended areas for future audit or special IT projects.
Technology Assistance and Training
- Use advanced IT auditing tools such as SAINT, Nessus and AppScan during risk assessments and audits throughout the Division. Provide training and support to other Applied Technology work unit staff using the tools, develop related Division policies and procedures, and work with others in the Agency using similar tools to advance our collective knowledge.
- Provide hands-on assistance to audit staff throughout the Division in assessing and testing controls over computerized systems in local governments and schools across the state. Prepare work papers consistent with applicable professional standards and Division policies. Assist other Applied Technology work unit staff as they provide hands on assistance to audit staff in assessing and testing controls over computerized systems in local governments across the state.
- Develop and expand the Division’s capacity to use computer assisted audit tools. Keep Applied Technology management informed of trends and new developments in computer assisted auditing capabilities and how they might enhance the efficiency and effectiveness of our services. This will require a proactive role, researching and suggesting potential uses for technology, determining IT auditing trends, finding best practices from other audit agencies in New York and other states, and being an active member of one or more IT related communities.
- Provide in-person training for Applied Technology work unit staff and Division audit staff on various information technologies and IT auditing topics, and how they may affect the services we provide.
- Provide cybersecurity training for local officials in-person and virtually, as appropriate.
- Prepare written communications and audit guidance to assist IT Specialists and audit staff in understanding IT issues, trends, automated tools, and Division policies and procedures.
Supervision- May assist in the supervision of Auditor 1s, Information Technology Specialist 1s, trainees or students. In addition, supervision may include reviewing and editing written IT-related communications from and/or for Agency or Division executive management.
Additional Information: It is expected that this position may require up to 30% travel, including overnight visits around the State, annually. This position can be assigned to the Central Office-Albany or any Regional Office.