WHAT DOES A SENIOR IT AUDITOR DO?

Updated: Dec 08, 2025 - The Senior Information Technology (IT) Auditor evaluates IT general and application controls, identifies technology-related risks, and assesses mitigation efforts to support strong internal control environments. This role involves planning and executing audits, supporting Sarbanes-Oxley Section 404 activities, and communicating key findings, risks, and corrective actions to Audit Management and business stakeholders. The auditor also collaborates with business units to drive improvements, ensure timely remediation of control weaknesses, and enhance overall process efficiency.

A Review of Professional Skills and Functions for Senior IT Auditor

1. Senior IT Auditor Overview

  • Audit Execution: Execute technology audits and integrated audits to assess control design and operational efficiencies.
  • Team Collaboration: Develop and maintain positive and respectful working relationships with audit team members and audit clients.
  • Strategic Analysis: Provide audit insights on the company’s strategic initiatives and emerging risks.
  • Root Cause Analysis: Summarize audit testing results and perform root cause analysis of issues for status updates and audit reports.
  • Analytical Assessment: Apply analytical skills to review information, perform assessments of audit results, and evaluate the adequacy of controls.
  • Meeting Participation: Attend and participate in audit team planning meetings and audit meetings with clients, including drafting meeting minutes.
  • Continuous Learning: Maintain technical competence through ongoing training, seeking development opportunities, and applying new skills and knowledge to assigned audit work.
  • Coaching Training: Provide training, coaching, and audit expertise to the audit team.
  • Project Management: Actively participate in the successful and timely completion of assigned engagement deliverables pursuant to internal guidelines, procedures, and established milestones, with high quality.

2. Senior IT Auditor Tasks

  • Risk Assessment: Responsible for project risk assessment.
  • Risk Mitigation: Responsible for risk mitigation.
  • Audit Planning: Responsible for pre-audit planning.
  • Independent Review: Conduct independent audit reviews through the evaluation of design and operating effectiveness.
  • Audit Execution: Execute and report annual audit plans.
  • ITGC Testing: Responsible for ITGC testing in support of SOX.
  • Acquisition Support: Responsible for acquisition support.
  • Supply Chain Review: Responsible for integrated supply chain reviews.
  • Metrics Reporting: Responsible for metrics and dashboard reporting.
  • Audit Innovation: Support the development and implementation of audit innovation.
  • Global Monitoring: Responsible for global monitoring activities.

3. Senior IT Auditor Details

  • Audit Execution: Plan and conduct information technology, operational, and financial audits in compliance with Audit Services’ procedures.
  • Documentation Management: Responsible for documenting the results of engagements within audit workpapers and communicating findings to the appropriate personnel.
  • Report Preparation: Draft and submit to management a written audit report for each pertinent assigned engagement.
  • Follow-Up Review: Perform follow-up reviews based on management action plans and completion dates.
  • Quality Assurance: Assist in completing assigned initiatives related to the department’s quality assurance and improvement program.
  • Risk Assessment: Assist operations employees in completing functional risk assessments.
  • External Collaboration: Interact with external auditors and Farm Credit System personnel, including employees at other FCS banks, associations, and the FCA.
  • Regulatory Awareness: Maintain awareness of developments in professional auditing standards, Farm Credit System regulations, and trends in bank operations and general information technology.

4. Senior IT Auditor Key Accountabilities

  • IT Risk Assessment: Understand technology-related risks and assess the company’s IT general controls (system access and security, logical access, SDLC/change management, etc.) and application controls embedded in automated processes.
  • Audit Program Development: Survey the function or activities to be audited and prepare detailed audit programs for use in performing the audit, including both tests of controls and substantive testing.
  • Systems Evaluation: Assess and evaluate IT systems and the mitigation of IT-related business risks.
  • SOX Compliance: Assist with all activities related to Sarbanes-Oxley Section 404 certification, including risk assessment, scoping, control documentation and updates, testing of operating effectiveness, education, and reporting.
  • Internal Control Improvement: Support the department by developing strategies to improve internal controls and minimize risk, while keeping Audit Management informed of the status of audits in progress, communicating obstacles or significant audit findings as they arise.
  • Process Improvement: Constructively work with business operations to identify areas for improvement.
  • Corrective Action Planning: Collaborate with stakeholders to agree on appropriate corrective actions, facilitate remediation efforts, and monitor progress.
  • Control Monitoring: Ensure that business units and corporate departments address control weaknesses and process inefficiencies in a timely manner.

5. Senior IT Auditor Duties and Roles

  • Audit Oversight: Perform work under the direction of the IT Audit Director, IT Audit Associate Director, or IT Audit Supervisor, which may include individual or multiple audit assignments and projects.
  • Risk Management: Manage comprehensive risk and control matrices or audit programs for assigned audits.
  • Audit Documentation: Maintain audit software (TeamMate) to ensure a well-documented and organized audit program and audit workpapers.
  • SOX Integration: Integrate SOX testing into the scope of audits.
  • Report Preparation: Assist in the preparation of audit reports.
  • Stakeholder Communication: Develop and maintain relationships with the company’s staff and management, as well as external auditors, through periodic and effective communication.
  • Risk Profiling: Facilitate proactive assessment of the company’s risk profile.
  • Control Planning: Participate in planning and scoping of IT controls, including ITGC and automated application controls.
  • Walkthrough Leadership: Lead technology walkthroughs for IT general controls and application controls, and prepare relevant documentation.
  • Control Testing: Execute testing of IT general controls and application controls based on internal and industry standards and guidelines.
  • Issue Assessment: Review and assess the impact of issues raised by various partners, both internal and external.
  • Team Coordination: Distribute work to teams in multiple geographical locations while maintaining ultimate ownership of the final work product.
  • Problem Solving: Resolve issues and step in to complete work to meet critical deadlines.
  • Root Cause Analysis: Conduct root cause analysis, assess compensating and mitigating controls, and perform impact analysis.
Relevant Information
What Does An Internal IT Auditor Do?
What Does An IT Auditor Do?