WHAT DOES AN INTERNAL IT AUDITOR DO?

Updated: Nov 05, 2025 - The Internal IT Auditor conducts and coordinates IT audit assignments to assess the effectiveness of internal controls, data security, and regulatory compliance. This position evaluates system processes, identifies risks, and provides recommendations to improve the efficiency and integrity of IT operations. In addition, the IT Auditor also prepares detailed reports, communicates findings to management, and ensures adherence to professional auditing standards and organizational policies.

A Review of Professional Skills and Functions for Internal IT Auditor

1. Internal IT Auditor Roles and Details

  • Audit Fieldwork: Perform audit fieldwork activities under the supervision of the audit manager and director.
  • Audit Engagements: Participate in the planning, execution, and wrap-up phases of assigned audit engagements.
  • Internal Controls Evaluation: Gather and analyze evidence to evaluate the effectiveness of internal controls and processes.
  • Audit Documentation: Document all work performed in detailed and organized audit workpapers.
  • Audit Reporting: Draft clear and concise audit comments based on results and identified findings.
  • Report Preparation: Contribute to the preparation of audit reports for management review.
  • Audit Communication: Communicate audit observations and recommendations to the internal audit manager.
  • Stakeholder Engagement: Engage with senior business process owners to discuss issues and corrective actions.
  • Special Projects: Assist in completing special projects or investigations as assigned by management.
  • Compliance Standards: Ensure all work aligns with internal audit standards and departmental expectations.

2. Internal IT Auditor Key Accountabilities

  • IT Auditing: Conduct IT audits covering applications, infrastructure, and related processes using a COBIT-based risk assessment framework.
  • Risk Assessment: Apply a structured, risk-focused methodology to evaluate control design and operational effectiveness.
  • Infrastructure Evaluation: Perform detailed assessments of IT infrastructure, system configurations, and data management practices.
  • Data Analytics: Use data analytics to identify anomalies, trends, and potential control weaknesses.
  • Control Evaluation: Evaluate internal control environments to ensure compliance with organizational and regulatory standards.
  • Governance Improvement: Provide value-added recommendations to strengthen governance and operational efficiency.
  • General Audit Support: Assist in the execution of general audits by contributing IT-related insights and analyses.
  • Data-Driven Evaluation: Support audit teams with data-driven evaluations that enhance audit accuracy and relevance.
  • Stakeholder Collaboration: Collaborate with business and IT stakeholders to ensure the timely resolution of audit findings.
  • Process Improvement: Contribute to continuous improvement initiatives that enhance audit processes and control frameworks.

3. Internal IT Auditor General Responsibilities

  • Process Documentation: Collaborate with the engagement team to document business processes that rely on information technology.
  • System Identification: Identify key systems, applications, and controls supporting critical business operations.
  • ITGC Evaluation: Evaluate the design, implementation, and effectiveness of IT general controls for SOX compliance.
  • Control Assessment: Assess control areas, including access management, change management, and operations.
  • Control Testing: Perform detailed testing to verify the operational effectiveness of IT controls.
  • Process Walkthroughs: Participate in walkthroughs with management to understand process flows and control points.
  • Application Controls Testing: Design and execute tests of application controls to confirm compliance with Sarbanes-Oxley requirements.
  • Audit Documentation: Document testing procedures, results, and conclusions in accordance with audit standards.
  • Findings Communication: Communicate findings and recommendations to management in a clear and actionable manner.
  • Framework Improvement: Support the continuous improvement of IT control frameworks and compliance processes.

4. Internal IT Auditor Role Purpose

  • ITGC and Application Controls: Responsible for the verification and audit of Information Technology General Controls (ITGCs) and application controls.
  • Control Reporting: Responsible for the documentation and issuance of management reports on the design and effectiveness of controls across the company.
  • IT Governance Coordination: Coordinate with the IT governance team to develop solutions to address IT control deficiencies and monitor related action plans.
  • Control Guidance: Guide IT groups regarding control interpretation, applicability, and practice.
  • Control Walkthroughs: Participate in IT control walk-throughs to determine necessary or applicable modifications.
  • Audit Planning: Participate in the development and performance of the IT audit plan.
  • Team Collaboration: Work as an integrated team with other audit team members on joint financial and IT reviews.
  • Control Testing Ownership: Take ownership and accountability for IT General Controls and Application Controls testing.
  • Assurance Coordination: Assist in developing a combined assurance approach and coordinate work with the external audit.
  • Special Projects: Perform special projects.

5. Internal IT Auditor Essential Functions

  • Business Analysis: Analyze clients’ business processes, IT strategies, governance frameworks, and technology operations.
  • Risk Identification: Identify key risks associated with IT systems, strategic projects, and organizational processes.
  • Risk Mitigation: Develop practical action plans to mitigate identified risks and strengthen IT control environments.
  • Business Alignment: Ensure alignment between business objectives and IT capabilities to enhance overall performance.
  • Process Optimization: Collaborate with clients to optimize the efficiency and effectiveness of IT systems and processes.
  • Operational Improvement: Recommend improvements that support sustainable business growth and operational stability.
  • Audit Reporting: Prepare detailed audit reports summarizing findings, insights, and recommendations.
  • Stakeholder Presentation: Present audit outcomes to executive and board-level stakeholders, including Audit Committees.
  • Data-Driven Insights: Provide clear, data-driven conclusions that support informed decision-making.
  • Team Supervision: Supervise and mentor junior consultants or auditors to support their professional development.
  • Performance Coaching: Offer timely feedback, coaching, and career guidance to enhance team performance and audit quality.

6. Internal IT Auditor Responsibilities

  • Risk Assessment: Assure management that IT risks are being controlled by assessing risks.
  • Governance Improvement: Assist in improving the governance, risk management, and control processes.
  • Audit Planning: Participate in the creation and elaboration of the yearly internal audit plan.
  • Audit Execution: Plan, execute, and complete audit projects based on risk assessments.
  • Audit Reporting: Prepare audit reports that adequately communicate the findings of the audit.
  • Action Review: Review and challenge proposed actions defined to remediate findings.
  • Follow-Up Validation: Perform follow-up reviews to validate the results of management action plans.
  • Partnership Development: Develop effective and value-added partnerships while maintaining independence.
  • Continuous Improvement: Provide ongoing analysis of feedback to assist with the continuous improvement process.
  • Technology Awareness: Keep abreast of current technologies and new developments in auditing techniques.
  • Team Collaboration: Collaborate with other members of the Internal Audit team and perform special projects as assigned by Internal Audit management.

7. Internal IT Auditor Additional Details

  • IT Audit Execution: Execute IT audits to assess the design, implementation, and effectiveness of technology controls.
  • Control Evaluation: Evaluate audit results to determine the existence and impact of control deficiencies.
  • Recommendations Development: Provide practical recommendations to address identified weaknesses and improve control effectiveness.
  • Risk Analysis: Analyze IT systems, architectures, and process flows to identify potential risks and control gaps.
  • Audit Documentation: Document detailed audit work papers that align with departmental and professional standards.
  • Documentation Quality: Ensure consistency, accuracy, and completeness of documentation within established timelines.
  • Team Collaboration: Collaborate with audit, technology, and business management teams throughout the audit lifecycle.
  • Stakeholder Communication: Communicate audit objectives, progress, and findings clearly to all relevant stakeholders.
  • Methodology Enhancement: Support the continuous development of IT audit methodologies and practices.
  • Technology Awareness: Stay informed about emerging technology risks, cybersecurity threats, and regulatory changes.
  • Future Audit Planning: Contribute to identifying future audit opportunities that align with evolving IT risk landscapes.

8. Internal IT Auditor Duties

  • IT Risk Assessment: Participate in and provide input for the annual IT risk assessment process to identify key areas of focus.
  • Risk Collaboration: Collaborate with management and stakeholders to assess IT risks and uncover opportunities for process improvement.
  • Audit Leadership: Lead the planning, execution, and delivery of IT and integrated audit engagements.
  • SOX Compliance Testing: Perform testing and documentation for IT General Controls, automated controls, and key reports in support of SOX compliance.
  • Standards Alignment: Ensure all audit activities align with organizational objectives and professional standards.
  • Assurance Reviews: Conduct IT audit assurance and advisory reviews that strengthen control environments.
  • Issue Escalation: Identify and escalate significant audit issues to management promptly.
  • Solution Development: Research potential solutions and propose value-added recommendations to address control gaps.
  • Stakeholder Relations: Foster strong relationships with business partners and key stakeholders across departments.
  • Collaboration Culture: Promote collaboration and maintain a culture of transparency and engagement.
  • Project Management: Meet project deadlines while ensuring adherence to quality and compliance standards.
  • Professional Excellence: Contribute to maintaining a professional environment that supports integrity, innovation, and excellence.

9. Internal IT Auditor Details

  • SOX Control Testing: Perform assigned audit procedures to test the effectiveness of Sarbanes-Oxley (SOX) compliance controls.
  • IT Audit Execution: Execute IT audit testing in accordance with established methodologies and timelines.
  • Audit Coordination: Coordinate audit activities and ensure alignment with broader audit objectives.
  • Progress Communication: Communicate audit progress, issues, and results to the audit team and management.
  • Audit Documentation: Document test procedures, evidence, and results clearly and consistently.
  • Findings Summary: Prepare concise summaries of audit findings and conclusions.
  • Exception Reporting: Identify, evaluate, and report IT control exceptions to the Senior Lead Auditor or Internal Audit management.
  • Control Recommendations: Assist in developing practical recommendations to address control deficiencies.
  • Relationship Building: Foster productive working relationships with IT management and corporate leaders.
  • Team Collaboration: Collaborate closely with IT risk, compliance, and audit team members to ensure cohesive audit delivery.
  • Continuous Improvement: Promote a culture of transparency and continuous improvement within the audit function.

10. Internal IT Auditor Responsibilities

  • Audit Planning: Plan and organize audit engagements to ensure alignment with established objectives and timelines.
  • Preliminary Research: Conduct preliminary research to understand the scope, background, and key risks of each engagement.
  • Data Analysis: Gather and analyze relevant data to support audit testing, evaluations, and conclusions.
  • Personnel Interviews: Perform interviews with personnel to gain insight into business operations and internal control environments.
  • Process Review: Review business processes to assess their efficiency, effectiveness, and compliance with internal policies and procedures.
  • Regulatory Compliance: Verify adherence to applicable laws, regulations, and organizational standards.
  • Fieldwork Execution: Complete audit fieldwork in accordance with professional auditing and departmental standards.
  • Audit Documentation: Document all audit procedures, evidence, and conclusions using approved audit management software.
  • Data Mapping: Perform data mapping and analysis to assess the accuracy, completeness, and integrity of information systems.
  • User Requirement Assessment: Determine and assess user requirements related to functional business and IT applications.
  • Security Assessment: Conduct security analyses and risk assessments to identify potential vulnerabilities and control weaknesses.
  • Audit Reporting: Prepare comprehensive audit reports that clearly communicate findings, conclusions, and actionable recommendations.
  • Team Collaboration: Collaborate closely with audit staff to ensure coordinated, efficient, and effective audit execution.

11. Internal IT Auditor Job Summary

  • Security Benchmarking: Benchmark security policies against established best practices and industry standards, including ISO 27001, PCI, FISMA, IRS 1075, and NIST 800-53.
  • Audit Testing: Create and execute detailed audit test cases to evaluate compliance and control effectiveness.
  • Audit Reporting: Develop, document, and present comprehensive audit reports summarizing findings and recommendations.
  • GRC Management: Utilize the ServiceNow GRC tool to create and manage continuous monitoring indicators, build reporting dashboards, and maintain electronic workpapers.
  • Issue Remediation: Perform issue remediation activities such as analysis, documentation, follow-up, and retesting in response to audit findings.
  • Security Consulting: Serve as a consultant by researching and recommending enhancements to quality and information security procedures, including internal and external auditing processes.
  • Contract Compliance: Review hosting, security, and audit contract terms to ensure compliance with current organizational policies and procedures.
  • Policy Maintenance: Support the maintenance and updating of IT and security policies and processes, ensuring alignment with regulatory requirements and industry guidance.
  • Compliance Support: Coordinate responses for completing RFPs and security questionnaires to support compliance and client assurance efforts.

12. Internal IT Auditor Accountabilities

  • SOX IT Controls Testing: Perform detailed Sarbanes-Oxley (SOX) Information Technology controls testing to assess the design and operating effectiveness of IT controls.
  • Risk Identification: Ensure that risks are properly identified, appropriate audit procedures are applied, and related processes are effectively designed and executed.
  • IT Assessment: Participate in project teams conducting independent assessments of information systems, IT infrastructure, and the SOX-404 IT control environment.
  • Audit Collaboration: Support IT and integrated audits in collaboration with other members of the Global Internal Audit team.
  • Technical Development: Develop and expand technical knowledge of audit methodologies, cybersecurity principles, IT general controls, and cloud computing environments.
  • Analytical Enhancement: Enhance technical and analytical skills to effectively evaluate new and existing technologies.
  • Audit Awareness: Stay informed on updates in IT audit practices, standards, and IT risk management frameworks.
  • Remediation Support: Work under the direction of the in-charge and/or Manager to provide value-added recommendations and ensure timely and effective completion of remediation actions.
  • Audit Communication: Communicate audit issues and recommendations clearly in both technical and non-technical terms to operational and IT management.

13. Senior IT Internal Auditor Functions

  • Audit Planning: Define expectations for each audit project, including objectives, scope, timing, key contacts, and deliverables.
  • Audit Program Development: Develop audit programs to execute moderately complex and high-risk audits, incorporating input and guidance from the manager.
  • Problem Solving: Solve problems of limited scope and complexity by applying analytical thinking and developing new perspectives on existing solutions.
  • Work Management: Plan and manage audit work to achieve assigned objectives with minimal supervision.
  • Staff Oversight: Provide oversight and review the work of assigned staff auditors, including communicating risk-based audit plans, coordinating audit tasks, and offering constructive performance feedback.
  • Timeline Monitoring: Monitor audit timelines, milestones, and resource utilization, making necessary adjustments with limited manager oversight to ensure timely completion.
  • Risk Mitigation: Identify control gaps and assist management in developing action plans to address risks while ensuring remediation actions are completed effectively.
  • Annual Planning: Contribute to the development of the annual audit plan by identifying key risks and areas for audit focus.
  • Team Mentorship: Mentor and support new members of the Internal Audit department to promote professional growth and effective integration into the team.

14. Internal IT Auditor Job Description

  • Business Process Analysis: Analyze clients’ business processes, digital strategies, and IT governance structures to identify key risks and opportunities for improvement.
  • Strategic Evaluation: Evaluate strategic IT projects to ensure alignment with business objectives and risk tolerance levels.
  • Risk Mitigation: Develop practical and actionable plans to mitigate identified risks and strengthen internal control environments.
  • Functional Integration: Ensure effective integration and collaboration between business and IT functions to achieve organizational objectives.
  • Risk Assessment: Perform IT risk assessments using the Deloitte Risk Methodology and established industry frameworks such as COBIT, ISO, and ITIL.
  • Business Alignment: Help clients understand how IT risks relate to broader business objectives and strategic goals.
  • IT Audit Execution: Execute IT audits across multiple technology domains in coordination with subject matter experts in cybersecurity, cloud computing, and third-party risk.
  • Control Assessment: Assess the adequacy, design, and operational effectiveness of IT systems and processes to promote reliability and operational resilience.
  • Client Collaboration: Collaborate with clients to enhance the efficiency, effectiveness, and governance of IT operations.
  • Audit Reporting: Prepare detailed audit reports and present key findings, insights, and recommendations to executive management and Audit Committees.
  • Industry Exposure: Gain exposure to diverse industries and operational environments to expand technical and professional expertise.
  • Team Supervision: Supervise junior consultants and auditors, providing direction throughout audit engagements to ensure quality and consistency.
  • Professional Development: Deliver timely feedback and mentorship to support the professional development of team members and ensure high-quality audit outcomes.

15. Internal IT Auditor Overview

  • Audit Planning: Participate in audit risk assessment, planning, and audit scope development, contributing as a key member of the audit team.
  • Project Leadership: Serve as the in-charge for assigned audit projects, managing audit planning, overseeing execution, and leading closing activities.
  • Audit Supervision: Supervise project progress, assess results, review work papers, and ensure timely completion and high-quality reporting.
  • IT Audit Execution: Plan and execute audits and reviews focused on IT general controls, IT applications, IT security, governance, and SOX-related assessments.
  • System Review: Perform both pre- and post-system implementation reviews to evaluate control effectiveness and project readiness.
  • External Coordination: Coordinate with external auditors and business process owners to support the completion of ITGC, SOC 1, SOC 2, and PCI-DSS testing activities.
  • Risk Documentation: Maintain accurate risk control matrices, ensuring proper alignment with narrative documentation and test plans.
  • Root Cause Analysis: Identify the root cause of audit exceptions and assist in remediating control deficiencies.
  • Process Improvement: Develop practical recommendations to enhance processes, efficiency, and control effectiveness.
  • Issue Communication: Communicate promptly with the department manager when potential issues or exceptions arise to maintain transparency throughout the audit process.
  • Control Consulting: Provide control consulting services to management to support redesign efforts that strengthen the control environment.
  • SOX Facilitation: Facilitate management’s SOX assessment by evaluating the design and operational effectiveness of documented controls.

16. Internal IT Auditor Details and Accountabilities

  • Audit Execution: Effectively perform and document audit activities in accordance with professional standards and the Internal Audit Department’s audit methodology.
  • SOX Compliance Support: Assist with the SOX compliance audit program, including walkthroughs, IT general control (ITGC), IT application control (ITAC), and key report testing.
  • External Collaboration: Assist with the SOX compliance program to ensure efficient execution and effective collaboration with external auditors.
  • Process Walkthroughs: Perform walkthroughs to understand the control objectives, risks, and controls associated with the process area under review.
  • Process Documentation: Create process narratives and flowcharts, document key controls, and test assigned key controls to confirm that processes are designed and operating effectively.
  • Audit Comment Development: Develop and review audit comments to ensure they are properly composed, comply with materiality guidelines, and that recommendations are relevant and practical.
  • Audit Communication: Provide all possible audit comments to the audit customer as they are developed and ensure management responses are received before the exit meeting.
  • Critical Thinking: Use problem-solving and critical thinking skills to identify internal control deficiencies, evaluate their risk implications, and draw appropriate conclusions.
  • Report Preparation: Prepare the discussion draft of the audit report and submit it to the Audit Supervisor for review, approval, and distribution to the audit customers.
  • Workpaper Review: Review electronic work paper files upon completion of audit fieldwork to determine completeness and compliance with quality assurance standards.
  • Issue Resolution: Resolve outstanding questions or issues related to the audit.
  • Action Plan Monitoring: Track and monitor management’s action plans against agreed-upon timelines directly with IT and business owners.
  • Professional Development: Take responsibility for developing personal and professional leadership skills and capabilities.

17. Senior IT Internal Auditor Tasks

  • Audit Program Leadership: Lead the development and maintenance of the IT audit program.
  • Audit Scoping: Work with Internal Audit management to determine scoping and testing strategies for IT-related audits.
  • Technology Audits: Lead and participate in audits of IT projects and other technology-related audits, including cybersecurity reviews.
  • Control Testing: Lead audits for IT general and application controls to ensure effective design and operation.
  • Consultant Management: Manage the work of consultants assigned to audit engagements, including reviewing and testing workpapers for accuracy and completeness.
  • External Liaison: Act as a liaison with external IT auditors to coordinate and align audit activities.
  • Audit Coordination: Coordinate work efforts to promote effective and efficient audit processes between Internal and External Auditors.
  • Audit Quality Assurance: Ensure delivery of high-quality and timely IT audit results that meet the external audit firm’s reliance requirements.
  • SOX Participation: Serve as a team member on SOX audits for business controls, conducting detailed reviews of documentation and transactional records for compliance with standards and procedures.
  • Accounting Review: Determine the proper accounting treatment of assets, contract agreements, and other items to identify exceptions or discrepancies.
  • Deviation Evaluation: Recognize and evaluate the materiality and significance of deviations from standards, procedures, and sound business practices.
  • Issue Identification: Identify potential or existing problems and determine the need for further investigation or analysis.
  • Audit Reporting: Prepare audit reports or report sections summarizing findings and recommending corrective actions.
  • Process Documentation: Document business processes and related internal controls in narrative and/or flowchart formats.
  • Client Interaction: Interface with internal clients and participate in meetings to discuss audits and recommendations.

18. Internal IT Auditor Roles

  • Advisory Engagements: Collaborate with management and colleagues to execute advisory engagements and broad risk assessments based on various frameworks and standards, including NIST, COBIT, HIPAA, and PCI-DSS.
  • Control Expertise: Provide expertise in internal controls, including project management and information technology.
  • Strategic Implementation: Implement strategic goals established by Internal Audit Services leadership.
  • Operational Input: Provide measurable input into new products, processes, standards, and operational plans that impact Internal Audit Services.
  • Process Improvement: Proactively improve existing processes and systems using significant conceptualizing, reasoning, and interpretation.
  • Investigative Analysis: Conduct extensive investigations and apply critical thinking to understand root causes of problems that span a wide range of difficult and unique issues across functions and businesses.
  • Employee Guidance: Provide guidance, coaching, and training to other employees across the company.
  • Project Management: Manage large, complex project initiatives of strategic importance to the organization, involving large cross-functional teams.
  • Team Leadership: Direct the work of other individual contributors and/or act as a cross-functional team lead.
  • Risk Assessment: Contribute to the annual risk assessment process and assist in developing the organization’s overall audit plan.

19. Group Internal IT Auditor Responsibilities and Key Tasks

  • Executive Reporting: Report directly to the CEO and the Chairman of the Audit Committee of the Supervisory Board.
  • Internal Audit Collaboration: Work closely with the other Group Internal Auditors to fulfill the mission of the IAF to enhance and protect value by providing risk-based and objective assurance, advice, and insight.
  • Stakeholder Engagement: Proactively pursue relevant information from stakeholders by setting up meetings and documenting questions.
  • Audit Execution: Execute a variety of IT and operational audits, including IT processes, IT projects, and IT technological components, while also covering business processes and functions.
  • Audit Reporting: Create accurate and complete audit reports based on evidence-based investigation and sample testing.
  • Data Analysis: Perform data analysis techniques to assist the IAF in performing audit assignments and support other functions in setting up monitoring of risks and the effectiveness of controls.
  • Root Cause Analysis: Determine, document, and present the root cause of audit issues and assist the organization by reviewing the action plans documented by issue owners to ensure they fully address the root causes.
  • Process Improvement: Continuously look for improvements in the company’s governance, risk management, and control processes.
  • Regulatory Awareness: Stay informed and up to date about relevant developments, such as updated business and regulatory requirements, both within and outside the company.
  • Issue Follow-Up: Follow up on the implementation of audit recommendations to ensure issues are addressed and resolved.

20. Internal IT Auditor Duties and Roles

  • Compliance Support: Assist in various compliance initiatives and ensure adherence to documented policies and procedures, including SOX 404, SSAE 18 SOC 1 and 2 reports, Data Privacy and Protection, and partial PCI DSS requirements.
  • Audit Testing: Prepare and perform audit testing while facilitating the remediation of identified control deficiencies.
  • Process Documentation: Develop flowcharts, narratives, and reports to document key processes, controls, and audit results.
  • IT Controls Management: Take responsibility for IT controls, including all aspects of related documentation, walkthroughs, testing, and issue resolution.
  • Process Improvement: Identify opportunities to improve the efficiency and effectiveness of operational, financial, and compliance processes.
  • Special Projects: Participate in special projects such as fraud investigations, data protection assessments, and other compliance-related engagements.
  • Stakeholder Interviews: Interface and conduct interviews with management and operational staff to gather information and gain insights into processes and controls.
  • Due Diligence: Contribute to due diligence activities and other assigned project work.
  • Policy Compliance: Ensure compliance with all company policies and procedures and complete additional assigned duties accurately and on time.

21. Internal IT Auditor Roles and Responsibilities

  • IT Audit Execution: Conduct assignments related to IT internal audits, including testing the effectiveness of internal controls.
  • Control Evaluation: Review and report on the adequacy and effectiveness of existing controls designed to safeguard assets and minimize the risk of loss or breach.
  • Audit Management: Ensure the timely completion of assigned audits, track progress, and organize electronic audit workpapers using departmental software.
  • Control Testing: Plan and perform audit tests and procedures to evaluate the sufficiency and efficiency of controls for protecting organizational assets.
  • Compliance Verification: Verify compliance with internal policies, procedures, and external laws and regulations to support the organization’s goals, the reliability of reporting, the efficient use of resources, and the prevention and detection of fraud.
  • Data Analysis: Collect and analyze data from multiple sources, applying computer-assisted auditing techniques to enhance audit accuracy and coverage.
  • Audit Reporting: Develop and document audit findings, including detailed recommendations to strengthen controls and ensure regulatory compliance.
  • Staff Training: Provide or assist in providing training, coaching, and guidance to Internal Audit staff in performing audits and addressing audit-related matters.
  • Management Communication: Participate in audit meetings, prepare written reports, and effectively communicate findings and recommendations to management.
  • Workpaper Review: Review audit workpapers for completeness, accuracy, and relevance.
  • Regulatory Knowledge: Maintain current and proficient knowledge of applicable federal, state, and local laws, regulations, and organizational policies.
  • Ethical Compliance: Adhere to the Institute of Internal Auditors (IIA) Standards for the Professional Practice of Internal Auditing and the IIA Code of Ethics.

22. Internal IT Auditor Key Accountabilities

  • Audit Planning: Plan the information technology audit process, define the scope of work, and prepare necessary audit activities and risk assessments for the relevant departments.
  • Policy Compliance: Ensure consistent application of university by-laws, policies, procedures, and statutory regulations while managing the technological innovation process for IT services by creating a risk profile for current and future projects with a focus on the university’s goals and market position.
  • Technology Evaluation: Examine current and planned technologies to evaluate whether systems and applications are controlled, reliable, efficient, secure, and effective.
  • System Verification: Verify that the technological systems being used or developed are appropriate for the university and comply with established development standards.
  • Audit Reporting: Prepare detailed reports and analyses following each IT audit activity and provide actionable recommendations to improve operational processes.
  • Follow-Up Assessment: Follow up with colleges and departments to ensure proper implementation of recommended IT solutions and assess their effectiveness.
  • Quality Assurance: Assist in implementing IT quality assurance standards within the Compliance and Internal Audit Office to ensure adherence to professional standards and best practices.
  • Stakeholder Relations: Build and maintain professional relationships with colleges and departments to support an efficient and effective auditing process.
  • Technology Awareness: Stay current with local, regional, and global IT developments to provide the university with relevant insights for evaluating and enhancing IT services.
  • Policy Review: Review IT policies and procedures, contribute to audit planning, and assist in improving system efficiency and effectiveness.
  • Information Security: Ensure the security, integrity, and confidentiality of all critical information and data.

23. Internal IT Auditor Essential Functions

  • SOC Audit Engagements: Conduct SOC 1 and SOC 2 Type 2 readiness reviews and assist with SOC 1, SOC 2 Type 2, OSPAR, and ISO 27001 audit engagements related to IT controls.
  • Audit Charter Development: Prepare written internal IT audit charters, subject to Audit Committee review and approval, outlining the scope of activities, authority, and independence of internal auditing.
  • Audit Planning: Develop written internal IT audit plans, also subject to Audit Committee review and approval, specifying audit frequency, offices, and business units to be covered, testing summaries, control objectives, and detailed audit procedures.
  • Audit Reporting: Prepare written internal IT audit reports for Audit Committee review and approval, highlighting critical control weaknesses, significant control gaps, and areas for improvement identified during onsite audits.
  • Control Matrix Review: Conduct annual reviews of the IT Control Matrix, ensuring findings and updates are reviewed and approved by the Chief Information Officer and the Audit Committees.
  • Policy Assessment: Examine and assess IT policies and procedures to ensure adequacy, compliance, and alignment with best practices.
  • Operational Evaluation: Independently and objectively evaluate and consult on the adequacy and effectiveness of business activities, including operational risk management and corporate governance.
  • Risk Assessment: Assess the adequacy and effectiveness of risk identification and management processes.
  • Compliance Monitoring: Identify and report any compliance breaches or control deficiencies.
  • Improvement Recommendations: Provide actionable recommendations for improvement in areas where weaknesses or opportunities are identified.
  • Control Assurance: Offer assurance that internal controls are functioning effectively and operating as intended.
  • Follow-Up Audits: Perform regular follow-up audits focusing on non-compliant or high-risk areas to ensure corrective actions have been implemented.
  • Client Liaison: Liaise with clients to analyze workflows, responsibilities, procedures, and problem areas for process improvement and risk mitigation.

24. Internal IT Auditor Additional Details

  • Relationship Building: Build collaborative relationships between Internal Audit and lower-level management to enhance communication and audit effectiveness.
  • Auditor Development: Participate in recruiting efforts and assist in mentoring and training auditors to develop their professional skills.
  • Audit Supervision: Supervise information technology and compliance audits and consulting projects by coordinating schedules with management, conducting kick-off meetings, preparing and issuing request lists, tracking audit progress, addressing auditor inquiries, and communicating results to management.
  • Audit Execution: Perform information technology and compliance audit and consulting procedures, including interviewing personnel, observing operations, reviewing documentation, mapping data flows and controls, testing and validating controls, and using audit software to analyze data.
  • Documentation Management: Organize, document, and maintain audit work results in accordance with the Institute of Internal Auditors’ International Standards for the Professional Practice of Internal Auditing.
  • Work Review: Review auditors’ work and provide constructive feedback to improve audit procedures, accuracy, and documentation quality.
  • Findings Analysis: Analyze audit findings to identify control weaknesses, deviations from standards, and opportunities for process improvement, using IT expertise to develop practical recommendations.
  • Results Communication: Communicate audit results and improvement opportunities to Internal Audit leadership clearly through verbal and written reports.
  • Report Drafting: Draft Internal Audit reports and actively participate in closing meetings with management to discuss findings and recommendations.
  • Professional Development: Engage in professional group meetings and continuing education to maintain and enhance auditing knowledge and skills.
  • Accountability: Take ownership and accountability for higher workloads, responsibilities, and efficiency levels expected beyond those of a Staff Auditor.
  • Policy Adherence: Adhere to all departmental policies, procedures, and performance expectations.

25. Internal IT Auditor Duties

  • IT Auditing: Execute information technology (IT) and integrated audits in areas such as General Controls, IT Governance, IT project lifecycle, system conversion and pre-implementation reviews and Third Party Risk Management
  • Compliance Review: Review and assess compliance of IT systems and processes against IT directives, policies, standards and industry best practices frameworks
  • Risk Analysis: Independently conduct thorough risk analysis and control identification
  • Control Evaluation: Conclude on the effectiveness of processes and the design of controls
  • Problem Solving: Interpret the associated risks, develop testing approaches, and propose solutions
  • Gap Identification: Identify control gaps and control performance exceptions and independently evaluate the potential impact
  • Communication Skills: Effectively communicate orally and in writing in both technical IT and non-technical terms to Operational and IT management
  • Recommendation Skills: Make sound recommendations for audit finding rankings and effectively support conclusions during discussions with audit clients
  • Data Analysis: Conduct data analysis to facilitate audit scoping and testing
  • Knowledge Sharing: Share knowledge with broader NAAH and global teams and take an active role in facilitating the training and development of less experienced team members

26. Internal IT Auditor Details

  • IT Auditing: Audit components of the business units including critical technology functions, cloud-based infrastructure, cybersecurity, IT risk management, application security, and third-party risk management
  • Control Testing: Design and execute internal control testing for operations of varying complexity
  • Audit Execution: Perform audit tasks of moderate difficulty, demonstrating a degree of audit expertise consistent with experience level
  • Documentation Skills: Prepare clear, organized and complete documentation to support work performed
  • Time Management: Prioritize and effectively plan own work activities, managing multiple priorities and tasks across the team to deliver quality results
  • Client Relations: Establish and maintain good client relations during engagements
  • Report Writing: Assist in communicating the results of some audit projects to management via written reports and oral presentations
  • Engagement Administration: Perform various aspects of engagement administration, including hours and budget tracking
  • Communication Skills: Effectively communicate information, issues and audit progress to teammates and auditees
  • Risk Assessment: Assist with the development and maintenance of the Internal Audit IT Risk Assessment

27. Internal IT Auditor Responsibilities

  • IT Auditing: Plan and participate in various 52-109 IT General Controls (ITGC) audits, 52-109 Financial compliance audits, IT operational audits and other Operational audits
  • Control Evaluation: Evaluate the design and operating effectiveness of IT General Controls and IT Automated Controls
  • Testing Procedures: Preparation and/or review of systems documentation, selection of testing sample, and performance of testing
  • Risk Assessment: Identify risks and adjust audit plan and testing procedures accordingly
  • Process Improvement: Formulate and discuss control deficiencies with the process owners/control owners, resolve problems, and make recommendations for control and IT process improvements
  • Report Preparation: Prepare the working papers, summarize the results and perform follow-up audits
  • Time Management: Complete mandates/projects within time constraints and meet the deadlines (deadline-focused environment)
  • Access Review: Participate in user access review testing across various applications
  • Audit Support: Provide support to external auditors in the execution of financial auditing assignments
  • Special Projects: Involved in special projects and/or Operational audits

28. Internal IT Auditor Job Summary

  • IT Auditing: Execute Information Technology audits as defined by management and the Audit Committee
  • Risk Assessment: Identify and evaluate the organization’s risk areas
  • Audit Planning: Provide input to the development of the annual audit plan
  • Audit Procedures: Perform audit procedures, including planning, inquiry, developing work plans, testing, and reporting
  • Issue Identification: Identify, develop, and document audit issues and recommendations
  • Communication Skills: Communicate or assist in communicating the results of audit and consulting projects to management
  • Client Relations: Develop and maintain productive client and staff relationships through individual contacts and group meetings
  • Team Representation: Represent internal audit on organizational project teams, at management meetings, and with external organizations
  • Staff Training: Provide or assist in providing training, coaching, and guidance to internal audit staff and/or CareSource external auditors in conducting audits and other audit-related issues

29. Internal IT Auditor Accountabilities

  • Audit Planning: Draft the scope and objectives for the individual audit and prepare audit programs
  • Data Analysis: Conduct data extraction, analysis, and security reviews utilizing software tools
  • IT Auditing: Support audits and consulting engagements related to programming, mainframe batch and online processes, client-server architecture, Internet and intranet functionality, database extraction, technology strategy, and data communication and network security
  • Data Integrity: Act as liaison with business partners to ensure full understanding of data flow, data integrity, and system security
  • Risk Mitigation: Assess IT control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information
  • Professional Development: Pursue professional development opportunities, including external and internal training and involvement in professional associations, and share information gained with co-workers
  • Cross-Functional Collaboration: Significant interaction with others in the Department of differing skillsets (nursing, finance, etc.)
  • Stakeholder Engagement: Significant interaction with management and staff throughout CareSource, including interaction with the senior-most levels of the organization
Relevant Information
What Does A Director of Internal Audit Do?
What Does A Head of Internal Audit Do?
What Does An Internal Auditor Do?
What Does An Internal Audit Manager Do?