WHAT DOES AN IT AUDIT MANAGER DO?

Updated: Dec 08, 2025 - The Information Technology (IT) Audit Manager supports the section head in evaluating IT governance, IT service management controls, and compliance across both domestic and international operations. This role involves planning and leading audits, managing audit teams through all stages of the engagement, and preparing comprehensive reports with actionable recommendations. The manager also provides advisory support on IT initiatives, ensures timely follow-up on audit issues, and contributes to staff coaching and performance evaluation.

A Review of Professional Skills and Functions for IT Audit Manager

1. IT Audit Manager Accountabilities

  • IT Audit Execution: Manage, execute and complete the assigned IT audit assignments in accordance with the standards.
  • Report Preparation: Prepare audit reports (with fieldwork auditors) in accordance with acceptable quality standards.
  • Team Leadership: Lead the Group IT audit team with relevant Cybersecurity, emerging technologies and technical security control knowledge.
  • Risk Monitoring: Keep abreast of emerging IT risk issues and other key changes.
  • Cross-Functional Collaboration: Partner with operational/financial auditors to assess application IT controls related to key business processes.
  • Audit Planning: Prepare and manage IT annual audit plans based on the changing IT controls, risk posture, and/or business priorities.
  • Issue Follow-Up: Follow up on outstanding audit issues and monitor the timely completion of agreed remedial actions by management.
  • Relationship Management: Build a good audit relationship with key IT Management via regular interaction.
  • Issue Facilitation: Lead/facilitate discussion of issues and remedial action plans with various levels of management.
  • Team Development: Proactively contribute to the development of the IT audit team through coaching, training and providing timely feedback to junior staff.

2. IT Audit Manager Job Summary

  • IT Audit Execution: Undertake IT audits in line with ISACA standards and company protocols.
  • Control Review: Review IT General Controls, projects and programmes, and IT security.
  • Stakeholder Management: Work with the Audit and Risk team to maintain and develop relationships with key stakeholders.
  • Risk Assurance: Help ensure work carried out adequately addresses the key risks.
  • Control Improvement: Work with individual business units to allow improvements in the controls, which will mitigate risks.
  • Data Analysis: Review technical data, identify associated risks and interpret this into easy-to-understand terms for non-IT professionals in the business.
  • Action Monitoring: Ensure reported actions are agreed with SMT and are then followed up on, which will establish whether they have been carried out.
  • Influence and Persuasion: Persuade and influence senior stakeholders to ensure this does happen.

3. IT Audit Manager Responsibilities

  • Internal Control Application: Apply internal control principles and technical knowledge, including Application Controls and IT General Controls, and financial reporting concepts.
  • Compliance Management: Provide daily management and oversight of compliance and third-party attestation (e.g., SOC, ISO, HITRUST, etc.) projects.
  • Audit Planning: Develop and execute a detailed audit work plan for the IT audit component of the IA team through resource allocation, customer coordination and quality review.
  • Security Assessment: Perform IT security assessment processes, including audit and organizational policy and standards review.
  • Report Drafting: Draft and assist in reporting audit results to firm leadership.
  • Risk Communication: Assess and communicate audit results, translating findings into a level of risk and drive remediation of key issues in a timely manner.
  • Audit Reporting: Draft and analyze audit reports and establish metrics and monitoring efficiencies.
  • Control Framework Development: Develop an effective and sustainable IT system controls framework.
  • Control Evaluation: Manage the evaluation of the design and operational effectiveness of IT System Controls.
  • Training Delivery: Participate in the development and delivery of training curriculum.
  • Team Development: Participate in hiring activities for the IA team staff and provide staff with coaching/development.

4. IT Audit Manager Details

  • Risk Understanding: Quickly and proactively build a deep understanding of Koch Companies' IT standards, policies, and guidelines, as well as risks associated with each business and business capability.
  • Audit Strategy Development: Develop audit strategies and/or protocols for projects based on assessed risks, regulatory requirements, and compliance standards.
  • Project Management: Demonstrate well-developed project management skills, critical thinking, and a sense of urgency when performing audits and investigations.
  • Audit Execution: Conduct audit interviews and perform audit testing to identify potential gaps and opportunities.
  • Report Writing: Create high-quality audit reports that are accurate, concise, insightful, and delivered on a timely basis.
  • Process Improvement: Develop audit tools, assist with continual improvement of IT practices and key controls, and assist with the development and implementation of assurance strategies.
  • Innovation Enhancement: Continuously improve the audit process through innovation.
  • Customer Focus: Exhibit customer focus by developing strong relationships with internal customers to better understand risks and anticipate their needs.

5. IT Audit Manager Duties

  • Control Review: Perform IT general controls reviews, application controls reviews, and system development reviews.
  • Infrastructure Assessment: Responsible for infrastructure reviews, security and data privacy reviews, SDLCs, and pre- and post-implementation reviews.
  • Audit Participation: Perform and/or participate in audits evaluating the adequacy of non-IT controls for business units and/or key business processes.
  • Audit Planning: Assist the Vice President of Internal Audit in developing an audit approach and testing strategy for IT audits.
  • Integrated Support: Support non-IT Internal Audit staff in integrated audit projects by ensuring key business and information technology risks and controls are evaluated relevant to the scope of the review.
  • Results Communication: Communicate audit results to the Vice President of Internal Audit, management, and external auditors.
  • Report Preparation: Prepare the audit report draft for the Vice President of Internal Audit’s review.
  • Recommendation Clarity: Ensure recommendations are clear, concise, and focused on required remediation.
  • External Coordination: Coordinate IT testing and related IT SOX work with external auditors.
  • Risk Assessment: Participate in ongoing IT Risk Assessment to ensure the annual audit plan adequately addresses IT control risk.
  • Team Collaboration: Collaborate with other Audit staff to ensure all financial, operational, and compliance audit engagements properly address relevant IT risks.
  • Relationship Building: Facilitate good working relationships and communication flow between the Internal Audit Department and management, IT personnel, and external auditors.
  • Special Projects: Complete special projects as requested by Executive management and the Audit Committee.

6. IT Audit Manager Roles

  • Team Management: Manage and direct assigned staff to ensure completion of complex audits within departmental and professional standards in established timeframes.
  • Audit Execution: Plan, direct, execute and finalize the audit engagements.
  • Work Program Development: Establish audit work programs to effectively evaluate operations, based on best practices, regulatory requirements, and the operating environment.
  • Quality Review: Review the work of other team members and challenge their understanding of audit areas and processes to ensure adequate coverage.
  • Communication Management: Communicate appropriately to process owners and management during and at the conclusion of fieldwork with regard to audit findings.
  • Report Review: Review and provide feedback on formal written reports covering the results of audits and present audit findings and recommendations to executive management.
  • Client Relations: Maintain excellent management client relations while communicating issues, concerns, and recommendations to management clients.
  • Team Support: Assist other internal auditors in maintaining excellent management client relationships.
  • Project Monitoring: Lead, participate in, and monitor work assignments to ensure the timely completion of the project.
  • Documentation Review: Conduct a thorough review of work papers and report drafts prior to submission to department management.
  • Follow-Up Evaluation: Review follow-up procedures to ensure agreed-upon action plans have been implemented by management.

7. IT Audit Manager Tasks

  • Global Coordination: Coordinate effectively with the global audit team to complete global projects.
  • Regulatory Knowledge: Maintain current knowledge of regulatory requirements and professional standards.
  • Staff Training: Train staff members in internal audit techniques, organizational issues, and departmental procedures and protocols.
  • Departmental Initiatives: Participate in departmental initiatives and projects under the direction of the ASG Management to develop a world-class internal audit function.
  • Staff Scheduling: Determine staff scheduling of assignments based on skill levels needed for specific audits/projects.
  • Risk Identification: Work with the ASG management team to identify key areas of risk in its business units and subsidiaries.
  • Issue Communication: Work closely with the ASG management in promptly communicating issues and concerns as they relate to audit assignments and the general operation of the department.
  • Staff Development: Assist the ASG management in training, developing, and evaluating internal audit staff or assist.
  • Policy Compliance: Ensure that the processes encompass the company’s diversity commitment, compliance with company policies and legal requirements.
  • Deliverable Review: Assist with the review and approval of department deliverables, including findings and recommendations.
  • Quality Assurance: Establish and maintain (or assist with) a quality assurance program and develop and maintain a working department audit manual.

8. IT Audit Manager Details and Accountabilities

  • Team Leadership: Accountable for leading and developing a diverse team of IT audit professionals and overseeing the entire life-cycle of an audit, including planning, execution, reporting and findings follow-up.
  • Audit Management: Direct, oversee, plan and execute audits, resource requirements and processes.
  • Quality Assurance: Ensure audits are completed in accordance with established standards and within prescribed time, budget and scope parameters.
  • Audit Planning: Complete audit planning, risk and control assessment, and develop/update audit programs with assistance from senior auditors/auditors.
  • Testing Supervision: Supervise and monitor audit testing.
  • Documentation Oversight: Direct and oversee the completion of documentation of audit work in a clear, concise, logical manner and assessment of risk, design and operating effectiveness of controls.
  • Work Review: Review test working papers and audit findings/recommendations.
  • Findings Presentation: Present findings and recommendations to management.
  • Report Drafting: Draft audit report and obtain approvals to issue the audit report.
  • Follow-Up Management: Oversee and/or execute the follow-up of audit findings.

9. IT Audit Manager Overview

  • Audit Communication: Manage the ongoing audit communications and/or the reporting process with the client, senior management and external auditors for specific and/or overall audit area.
  • Process Improvement: Work with IT Audit Management to improve the audit process to ensure audits are performed efficiently and delivered timely with quality results.
  • Trend Awareness: Keep abreast of emerging trends and issues in information technology.
  • Risk Understanding: Develop and maintain a strong understanding of current business risks to adequately assess business impacts.
  • Research and Benchmarking: Conduct research to identify benchmarks and best practices for the management of IT risk across businesses.
  • Audit Planning: Contribute to the audit planning process for specific businesses/functional units.
  • Team Management: Manage a small/medium team of professional resources directly or indirectly and/or actively develop, recruit, train, coach and conduct performance assessments for team members.
  • Team Building: Promote and foster a cohesive team and positive work environment that encourages innovation, creativity and collaboration.
  • Relationship Management: Build and maintain positive working relationships by effectively communicating and regularly sharing information, issues/points of interest, learnings and knowledge with the team, internal and external business partners.
  • Goal Support: Support management and other team members in the achievement of individual, divisional and team goals.

10. IT Audit Manager Job Description

  • Objective Setting: Assist the Senior IT Audit Manager in setting IT audit objectives and developing an IT audit approach and methodology.
  • Audit Planning: Support the Senior IT Audit Manager in developing a risk-based annual IT audit plan as well as scope, schedule, execute, document and report on integrated and standalone IT-related audit engagements using various testing methods, to ensure the audits are performed on time and with quality.
  • Agile Methodology: Assist in developing an agile audit approach, including the development of new audit programs on the group’s emerging IT risks.
  • Control Assessment: Execute audit activities for the Group to assess the design of controls, operating efficiencies and compliance with corporate policies, legal requirements, rules and regulations.
  • Governance Support: Assist in the development, planning and execution of IT control and governance initiatives.
  • Report Preparation: Prepare internal audit reports for the Audit and Corporate Governance Committee (ACGC).
  • Advisory Support: Provide constructive advice to leadership and business unit and function heads to improve efficiency and risk mitigation.
  • Special Reviews: Perform special reviews requested by the Board or ACGC, or Senior Management.
  • Regulatory Research: Research and keep abreast of up-to-date legislative issues, new audit and IT regulations/trends and audit methodology.
  • Policy Review: Review and update related IT internal audit policies, standards and practices.
  • Data Analytics: Use data analytics for performing a dashboard analysis.

11. IT Audit Manager Functions

  • Audit Planning: Plan, develop, and execute specific audit procedures to meet planned objectives of audits of complex Bank technology activities, including technology in support of regulatory compliance and finance.
  • Control Evaluation: Formulate recommendations regarding control deficiencies and system ineffectiveness.
  • Operational Improvement: Identify areas for improved control, cost savings, and operational efficiencies.
  • Documentation Review: Prepare or review audit documents, work papers, audit reports, memoranda, and presentations.
  • Information Presentation: Present information in a clear, concise, and persuasive manner to the Audit Committee and management, as deemed applicable.
  • Management Communication: Meet and communicate with Management to perform audit procedures and provide status updates, findings and recommendations, and forward-looking insights.
  • Risk Assessment: Drive the IT audit risk assessment and track for significant changes in risk factors.
  • Team Management: Manage a team of IT auditors to drive completion of technology and information security audits.
  • Audit Support: Support the Internal Audit relationship between technology and information security.

12. Senior IT Audit Manager Roles and Responsibilities

  • Strategic Oversight: Apply a strategic perspective in overseeing the planning, execution and delivery of assigned audit and advisory engagements in accordance with audit methodology and audit plan budgets and timelines.
  • Technology Awareness: Maintain awareness of technology trends, risks and controls through personal curiosity, training and networking.
  • Risk Prioritization: Drive risk-prioritized engagement planning and delivery, challenging scope and approach based on company and industry risks, including emerging risks.
  • Performance Management: Lead performance activities for direct reports, including goal setting, career planning, training selection, certification and timely performance discussion that grow and support staff in their career aspirations.
  • Relationship Building: Build and cultivate Internal Audit and client management relationships that foster a strong risk culture, understand the organization’s business, identify IT risks and contribute to a constructive Internal Audit brand.
  • Report Preparation: Incorporate a holistic and business-oriented view in preparing audit reports and issues through concise, precise and accurate writing.
  • Quality Review: Review work to ensure it is performed and documented in accordance with audit methodology and provide timely feedback to auditors.
  • Negotiation Leadership: Lead and actively participate in negotiations with clients, peers and senior audit executives in conversations about risks and controls within assigned engagement books and as part of team and departmental discussions.
  • Innovation Integration: Incorporate innovative audit techniques, including data analytics, in engagements, continuous monitoring and to increase the scope, quality and timeliness of work performed.
  • Progress Reporting: Provide clear and timely engagement updates to audit management and clients, especially regarding delays, control issues, budget, or timeline concerns.

13. IT Audit Manager Responsibilities and Key Tasks

  • Project Leadership: Lead a solutions-based project team to complete wide-ranging audit initiatives, both on time and within budget.
  • Industry Expertise: Provide knowledge and expertise on industry practices, audits, risk, and internal controls.
  • Compliance Management: Manage regulatory compliance engagements, including Sarbanes-Oxley requirements.
  • Program Development: Create risk-based audit programs related to IT systems, processes, and technologies.
  • Testing Methodology: Develop testing methodologies to evaluate the adequacy of controls.
  • Process Evaluation: Lead the analysis and evaluation of technology-driven business processes and controls within the organization.
  • Standards Research: Research technology standards, including but not limited to COBIT, ISO, and ITIL.
  • Regulatory Oversight: Manage compliance engagements, including Sarbanes-Oxley initiatives, and stay ahead of regulatory compliance changes.
  • Attestation Management: Manage SSAE 18 engagements (i.e., SOC 1 and SOC 2 attest engagements).

14. IT Audit Manager Duties and Roles

  • Risk Identification: Leverage industry-leading standards to identify current and potential risks.
  • Audit Communication: Communicate audit findings and recommendations to senior-level resources with verbal and written correspondence, including draft reports that are comprehensive and complete in each audit area.
  • Project Leadership: Demonstrate strong project leadership expertise, including mentorship, knowledge transference, and reviewing deliverables.
  • Collaboration: Collaborate with a number of industry specialists to test and design the effectiveness of audit processes, controls, continuous monitoring and reporting in dynamic environments.
  • Team Management: Lead small teams effectively, managing multiple projects and providing meaningful feedback in a timely, consistent, constructive manner.
  • Issue Resolution: Update leadership on issues as soon as they arise and proactively create solutions.
  • Service Contribution: Contribute to other initiatives centered upon Focal Point’s full suite of risk-related service offerings, including security, privacy and enterprise-wide IT Risk management.
  • Business Development: Support in new business development endeavors, participating in client engagements, the development of proposals or project bids, and presenting opportunities to new clients.

15. IT Audit Manager General Responsibilities

  • Audit Execution: Execute audit objectives by understanding the business divisions and being a subject matter expert in IT.
  • Time Management: Execute IT audits within agreed timeframes.
  • Control Testing: Test key controls by gathering relevant audit evidence and interpreting data.
  • Documentation: Document test plans, results and conclusions clearly and concisely.
  • Issue Validation: Issue validation interview customers and conduct the process.
  • Knowledge Development: Develop individual knowledge of the Group's IT systems, technologies and processes.
  • Technical Understanding: Showcase general understanding of diverse IT systems concepts.
  • Stakeholder Management: Effectively manage stakeholders, timelines and communication.

16. IT Audit Manager Key Accountabilities

  • Engagement Management: Manage multiple IT audit engagements and projects.
  • Process Leadership: Provide functional leadership of the IT audit processes and ensure assigned audits are completed in compliance with department policies and procedures and ensure all audit objectives have been satisfied.
  • Work Planning: Review, approve, and manage progress against audit work plans, delegate appropriately, and provide flexible alternatives in order to manage multiple work assignments.
  • Methodology Compliance: Ensure all audits are executed utilizing a consistent audit methodology, as defined in the Audit Manual.
  • Scope Definition: Determine and approve the objective, scope, and general plan of each audit.
  • Scope Management: Responsible for managing audit scope.
  • Risk Prioritization: Focus audit scope on higher risk areas.
  • Progress Tracking: Track and report on audit progress.
  • Resource Management: Manage costs and timeliness.
  • Business Understanding: Know the business and understand key factors impacting the company.

17. IT Audit Manager Role Purpose

  • Strategic Alignment: Align work with department and company strategy.
  • Action Follow-Up: Follow up on action plans from management.
  • Staff Development: Train, coach, and mentor audit staff to develop skill levels and auditing effectiveness.
  • Team Building: Establish an atmosphere of trust, honesty, and respect among team members that encourages communication and allows the team to.
  • Task Management: Effectively accomplish assigned tasks within defined cost, schedule, and quality assurance requirements.
  • Audit Support: Assist the VP of Audit with ongoing auditing, monitoring, and administrative responsibilities.
  • Program Maintenance: Assist the VP in maintaining and modifying audit programs to ensure procedures are current and effective.
  • Process Improvement: Identify areas of opportunity to improve the department’s functionality, either administratively or operationally.
  • Performance Communication: Communicate with the VP of Audit any performance issues with regard to either personnel or audit practices to provide the requisite constructive assessments.
  • Policy Compliance: Ensure adherence to department policies.
  • Change Management: Participate in change design and assist in leading the communication and implementation of change initiatives.
  • Administrative Support: Perform other administrative duties as delegated by the VP of Audit.
  • Report Finalization: Review and finalize reporting, both written and oral, to key internal customers.

18. IT Audit Manager General Responsibilities

  • Plan Development: Participate in the development of the annual risk-based plan.
  • Risk Understanding: Understand business segments and associated risks.
  • Risk Assessment: Maintain a continuous risk assessment thought process throughout the year to ensure the audit plan is reflective of emerging risks.
  • Stakeholder Communication: Maintain continuous informal communications with the business unit and/or project management to identify possible future audit risks or concerns.
  • Client Relationship: Cultivate relationships with clients.
  • Partner Involvement: Involve key partners in the execution of the audit and the resolution and reporting of findings.
  • Cross-Functional Interaction: Interact with all organizational units and levels, as well as others outside the organization, e.g., external auditors, attorneys.
  • Recruitment and Evaluation: Assume the primary role in recruiting and regular performance evaluation activities of direct reports.
  • CAAT Implementation: Identify opportunities for the use of computer-assisted audit techniques (CAAT) and design and program audit software to improve audit productivity and coverage.
  • Staff Guidance: Guide staff in developing and maintaining CAAT scripts.
  • Result Communication: Communicate audit results, weighing the relevancy, accuracy, and perspective of conclusions against the accumulated audit evidence, both for individual issues as well as for the processes and total audit scope.

19. IT Internal Audit Manager Essential Functions

  • Risk Evaluation: Identify and evaluate the organization’s technology audit risk areas and provide key input to the development of the risk-based annual internal audit plan.
  • Audit Execution: Perform audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting client processes and procedures.
  • Interview and Documentation: Conduct interviews, review documents and prepare working papers.
  • Issue Identification: Identify, develop, and document IT audit issues and recommendations for improvement using independent judgment concerning areas being reviewed.
  • Result Communication: Communicate or assist in communicating the results of IT audit and consulting projects via written reports and oral presentations on a timely basis to senior management.
  • Team Collaboration: Develop and maintain productive team-oriented relationships within the team and across the organization through individual contacts and group meetings.
  • Governance Consulting: Coach and consult business units, MGS and Corporate on governance, risks and controls.
  • Global Initiatives: Lead or contribute to regional or global Internal Audit (IA) initiatives that focus on governance and control improvement or IA-internal processes.
  • Professional Development: Pursue professional development opportunities, including external and internal training and professional association memberships, and share information gained with co-workers.
  • Representation: Represent internal auditing on organizational project teams, at management meetings, and with external organizations.

20. IT Audit Manager Additional Details

  • Audit Execution: Assist in the execution of the IT audit program by conducting and overseeing IT audits of information technology, cybersecurity, cloud computing, IT risk management and supporting processes.
  • Technical Assessment: Analyze and assess architecture, technology infrastructure, data storage, security, change management, IT governance and compliance with regulatory guidance and industry standards.
  • Issue Identification: Identify IT and information security program issues, and effectively communicate findings to leadership inside and outside of IT.
  • Process Improvement: Provide recommendations to improve or change processes and systems.
  • Program Design: Assist in the design and planning of a comprehensive IT audit program tailored to the bank.
  • Audit Responsibility: Responsible for conducting IT audits.
  • Departmental Auditing: Perform IT audits of departments, systems and business processes and functions.
  • Compliance Assurance: Ensure audit work is completed according to departmental procedures and IIA standards.
  • Regulatory Compliance: Ensure compliance with the bank policies and procedures, cybersecurity standards, regulatory guidance and applicable laws and regulations.

21. IT Audit Manager Overview

  • Reporting Documentation: Prepare work papers and audit reports to ensure audit objectives have been met, control systems have been properly assessed, and appropriate conclusions reached.
  • Risk Assessment: Assess relevance of audit findings, potential exposures, and materiality.
  • Risk Identification: Identify additional risks not previously considered.
  • Issue Follow-Up: Assist in follow-up on outstanding issues until appropriate corrective action is taken.
  • Corrective Action Review: Ensure corrective action is appropriate to the issue, such as the establishment of effective mitigating controls to address the risks identified.
  • Audit Oversight: Responsible for overseeing IT audits.
  • Liaison Management: Perform duties as liaison to co-sourced auditor firms that conduct internal IT audits and provide oversight of those firms to ensure fulfillment of the terms of their engagements.
  • Vendor Oversight: Ensure that the activities described above are performed by the co-sourced firms as described in Internal Audit’s procedures and policy.
  • Plan Evaluation: Evaluate IT and information security business and implementation plans and internal progress against those plans.

22. IT Audit Manager Details and Accountabilities

  • Project Monitoring: Provide periodic monitoring of major IT initiatives and report on progress against business plans in terms of target dates and achievement of objectives, with analysis of the cause of any issues encountered by IT, Information Security, or the business units in the completion of the plans.
  • Plan Development: Assist the Chief Auditor in the development and implementation of the IT audit plan.
  • Audit Planning: Assist in the development of the IT audit plan using knowledge of information technology, information security, cloud technology, change management, internal goals, external industry developments, regulatory compliance requirements and guidance developments, and internal and external risk factors.
  • Program Analysis: Analyze the effectiveness of the IT audit program.
  • Control Assessment: Ensure the systems of internal controls and risk management processes are properly assessed.
  • Standards Review: Review IT and information industry standards, internal audit standards, and accounting principles and developments.
  • Procedure Integration: Ensure that they are incorporated into any audit procedures and are disseminated to the staff.
  • Regulatory Compliance: Ensure compliance with all regulations, policies, and procedures.

23. IT Audit Manager Duties and Roles

  • Audit Management: Manage the company's information technology audits, operational, compliance/regulatory audits, and assess system configurations, settings, security, data integrity, user access, system implementations, program and project management, and Sarbanes-Oxley testing.
  • Risk Escalation: Provide recommendations for business process improvements and internal controls and escalate potentially significant risks and exposures to audit management and assist in fraud investigations.
  • Budget Control: Ensure budgets are met by minimizing expenses and controlling variances to their lowest level in all areas.
  • Data Analytics: Design and build data analytics scripts to strengthen the system of internal controls.
  • Compliance Monitoring: Develop and perform compliance and monitoring of audit programs for Sarbanes-Oxley initiatives.
  • Control Inspection: Inspect accounting and information technology system controls to determine their efficiency and protective value while analyzing data obtained for evidence of deficiencies in controls, duplication of effort, extravagance, fraud, or lack of compliance with management's established policies and/or procedures.
  • Control Design: Participate in control design, changes, and development with all levels of employees.
  • Report Preparation: Prepare reports of findings and make recommendations to upper management.
  • Policy Documentation: Responsible for documenting policies and procedures for internal controls.

24. IT Audit Manager Duties

  • Governance Assessment: Assist the section head in assessing and reviewing the adequacy and effectiveness of IT governance and controls on IT services management processes supporting IT and business strategy and operation, domestic subsidiaries, and foreign subsidiaries.
  • Staff Coaching: Coach subordinates to complete audit assignments.
  • Schedule Preparation: Prepare a schedule for audit assignments and related documents for pre-audit activities.
  • Meeting Leadership: Lead team to conduct preliminary discussion, opening meeting, and exit meeting with the auditee.
  • Scope Definition: Determine audit objective and scope.
  • Fieldwork Management: Manage team members to perform audit fieldwork and discuss with the section head the audit observation and results.
  • Report Management: Manage the team to complete the working paper and audit report.
  • Issue Follow-Up: Follow up on outstanding audit issues.
  • Performance Evaluation: Evaluate team member performance.
  • Risk Advisory: Assist the section head in providing risk advisory services for IT initiatives related to IT services management to add value to the organization.
  • Control Assurance: Ensure adequate and proper IT controls are in place.
  • Audit Execution: Assist the section head in conducting new priority audit activities, including IT governance and IT general controls, as required by management.

25. IT Audit Manager Job Summary

  • Plan Development: Develop annual IT audit plans for IT-specific areas as well as across operational, financial, compliance and risk management audits.
  • Requirement Support: Support the GIA in identifying requirements to ensure highly specialized technical knowledge and experience are applied appropriately to IT audit reviews.
  • Audit Leadership: Lead and manage IT audit focus through applying risk analysis skills, the use of data analytics and professional judgment.
  • Risk Identification: Identify areas for in-depth review with the aim of providing internal customers and stakeholders with assessments of governance, risk management and internal control frameworks.
  • Plan Delivery: Support the GIA in the delivery of the IT audit plan, including additional ad-hoc or special audit work.
  • Audit Execution: Ensure that IT audits are completed in a timely and efficient manner in accordance with standards established by industry best practices and the relevant risk and regulatory environment.
  • Issue Communication: Communicate root causes of identified issues, associated risks, including recommendations for improvements in business processes, on the current and future business model and operating environment and ensure that action plans are properly implemented by management.
  • Team Guidance: Ensure IT audit team members have a full and complete understanding of the nature and scope of the risks involved in the business by providing the necessary guidance, support and managing their performance throughout each audit.
  • Report Review: Review audit reports to support the Head of Internal Audit and produce high-quality and concise audit reports for the Head of Internal Audit’s review.
  • Stakeholder Communication: Support GIA in communications with Senior Management, the Audit Committee, external auditors and regulators, consultants, and other external parties regarding IT internal audit-related matters.
  • Risk Collaboration: Collaborate with stakeholders to identify potential red flags and ensure that insights into emerging risks and controls are identified and managed.
  • Stakeholder Engagement: Build trust and credibility with stakeholders in order to objectively engage them, challenge their views and support senior management in achieving their business objectives.
  • Project Support: Support the GIA with ad-hoc projects.

26. IT Audit Manager Key Accountabilities

  • Business Acumen: Develop own business and IT acumen and continuous understanding of developments and emerging risks.
  • Project Ownership: Own the end-to-end delivery of multiple audit projects (local or global audits), leading and coaching the team, providing the right guidance, support and quality review of outcomes in line with the Internal Audit methodologies.
  • Audit Planning: Assist the Portfolio Manager in planning and determining the audit scope for relevant audits within the Zurich Operations and Information Technology space, focusing on what matters most.
  • Data Analytics: Plan and execute data analytics testing along the audit cycle in coordination with Data Scientists and Subject Matter Experts.
  • Stakeholder Communication: Support the syndication of the audit observations along the project and establish regular communication and interaction with key senior stakeholders.
  • Audit Leadership: Lead IT audit projects from the planning to the reporting phase and document results with value-added recommendations aligned with audit methodology.
  • Strategy Coordination: Coordinate IT audit strategy and planning with operational and finance audits.
  • Risk Coverage: Provide adequate coverage over the company’s critical IT risks.
  • Testing Supervision: Conduct and supervise the execution of the IT audit plan and testing of ITGCs.
  • Team Collaboration: Collaborate and coordinate with internal audit team members and other IT functions (IT Security, IT Operations and IT Infrastructure) to ensure aligned and efficient execution.
  • Mentorship: Mentor and guide IT associates and senior IT associates in the team and help build a world-class IT audit function.

27. IT Audit Manager General Responsibilities

  • Audit Execution: Work with colleagues to plan and execute audits to a high quality to provide audit assurance and insights over the highest technology risk.
  • Report Delivery: Support the delivery of objective, concise and insightful audit reports on the effectiveness of the framework of controls for each audit.
  • Stakeholder Management: Manage key stakeholder relationships.
  • Issue Tracking: Own the interaction with business management for issue tracking to support Internal Audit's validation of issue closure.
  • Committee Reporting: Support reporting to internal audit key stakeholders (e.g., Audit Committees, Risk Committees, Board Committees) and through these influence management to deliver a more effective controls framework.
  • Risk Analysis: Support the Technology Audit Principal in planning, independently performing risk and control analysis, executing audit testing and preparing reports for IA management review and finalization.
  • Resource Coordination: Support auditors and business stakeholders' time across the business to deliver each audit effectively and efficiently.
  • Relationship Building: Manage relationships with stakeholders and help build a reputation as a business-astute, highly professional and capable audit team.
  • Methodology Compliance: Deliver all aspects of work in accordance with the methodology to the Technology Audit Principal for quality review.
  • Team Contribution: Responsible for being proactive and contributing to team operations, including quarter-end reporting, audit issue follow-ups, enterprise risk management activities and any other team activities.

28. IT Audit Manager Roles and Responsibilities

  • Audit Planning: Contribute to planning, scope development, and project execution for sophisticated technology-related audits and perform audit test work and preparation of adequate and sufficient audit documentation in accordance with prescribed methodology.
  • Control Improvement: Identify root cause and opportunities for improvement of internal controls and acquire consensus on remediation plans with key business partners (IT Operations, Product Security, Information Security and SOX teams).
  • Report Preparation: Prepare audit reports with clearly presented recommendations to management and conduct audit projects on a regular cadence.
  • Independent Execution: Easily adapt between working independently and reciprocally on a team, perform follow-up reviews, and report on the status of action plans to implement internal control improvements derived from internal audit projects.
  • Standards Compliance: Independently carry out audit engagements in accordance with the annual audit plan and known IT standards, e.g., International Organization for Standardization (ISO), National Institute of Standards and Technology (NIST), Open Web Application Security Project (OWASP), Center for Internet Security (CIS) Controls, and so forth.
  • Infrastructure Review: Perform a review of the cloud and network infrastructure with a focus on governance, security, and alignment of business objectives.
  • Documentation: Prepare audit reports supported by evidence-based working papers to ensure adequate documentation.
  • Cross-Department Collaboration: Collaborate with different department representatives and process owners on various initiatives.
  • Ad-Hoc Review: Perform ad-hoc reviews or activities as may be required by the management.

29. IT Audit Manager Roles

  • Audit Supervision: Coordinate, supervise and participate in audits of compliance with prescribed internal controls governing technology processing environments.
  • Program Development: Develop audit programs and perform testing of IT controls within major data centers, supporting technologies, applications, networks, and selected development projects that replace or significantly enhance critical applications.
  • Plan Refinement: Assist in developing and refining the annual audit plan, scheduling audits of data centers, local area networks, service bureaus, system software, applications and systems development projects.
  • Process Improvement: Ensure identification of business process improvements for segments audited, to enhance operational effectiveness, customer service quality and efficient use of company resources.
  • Skill Maintenance: Maintain skillsets on technical changes as well as pertinent internal and regulatory requirements.
  • Change Communication: Communicate these changes within the department and ensure audit programs are revised accordingly.
  • Audit Coordination: Plan, coordinate and execute IT audit activities for the Group.
  • Team Supervision: Supervise other audit staff or assist other audit staff in the same project.
  • Program Customization: Review and customize the audit program during audit planning for an audit assignment.
  • Risk Evaluation: Evaluate risks associated with IT processes and assess the effectiveness of the internal control system in place.
  • Report Preparation: Prepare audit report and make recommendations to management on non-compliance areas, control weaknesses and process inefficiency noted.
  • Project Management: Manage or assist with forensic, special projects, or other finance and operations audits as assigned by the Head of Internal Audit.
  • Department Support: Perform tasks related to the Internal Audit department, as requested by the Head of Internal Audit from time to time.

30. IT Audit Manager Functions

  • Audit Leadership: Deliver and/or lead technology and operational audit assignments across European locations, participating in all stages of the audit from planning, execution, reporting and follow-up.
  • Control Improvement: Identify control gaps or process improvements and gain exposure to senior stakeholders.
  • Portfolio Management: Manage the delivery of a portfolio of audit assignments to a high quality in accordance with audit methodology, within budget and agreed timelines.
  • Stakeholder Engagement: Engage with stakeholders to obtain a clear understanding of the business under review.
  • Finding Communication: Communicate value-added audit findings and reports that provide the impact (root cause and risks), which will require action from senior stakeholders.
  • Business Partnership: Build business partnerships with key stakeholders to assist with control frameworks.
  • Process Enhancement: Support and contribute to the continuous improvement of the audit function through automation (e.g., implementation of audit tools, data analytics and risk/control monitoring).
  • Mandate Management: Manage IT Assurance and IT Advisory mandates with a focus on financial services customers.
  • Exam Participation: Play a central role in global IT exams.
  • System Assessment: Check and assess financial systems, taking risk and compliance into account, as well as regulatory requirements.
  • Optimization Identification: Identify optimization potential in the team and in cooperation with the various internal stakeholders.
  • Interdisciplinary Collaboration: Promote interdisciplinary collaboration with other departments within the global Consultancy Company network.
  • Client Support: Support in maintaining and expanding the Consultancy Company's customer portfolio.
Relevant Information
What Does An Internal IT Auditor Do?
What Does An IT Auditor Do?
What Does A Senior IT Auditor Do?