Description
Temporary Senior IT Auditor
SUMMARY
The Internal Audit Department’s mission is to provide independent, objective assessment of the Company’s system of internal control and underlying business processes. Internal Audit will employ the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework for defining, evaluating, testing and reporting on the Company’s policies, processes and information systems. Additionally, the IT guidance Control Objective for Information and related Technology (COBIT) framework will be adopted to further manage risk and control of information technology.
ESSENTIAL JOB FUNCTIONS
Responsible for project management of Sarbanes-Oxley #302 & #404 provisions as it relates to general computer controls over financial reporting.
Leverage Sarbanes-Oxley to improve operations, generate a return on investment and optimize programmed controls. Improve the quality of the internal control structure by aligning the compliance process with a risk based approach.
Responsible for the validation of all software used to design, develop, or manufacture our medical devices in conjunction with the “General Principles of Software Validation - Final Guidance” issued by the Food and Drug Administration (FDA). Software validation per the FDA is defined as “confirmation by examination and provision of objective evidence that software specifications conform to user needs and intended users, and that the particular requirements implemented through software can be consistently fulfilled.”
Institute a follow-up procedure to validate all significant software changes.
Perform advanced, specialized andor managerial auditing work in multiple disciplines. Responsible for managing complex IT audits: performing critical project management duties in the planning, scheduling, coordinating, reviewing and reporting of the work. Providing expertise in auditing standards, performance criteria and audit requirements.
Critically review the planning and fieldwork for the audit team, providing valuable on the job coaching/training.
Conduct the opening and closing meetings with the various audit locations. Present recommendations for change that support the goals of the Company and represent sound financial accounting principles.
Assess the overall significance of the control deficiencies identified during the audit. Provide perspective for evaluating the audit deficiencies against evolving industry best practices.
Develop a self-audit program to be rolled out company-wide to improve departmental performance and overall shareholder value.
Conduct a thorough review annually of all complex regulatory requirements, business practices and internal mandates and provide an overall assessment of our compliance with applicable laws and regulations (COSO objective).
This position will be called upon to participate with the Strategic Improvement team for various special projects requiring analytical and risk assessment skills.
Conduct work in accordance with the Standards for the Professional Practice of Internal Auditing and Code of Ethics promulgated by the Institute of Internal Auditors.
EDUCATION/LICENSE REQUIREMENTS
A BS/BA degree in Business, Information Technology or related field.
Professional Certification such as CPA, CISA, CIA, CFE, CISSP, or CISM preferred.
EXPERIENCE REQUIREMENTS
Minimum of 6 years professional experience to include evaluation of general IT controls and system application reviews. Working experience with Oracle Applications required.
Managerial courage to confront difficult issues with the appropriate response and to do so in a timely manner with anyall stakeholders.
Knowledge of Sarbanes-Oxley Act provision as it relates to compliance with strong IT controls over financial reporting.
Knowledge of the FDA’s General Principles of Software Validation required for all software used to design, develop and manufacture medical devices.
Understanding of both Control Objectives for Information and related Technology (COBIT) and auditing (GAAS) principals. Member of Information System Audit & Control Association (ISACA).
Understanding of ACL or other data extract techniques required.
Strong interpersonal skills – ability to work closely with people at all levels of the organization and facilitate the implementation of corrective action.