city seal

City of Austin - JOB DESCRIPTION

city seal

IT Audit Manager
FLSA: Standard/Exempt EEO Category: (20) Professionals
Class Code: 10422 Salary Grade: AB3
Approved: Last Revised: April 10, 2024

Purpose:
 

Under limited direction, this position manages all Office of the City Auditor (OCA) information technology (IT) engagements, multiple auditors, and selected non-IT engagements. Work also involves planning, organizing, directing, and performing a wide variety of professional auditing and non-auditing duties to assess the effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
Duties, Functions and Responsibilities:
  Essential duties and functions, pursuant to the Americans with Disabilities Act, may include the following. Other related duties may be assigned.
  1. Manages staff auditors responsible for auditing information systems. platforms, and operating procedures and practices in accordance with established City standards and recommended best practices for efficiency, effectiveness and security.
  2. Develops annual IT Audit Plan based on existing and emerging risks in information technology and cybersecurity utilizing industry and regulatory issues and standard methodologies.
  3. Provides technical guidance to non-IT audit staff members with respect to information technology controls.
  4. Manages co-sourced and out-sourced IT projects and acts as a department liaison to various IT departments/teams and the Audit and Finance Committee.
  5. Provides service to elected officials, employees, representatives of outside agencies, and members of the public by providing accurate, complete, and up-to-date information in a courteous, efficient, and timely manner.
  6. Manages all aspects of audit and non-audit services for assigned engagements, including planning, budgeting, scheduling, risk assessments, preliminary audit surveys, methodologies, fieldwork, audit program, work paper review, report writing, quality assurance and presentation of results and recommendations for basic and complex engagements as applicable.
  7. Prepares and reviews reports to ensure key information technology, operational, financial or compliance risks and issues are sufficiently supported and documented and that meaningful recommendations are developed. Ensures reports are well organized, logical, and clear.
  8. Manages the preparation of audit and non-audit reports with Generally Accepted Government Auditing Standards (GAGAS). Formulates and recommends the development of audit techniques and procedures required by OCA and recommends alternative approaches to interpreting and implementing auditing standards, legal and regulatory requirements, administrative requirements, and policies and procedures regarding engagements and manages their implementation.
  9. Assists or conducts oral presentations to elected officials, management, employees, and the public as required. Reviews written presentations and recommends improvements in organization, logical presentation, and clarity as well as content.
  10. Assists in developing the OCA development plan. Ensures that all assigned staff meet Continuing Professional Education (CPE) required for their licenses and certifications. Assists in managing the OCA Quality Assurance Program to ensure full compliance with standards.
  11. Represents the City and department. May serve on committees, associations, and task groups as assigned and leads in modeling office values and expectations regarding ethical standards and professional demeanor.
  12. Maintains the credibility of the office, assisting with the office’s quality assurance function, ensuring that the standards of objectivity and independence are maintained, the office’s status as a regional and national auditing leader is maintained, and all staff adhere to the ethical standards required by the profession and the City of Austin.
Responsibilities - Supervisor and/or Leadership Exercised:
 

Responsible for the full range of supervisory activities: selection, training, evaluation, counseling, and recommendation for dismissal.
Knowledge, Skills, and Abilities:
  Must possess required knowledge, skills, abilities, and experience and be able to explain and demonstrate, with or without reasonable accommodations, that the essential functions of the job can be performed.
  • Knowledge of Information technology areas such as, governance structure, information security, cloud computing, IT general controls, data backup and recovery, etc.
  • Knowledge of IT best practice frameworks (e.g. NIST, CIS)
  • Knowledge of compliance requirements (e.g., PCI-DSS, PII, HIPPA, CJIS)
  • Knowledge of Generally Accepted Governmental Auditing Standards (GAGAS).
  • Knowledge of performance measurement principles.
  • Knowledge of audit related quantitative methods and audit project management.
  • Knowledge of process improvement methodologies.
  • Knowledge of management principles and practices applicable to government functions, programs, and processes.
  • Knowledge of the Institute of Internal Auditor’s (IIA) professional practices standard framework including Code of Ethics, International Standards, and Practice Advisories.
  • Knowledge of the COSO Internal Control Framework and Standards for Internal Control in the Federal Government (Green Book)
  • Knowledge of customer service objectives and methodologies.
  • Knowledge of Generally Accepted Auditing Standards (GAAS).
  • Knowledge of Generally Accepted Accounting Principles (GAAP).
  • Skill in oral and written communication in a local government setting.
  • Skill in leadership in a medium to large audit shop.
  • Skill in decision-making with specific emphasis on good auditor judgement.
  • Skill in interpersonal communication to establish and maintain good working relationships with elected officials, management, other employees, and the public.
  • Ability to effectively apply knowledge of City and Office of the City Auditor personnel policies and procedures.
  • Ability to maintain high ethical standards in difficult situations.
  • Ability to resolve issues and overcome obstacles needed to achieve objectives.
  • Ability to treat City employees, representatives of outside agencies, and members of the public with courtesy and respect.
  • Ability to maintain a professional presence and demonstrate sound judgment in answering questions and releasing information to insure relevant, reliable, and accurate information is provided on a timely basis.
Minimum Qualifications:
 
  • Graduation with a Bachelor’s degree from an accredited college or university with major coursework in Accounting, Business Administration, Finance, Public Administration, Information Systems or a related field, plus five (5) years experience auditing information systems, including two (2) years of experience which were in management and/or supervisory capacity.
  • Graduation with a Master’s degree from an accredited college or university in a field related to the job may substitute for one (1) year of non-managerial experience.
Licenses and Certifications Required:
 

Two (2) of the following audit-related certifications, one (1) of which must be a CIA or CPA.

  • Certified Information Systems Auditor (CISA)
  • Certified information Systems Security Professional (CISSP)
  • Certification in Risk and Information Systems Controls (CRISC)
  • Certified Government Auditing Professional (CGAP)
  • Certified Internal Auditor (CIA)
  • Certified Public Accountant (CPA)
  • Certified Fraud Examiner (CFE)
  • Certification in Control Self Assessment (CCSA)
  • A certification approved by the City of Austin’s City Auditor

This description is intended to indicate the kinds of tasks and levels of work difficulty required of the position given this title and shall not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of management to assign, direct and control the work of employees under supervision. The listing of duties and responsibilities shall not be held to exclude other duties not mentioned that are of similar kind or level of difficulty.