Occ. Code 0472100

 

 

INFORMATION SYSTEMS AUDITOR 1, GRADE 23	0472100
INFORMATION SYSTEMS AUDITOR 2, GRADE 27	0472200
INFORMATION SYSTEMS AUDITOR 3, GRADE 31	0472300

 

New York State Department of Civil Service

 

Classification Standard

 

BRIEF DESCRIPTION OF CLASS SERIES

 

            Positions in this title series manage and oversee systems audits; develop and administer software applications for use by audit staff; and develop data extracts from information systems to support audit initiatives.  Incumbents oversee systems analysis activities related to audit or department-wide systems; install and manage computer hardware and software; design and develop mainframe and server-based applications; and evaluate and test applications.

 

            These positions are classified at the Offices of Temporary and Disability Assistance and the Medicaid Inspector General, the Department of Health, and the State Insurance Fund.

 

DISTINGUISHING CHARACTERISTICS

 

            INFORMATION SYSTEMS AUDITOR 1: full performance level; designs, writes, develops, tests and maintains audit software.

 

            INFORMATION SYSTEMS AUDITOR 2: first supervisory level; oversees and collaborates in the development of audit plans and audit systems.

 

            INFORMATION SYSTEMS AUDITOR 3: second supervisory level; directs and coordinates all matters related to the design, development, implementation and maintenance of the Information audit component.

 

RELATED CLASSES

 

            Data Processing Fiscal Systems Auditors collaborate with accountants and auditors in conducting computer assisted audits of electronic accounting records.  Incumbents perform targeted examinations of the information technology environments at various institutions; perform comprehensive audits and operational risk reviews associated with information technology (IT) systems, reviewing the adequacy of automated records systems and controls governing IT systems and operations; and develop computer applications and disseminate technical assistance to support accounting and auditing functions.

 

            Information Technology Examiners (Banks) perform comprehensive evaluations and operational risk reviews of the IT environment (i.e., systems management, electronic banking, internet security, pc banking, etc.) at financial institutions regulated by the Banking Department.  These positions review the IT activities as part of a regularly scheduled safety and soundness examination or perform independently targeted IT examinations.

 

ILLUSTRATIVE DUTIES

 

            INFORMATION SYSTEMS AUDITOR 1

 

Collaborate in the design, development, testing and implementation of modifications and enhancements of audit and department-wide systems and compare audit requirements to system specifications.

 

• Design, write, develop and test audit software for both mainframe and PC applications to allow for an independent audit extraction of data to meet audit project requirements.
• Participate in all phases of application development and in the design of internal audit programs.
• Test the functionality and the logic of the current system edits to determine if they are working as intended and to identify system vulnerabilities.
• Monitor and edit status changes.
• Design and review test techniques required to ensure the accuracy and integrity of the system and its capability to produce audit data.
• Develop and maintain relational databases in a server-based environment.

 

Administer audits of department-wide systems, eligibility systems, claims systems, and/or payments systems to ensure the accuracy of their operation.

 

• Define areas of activities to be included in team members audits within the subject systems to ensure the consistency and integrity of systems operations.
• Oversee, lead and collaborate in technical and operational reviews and assess the effectiveness of controls.
• Develop audit plans of computer systems and/or operations and determine their impact on programmatic goals and objectives.
• Demonstrate expert working knowledge for members of the audit team on following audit trails, verifying audit techniques built into the system, evaluating system checks and controls, and solve problems relevant to the systems internal controls as they emerge.

 

Review department databases and other systems to assess effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability; and identify potential areas of exposure and weakness.

 

• Develop data extracts from systems in support of auditing initiatives.
• Disseminate recommendations on areas requiring external field audits based on the results of internal  information system audits.
• Administer periodic on-site reviews of disaster recovery, informational and physical security of department systems and recommend necessary improvements.

 

Collaborate in risk assessment and analyze all critical business processes and deadlines, including processes that exchange data with external organizations.

 

Compile periodic status reports including analyses, appraisals, comments and recommendations for supervisor consideration.

 

INFORMATION SYSTEMS AUDITOR 2

 

May perform all of the duties and functions of an Information Systems Auditor 1.

 

Supervise subordinate staff.

 

• Provide  guidance and oversight to subordinate staff, and intervene and resolve problems as necessary.
• Determine and oversee staff assignments. 
• Approve leave and track time and attendance.
• Review, monitor and evaluate staff performance. 
• Complete performance evaluations.
• Identify training needs and arrange for provision of training.
• Manage and direct program activities by setting priorities and deadlines.

 

Identify the need for new front-end system edits, and manage system projects for edit development, testing, refinement and implementation.

 

·         Manage the modification and/or replacement of existing audit support systems and software.

 

Oversee the design of internal audit programs and the design and/or refinement of test techniques to ensure the accuracy and integrity of the system and its capability to produce data required by federal regulations.

 

·         Oversee, manage and monitor the information technology components of audit activities conducted by contractors and consultants.

·         Oversee the development of audit plans of computer systems and/or operations and their impact on programmatic goals and objectives.

·         Design the audit tools and project processes needed to accomplish the audit mission.

 

Draft and compile statistical and managerial reports on caseload, provide detailed and summary reports, and create an audit tool to test categorical change determinations.

 

Coordinate meetings with senior management to report the results of audit assignments.

 

Review draft audit reports and recommendations prepared by subordinates, and evaluate data compiled during audit assignments.

 

Oversee the conduct of follow-up reviews to ensure that corrective actions have been taken.

 

INFORMATION SYSTEMS AUDITOR 3

 

May perform all of the duties and functions of an Information Systems Auditor 2.

 

Direct and coordinate all matters related to the design, development, implementation, and maintenance of the  information system audit component.

 

·         Direct the information system audit components of the various analysis stages including computer program development, loading of data, and production of ongoing samples.

 

·         Develop and refine policy, procedures and directives for information audit activities.

 

·         Oversee systems tests to ensure that systems are functioning as designed and in accordance with generally accepted audit standards.

 

·         Coordinate the identification of system and program deficiencies and recommend appropriate changes.

 

·         Compile and approve periodic status reports furnishing analysis, appraisals, comments and recommendations on assigned audit and systems development activities.

 

MINIMUM QUALIFICATIONS

 

INFORMATION SYSTEMS AUDITOR 1

 

Open Competitive:  seven years of application development experience that includes as primary responsibility the design, development, or evaluation of mainframe or server-based accounting or auditing systems and controls.  A Bachelors Degree in accounting or computer science may substitute for four years of the  experience.

 

            INFORMATION SYSTEMS AUDITOR 2

 

Promotion:  one year of experience as an Information Systems Auditor 1.

 

            INFORMATION SYSTEMS AUDITOR 3

 

Promotion:  one year of experience as an Information Systems Auditor 2.

 

 

Date:  9/10

 

 

NOTE: Classification Standards illustrate the nature, extent and scope of duties and responsibilities of the classes they describe.  Standards cannot and do not include all of the work that might be appropriately performed by a class.  The minimum qualifications above are those which were required for appointment at the time the Classification Standard was written.  Please contact the Division of Staffing Services for current information on minimum qualification requirements for appointment or examination.