Principal IT Auditor

We are hiring a Senior IT Auditor II (Job Opening ID 372020) or a Principal IT Auditor (Job Opening ID 372014 ). Depending on qualifications and experience, and our good faith evaluation, you'll be hired into one of the following jobs and receive the respective benefits package as stated below.

Come join the University of Minnesota's widely respected Office of Internal Audit (OIA) as the principal information technology (IT) auditor!

The Principal IT Auditor position is responsible for performing internal audit work focused on information technology throughout the University of Minnesota. The University encompasses a wide array of diverse activities including academic support functions, sponsored research, large scale business operations, academic health care, intercollegiate athletics, and municipal/utility operations. The complexity and size of audit assignments will vary significantly and will encompass audits of University units and processes, investigations, and other special projects.

Incumbents are expected to have 8 or more years of applicable experience and be able to demonstrate proficiency in evaluating IT risk, security, and operations as part of internal audit work that conforms to the Institute of Internal Auditor's professional standards. Work assigned to incumbents will normally be defined, but work direction and scope may be at a high-level and require additional research and refinement by the incumbent. It is expected this work will be carried out with limited supervision. Decisions regarding the scope of work to be performed, the nature of testing to be completed, and the reporting and disposition of results will be delegated to this position with oversight by supervisors or managers.

Additionally, the OIA will fund training and exam fees for key certifications such as the CIA, CISA, CFE and CPA, and you'll earn bonuses for achieving certifications.

Please note, this position is not eligible for H-1B or Green Card sponsorship. This position does not offer a STEM OPT training program.

Flexible work arrangements are available. This is a hybrid position (some remote and some in person.) This job could be based at the University of Minnesota Duluth or at the University of Minnesota Twin Cities. However, the position has system-wide responsibilities for all University locations and activities.

Essential Responsibilities:

(~25%) Perform engagement management activities associated with IT audits of University units or processes. This will include:

• Managing work assignments and evaluating work product of staff assigned to the audit. This includes being responsible for ensuring the work product is complete, logical and complies with both the Institute of Internal Auditor's professional standards and department practices.
• Ensuring staff are using appropriate audit judgment when drawing conclusions and evaluating the significance of audit findings.
• Coaching staff regarding completion of IT audit processes, evaluation of the units and IT business processes being reviewed, and creation of recommendations.
• Coordinating work effort and communication with line management responsible for assigned areas.
• Performing reviews of others' audit work to ensure it contains relevant facts to support audit scope and conclusions and adhere to internal audit policies and procedures.
• Managing client interaction during course of audit.
• Providing guidance to non-IT auditors (i.e., generalist auditors) leading audits where IT concerns are only a subset of the overall project. The incumbent will be assigned to review the IT audit planning, field work and reporting material associated with these audits. For these audits, the incumbent will normally consult with the IT Audit Manager before and after field work is performed for advice and concurrence on planning and reporting strategies.

(~25%) Plan IT audits of all levels of complexity independently with minimal supervision from audit management. The plans and procedures are to be developed using a risk-based methodology, focusing our audit effort on those activities creating the greatest risks to the institution. Plans must be developed in recognition of the limited audit resources available for each audit engagement. This will include:

• Collecting background material needed through a variety of mechanisms including interviews and data queries for defining the scope of planned audits based on risk analysis and management needs.
• Summarizing discoveries during the planning process.
• Drafting engagement letters, audit programs, time budgets, and work schedules for the audit.

(~15%) Communicate the results of the audit work performed, using both verbal and written skills. This will include:

• Developing and documenting findings, and recommendations that properly address risks and conclusions.
• Meeting with the audit client(s) to discuss both the preliminary and final audit results.
• Using appropriate audit judgment in evaluating the significance of audit findings and the impact/risk of the issue.
• Drafting the initial audit report in a clear, concise, manner that effectively communicates results to all relevant levels of management.
• Ensuring recommendations made are both actionable and cost-effective, and that they identify appropriate root cause.

(~25%) Perform IT audit testing of both University units and processes to evaluate the efficiency and effectiveness of internal control, risk management, and governance processes independently with minimal supervision from audit management. This includes assessing whether:

• Risks are appropriately identified and managed by the process owners and/or University management.
• Employees' actions comply with policies, standards, procedures, and applicable laws and regulations.
• Resources are acquired economically, used efficiently, and adequately protected.
• Programs, plans, and objectives are achieved.
• Quality and continuous improvement are fostered in the University's control processes.
• Significant legislative or regulatory issues impacting the University are recognized and addressed appropriately.

The above audit work should be carried out by:

• Using accepted audit procedures and techniques during the audit, and performing audit steps in the programs established to evaluate the adequacy of controls, risk management and/or governance processes.
• Documenting, reviewing and assessing internal controls and the efficiency and effectiveness of business practices used in the units/processes being audited. This typically is accomplished through the use of questionnaires, interviews and flowcharts, data analytics and also through the testing of transactional activity.
• Obtaining, analyzing and appraising transactions, documents, records, reports and methods that provide the basis for our conclusions on the effectiveness and efficiency of controls over the unit or process being audited.
• Collecting and analyzing, through the use of data analytics and other methods, sufficient competent evidence to serve as a basis for our conclusions.
• Preparing detailed, clearly labeled workpapers that record and summarize data on the audit work assigned.
• Exhibiting flexibility and agility in daily tasks and overall schedule.
• Working effectively and efficiently in a team environment or individually as needed.
• Assessing whether data analytics can be utilized in the assessment of risk and controls and properly collecting, interpreting, and concluding on data.
• Developing and maintaining relationships with audit client contacts.
• Participating in development of less experienced staff.
• Displaying effective judgement and decision-making skills.
• Demonstrating depth and breadth of knowledge that includes operational, financial, technology, and regulatory understanding across multiple businesses and developing knowledge in critical subject areas as needed.
• Executing managerial duties under direction and oversight of audit managers.
• Working with client management to develop appropriate corrective actions for areas of concern.

Other responsibilities:

• Conduct follow-up work to determine the status of prior recommendations made to management.
• Complete training and other activities to maintain and enhance professional skills and abilities.
• Gather, review, and assess audit evidence as part of investigating allegations of misconduct.
• Provide consultative advice and recommendations to business areas and clients to improve processes and controls as needed.

The results of the audit work performed by this position is ultimately reported to the highest levels within the University, including the President and the Board of Regents Audit and Compliance Committee.

The audit work-product produced by this position is considered public data, exists in the public domain and is subject to review and scrutiny by external parties, including the news media and state and federal regulatory agencies.

This position regularly works with both sensitive and confidential information and operates in settings involving confidential interactions.

Required Qualifications:

• A bachelor's degree, with a major in technology, technology management, accounting, finance, business management, or similar emphasis preferred
• Six or more years of audit, IT or other related experience to include project management experience
• Understanding of standard IT audit principles, including IT general controls
• Knowledge of IT systems and system security audit principles and techniques (e.g., server and database configuration reviews)

Preferred Qualifications:

• Professional certification (e.g., CISA, CPA, CIA, CFE) and/or an advanced degree, with a CISA particularly desired
• Experience with enterprise resource planning (ERP) systems' (e.g., PeopleSoft) financial, human resource, and student components
• Advanced data analytic skills including experience with data analytics and visualization tools and techniques such as SQL and Tableau to query, analyze and present data

Knowledge/Skills/Abilities:

• Basic computer skills (Microsoft Word, Excel, etc.) are required.
• Effective interpersonal and communication skills are required.
• Strong understanding of standard IT Audit principles, including IT General Controls, is required.
• Knowledge of IT systems and system security audit principles and techniques (e.g., server and database configuration reviews) is required.
• Good analytical skills with high attention to detail and accuracy is essential.
• A working knowledge of the University of Minnesota: its business processes; policies and procedures; governance practices; and regulatory obligations is desired.
• Experience with PeopleSoft financial, human resource and student systems is desired.
• Advanced data analytic skills and use of visual tools and techniques such as SQL and Tableau is desired (and expected to be developed).

The University of Minnesota's Office of Internal Audit (OIA) is known both within the University and throughout the internal audit profession as an industry leader. The mission of OIA is to enhance and protect organizational value by providing stakeholders with risk-based and objective assurance, advice, and insight. We accomplish this through a combination of audit assurance engagements, consultation with senior leaders, and investigative work. This work is conducted in a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

While based primarily on the Twin Cities campus, OIA has audit responsibility for all aspects of the University system's operations. This includes academic support functions, sponsored research, large-scale business operations, academic health care, intercollegiate athletics, municipal/utility operations, and information technology and security.

Pay Range: $100,000 to $125,000, depending on education/qualifications/experience

Time Appointment: 100% Appointment

Position Type: Faculty and P&A Staff

Please visit the Office of Human Resources website for more information regarding benefit eligibility.

The University offers a comprehensive benefits package that includes:

• Competitive wages, paid holidays, and generous time off
• Continuous learning opportunities through professional training and degree-seeking programs supported by the Regents Tuition Benefit Program
• Low-cost medical, dental, and pharmacy plans
• Healthcare and dependent care flexible spending accounts
• University HSA contributions
• Disability and employer-paid life insurance
• Employee wellbeing program
• Excellent retirement plans with employer contribution
• Public Service Loan Forgiveness (PSLF) opportunity
• Financial counseling services
• Employee Assistance Program with eight sessions of counseling at no cost

Applications must be submitted online. To be considered for this position, please click the Apply button and follow the instructions. You will be given the opportunity to complete an online application for the position and attach a cover letter and resume.

Additional documents may be attached after application by accessing your "My Job Applications" page and uploading documents in the "My Cover Letters and Attachments" section.

For a completed application, please include a resume and cover letter. Candidates may be asked to provide references at a later date.

To request an accommodation during the application process, please e-mail employ@umn.edu or call (612) 624-8647.

The University recognizes and values the importance of diversity and inclusion in enriching the employment experience of its employees and in supporting the academic mission. The University is committed to attracting and retaining employees with varying identities and backgrounds.

The University of Minnesota provides equal access to and opportunity in its programs, facilities, and employment without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression. To learn more about diversity at the U: http://diversity.umn.edu

Any offer of employment is contingent upon the successful completion of a background check. Our presumption is that prospective employees are eligible to work here. Criminal convictions do not automatically disqualify finalists from employment.

The University of Minnesota, Twin Cities (UMTC)

The University of Minnesota, Twin Cities (UMTC), is among the largest public research universities in the country, offering undergraduate, graduate, and professional students a multitude of opportunities for study and research. Located at the heart of one of the nation's most vibrant, diverse metropolitan communities, students on the campuses in Minneapolis and St. Paul benefit from extensive partnerships with world-renowned health centers, international corporations, government agencies, and arts, nonprofit, and public service organizations.

At the University of Minnesota, we are proud to be recognized by the Star Tribune as a Top Workplace for 2021, as well as by Forbes as Best Employers for Women and one of America's Best Employers (2015, 2018, 2019, 2023), Best Employer for Diversity (2019, 2020), Best Employer for New Grads (2018, 2019), and Best Employer by State (2019, 2022).