This internal audit position plans and executes technology audit projects designed to provide assessment of internal control processes and operational performance, in accordance with Generally Accepted Auditing Standards, the Standards for the Professional Practice of Internal Audit, and department standards. This includes preparation and review of audit work papers and reports documenting the result of reviews of assigned activities and recommended management action. Development and maintenance of a strong rapport with key associates is expected. The person in this role should promote organizational confidence in the value and integrity of audit services, and complete other work as assigned.
The person in this role will assist with program oversight of H&R Block’s enterprise-wide compliance program for the Sarbanes Oxley Act (SOX), including Management’s assessment of the effectiveness of internal controls over financial reporting, serving as a resource to update processes and controls, monitoring and reporting on management progress, assisting with control testing, developing efficient program methodology and training.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Performs, individually or as part of a team, audits in accordance with Generally Accepted Auditing Standards as set forth by the AICPA, the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards. Key responsibilities include:
- Prepares detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program. Recommends the necessary budget to complete the project.
- Analyze IT environment including: operating systems, applications, infrastructure, policies and procedures, etc.
- Performs audit activities in a professional manner. Obtains, analyzes, and appraises evidentiary data for use in forming an objective opinion on the adequacy and effectiveness of internal controls and efficiency of operations.
- Prepares audit work papers in accordance with department and professional standards that document all audit procedures, findings and recommendations.
- Explores alternative courses of action for correcting control weaknesses, resolving operating problems or improving performance, and prepares recommendations.
- Prepare, execute and document testing procedures and outcomes, using data analytics where appropriate.
- Leads or assists in the presentation and review of audit findings, including root causes with members of operating management.
- Analyzes the adequacy of actions initiated or proposed by management to implement or improve internal controls, or improve operational effectiveness. Follows up to ensure acceptable and timely execution of management action plans.
- Assists in the preparation of audit reports designed to provide management and the Audit Committee of the Board of Directors with an objective assessment of systems, processes and operations, and management’s planned corrective actions.
- Performs special assignments, studies, or special projects as assigned.
- Assist in defining and overseeing execution of the HRB enterprise process to achieve compliance with Sarbanes-Oxley (SOX):
- Continually refine methodology as internal, external, and regulatory requirements change.
- Facilitate the process for management’s evaluation of the effectiveness of internal controls over financial reporting and evaluation of changes to internal controls over financial reporting and related systems.
- Serve as a resource for management in the preparation of process and control documentation and the testing of control procedures.
- Assists in the development and execution of a comprehensive audit plan based upon risk assessment, management’s goals and objectives, and the requirements of the Audit Committee. Gathers information about potential audit areas, assists with assessing the degree of inherent risk and estimating the time required to complete audit projects.
- Perform or assist in the performance of special projects or studies, including risk assessments, fraud investigations, audit department policy updates, due diligence acquisition reviews, etc.
- Participates in professional associations and maintains relationships with counterparts in other companies, in order to stay abreast of professional technical trends and techniques.
- Bachelor’s degree in Management Information Systems, Accounting, Finance, or related field.
- Certification as a Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certified Management Accountant (CMA), or other certification for which Audit Services has a need. Qualified candidates without a certification are required to achieve certification within 12 months of start date.
- A minimum of two years audit experience in an environment that provides exposure to sophisticated IT operational and financial audit techniques. Equivalent experience in an operational, technical or financial capacity is acceptable in lieu of direct audit experience.
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
- Exposure to SOX and an understanding of the general compliance requirements.
- Demonstrated commitment to continuous personal professional development.
- Operational knowledge of Generally Accepted Auditing Standards and the Standards for the Professional Practice of Internal Audit.
- Knowledge of auditing principles and techniques.
- Familiarity with COSO, COBIT, ISO, NIST, and ITIL frameworks
- Demonstrated critical thinking and analytical skills.
- Demonstrated organizational and leadership skills, including the ability to successfully manage multiple projects simultaneously.
- Demonstrated ability to work independently while contributing to the success of the team.
- Exceptional oral and written communication skills suitable for all levels of management. Ability to negotiate and inspire effective, timely, proactive or corrective action by management.
- Self-starter, with the ability to work independently with minimal supervision.
- Ability to work effectively as a team member of a diverse work group.
- Proficient in the use of MS Word, Excel, Access, Powerpoint and Visio.
- Masters degree in business, accounting or another relevant discipline.
- Big 4 or large firm experience
- Information security experience
- Data analytics experience.