Commonwealth of Pennsylvania

POSITION DESCRIPTION FOR JOB POSTING

Position Number:  00227832

Description Activated On:  7/21/2023 8:49:56 AM

Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. 

 This position independently performs audits of internal controls, operational effectiveness and efficiency, and information services, systems, and applications. The goal is in safeguarding company assets, ensuring accuracy and reliability of records, promoting operational efficiency, and maintaining compliance with policies, regulations, and legal obligations. The position focuses on SERS-Office of Member and Participant Services and SERS-Bureau of Information Technology processes, procedures, and controls.

Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

AUDITING

Through proper audit planning and risk assessments, determines objectives, scope, and procedures to be used to gather relevant and material evidence on audit subject. Tests, summarizes and analyzes evidence to come to a conclusion on whether acceptable standards of operation were carried out in an effective and efficient manner.

Conducts exit conferences with management and, based upon observations, evaluation, and research, prepares written audit reports to communicate findings and recommendations for corrective action. Assesses adequacy of auditee responses and follows-up with auditee to achieve effective resolution of findings and recommendations.

Develops queries to extract data from applications as a means of continuous auditing and monitoring tools over member and census data activity with the goal of producing periodic reporting of same.

Conducts application system reviews for user control procedures which includes checking for appropriate segregation of duties, existence of proper management approval procedures, and timely performance of job responsibilities.

Performs periodic and annual internal control testing in line with the Standards for Internal Control in the Federal Government (known as the Green Book). Analyzes the manual and/or automated systems and processes that comprise the internal control structure in order to reduce the potential of fraud, duplication, or inadequate procedures or processes. Based on findings, develops solutions and recommends changes to rectify problems with existing controls, and/or improve their effectiveness and efficiency.

Prepares custom audit programs in accordance with Generally Accepted Government Auditing (GAGAS) Standards by developing scope, objectives, methodology, and time budget.

Performs risk assessments across multiple frameworks throughout SERS. Reviews the annual independent vulnerability assessment results and monitors key and critical risks identified in the report.

Interacts and assists SERS independent auditors in performance of the independent audit as needed.

SYSTEM AUDITING

Assists SERS-Bureau of Information Technology in establishing controls over the design, implementation, security, use, and disaster recovery of electronic data.

Leads audits in information systems technology infrastructure, operations, and application development projects.

Develops audit programs and conducts periodic information technology audits to ensure that applicable policies and safeguards are working as intended.

Plans and performs audit objectives for information systems audits, data integrity, system development lifecycle, acquisitions, and information resources management.

Evaluates the design, implementation, and monitoring of logical access controls to ensure the integrity, confidentiality, and availability of information assets.

Configures and runs audit tools to test systems for vulnerabilities, analyzes the data, and translates that data into validated audit issues.

Audits for system-related data input manipulation fraud of the State Employee Retirement Information System (SERIS).

Conducts pre-implementation information system reviews and reviews of planned system enhancements to include system design and testing.

Reviews, with SERS-Bureau of Information Technology staff, the development of new and/or revised information technology systems upgrades and assists with the validation of its success.

Participates in the design, implementation, and monitoring of database auditing policies to ensure the integrity and safeguarding of member data.

Identifies database data elements that have audit significance. Ensure procedures are in place for modifications and database fixes which are appropriate and function as expected.

Works with SERS Chief Information Security Officer to identify potential areas of IT compliance, vulnerability, and risk.

Stays apprised of new and proposed regulatory issues and technology updates.

Interacts with external business partners, consultants, and regulatory agencies as needed.

Functions as a member of the Business Continuity Plan team in the event of a disaster.

Performs related duties as required.

Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

This position reports to the Internal Audit Director. Work performed requires the ability to remain objective and to function independently from SERS operational divisions and staff. The incumbent performs work with autonomy and has discretion in developing audit scope, audit objectives, and audit plans; as well as with examining and evaluating data and reporting on audit findings and recommendations. The incumbent will work directly with the auditee in finalizing the written audit report, obtaining responses to recommendations, and developing reports of finalized results for the Audit, Risk and Compliance Committee when required.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:



Licenses, registrations, or certifications:

1.   N/A
 
2.   N/A
 
3.   N/A
 
4.  
 
5.  
 
6.  

Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
 
 1. Develops IT-related and Member Services audit documents and work papers and performs a variety of audits
 2. Prepares written reports for management and the Audit, Risk and Compliance Committee
 3. Conducts audit assignments including defining audit scope and developing and performing the audit procedures
 4. Reviews and evaluates internal control procedures and security for new and/or upgraded systems
 5. Prepares comprehensive written reports on findings and observations
 6. Travels to contracted print vendor to conduct onsite visits
 7. Develops and maintains productive relationships with outside business partners and SERS staff
 8. Understands system development & controls, access controls & modifications/upgrades to system development & applies knowledge in completion of work
 9. Communicates effectively
 10. Conducts data extraction through various query tools as applicable for systems subject to audit.