a. Possess a working knowledge of Wellmark's business processes, policies and procedures, governance practices, and regulatory obligations as it pertains to information technology.
b. Identify and assess risk apply the assessment to prioritize areas of highest risk in the audit scope and objectives. Develop basic audit programs that test the level to which such risk has been addressed in the area audited.
c. Identify core risks associated with technology implementations and deployed controls.
d. Contribute to the technical understanding and adoption of technology control standards, solutions and tools.
e. Demonstrate a deep understanding of application security and software quality assurance.
f. Work with financial/operational auditors to appropriately address and assess key technology risks.
g. Execute the audit process e.g. perform detail testing and analysis on a wide variety of computing environments. Create clear and accurate work paper documentation as well as testing results and exceptions in such a manner that other reviewers can follow the auditors logic, methodology and conclusions.
h. Independently apply internal control concepts in information technology and appropriately assess the exposures resulting from ineffective or missing control practices. Work in partnership with customers to validate audit testing results.
i. Understand the financial, operational, and compliance risks which impact information technology design, modification, and processing activities.
j. Write audit reports and negotiate audit issues with all levels of management. Formulate recommendations which are appropriate, practical, and cost effective. Lead exit conferences as appropriate and follow up to ensure issues are resolved.
k. Maintain and continually improve understanding of Wellmark's information technology environment including compliance with laws and regulations, new products and services offered by Wellmark, organization structure, corporate policies, and Wellmark's strategic direction.
l. Provide assistance to external auditors during their interim and/or yearend audit. Test controls for the WellSOX program as well as the Service Organization Control SOC report to ensure controls are operating effectively.
m. Abide by the Standards for the Professional Practice of Internal Auditing.
n. Participate in reviews of major technology applications and/or infrastructure components with minimal supervision demonstrating an ability to fully grasp technical concepts quickly.
o. Maintain a current understanding of emerging trends and risks associated with changes and increased sophistication in technology. Provide guidance to team members on information technology and business issues, as needed.
p. Other duties as assigned.