a. Responsible for identifying and assessing information technology risk apply the assessment to prioritize areas of highest risk in the audit scope and objectives.
b. Develop basic audit programs that test the level to which such risk has been addressed in the area audited. Identify core risks associated with technology implementations and deployed controls. Recommend and influence strategies and process changes to resolve audit and compliance issues.
c. Contribute to the technical understanding and adoption of technology control standards, solutions and tools. Demonstrate a deep understanding of application security and software quality assurance. Work with financial/operational auditors to appropriately address and assess key technology risks.
d. Execute the audit process e.g. perform detail testing and analysis on a wide variety of computing environments. Create clear and accurate work paper documentation as well as testing results and exceptions in such a manner that other reviewers can follow the auditors logic, methodology and conclusions.
e. Independently apply internal control concepts in information technology and appropriately assess the exposures resulting from ineffective or missing control practices. Work in partnership with customers to validate audit testing results.
f. Write audit reports and negotiate audit issues with all levels of management. Formulate recommendations which are appropriate, practical, and cost effective. Lead exit conferences as appropriate and follow up to ensure issues are resolved.
g. Maintain and continually improve understanding of Wellmark's information technology environment including compliance with laws and regulations, new products and services offered by Wellmark, organization structure, corporate policies, and Wellmark's strategic direction.
h. Provide assistance to external auditors during their interim and/or yearend audit. Test controls for the WellSOX program as well as the Service Organization Control SOC report to ensure controls are operating effectively.
i. Maintain a current understanding of emerging trends and risks associated with changes and increased sophistication in technology. Provide guidance to team members on information technology and business issues, as needed.
j. Mentor and coach staff through project, including helping staff with risk assessment and scoping of project, setting budgets and target dates, resolving conflict, prioritization of issues and navigating the organization. Evaluate staff on project performance after each audit.
k. Other duties as assigned.