Compliance Auditor I

PURPOSE AND SCOPE:

Contributes to the mitigation of risk and ensures IT compliance with Sarbanes- Oxley (SOX) requirements.  Provides guidance, support and subject matter expertise to the FMCNA IT Regulatory function, who, in turn, works directly with IT management in documenting/testing controls and remediating identified deficiencies.  Also works closely with the external auditor SOX IT function to collaboratively determine how to best resolve identified SOX IT deficiencies. 
 
PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Responsible for facilitating IT management’s documentation updates and completion of management assessment for all in-scope FMCNA IT processes. 
• Work with IT compliance management to ensure appropriately designed controls are implemented for all in-scope entities and divisions and perform testing to validate their operating effectiveness throughout the fiscal year.
• Facilitate regular meetings with the FMCNA IT Regulatory function and IT management to plan the documentation updates and testing of SOX IT controls.
• In conjunction with the FMCNA IT Regulatory Compliance function and IT management analyze SOX testing results, making recommendations to facilitate management’s remediation and/or identification of mitigating controls for all FMCNA IT deficiencies.
• Responsible for performing and facilitating access certifications of financially significant systems, including segregation of duties testing.
• Supports IT compliance management as the principal interface with the external auditor IT Audit function and the FMCNA IT functions regarding SOX IT matters.
• Assists management in preparing periodic SOX 404 reporting to the FMCKGaA SOX 404 Steering Committee.
• Performs the annual SOX 404 scoping exercise to determine if there are any changes to IT data centers, applications or related processes which should be considered to determine what is in scope for SOX 404 purposes.
• Perform IT control assessments of any new entities, divisions and processes deemed material to the financial reporting process or in the scope of the external audit.  Work with local IT management to develop and implement IT general controls where required controls are not met and define remediation for deficient controls. Communicate SOX control requirement where necessary.
• Provide regular updates to the IT compliance management and leadership regarding the status of the SOX testing plans, the issues identified, and the decisions regarding the solutions to address the identified problems.
• Maintains current knowledge regarding changes to SOX compliance regulations and ensures that FMCNA adjusts methodologies in response to the changes by issuing guidance and instructions to the appropriate IT stakeholders and personnel.  Determines and recommends improvements to current risk management controls as needed.
• Leads implementation of major special projects and initiatives related to auditing automation software and applications to manage governance tasks and SOX financial reporting functions such as SAP GRC Process Control and Access Control software.
• Manage SAP role provisioning software including monitoring for new SAP roles, preventing the creation of inherent SOD issues, training and assigning new role approvers, and reviewing and addressing SAP requests with SOD violation ensuring appropriate compensating controls.
• Strong knowledge of and experience with FSA, SOX and COSO IT requirements
• Other duties as assigned.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Travel 10-20%

SUPERVISION:

• SOX In-Scope Division IT SOX Compliance Contractor(s), as needed
   

EDUCATION:

• Bachelor’s degree in information systems, computer science or business
• Certified Information Systems Auditor (CISA) preferred
   

EXPERIENCE AND REQUIRED SKILLS:

• 5 – 8 years’ IT Audit/SOX IT experience within an external firm or relevant SOX 404 IT experience within private industry; or a Master’s degree with 3 years’ experience; or a PhD without experience; or equivalent directly related work experience.
• Strong organizational/communication skills and PC proficiency.
• Experience in dealing with various levels of management.
• SAP/ PeopleSoft/ Data Centers/ Enterprise/ ERP.
• Knowledge of COSO and CoBit control models preferred.
• Must be able to work with senior level management in a very independent manner.