IT SOX Auditor
Grainger is a broad line, business-to-business distributor of maintenance, repair and operating (MRO) supplies and other related products and services. More than 3.2 million businesses and institutions worldwide rely on Grainger for products such as safety gloves, ladders, motors and janitorial supplies, along with services like inventory management and technical support. These customers represent a broad collection of industries including commercial, government, healthcare and manufacturing. They place orders online, on mobile devices, through sales representatives, over the phone and at local branches. Approximately 5,000 suppliers provide Grainger with more than 1.6 million products stocked in Grainger’s distribution centers and branches worldwide.
As part of Grainger’s Global Internal Audit Team, the IT SOx Auditor will primarily be responsible for independently evaluating the design and effectiveness of Grainger’s key IT controls for financial reporting (ICFR) as part of the enterprise SOx 404 assessment. Additionally, this person is expected to develop and maintain effective working relationships with the external auditors and global Controllership teams, including Global Internal Controls Teams and ICFR owners.
Principal Duties & Responsibilities
The IT SOx Auditor will work within the general guidelines provided by the Internal Audit Manager and Sr. IT Sox Auditors in connection with Grainger’s SOx 404 process. The role’s key duties and responsibilities are as follows:
- Assist the Manager and Sr. IT SOx Auditor with the development of the annual SOx testing plan.
- Assist with the planning, performing, and managing field work to evaluate the effectiveness of key IT internal controls for financial reporting (ITGC and Application Controls).
- Perform detailed testing to ensure risks are appropriately identified, associated audit procedures are applied and related controls are designed and operating to mitigate the identified risks. Identify and update the SOx 404 Framework for control and/or testing changes identified through testing.
- Assist the Sr. IT SOx Audtior in documenting and reporting control deficiencies upon discussion with business owners, collaborate with business owners regarding recommendations to address the root cause of issues and report on the status of implementation of management remedial actions.
- Participate in cross-functional committees designed to enhance overall governance compliance program development and continuous process improvements.
- Develop and maintain effective working relationships with the external auditors and global Controllership teams, including Global Internal Controls Teams and ICFR owners.
- Keep up to date with changes in regulations, governance and best practices. Assist the Sr. IT SOx Audior in reviewing and updating testing procedures and templates to ensure any changes in regulations, governance, or best practices are reflected and incorporated into testing.
- Assist with Entity Level Controls and SOC-1 Testing.
- Assist other Internal Audit Managers and Lead Seniors with planning and execution of IT related audits throughout the company during SOx slow times.
- Maintain professional certifications and related educational requirements as well as other duties assigned by the Internal Audit Manager.
Preferred Education & Experience
- Bachelor's Degree in management/computer information systems, computer sciences, or equivalent combination of education, training, and years of experience is required.
- Certifications in IT compliance standards (e.g., CISA, CISSP, CISM) is a plus.
- Other relevant professional certification such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA) or Certified Fraud Examiner (CFE) is a plus.
- Master’s degree or other relevant certification is a plus.
- Theoretical and practical knowledge of processes, risks and internal controls.
- Understanding of audit methodologies, processes and control frameworks (e.g., COSO)
- PC proficiency in MSOffice applications (Excel, Word, PowerPoint, etc.).
- Excellent verbal and written communication skills in the English language.
- Ability to communicate succinctly and effectively with operating, divisional and executive management.
- Strong analytical, deductive and problem solving skills.
- Excellent interpersonal and organizational skills.
- Understanding of IT general controls and application controls best practices.
- Theoretical and practical knowledge of major risk and control frameworks or IT frameworks (e.g., COSO 2013, COBIT, ISO, CMM, ITIL) is a plus.
- Drive an automobile, carry a laptop PC and other requisite equipment/supplies to remote audit assignments, on an “as needed” basis.
- Ability to travel (up to 15% of time) including some international assignments.
- Deliver value-added assessments and sound advice, good news and bad, in a relevant, concise and clear manner tuned to the audience and with a high level of credibility to be reviewed by executive management and board.
- Understand business strategy and related risks as well as the financial implication.
- Assimilate and synthesize complex data and information into a concise conclusion for decision-making.
- Act and commit to core values and ethical business conduct and has the backbone to stand up for what is right and necessary.
- Able to separate people from issues.
- Work autonomously with a strong attention to detail.
- Exercise comprehensive and thorough risk assessment, project management, and communication protocol and skills.
- Peer relationships with Senior Auditors, Internal Controls Professionals and Business/Operations Professionals.
- Reports to Manager, Internal Audit and SOx.