IT Auditor

IT Auditor

Since 1953, Ferguson has been a source of quality supplies for a variety of industries. Together We Build Better infrastructure, better homes and better businesses. We exist to make our customers' complex projects simple, successful, and sustainable. We proactively solve problems, adapt and grow to continuously serve our customers, communities and each other. Ferguson, a Fortune 500 company, is proud to provide best-in-class products, service and capabilities across the following industries: Commercial/Mechanical, Facilities Supply, Fire and Fabrication, HVAC, Industrial, Residential Trade, Residential Building and Remodel, Waterworks and Residential Digital Commerce. Ferguson has approximately 36,000 associates across 1,700 locations. Ferguson is a community of proud associates who operate with the shared purpose of building something meaningful. You will build a career that you are proud of, at a company you can believe in.

Role Overview

The IT Auditor reports to the IT Audit Manager and supports the audit team by performing design and operating effectiveness testing for Sarbanes Oxley IT General Controls (ITGC) with oversight from senior auditors and IT Audit management. This role is responsible for preparing thorough work-papers with supporting evidence, incorporating feedback for continuous improvement, and clearly communicating testing status and findings.

The IT Auditor conducts ITGC walkthroughs with control owners, participates in a variety of IT audits—including reviews of: ITGC on acquisitions, information security, cybersecurity, and system implementations—and attends key audit meetings. Additional duties include drafting and communicating control deficiencies with root cause analysis, ensuring all documentation is accurately tracked in AuditBoard, supporting special projects, pursuing ongoing learning, and attending required trainings and team meetings.

Location and Travel

This role is approved to be fully remote and can be based anywhere in the United States. This role can also by hybrid out of Ferguson's corporate offices in Newport News, VA, according to Ferguson policy. Must be available to work East Coast hours.

Travel 10-35%, including Canada; for remote staff, travel to Newport News HQ at minimum annually in addition to audit location travel.

Responsibilities

• Integrates the IPPF components into audit engagements to ensure conformance with mandatory requirements and leading practices.
• Develops and drives the audit program, communicates engagement objectives and scope to partners, documents process walkthroughs and flowcharts, develops analytical procedures and sample-based testing, and gathers evidence to support conclusions.
• Assists with writing engagement findings into a draft report and presenting audit findings to management.
• Leads portions of an audit engagement, facilitating discussions with management on risk mitigation efforts and the feasibility of process improvements.
• Recognizes the role of the internal audit function in fraud risk management, prevention, and detection; assists in identifying fraud risk indicators and gathering relevant information for analysis.
• Enhances risk coverage and efficiency by identifying overlapping assurance efforts

Skills and Expectations

• Demonstrates a fundamental understanding of cybersecurity objectives, systems development lifecycle and project implementation guidelines, governance related to confidentiality, data integrity, and system availability, and effectively applies key processes to satisfy control objectives such as identification, prevention, detection, response, and recovery.
• Familiarity with compliance/audit frameworks (NIST, COBIT, etc)
• Knowledge of technical platforms, networks, security concepts and data retrieval techniques.
• Demonstrates a basic understanding of basic business functions such as revenue, expenses, cash, receivables, payables, inventory, and other processes specific to distribution organizations and effectively evaluates the effectiveness of associated internal controls
• Assists in gathering IT policies, system documentation, and IT control assessments under supervision. Communicates audit observations and process improvements to partners for the initial action plans to be created.
• Demonstrates a fundamental understanding of ITGCs according to PCAOB standards supports the identification and reporting of deficiencies to stakeholders.
• Applies ethical principles in audit work, ensuring impartiality and adherence to professional responsibilities.
• Executes audit work in conformance with the Standards and expectations established within the quality assurance and improvement program (QAIP).
• Understands principles of effective communication in internal auditing, including clarity, conciseness, and objectivity. Documents engagement planning, assists with interim progress communications and uses active listening during audit interviews and discussions.
• Demonstrates conflict management skills as vital when resolving timing and engagement scope discussions with partners, seeking support from the engagement supervisor when appropriate.
• Understands basic data analysis concepts, including data integrity, completeness, and accuracy in an internal auditing context and recognizes the importance of relevant, sufficient data to support findings and engagement conclusions
• Demonstrates strong project management and time management skills to ensure engagement objectives are achieved and deadlines are met. Updates engagement progress tracking tools to reflect tasks performed.
• Proactively takes initiative and ownership in achieving assigned objectives, ensuring the delivery of high-quality audit work, and continuously developing skills.
• Demonstrates well-developed problem solving, critical thinking, and analytical skills.
• Team player, collaborative and exhibits flexibility to adapt to changing priorities.

Qualifications

• Bachelor's degree in Information Systems, Computer Science, or related area; Advanced degree is a plus
• 2+ years' relevant work experience with public accounting firm, consulting firm, or IT Audit
• Experience with the Microsoft Office Suite including PowerBI and Visio; knowledge of Workday, AuditBoard, Oracle, Sage X3 a plus
• Familiarity with compliance/audit frameworks (NIST, COBIT, etc)
• Knowledge of technical platforms, networks, security concepts and data retrieval techniques.
• Experience working in a remote environment a plus.
• A professional certification is required within one year from hire date. Other certifications not listed below will be considered for applicability.
• Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association.
• Certified Internal Auditor (CIA) - The Institute of Internal Auditors - North America.
• Certified Public Accountant (CPA) - American Institute of Certified Public Accountants.
• Certified Fraud Examiner (CFE) – Association of Certified Fraud Examiners

At Ferguson, we care for each other. We value our well-being just as much as our hard work. We are committed to a holistic approach towards benefits plans and programs that support the mental, physical and financial well-being of our associates. Our competitive offering not only includes benefits like health, dental, vision, paid time off, life insurance and a 401(k) with a company match, but our associates also enjoy additional meaningful and inclusive enhancements that are adaptable to their diverse situations and needs, including mental health coverage, gender affirming and family building benefits, paid parental leave, associate discounts, community involvement opportunities and more!

Pay Range:

$5,608.34 - $8,975.00

This role is Bonus or Incentive Plan eligible.

Ferguson complies with all wage regulations. The starting wage may be higher in certain locations based on local or state wage requirements.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.