McKesson Risk Control Group IT Auditor in Alpharetta, Georgia
McKesson is in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payors, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting. We believe in the importance of strong, vital organizations because we know that patients can only be healthy when our system is healthy.
Every single McKesson employee contributes to our mission—by joining McKesson you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
We understand the importance of a system that works together. Your expertise, drive and passion can help us improve everything we touch, from providers to payors to pharmacies. Join our team of leaders to begin a rewarding career.
Wherever you contribute here at McKesson, you will have the ability to make a real impact in the lives of others.
Assists in managing McKesson's ongoing responsibilities associated with the Sarbanes-Oxley Act of 2002;
Trains management of relevant business units in regard to their ownership of the IT process and key SOX controls;
Serves as a liaison between the business units, corporate Information Technology (IT), finance & accounting, and the external auditors in all aspects of Sarbanes-Oxley;
Performs ITGC control tests to assess the design and operation effectiveness of SOX controls;
Designs and performs data analytics testing to support both ITGC SOX testing, as well as the Risk Control Group’s risk-based data analytics program;
Assists management in developing remediation plans to address deficiencies; and
Ensures that changes to the strategy and structure of assigned business units are evaluated for the potential impact to Sarbanes-Oxley responsibilities.
Sarbanes-Oxley / Compliance Responsibilities
Maintain an understanding of Sarbanes-Oxley legislation, PCAOB Standards, and other relevant guidance issued regarding Section 404 and the impact to the IT environment;
Manage positive and collaborative relationship between corporate IT, business unit IT departments and RCG;
Obtain an in-depth knowledge of the McKesson systems, network infrastructure, underlying technologies and security controls within the assigned business units;
Collaborate with other RCG staff to establish Sarbanes-Oxley plans and objectives, specific to automated business controls;
Lead and perform procedures to examine the effectiveness of IT general controls;
Document testing performed in a clear and concise manner using standardized application tools and document templates;
Identify gaps in control design and control operative effectiveness of IT general and application controls and assist IT management with related remediation measures;
Monitor implementation and completion of remediation efforts;
Monitor corporate IT and business unit creation and maintenance of IT process documentation to ensure documentation exists for all relevant processes and is updated in a timely manner with changes to systems, general controls or application specific controls; and
Assist the department in the use of computer assisted audit techniques, as necessary.Strategic Responsibilities
Able to connect top level strategy with IT general and automated business controls;
Supports assigned business units with the continuous evaluation and strategic improvement of its IT environment;
Maintain an intermediate understanding of internal and external strategic goals, strategy implications for the unit(s) supported, including existing McKesson processes and current initiatives;
Assist IT management's development of plans for continuous improvement of controls;
Detailed knowledge of customer processes and financial/IT process pain points;
Problem solving and delivering cost effective solutions; and
Assist in the identification and performance of RCG's value adding projects for its business unit customers.
Additional Knowledge & Skills
Knowledge of SAP and its related systems is preferred;
Strong interpersonal skills to build / maintain ongoing business relationships;
Able to exercise professional judgment within defined procedures;
Able to apply concepts of materiality to testing and evaluation of results;
Able to independently evaluate the effectiveness of controls to prevent errors in financial reporting;
Performs all job responsibilities with integrity;
Effective communications skills with personnel from any grade level;
Thorough knowledge of auditing policies, practices, and systems;
Thorough knowledge of Sarbanes Oxley legislation and PCAOB Standards;
Thorough knowledge and experience in testing of general computer controls related to operations, information security and change management of systems software, application source code, network, and system database technologies;
Intermediate knowledge of automated and manual application controls;
Understanding of the SSAE 18 and/or ISAE 3402 auditing standards (i.e., SOC 1 reports) is preferred;
Understanding of process improvement and best practices; and
Understanding of data analysis tools and concepts.
- CPA, CIA, CISA or Six Sigma certification preferred
Conducts internal financial audits. Develops formal written reports to communicate audit results to management, and makes recommendations as appropriate. Executes internal audits within established business process controls. Audits the financial and operating system processes for information integrity of transaction documents and reports discrepancies. Prepares audit plans and understands the specific issues to be evaluated. May facilitate work of external auditors during on-site visits.
8 years audit or related experience
Additional Knowledge & Skills
Thorough knowledge of auditing policies, practices and systems
4-year degree in business or related field or equivalent experience
General Office Demands
Benefits & Company Statement
McKesson believes superior performance – individual and team – that helps us drive innovations and solutions to promote better health should be recognized and rewarded. We provide a competitive compensation program to attract, retain and motivate a high-performance workforce, and it’s flexible enough to meet the different needs of our diverse employee population.
We are in the business of better health and we touch the lives of patients in virtually every aspect of healthcare. We partner with payers, hospitals, physician offices, pharmacies, pharmaceutical companies and others across the spectrum of care to build healthier organizations that deliver better care to patients in every setting.
But we can’t do it without you. Every single McKesson employee contributes to our mission—whatever your title, whatever your role, you act as a catalyst in a chain of events that helps millions of people all over the globe. Talented, compassionate people are the future of our company—and of healthcare. At McKesson, you’ll collaborate on the products and solutions that help us carry out our mission to improve lives and advance healthcare. Working here is your opportunity to shape an industry that’s vital to us all.
McKesson is an equal opportunity and affirmative action employer – minorities/females/veterans/persons with disabilities.
Qualified applicants will not be disqualified from consideration for employment based upon criminal history.
No agencies please.
Job: Finance and Accounting
Organization: McKesson Corporate
Title: Risk Control Group IT Auditor
Requisition ID: 18006351