This is a role for individuals who are interested in pursuing a career in professional services, specifically in the field of risk assessment, controls testing, and compliance audits related to financial, operational, and information technology (IT) areas. IT Audit interns will be part of the Technology, Risk & Compliance (TRC) practice area will focus on developing skills, building their technical skill base, understanding and executing diligent client service, and becoming oriented to the Firm's practices, policies, and culture. Work is performed under close supervision. Responsibilities increase with demonstrated skill.

The TRC team’s service offerings include SOC 1, SOC 2, PCI, HIPAA, and risk assessments. In addition, TRC supports financial statement audit teams and internal audit teams with documenting and testing IT controls. The TRC intern will assist the TRC team in gaining an understanding of client environments, risks, controls to address those risks, and testing of the design and operating effectiveness of those controls.

Experience or a major in Information Technology is not required, but candidates should have an interest in IT and associated controls.

**This role can sit in St. Louis, MO, Farmington Hills, MI, West Des Moines, IA, or remote, but onsite is preferred. 

• Attestation engagements: Basic audit acumen is needed, including the ability to grasp concepts quickly and demonstrate knowledge of basic technical skills, as well as related knowledge of common systems and procedures.
• Documentation skills: IT audit interns need to document the procedures and results of tests performed during control testing
• The ability to understand new technologies in a short-time period: TRC interns will be exposed to a variety of technologies and will need to be able to obtain a general understanding of the technologies in a short-time period.
• Decision making: TRC interns are expected to make well-thought-out decisions and consider all facts prior to making final conclusions.
• Time keeping: TRC interns are expected to track time and maintain designated chargeable hours for the year.
• Quality control: TRC interns are expected to ensure quality control procedures are being executed under direction of engagement supervisor, and perform thorough self-review of all work prior to submission.

• Active Listening - Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times
• Communication – Strong written and oral communication skills
• Reading Comprehension - Understanding written sentences and paragraphs in work related documents.
• Speaking - Talking to others to convey information effectively.
• Writing - Communicating effectively in writing as appropriate for the needs of the audience.
• Social Perceptiveness - Being aware of others' reactions and understanding why they react as they do.
• Computer Skills – Ability to operate spreadsheet, word processing and email programs

Pursuing a bachelor’s in accounting, Information Systems, or similar with an interest in Information Technology Demonstrate knowledge of basic business, technology, and audit principles/standards Must have a desire to work toward achieving one or more of the following in the future:

• Certified Public Accountant (CPA)
• Certified Information Systems Auditor (CISA): ISACA's globally recognized cornerstone certification for IS, audit, control, assurance, and security professionals who control, monitor, and assess an organization's information technology and business systems. This is considered the current industry standard for IT auditors.
• Certified Information Systems Security Professional (CISSP): An independent information security certification governed by the International Information Systems Security Certification Consortium, also known as ISC², which provides security training to information assets.
• Certified Information Security Manager (CISM): ISACA's certification program for those who manage, design, oversee, or assess an enterprise's information security.