- Identify and evaluate the company’s audit risk areas relating to Information Technology through a risk-based audit methodology
- Provide significant input to the development of a risk-based annual internal audit plan;
- Perform specialized IT audits/reviews and ensure the adequacy of audit scope, the adequacy of testing performed, and the accuracy of conclusions reached;
- Plan the resources and requirements for the different IT audit assignments and special assignments.
- Ensure that IT audit procedures are strictly adhered to, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting technical processes and procedures;
- Prepare/develop IT audit programs with appropriate testing mechanisms, execute the programs, recognize IT control weaknesses, assess the materiality of these weaknesses, and relate them back to the scope and objectives of the audit;
- Engage auditees, develop and administer audit surveys, compose summary memos, and prepare working papers in line with the audit objectives;
- Communicate the results, findings and recommendations of IT audit projects via written reports and face-to-face presentations on a timely basis;
- Follow up on the implementation of IT audit recommendations in a timely manner;
- Interact with staff, section heads, and managers and when necessary with executive management in order to obtain and/or communicate relevant information to achieve the objective/s of the IT audit;
- Maintain all organizational and professional ethical standards and ensure IT audit activities are carried out in compliance with applicable standards including International Standards for the Professional Practice of Internal Auditing, IIA Code of Ethics, and ISACA (Information Systems Audit and Control Association) Information System standards and guidelines;
- Plan and execute audits of IT platforms/infrastructure (e.g. operating system, database management system, and business applications) and evaluate IT internal controls and work collaboratively with others to identify actions needed.
- Conduct data extraction, analysis, and IT security reviews;
- Act as liaison with IT business partners to ensure full understanding of the data flow, data integrity and system security;
- Assess information technology control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information in compliance with security best practices (such as ISO 27000);
- Administer and support the Audit Management Software and Audit Tools (e.g. ACL) to facilitate Internal Audit Activities.
- Periodically, perform revenue assurance for the company using relevant audit tools.
- Support the business/process owners in the identification and assessment of IT related inherent and residual risks and ensure documentation of such risks in the company’s risk register.
- Lead consulting engagements related to Information and network security, IS governance, Business continuity and disaster recovery based on best practices of each area (ISO 27000, ISO 20000, ITIL and COBIT framework) if required to do so.
- Communicate the results of consulting projects via written reports and oral presentations on a timely basis;
- Review of Technology related policies and procedures and any IT operations of the Company for submission to the Head, Internal Audit before being raised for management/board approval.
- Provide consulting services to the company’s management and staff pertaining to information security policies and procedures based on best practices such as ISO 20000.
IT Related Special Audit Assignments and Fraud Investigations:
- Conduct or lead the Internal Audit team in performing any IT related fraud investigations or any special audit assignments relating to IT domain;
- Communicate the results, finding and recommendations of special assignment/investigation via written reports and oral presentations on a timely basis.
- Comply with Quality Management System / Operational Health & System requirements including objectives and applicable regulations relating to assigned jobs.
- Carry out any other duties as requested by the Head of Department
- Relevant University degree or its equivalent in science or social science
- Relevant Post Graduate degree and Possession of professional certification in information system auditing (i.e, CISA/CISSP) and accountancy certifications (such as ACA, ACCA, CIA) will be an added advantage
- Post qualification experience of 6 years in energy, power, financial or manufacturing sector.
- Hands-on experience on the use of ACL to perform data analysis and investigations.
- Communication skills.
- Problem identification and solution skills.
- Ability to promote value of internal audit.
- Industry, regulatory, and standards changes.
- Organizational skills.
- Conflict resolution/negotiation skill.
- Accounting frameworks, tools, and techniques.
- Team building.
- Change catalyst.