JOB ROLE/ PURPOSE:
Conduct assurance audits and provide consultancy services on organizational information systems to evaluate and improve the effectiveness of risk management, governance and internal controls.
PRINCIPAL ACCOUNTABILITIES
1. Conduct risk assessment and audit of organizational information systems in order to evaluate effectiveness of risk management, governance and internal controls
a) Research on organizational systems and processes to understand the information systems in place
b) Engage business owners to gain understanding of business processes and systems and associated risks
c) Conduct risk rating of organizational processes to identify high, medium and low risks
d) Identify, analyze and assess risks to come up with a risk template
e) Conduct analytical reviews to justify, define scope and guide the audit
f) Develop audit program and planning memo and present to the line manager for review and approval
g) Conduct audit tests to assess the adequacy of the controls in place
h) Document the audit findings and prepare and submit draft audit report to line manager for review
2. Conduct stakeholder engagements to enhance relations with partners in order to facilitate the audit process.
a) Participate in identifying key stakeholders and focus areas for the engagements
b) Send invites to stakeholders to attend engagements and organize for appropriate logistics
c) Capture minutes and key notes during the engagement and keep a record of the same for future reference.
3. Monitor and follow up agreed actions with clients to confirmtimely implementation
a) Remind action owners on agreed actions and obtain feedback
b) Physically verify and obtain evidence of implementation of agreed actions
c) Update the status of audit issues
d) Prepare a verification report and submit to the line Manager for review.
PERSON SPECIFICATIONS
Essential Requirements
Desirable Requirements
KNOWLEDGE
a) Knowledge of ISACA standards (including ISO17799/27001)
b) Knowledge of COBIT
c) Knowledge of Internal Audit Manual and Charter
d) Knowledge of organisational policies and procedures
SPECIAL SKILLS AND ATTRIBUTES
a) Good communication and report writing skills
b) Proficiency working with recognized IT Security related standards, Technologies, principles and practices
c) Ability to analyze big volumes of data and pay attention to details
d) Problem analysis and solving skills
e) High level of organizational skills
f) Good Interpersonal skills
g) Ability to work well as part of a team
h) Possession of an impeccable record of integrity
i) Ability to exercise flexibility and resilience under different working conditions