IT Auditor at Discovery Limited

Areas of responsibility may include but not limited to

•  Strategic
• Assist in attending to management queries.
• Build / maintain relationships with the Discovery companies and other Assurance Providers:
• Discovery Invest, Life, Employee Benefits, Insure, Corporate, Health, Vitality RSA, Vitality Group,
• Vitality Health, Vitality Life, External Audit.
• Facilitate the maintenance of risk profiles (inherent & residual view of IT risks).
• Challenge risk management information received from the business and provide meaningful
• input to management on where IT risk management processes and controls can be improved.

Technical

Knowledgeable in:

• IT General Controls
• Application Controls
• Technical Infrastructure
• Project and Programme Management
• Cyber and Information Security
• Data Assurance, Data Analytics, continuous auditing via Computer Assisted Auditing Techniques
• (CAATs): advantageous

Operational

• Ensure audits are performed in line with Audit Methodology.
• Provide feedback to Audit Management on the planning, execution and reporting of the audits.
• Obtain input from the Audit Management relating to risks associated with the audit topic.
• Ensuring that all risks are addressed for the specific audit engagements.
• Follow up with Group Risk, Compliance and Forensics on any pertinent issues affecting a
• particular audit.
• Defining the purpose, scope and audit approach of each audit for assigned areas of audit
• coverage.
• Assist Audit Management in determining the scope of Internal Audit assignments.
• Prepare engagement letter for review by Audit Management.
• Prepare/review the Audit Planning Memorandum (APM).
• Prepare/review approved system descriptions, walkthroughs and/or process flow diagrams and
• address/raise review notes where applicable.
• Prepare/review risks and controls matrix (RACM) and address/raise review notes where
• applicable.
• Prepare/review test procedures and address/raise review notes where applicable.
• Obtain approval from Audit management with regards to any changes to RACM, audit test
• procedures / sample sizes.
• Perform testing and document working papers on Audit Software where applicable.
• Review working papers on Audit Software (performed by IT Auditors) and raise review notes
• where applicable.
• Prepare/review the Audit Finalisation Checklist at the end of an audit.
• Close day to day supervision of the IT Auditors and process of work.
• Provide regular progress updates (at least weekly) on audit assignments.
• Keep track of the budget and timesheets on a weekly basis and submit to Audit Management.
• Escalate in timely manner to Audit Management if deadlines are not going to be achieved.
• Escalate cases where feedback is not received.
• Advise Audit Management immediately of any problems experienced on an audit section.
• Monitoring of the quality of work performed by the audit team and taking corrective action
• (where applicable).
• Provide training and supervision to audit team in order to ensure that that the required audit
• objectives are met and that adequate practical coverage is achieved.
• Ultimately responsible for quality of audit files (MK or other).
• Proactively take on additional tasks as requested by Audit Manager.
• Provide meaningful input and monitor the effective and timely implementation of management
• actions to address any control weaknesses identified through risk profiling, risk events and
• control self- assessment.
• Follow-ups
• Follow up on outstanding audit issues and management actions.
• Preparation and submission of follow-up progress reports for risk and/or audit committees.
•  
• Development
• Self-development: studying, attending courses, external courses, e-Learnings.
• Present training to the IT audit team.
• Completion of mini-appraisals
• Schedule meetings with Audit Manager for the combined review of mini appraisals.
• General
• Stay up-to-date with Internal Audit profession and industry developments.
• Ongoing development and improvement of audit methodology.
• Travel if required.

Education and Experience

• B Degree or equivalent (and relevant) qualification (with Computer Science / Computer Auditing
• / Information Systems / Auditing as majors)
• CIA / CISA / CISM / CRISC / CGIT (one or more of the afore mentioned is required)
• 2+ years audit experience
• IT General Control Reviews.
• Application control reviews.
• Essential knowledge:
• Internal Controls
• Risk management framework (COSO)
• IT General Control reviews
• Application Control reviews
• Internal controls
• Corporate and IT governance
• IT Infrastructure technical knowledge (reviewing of databases and operating systems)
• CAATs / data analytics
• Cyber and information security
• Computer literacy

The following would be deemed as an advantage (and would be required for career progression):

• Studying towards or in possession of relevant Bachelors or Honours Degree
• Financial Services experience

Competencies

• Analytical Thinking Ability: ability to split a task or problem into its component parts and use these in a logical and systematic manner to reveal all the implications of the consequences of situations
• Communication Skills: able to communicate clearly both verbally and in writing.
• Relationships: building relationships with auditees, business and external auditors.
• Reporting Skills: ability to consolidate information and compile reports reflecting the necessary relevant information