IT Auditor at Sasria

Minimum Requirements

Qualifications

• BSc Computer Science degree or an equivalent qualification i.e., BCom/ BTech Accounting or Internal Audit
• CISA qualification or passed CISA exam and working towards qualification 
• ISACA membership (may also be IIA member as an addition)

Experience

• At least 3 years of IT audit experience in a non-life insurance company.

Duties and Responsibilities

• Sasria Departments or Agent Company Internal Audits

Performs IT internal auditing work as assigned:

• Sasria Departments and/ or Agent Companies’ IT Internal Audit divisions 
• Provide advisory services through:
• Audit recommendations
• Ad hoc projects
• Participation in Risk Management sessions (RCSAs) and provide input on where IT risk management processes and controls can be improved.

Technical Auditing

• Identify and evaluate the risk areas including IT audit risks in the organisation.
• Review the adequacy and effectiveness of controls using flow charts and other methods of evaluation.
• Develop audit programs or procedures by identifying risks and controls matrix (RACM) for the area to be audited.
• Conduct planning and preparation of allocated audit assignments by drafting audit start letters, opening meetings, preliminary surveys, agreeing audit scope and sign-off.
• Perform detailed reviews of IT processes and policies, Technology & infrastructure and the general control environment in accordance with the audit programmes.
• Perform detailed reviews of Cybersecurity, Vulnerability.
• Assessment and Penetration Testing where necessary.
• Be knowledgeable of Technology tools (Nessus, Nmap etc) to assist in testing for IT Security audits i.e., Cybersecurity.
• Perform ad hoc IT audits that include but not limited to UAM, Cloud Computing, Network Controls, IT Service Continuity, IT Outsourcing and Database Management.
• Perform detailed reviews of application systems and access controls, this will include ERP systems and electronic signatures in accordance with the audit programmes.
• Perform detailed reviews of IT project management/ programme controls in line with the audit programmes.
• Perform reviews on System Development Life Cycle Reviews (pre- and post-implementation).
• Perform both planned and ad-hoc cyber security reviews; utilise tools to perform vulnerability assessments and penetration testing.
• Perform data analytics assignments including continuous auditing and monitoring reviews.
• Perform follow-up reviews and ensure that management action plans and dates are not overdue.
• Completion of all working papers in accordance with the IT audit methodology.
• Conducts interviews, reviews document, develops and administers surveys, composes summary memos, and prepares working papers.
• All findings, conclusions and recommendations are properly and sufficiently supported in working papers.
• Communicates or assists in communicating the results of audit and consulting projects via written reports and oral presentations to 
• management.
• Develops and maintains productive client and staff relationships through individual contacts and group meetings.
• Pursues professional development opportunities, including external and internal training and professional association memberships, and shares information gained with co-workers.

Policy and procedure development

• Provides input on improvement of strategic audit and annual plan.
• Provides input on the improvement of the audit policy and procedure manual.

Represents internal audit on:

• Company project teams;
• Internal company staff committee meetings (on request, i.e. IT Steering Committee, Transformation committee and the Health and Safety 
• committee meetings); and
• External assurance providers or organisations.
• As and when required. 

Training and support

• Active involvement in development of own skills, through agreeing performance development plan with the IT AuditManager to improve or maintain the following skills:
• Negotiating and problem-solvingskills.
• Effective verbal and written communication, including active listening skills and skill in presenting findings and recommendations by audit staff.
• Establish and maintain harmonious working relationships with co-workers, staff and external contacts.
• Assist in supervising trainees or other assigned team members.

Perform adhoc tasks

• Perform any reasonable ad hoc tasks as and when required by the IT Audit Manager or the Head of Internal Audit.