IT Auditor (Senior) at Discovery Limited

Key Performance Area
Tasks

Strategic:

• Assist in attending to management queries.
• Build / maintain relationships with the Discovery companies and other Assurance Providers:
• Discovery Invest, Life, Employee Benefits, Insure, Corporate, Health, Vitality RSA, Vitality Group, Vitality Health, Vitality Life, External Audit.
• Facilitate the maintenance of risk profiles (inherent & residual view of IT risks).
• Challenge risk management information received from the business and provide meaningful input to management on where IT risk management processes and controls can be improved.

Technical
Knowledgeable in:

• IT General Controls
• Application Controls
• Technical Infrastructure
• Data Assurance
• Project and Programme Management.
• Cyber and Information Security
• Keep abreast with current trends and improve the audit methodology and approach.

Operational:

• Ensure audits are performed in line with Audit Methodology.
• Provide feedback to Audit Management on the planning, execution and reporting of the audits.
• Obtain input from the Audit Management relating to risks associated with the audit topic.
• Ensuring that all risks are addressed for the specific audit engagements.
• Follow up with Group Risk, Compliance and Forensics on any pertinent issues affecting a particular audit.
• Defining the purpose, scope and audit approach of each audit for assigned areas of audit coverage.
• Assist Audit Management in determining the scope of Internal Audit assignments.
• Prepare engagement letter for review by Audit Management.
• Prepare/review the Audit Planning Memorandum (APM).
• Prepare/review approved system descriptions, walkthroughs and/or process flow diagrams and address/raise review notes where applicable.
• Prepare/review risks and controls matrix (RACM) and address/raise review notes where applicable.
• Prepare/review test procedures and address/raise review notes where applicable.
• Obtain approval from Audit management with regards to any changes to RACM, audit test procedures / sample sizes.
• Perform testing and document working papers on Audit Software where applicable.
• Review working papers on Audit Software (performed by IT Auditors) and raise review notes where applicable.
• Prepare/review the Audit Finalisation Checklist at the end of an audit.
• Close day to day supervision of the IT Auditors and process of work.
• Provide regular progress updates (at least weekly) on audit assignments.
• Keep track of the budget and timesheets on a weekly basis and submit to Audit Management.
• Escalate in timely manner to Audit Management if deadlines are not going to be achieved.
• Escalate cases where feedback is not received.
• Advise Audit Management immediately of any problems experienced on an audit section.
• Monitoring of the quality of work performed by the audit team and taking corrective action (where applicable).
• Provide training and supervision to audit team in order to ensure that that the required audit objectives are met and that adequate practical coverage is achieved.
• Ultimately responsible for quality of audit files (MK or other).
• Proactively take on additional tasks as requested by Audit Manager.
• Provide meaningful input and monitor the effective and timely implementation of management actions to address any control weaknesses identified through risk profiling, risk events and control self- assessment.

Follow-ups:

• Follow up on outstanding audit issues and management actions.
• Preparation and submission of follow-up progress reports for risk and/or audit committees.

People Management and Development:

• Self-development: studying, attending courses and chapter meetings.
• Completion of mini-appraisals.
• Day to day management of the assigned audit staff members and / or consultants / contractors.
• Assist with staff development so as to increase competence and delivery of the department.
• Manage staff productivity by means of timesheets and cost recovery from auditees.
• Review feedback from management on performance of auditors.
• Prepare and provide feedback for appraisal forms to the IT Auditors for the applicable audits performed.

Reporting:

• Drafting of engagement letters and reports for Management review.
• Review of draft findings.
• Review of draft observations and forwarding these to business for comment.
• Prepare executive summary which includes the overall rating and overall management comments.
• Ad-hoc reporting.

General:

• Stay up-to-date with Internal Audit profession and industry developments.
• Ongoing development and improvement of audit methodology.
• Travel if required.

Qualification
The following qualifications are a requirement:

• B Degree or equivalent (and relevant) qualification (with Computer Science / Computer Auditing / Information Systems / Auditing as majors)
• CIA / CISA / CISM / CRISC / CGIT (one or more of the afore mentioned is required)

Experience

• 4+ years audit experience
• Solid IT audit experience with a broad range of exposure to all aspects of business planning, systems analysis and application development
• Experience in conducting financial, operational or IT audits.

Essential knowledge:

• Internal Controls
• Risk management framework (COSO)
• IT General Control reviews
• Application Control reviews
• Internal controls
• Corporate and IT governance
• IT Infrastructure technical knowledge (reviewing of databases and operating systems)
• CAATs / data analytics
• Cyber and information security
• Computer literacy