Job Purpose
To assess how risks around bank computer information systems are being managed and how internal processes are working. Applying a systematic methodology in audit work, looking at ways in which to evaluate the effectiveness of risk management and improve how the bank operates to ensure compliance with corporate governance, risk management and internal controls.
Key Responsibilities
Audit execution:
- Examine and evaluate the adequacy and effectiveness of internal controls including general and application control reviews for simple to complex computer information systems.
- Performs information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
- Examine the banks compliance to legal and regulatory requirements and implementation of policies and procedures.
- Ensuring activities are carried out according to the mandate of the Audit Plan approved by the Board Audit Committee, which entails:
- Timely performance of Audit assignments i.e. Timely in planning, execution, and reporting.
- Provide adequate information of the audit assignments to be undertaken to the auditee and preparation of adequate planning memo.
- Participate/conduct Audit entrance meetings with the auditee informing the audit objectives, scope and timeline of the audit including the information required from the auditee and obtain auditee areas of interest to be covered during the audit.
- Effective execution of the auditee in accordance with the pre-designed audit program/risk matrix and Audit plan ensuring adequate coverage of the scope.
- Ensure there is adequate communication and discussion with auditees while executing the audit assignments and confirmation of the findings before documentation.
- Preparation of adequate draft report/Audit discussion memo (ADM) with all observations confirmed by the auditee through the audit including appropriate root causes from the owner and provide risk and recommendations that addressing the root cause and submit the complete ADM to your supervisor for review before exit meeting.
- Conduct closure meetings for each assignment performed, so as to incorporate auditee views in the reports and agree on the report, and issuance of Final ADM to the owners to provide responses and action plans to mitigate the identified gaps.
- Preparation of final reports to be reviewed by the Information System Auditor/supervisor and circulation to Management.
- Ensure all audit works and working papers are effective and efficiency documented in the internal Audit system (Teammate) including signoff of the issues, schedules and working papers.
- Ensure efficiency and effectiveness utilization of Internal Audit systems/tools in the department e.g., Teammate, IDEA data analysis tool assist the Lead of ISA unit in user and Management training to understand the usage.
Others
- Assist in follow up management confirmed implemented /closed audit observations to assess the adequacy of the clients’ implementation of recommended actions.
- Assists in project reviews i.e., IT projects and any other projects that are developed within the bank that require ICT knowledge.
- Investigations, assist in special reviews as may be recommended from time to time
- Maintains currency of knowledge with respect to relevant state-of-the-art computer information technology, equipment, and/or systems.
Administration and liaison:
· Administration and liaison:
- Maintaining and coordinating the day-to-day communication within the internal audit department and with other departments to foster collaboration.
- Ensure adequate guidance and support to colleagues/staff working with/under you in all assignments.
- Perform other duties as may be assigned from time to time
- Liaise with the Group ICT Audit for implementation of changes suggested by the group
Risk Management:
- Ensure effective adoption and utilization of risk management tools
- Drive remediation of risk management exceptions identified during audit or risk reviews
- Promote risk management culture
Skills, Knowledge, and Abilities
- Audit Skills
- Analytical Skills
- Report writing, communication and presentation skills
- Interpersonal Skills
- Knowledge on Microsoft Applications
Academic / Professional Qualifications
- Bachelor’s degree in computer Science
- CISA Certification added advantage
Working Experience Required
- Experience in ICT Audit as internal or External Audit
- Ability to write comprehensive reports.
- Ability to employ different tools to conduct data analysis
- Excellent communication and interpersonal skills