• Plan, guide and direct the Information Systems, Operations and Information Security audit activities to provide independent assurance that the organization’s risk management, governance and internal control processes are adequate and operating effectively.
• Plan, coordinate and conduct independent reviews on the Business Operational procedures, IT systems / procedures / information security and make recommendations to the Management as appropriate.
• Ensure that all Internal Audit activities are conducted in compliance with the company’s objectives and policies as well as the Code of Ethics and the acceptable Standards for the Professional Practices of Internal Auditing.
Duties and Responsibilities
Audit Planning/Design
• Leads and assesses annual risk analysis to formulate risk-based audit plan for Information Technology (IT), Operations and Information Security (IS) audit activities and establishes priorities for proper risk coverage.
Conducting Audits
• Evaluates risks and internal control processes of IT, IS and related operations activities to ensure divisional’s mandate and business goals are met and that professional standards are maintained at all times.
• Co-ordinates with the Head of Internal Audit in preparing staff plan for IT, Operations and IS audit activities, including number of auditors, skillset, and disciplines required to achieve the approved plan.
• Directs the planning of individual audit assignments to ensure that professional standards are maintained. Counsels and guides assigned employees to ensure that the approved audit objectives are met, and adequate coverage is achieved. Reviews working papers to ensure audit reports are properly supported.
• Evaluates completeness and relevance of risk assessments.
• Evaluates the relevance and the prioritization or focus of the audit plan and its alignment with IA and organizational strategies.
• Ensures adherence to established key performance indicators and measures the progress and performance of each initiative against expectations.
• Assesses that audit plan sufficiently covers the scope, addresses key risks and considers expectations of Senior Management and Board.
• Evaluates the degree to which the bank’s IT system and business operations follow regulatory strands, the bank’s policies & procedures, and best practice.
• Reviews technological trends and assesses the level of impact on the organization and the disruption to the industry. Manages and recommends adjustment to the audit plan based on the changing IT controls, risk posture and/or business priority.
• Performs special reviews as requested by Head of Internal Audit.
Reporting
• Ensures timely completion and prompt reporting of audit assignments to the Head of Internal Audit and Senior Management.
• Evaluates that significant risk exposures and control issues, including fraud risk and governance issues are covered in the final engagement communication.
• Appraises, evaluates, and reports to management on the existence of, effectiveness of, and need for changes in internal controls.
People Management & Development
• Manages and oversees team performance through performance planning, coaching and performance appraisals as per the guidelines and practices of the company.
• Holds direct reports accountable for managing and developing their assignments to ensure the division’s goals are achieved and stakeholders satisfied.
• Provides ongoing feedback to the team to ensure they develop the skills and competencies required for effective planning and individual professional and personal career growth.
• Motivates and inspires the team by providing them with the information and tools they need to do their jobs well and meet stakeholders’ expectations.
• Deals with performance issues, discipline as necessary and addresses poor standards, ensuring division targets and stakeholders satisfaction is not compromised.
• Manages the head count, recruiting and deploying resources as required, to ensure the right mix of skills and strengths are being leveraged as effectively as possible.
• Provides performance feedback to subordinates and peers (as applicable).
• Builds strong audit relationship with key IT & IS Managements and other stakeholders with regular interaction.
Improving the Practice of Audits
• Builds relationships with leaders across the organisation to understand issues and identify areas for improvement for the company as a whole.
• Keeps abreast of developments in Corporate Governance practices and advise the business accordingly.
• To be aware of and uphold the security responsibilities as stated in the company's Information Security Policy.
• Ensures all the information asset processing and day-to-day activities are based on the company’s Guidelines on Information Handling and Security Classification.
Minimum Qualifications
• Degree in Accounting/Computer Science and/or Management.
• professional qualification, i.e. CISA/CCP/CIA/CISM/CGEIT/MCSE/CRISC/CISSP.
• At least 10 years of audit experience in a computerized environment within Financial Institution or large Organization; of which two (2) years managerial experience.
Technical Qualifications
• Demonstrates effective working knowledge and understanding of Auditing standards, best practices, IT & IS risks and controls, with the ability to apply said knowledge for effective and efficient execution of the audit assignment.
• Demonstrates effective working knowledge and understanding of various banking products, services, and operations with the ability to apply said knowledge for effective and efficient execution of the audit assignment.
• Demonstrates ability to effectively apply knowledge of Project Management for efficient execution and management of assigned tasks.
Additional requirements
• Strong analytical skills.
• Good knowledge of Accounting, Business Operations, Information Technology Operations and processes.
• Good knowledge of best practice standards for Business operations and Information Technology Operations and Processes.
• Good interpersonal & communications skill (both verbal and written).
