The incumbent that we are looking for will be responsible for:
Give an independent assurance that corporate governance, risk management, internal controls and compliance structures of the bank are in place.
Perform control reviews on the technology infrastructure and information systems landscape of the bank.
Give assurance to the organization that the ICT risk associated with bank products, investment and or operations are adequate mitigated if not eliminated
- Provide assurance on the adequacy and effectiveness of ICT governance, risk and control processes around IT Systems and processes.
- Ascertain the adequacy and reliability of financial reports and management data and information.
- Examine the banks compliance to legal and regulatory requirements and implementation of policies and procedures.
- Timely performance of Audit assignments according to the mandate of the Audit Plan approved by the Board Audit Committee i.e. Timely in planning, execution and reporting.
- Provide adequate information of the audit assignments to be undertaken to the auditee and preparation of adequate planning memo.
- Participate/conduct Audit entrance meetings with the auditee informing the audit objectives, scope and timeline of the audit including the information required from the auditee and obtain auditee areas of interest to be covered during the audit.
- Effective execution of the auditee in accordance with the pre-designed audit program/risk matrix and Audit plan ensuring adequate coverage of the scope.
- Ensure there is adequate communication and discussion with auditees while executing the audit assignments and confirmation of the findings before documentation.
- Preparation of adequate draft report/Audit discussion memo (ADM) with all observations confirmed by the auditee through the audit including appropriate root causes from the owner and provide risk and recommendations that addressing the root cause and submit the complete ADM to Head of Internal Auditor/supervisor/Group IS Auditor for review before exit meeting.
- Conduct closure meetings for each assignment performed, so as to incorporate auditee views in the reports and agree on the report, and issuance of Final ADM to the owners to provide responses and action plans to mitigate the identified gaps.
- Preparation of final reports to be reviewed by the Head of Internal Audit/supervisor/Group ISA and circulation to Management.
- Ensure all audit works and working papers are effective and efficiency documented in the internal Audit system (Teammate) including signoff of the issues, schedules and working papers.
- Ensure efficiency and effectiveness utilization of Internal Audit systems/tools in the department e.g. Team mate, IDEA data analysis tool and provide training to the subordinate and management to understand the usage
- Preparation of Annual ICT Audit plan that take into account all risks associated with the prevailing IT environment.
- Assist external auditors and regulators on IS audit matters that may arise when they reach out to the internal audit function
- Follow up management confirmed implemented /closed audit observations to assess the adequacy of the clients’ implementation of recommended actions.
- Support the Head of Internal Audit with board pack presentation to ensure the IS components are incorporated.
- Participate in development and implementing internal auditing manual, policies, procedures and programs.
- Provide assurance on the IT projects and any other projects that are developed within the bank that require ICT knowledge.
- Perform data validations for any system upgrade or changes
Knowledge & Skills:
- Audit Skills
- Analytical Skills
- Report writing, communication and presentation skills
- Interpersonal Skills
- Knowledge on Microsoft Applications and Advanced Excel
Qualifications & Experience:
- Bachelor’s degree in Information Technology/Computer Science or any other related field from a reputable University /College.
- The incumbent MUST be CISA certified
- A minimum of 3 years working experience as Information System Auditor.
- Ability to work independently on ICT audit assignments and provide adequate opinion that add value to the organization.