To provide internal audit services in accordance with the Code of Ethics and the International Professional Practice Framework (IPPF) which includes the Global internal Audit Standards, Topical Requirements and Global Guidance and to develop audit plans, overseeing execution (IT security, systems, infrastructure, IT GCR, IT Modernization), ensuring compliance with ISACA Standards, Leading Practices mentoring staff, reporting to leadership (CAE and Director: Internal Audit), and ensuring alignment with expected standards for effective IT Governance, risk management and control processes and digital service delivery.

 

 

Audit Planning:

Develop and maintain a multi-year IT Audit Maturity Plan with clear milestones and benefits at each phase.

Develop and manage multi- year, risk-based IT audit plans, aligning with organizational strategy and identifying key ICT risks (cyber, security, data).

Prepare notice to the auditee.

Prepare Audit Engagement Plan for each assigned.

Prepare system description for review by the Director.

Prepare risk assessment for review by the Director.

Develop audit programme for each assigned audit for approval by Director/ Chief Audit Executive.

Conduct opening meeting at beginning of each audit.

 

Audit Execution:

Oversee audits of IT infrastructure, applications, cybersecurity, disaster recovery, SDLC, databases, and general IT controls, IT Governance and IT Continuity.

Detect vulnerabilities, inefficiencies, and potential security breaches.

Evaluate effectiveness of access controls, security measures (firewalls, antivirus), data backup/ recovery and change management processes.

Perform audit procedures per audit programme.

Prepare audit work papers for review by Director.

Reference all work papers.

 

Reporting and Communication:

Communicate audit findings to line management throughout the audit by issuing Informal Queries and obtaining management comments on observations.

Prepare clear, actionable reports for management with recommendations- and reference to work papers for review by Director.

Address comments by Director and line management and prepare final audit report.

Prepare EXCO report on significant observations

Prepare ERMC report for review by Director.

 

Compliance to Internal Audit Standards:

Produce work paper file that adheres to required international standards for working paper files.

Complete quality assurance templates as per internal audit methodology.

 

Monitoring and follow-up:

Capturing audit observations on the audit database.

Work with IT, management, and other personnel to follow up on action plans and support governance

Conducting follow up on the implementation action plan.

 

 

 

 

 

 

 

 

 

 

Knowledge of the Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.

Knowledge of CISA Standards

Performance standards and procedures

Sound Knowledge of PFMA

Design/review audit methodologies, frameworks, and controls for continuous improvement.

Manage, train, mentor, and develop the audit team, ensuring staff capacity building from IT perspective.

Partner with IT management, external auditors, and other governance bodies, providing proactive advice.

 

 

Extensive IT audit experience, including supervisory roles, covering various IT areas (cyber, infrastructure, apps).

Strong analytical, problem-solving, communication, risk management, and technical skills (CAATs).

Understanding of IT infrastructure, networks, cybersecurity, data analysis, and relevant control frameworks (COBIT).

Skill in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines.

Skill in using a computer with word processing, spreadsheet and other business software to prepare reports, memos, summaries and analyses.

Skill in collecting and analyzing data, evaluating information and systems, and drawing logical conclusions.

Skill in negotiating issues and resolving problems.

Skill in effective verbal and written communications, including active listening skills and skill in presenting findings and recommendations.

 

 

Ability to establish and maintain harmonious working relationships with co-workers

Ability to work effectively in a professional team environment.

Enthusiasm, positive attitude

Self-management

Enquiring mind

Organised and efficient worker who can work independently and meet deadlines

Professional approach to work

 

 

Degree in IT, Computer Science, Information Security, or related field.

CISA, CISM, CGEIT or similar relevant certifications

4-6 years exposure to IT auditing working environment