IT Auditor

Job Purpose

Under the direction of the Director, Information Systems Audit, the IT Auditor will b responsible to:

• Combine knowledge of information systems with risk assessment and control principles.
• Undertake Information Systems audit of the Jamaica Customs Agency by analysing and assessing the Agency’s technological infrastructure, IT policies and operations to ascertain whether processes and systems are operating accurately and efficiently, safeguarding the Agency’s assets, and maintaining data integrity, security, and confidentiality.
• Monitor, review and evaluate the management, control, security and logical framework of the ICT systems and procedures for accounting procedures by the provisions of the Financial Administration and Audit (FAA) Act, other relevant laws, rules, and regulations relating to the Customs Agency and directives issued from time to time by the Ministry of Finance and the Public Service

Key Responsibility Areas

Technical/Professional Responsibilities

• Supports the Director Information Systems Audit in implementing audit programmes in the specific areas of the Agency as assigned by:
  • Identifying and evaluating the Agency’s technological infrastructure risk areas and providing critical input to developing the annual internal audit plan.
  • Evaluating IT internal controls, design, and operational effectiveness to:
    • Determine exposure to risks.
    • Mitigate IT risks regarding business information's confidentiality, integrity, and availability.
    • Ensuring potential issues and risks are identified/understood.
    • Develop remediation strategies.
    • Ensure audit coverage is appropriate and audit programs are efficient.
  • Planning and executing detailed audits based on risk analysis of information systems, software, platforms, and operating procedures within budgeted timelines and by established Agency standards to verify the systems' efficiency, accuracy, and security and that the systems support business processes or related applications.
• Analyze business systems to determine the completeness and accuracy of already processed transactions.
• Conduct efficient and effective IT audit procedures.
• Communicate complex technical issues to the relevant staff in simplified terms.
• Perform regular audit testing and provide recommendations.
• Review, evaluate and test application controls.
• Analyse application control systems and their business protocols to determine whether business goals are being attained.
• Perform various reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure adequate controls surrounding these processes and compliance with relevant laws, regulations, and best practices about the Agency.
• Conduct data extraction, analysis and security reviews of audit issues utilising software tools.
• Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness (including risk assessments and project-specific risk and controls matrices).
• Determine and provide recommendations with defined deadlines to improve IT controls and negotiate solutions and corrective action for identified risks that may prevent the Agency from achieving its objectives.
• Identify and document audit assessment, issues, and testing results to ensure that conclusions, findings, and recommendations are supported by sufficient and appropriate evidence and to audit department standards.
• Maintain current and completed files with audit working papers and the necessary cross-references and notes of examinations conducted to facilitate follow-up of previously approved recommendations.
• Prepare input to the formal audit report and communicate or assist in communicating audit results and consulting projects to management via written reports and oral presentations on time.
• Assist the divisions, branches, and sections whose work they audit to develop systems and controls for the physical safeguarding of government funds.
• Liaise closely with the staff of the Auditor’s General Department.
• Prepare audit reports draft and related working papers and other support documentation to determine the adequacy of findings, logic and soundness of audit conclusions and feasibility, and suitability of recommendations for remedial action, including changes in programming direction, method, procedures, and practices.
• Conduct a preliminary survey of an entity or programme/activities to determine the desirability of a full-scale audit and conduct other special studies or investigations as requested by the Director, Information Systems Audit, and management.
• Framing the terms of reference for each audit assignment (objectives).
• Document audit procedures for each assignment and keep permanent files of such methods for easy retrieval.
• Providing advice and guidance on methods and techniques.
• Provide audit findings of discrepancies with Divisional Heads and advise them on satisfying regulatory requirements, saving money, reprogramming funds, eliminating waste and fraud, or improving operations efficiency.
• Consulting with the CIA to determine whether further investigations and information are required where irregularities have been identified.
• Reviewing, periodically, any external audit reports on the Agency’s operations to ascertain if appropriate action has been taken and deviations or errors have been corrected.
• Ensuring that audit permanent and current files are maintained for the Unit.
• Being conversant with the provisions of the Financial Administration and Audit Act, Customs Act, other relevant acts, and any other financial regulations that are in force occasionally.

Customer Service Responsibilities

• Maintain customer service principles, standards, and measurements.
• Identifies and incorporates the interests and needs of customers in business process design.
• Ensure critical success factors are identified and meet expectations.

Other Responsibilities

• Perform all other duties and functions as may be required occasionally.  
• May be required to provide witness statements, attend court proceedings, and give evidence. 
• Comply with Health & Safety Policies & Procedures.

Required Competencies

Core

• Ability to communicate, interact and work effectively and cooperatively with technical and non-technical staff in a fast-paced environment.
• Excellent oral and written communication skills, including report writing and presentation skills.
• Excellent research, investigative and analytical skills.
• Strong judgment, problem-solving, decision-making, planning, and organising skills.
• Excellent leadership and teamwork skills.
• Strong negotiating issues and resolving problems.
• Expert-level interviewing skills
• Proactive, hands-on, results-driven orientation required.
• Ability to pay attention to detail
• Ability to produce high-quality work products for the IT groups and Senior Management.
• High level of professionalism, ethics, integrity, and confidentiality.
• Strong initiative and resourcefulness skills
• Ability to work independently with little or no supervision.
• High absorption rate for understanding modern technologies.
• Ability to work under pressure and meet deadlines.

Technical

• Comprehensive understanding of internal control environments within the IT function.
• Advanced IT skills in the Microsoft Office Suite Applications
• Expert knowledge of internal auditing, internal controls, risk management, and finance and accounting practices and methods.
• Clear understanding of IT audit methodologies.
• Experience with multiple technology domains, including aspects of Windows, Unix, database administration, software development, and networking.
• Extensive knowledge of and skill in applying internal auditing and accounting principles and practices, management principles and preferred business practices.
• Good knowledge of the Customs Act, its Regulations and customs administration.
• Comprehensive knowledge of the FIEA, FAA Act and other relevant accounting legislation.
• Comprehensive knowledge of Customs activities and operations.
• Working knowledge of the Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.
• Working knowledge of project management principles, practices, and processes.
• Understanding information security standards, best practices for securing computer systems, and applicable laws and regulations.
• Working knowledge of other relevant acts and regulations pertinent to the Agency.
• Experience with computer-assisted audit tools is a plus.

Minimum Required Education and Experience

• Bachelor's degree in computer science, Information Technology, Information Systems, or equivalent qualification from a recognised tertiary institution

OR

• Successful completion of ACCA Level 2
• Recognized accounting/auditing/information systems certification:
  • Certified Internal Auditor (CIA)
  • Certified Information Systems Auditor (CISA)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified Information Security Manager (CSIM)
  • Certified Information Systems Security Professional (CISSP)
• Supervisory Management Training/Experience
• Risk management background ideal.
• At least five (5) years' experience in IT auditing or a similar capacity.
• Knowledge of customs administration and operations would be advantageous.

Special Conditions Associated with the Job

• Work will be conducted in various offices outfitted with standard equipment and specialised software.
• The environment is fast paced, with ongoing interactions with critical stakeholders and meeting tight deadlines, which will result in high degrees of pressure.
• Moderate fieldwork
• May be required to travel locally and overseas to attend conferences, seminars, and meetings.
• Extensive travelling required (> 70%) regularly in the normal execution of duties island wide.
• Risk of exposure to a hazardous substance.
• Sick Building Syndrome (SBS)& Building Related illnesses (BRI)
• Health Risks resulting from visiting Dump and Destruction Sites
• High-risk job (threat to life due to attending court and being involved in other investigative issues).