Senior IT Auditor (FMG/AS 3)

Job Purpose

Under the direction of the Audit Manager, the Senior IT Auditor examines, analyzes and combines knowledge of information systems with risk assessment and control principles of the Authority. Undertakes Information Systems audits of the Southern Regional Health Authority (SRHA) by analyzing and assessing the Authority’s technological infrastructure, IT policies and operations to ascertain whether processes and systems operate accurately and efficiently, safeguard the Authority’s assets, and maintain data integrity, security, and confidentiality. Monitors, reviews and evaluates the management, control, security and logical framework of the ICT systems and procedures for accounting procedures by the provisions of the Financial Administration and Audit (FAA) Act, other relevant laws, rules, and regulations relating to the SRHA and directives issued from time to time by the Ministry of Finance and the Public Service. Evaluates the adequacy, efficiency and effectiveness of management controls. 

Key Responsibilities

The duties and responsibilities include but are not limited to the following: 

Core 

• Identifying and evaluating the Authority’s technological infrastructure risk areas and providing critical input to developing the annual internal audit plan. 
• Evaluating IT internal controls, design, and operational effectiveness to determine exposure to risks.
• Mitigating IT risks regarding business information's confidentiality, integrity, and availability.
• Ensuring potential issues and risks are identified/understood. 
• Developing remediation strategies. 
• Ensuring audit coverage is appropriate and audit programs are efficient. 
• Planning and executing detailed audits based on risk analysis of information systems, software, platforms, and operating procedures within budgeted timelines and by established Authority standards to verify the systems' efficiency, accuracy, and security and that the systems support business processes or related applications. 
• Analysing business systems to determine the completeness and accuracy of already processed transactions. 
• Conducting efficient and effective IT audit procedures. 
• Communicating complex technical issues to the relevant staff in simplified terms.
• Performing regular audit testing and providing recommendations. 
• Reviewing, evaluating and testing application controls. 
• Analysing application control systems and their business protocols to determine whether business goals are being attained. 
• Performing various reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure adequate controls surrounding these processes and compliance with relevant laws, regulations, and best practices with the Authority. 
• Conducting data extraction, analysis and security reviews of audit issues utilizing software tools.
• Developing, building & implementing tools to analyse data to improve audit efficiency and effectiveness (including risk assessments and project-specific risk and controls matrices).
• Determining and providing recommendations with defined timelines to improve IT controls and negotiate solutions and corrective action for identified risks that may prevent the Authority from achieving its objectives. 
• Identifying and documenting audit assessment, issues, and testing results to ensure that conclusions, findings, and recommendations are supported by sufficient and appropriate evidence and to audit department standards.
• Maintaining current and completed files with audit working papers and the necessary cross references and notes of examinations conducted to facilitate follow-up of previously approved recommendations. 
• Preparing input to the formal audit report and communicating or assist in communicating audit results and consulting projects to management via timely written reports and oral presentations on time.
• Assisting departments and facilities with audits to recommend solutions for safeguarding government assets and funds. 
• Preparing audit reports draft and related working papers and other supporting documentation to determine the adequacy of findings, logic and soundness of audit conclusions and feasibility, and suitability of recommendations for remedial action, including changes in programming direction, method, procedures, and practices. 
• Conducting a preliminary survey of an entity or programme/activities to determine the desirability of a full-scale audit and conduct other special studies or investigations as requested by the Audit, and management. 
• Framing the terms of reference for each audit assignment (objectives). 
• Documenting audit procedures for each assignment and keep permanent files of such methods for easy retrieval in audit software. 
• Providing audit findings of discrepancies with department heads and advise them on satisfying regulatory requirements, saving money, reprogramming funds, eliminating waste and fraud, or improving operations efficiency. 
• Reviewing, periodically, any external audit reports on the Authority’s operations to ascertain if appropriate action has been taken and deviations or errors have been corrected. 
• Ensuring that audit permanent and current files are maintained for the Unit and Audit Software.
• Being conversant with the provisions of the Financial Administration and Audit Act, Customs Act, other relevant acts, and any other financial regulations that are in force occasionally.
• Analyzing and appraising evidential data to determine the adequacy, efficiency and effectiveness of activities being reviewed and compliance with relevant laws and regulations;  
• Keeps current with the latest tools/techniques in Audit to support business continuity and adaptation of best practices. 

Management/Administrative  

• Contributing to the development of the Audit Plans;  
• Developing Individual Work Plans based on alignment with the Audit Unit Plan; 
• Maintaining customer service principles, standards and measurements;  
• Identifying and incorporating the interests and needs of customers in process design.
• Ensuring critical success factors are identified and meet expectations. 
• Performing special investigations and assignments as instructed;  
• Preparing audit reports and project documents as required; 

Required Knowledge, Skills and Competencies

• Excellent knowledge of auditing standards and procedures 
• Excellent analytical and problem solving skills  
• Excellent interpersonal and customer service skills  
• Excellent presentation, oral and written communication skills  
• Excellent planning and organizing skills  
• Ability to lead and work in team 
• Knowledge of Operational, compliance, value for money Information Systems Audit
• Knowledge of EDP systems and their applications 
• Advanced IT skills in the Microsoft Office Suite Applications 
• Extensive knowledge of internal auditing, internal controls, risk management, and finance and accounting practices and methods 
• Knowledge of IT audit methodologies 
• Knowledge of multiple technology domains, including aspects of Windows, Unix, database administration, software development and networking 
• Knowledge of Standards for the Professional Practice od Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors 
• Knowledge of the Financial Administration and Audit (FAA) Act, and other relevant accounting and IT legislation, Staff Orders and Public Service Regulations 
• Knowledge of accounting principles and standards 
• Working knowledge of Asset Management and Inventory Control systems 
• Knowledge of management practices and principles 
• Ability to analyze and interpret financial and accounting reports 
• Good organizing skills  
• Ability to maintain confidentiality  
• High degree of integrity and diplomacy 

Minimum Required Qualifications and Experience

The ideal candidate must possess: 

• First Degree preferably in Accounts, Finance, Business Administration, Management or Economics or; 
• ACCA Fundamentals or equivalent;  

PLUS 

• Two (2) to five (5) years’ experience in audit/specialized area; 
• Successful completion of Government auditing courses and Professional Audit Training would be an asset. 

OR 

• Recognized Accounting/Auditing/Information Systems certification: 
  • Certified Internal Auditor (CIA) 
  • Certified Information Systems Auditor (CISA) 
  • Certified in the Governance of Enterprise IT (CGEIT) 
  • Certified Information Security Manager (CSIM) 
  • Certified Information Systems Security Professional (CISSP) 
  • Supervisory Management Training/Experience 
  • Risk Management background ideal 
  • At least three (3) years’ experience in IT auditing or a similar capacity 

NB. ONLY SHORTLISTED APPLICANTS WILL BE ACKNOWLEDGED