IT Audit Manager at Discovery Limited

Key Performance Area

Tasks

Strategic:

Build / maintain relationships with:

• Discovery Invest, Life, Employee Benefits, Insure, Corporate, Health, Vitality RSA, Vitality Group, VitalityUK
• Attend Audit Committee meetings to present audit observations and provide feedback on the audits.
• Attend Risk Committee meetings to gather issues that can impact an audit environment.
• Facilitate the maintenance of risk profiles (inherent & residual view of IT risks).
• Challenge risk management information received from the business and provide meaningful input to management on where IT risk management processes and controls can be improved.
• Responsible for the implementation of the Internal Audit plan with regards to assigned companies / areas.

Technical

• Knowledgeable in some of the following areas:
• IT General Controls
• Application Controls
• Technical Infrastructure
• Data Assurance
• Project and Programme Management.
• Cyber and Information Security
• Perform Peer Quality Review Assessments.
• Perform maturity assessments based on the COBIT framework.
• Keep abreast with current trends and improve the audit methodology and approach.
• Liaison with peers on IT risk management, policies and execution strategies.

Operational:

• Scheduling and planning of audits, assignment of staff and review resource requirements.
• Defining the purpose, scope and audit approach of each audit for assigned areas of audit coverage.
• Agree audit scope with client and provide final engagement letter to Senior Audit Manager for approval and distribution.
• Ensuring that all risks are addressed for the specific audit engagements.
• Provide feedback to Senior IT Audit Manager on the planning, execution and reporting of the audits.
• Review and sign-off of planning, working papers and reports, and where required raise review notes for the work performed by Senior IT Auditors / IT Auditors (pertaining to Engagement Letters, APMs, system descriptions, walkthroughs, process flow diagrams, RACM, test procedures, working papers, reports and action plans).
• Address review notes raised by the Senior IT Audit Manager.
• Monitoring of the quality of work performed by the audit team and taking corrective action (where applicable).
• Provide training and supervision to audit team in order to ensure that that the required audit objectives are met and that adequate practical coverage is achieved.
• Assist Senior IT Audit Manager in developing the Audit Universe, Annual Internal Audit Plan, and the Three Year Rolling Plan.
• Monitor progress of audits against plan.
• Track progress /changes in business risks and align audit plan.
• Request feedback from management.
• Escalate cases where feedback is not received.
• Ultimately responsible for quality of audit files (Pentana or other).
• Proactively take on additional tasks as requested by Senior IT Audit Manager.
• Provide meaningful input and monitor the effective and timely implementation of management actions to address any control weaknesses identified through risk profiling, risk events and control self- assessment.
• Conduct a Quality Assurance review of audit files and finalise once comfortable.
• External audit – develop and manage the relationship with external audit as it pertains to the reliance on IT Audit work, data requirements and co-ordination of resources to deliver specific assurance for external audit.

Follow-ups:

• Follow up on outstanding audit issues and management actions.
• Preparation, submission and presentation of follow-up progress reports at risk and/or audit committees.  

People Management and Development:

• Self-development: studying, attending courses and chapter meetings.
• Day to day management of the assigned audit staff members and / or consultants / contractors.
• Assist with staff development so as to increase competence and delivery of the department.
• Determine personal development plans and training needs, as well as implementing career path plans.
• Manage staff productivity by means of timesheets and cost recovery from auditees.
• Manage Senior IT Auditors and other direct reports.
• Review feedback from management on performance of auditors (Senior IT Auditors / IT Auditors).
• Completion of mini-appraisals.

Reporting:

• Drafting and review of engagement letters and final reports for Senior Management review.
• Review of draft observations and forwarding these to business for comment.

Reporting to:

• Audit Committees
• Business Risk Committees
• Company Exco’s
• Management (detailed audit reports)
• CAE (where applicable)
• Preparation and submission of Risk and Audit committee reports / packs.
• Attending Audit and Risk Committee meetings, as and when required.
• Assist in periodic reporting on the status and results of the annual audit plan and the sufficiency of department resources.
• Ad-hoc reporting.

General:

• Stay up-to-date with Internal Audit profession and industry developments.
• Ongoing development and improvement of audit methodology.
• Travel if required.

Qualification:

The following qualifications are a requirement:

• B Degree or equivalent (and relevant) qualification.
• Honours / Masters (with Computer Science / Computer Auditing / Information Systems / Auditing as majors)
• CISA
• CA / ACCA / CIMA / CFSA / CPA / CIA / CISA / CISM / CRISC / CGIT  / CCSA (one or more of the afore mentioned is preferable)

Experience:

• 5+ years audit experience and 2+ years audit management experience.
• Solid IT audit experience with a broad range of exposure to all aspects of business planning, systems analysis and application development.
• Experience in conducting financial, operational or IT audits.
• Reporting to Audit and/or Risk Committees.

Essential knowledge:

• Internal Controls
• Risk management framework (COSO)
• IT General Control reviews
• Application Control reviews
• Internal controls
• Corporate and IT governance
• IT Infrastructure technical knowledge (reviewing of databases and operating systems)
• CAATs / data analytics
• Cyber security
• Corporate governance principles
• Computer literacy