Manager: It Audit And Data Analytics (Mt4) - Group Internal Audit Services
Capricorn Group Limited - windhoek, namibia
a month ago
Manager: IT Audit and Data Analytics (MT4) - Group Internal Audit Services
Listing reference: capgh_000166
Listing status: Online
Apply by: 8 May 2023
The primary purpose of this position is to implement the approved IT audit strategy, manage and provide guidance to the Group Internal Audit Services (GIAS) division and support all group IA functions concerning IT audits. Manage the execution of internal audit assignments in line with Group Methodology. Is required to attend governance meetings (RiskCo, IT RiskCo, EMT, BAC, BRC, BARC GBITC, etc.) for the different entities as a stand-in for the Head: Group Internal Audit Services.
Key Performance Areas (KPAs)
- Implement and provide guidance to the team on the approved IT audit strategy for GIAS.
- Perform general management activities for GIAS and provide support relating to IT Audits to group entities internal audit functions.
- Implement and manage the Human Capital related processes in GIAS.
- Maintain the Internal Audit methodology, aligned with the Internal Audit Standards as required by the Institute of Internal Auditors.
- Implement and monitor the quality and timely execution of internal processes and standards for IT Internal Audit within the Group.
Annual Audit Plan Planning
- Provide insights and information for the development of the three-year rolling risk based internal audit plan of the respective group entities and business units, which meets the requirements of professional internal audit standards, regulatory requirements as well as Capricorn Group methodology.
- Determine resource requirements for the delivery of the IT audits on the approved audit plans.
- Develop and implement the IT audit assignment execution plan for the year.
- Implement processes to monitor and manage staff productivity and service delivery.
- Provide the Head: GIAS with the quarterly updates of the annual IT audit risk assessment of the respective group entities and business units.
- Assist the Head: GIAS with the capturing of the annual plans and creating new audits on Metric Stream (MS).
Audit Assignment Planning
- Ensure that the scope, resource requirements and timing of IT audit assignments has been finalized and agreed with the Head: GIAS.
- Ensure completion of planning documents for IT audit assignments (notification letter, scope document, minutes for meetings with auditees, process descriptions, system descriptions-, risk and control matrix etc.).
- Ensure that senior auditors prepare engagement time budgets for IT audit assignments and review for quality.
- Activate audits on MS or ensure that it is timely activated by the Senior Internal Auditor.
- Understand auditee information technology and business risks, systems, processes and controls applicable for each audit assignment.
- For each assignment:
- Review and comment on the planning information for the audit project.
- Review and comment on the Risk and Control Matrix.
- Discuss the team debrief meeting results with the Senior Internal Auditor.
- Ensure that the audit planner checklist is used and updated.
Audit Assignment Execution
- Review IT audit programs in accordance with the Risk and Control Matrix.
- Ensure MetricStream Tasks for fieldwork areas are timely created.
- Provide guidance to senior auditors in execution of their tasks.
- Perform detailed quality review on work-papers prepared by the Senior Internal Auditor.
- Perform second level quality review on work-papers reviewed by the Senior Internal Auditor.
- Check that all review notes have been cleared by Senior Internal Auditors and Auditors.
- Review draft audit issues before discussion and confirmation of accuracy and relevance with the control owner and auditee management.
- Review and approve MS audit task completed by Senior Internal Auditors.
- Review and or complete MS audit task with the preliminary issue and action.
- Ensure audit findings are discussed with auditee management and EMT and obtain management actions.
- Provide ongoing oversight and quality control to ensure departmental and professional standards are always maintained.
- May take part in specific audit assignments.
- Manage own time budget as allocated per audit assignment.
- Actively monitor delivery of the auditors time budget and KPIs in IT audit assignments; and
- Manage and guide the team to ensure they know what is expected of them in terms of communication with clients.
Audit Assignment Reporting
- Review the findings prepared by the Senior Internal Auditors and Internal Auditors for quality and inclusion in the audit report.
- Participate in draft report discussion meetings and confirm issue and action plans with auditee management and EMT.
- Review or prepare audit reports for final review by Head: GIAS.
- Review and or approve draft issues on MS.
- Ensure timely distribution of final audit report to auditee management.
- Review, approve and publish audit report on MS; and
- Assist the Head: GIAS with the preparation of reports on audit assignments and findings to stakeholders (e.g., RiskCo, EMT, Audit Committee, GBITC, Regulators).
Audit Assignment Conclusion
- Perform end-of-audit completeness review of the assignment file on MS as per the assignment checklist.
- Perform the assignment performance review for the senior auditors for each relevant assignment on a timely basis.
- Review the assignment performance reviews of the auditors for all relevant assignments.
- Close the audit file on MS.
Issue Closure management
- Coordinate auditors to perform monthly reviews of IT-related issue closure items submitted for closure.
- Review working papers compiled by Senior Internal Auditors for issue closures.
- Ensure timely review and closure of issue closures within the timeline requirements from Group ERM.
- Monitor the monthly list of GIAS issue closure items to be used in various RiskCo reporting (open, overdue, current month closed, outstanding evidence, items allocated to each auditor).
Co-sourced / outsourced relationship with Capricorn Group Audit departments
- Ensure the efficient execution of the IT-related BG internal audits by monthly tracking and discussing progress with the in-country audit manager and team.
- Review audit reports for accuracy of findings and ratings, before distribution to management.
- Ensure effective client relationships with BG entity management to discuss the audits deliverable progress and management expectations, where required.
- Aid on MS-related issues and, where applicable, review and approve tasks, issues and reports on MS.
Continued Conversation Performance reviews.
- Assist in the coordination of the completion and submission of performance reviews for all Namibian-based auditors.
- Perform relevant continued conversations for auditors performance over the review period, as per the Human Capital driven timetable.
- Identify appropriate IT learning and developing opportunities in the performance conversations.
Learning and Development
- Assist in the compilation of development / training plans for all Namibian based auditors and source training providers.
- Be actively involved in the on-the-job IT audit training for Senior Internal Auditors and Internal Auditors.
- Identify appropriate learning and developing opportunities for self and staff members by considering experiences during audit assignments or applying the Auditor Competency Matrix.
- Ensure that the minimum own CPE requirements of the IIA (and other appropriate professional bodies) are met by completing the items specified on the annual Personal Development Plan.
Talent Management and Succession Planning
- Participate in the Talent Management and Succession Planning initiatives, as requested by the Head: GIAS.
- Research client industry, company structure, key customers, and suppliers for insight into current and possible future risks, operations, and processes.
- Research and share with the audit team, best practices in IT audit, risk, compliance, governance, and technology.
- Train other auditors on the use of methodology and technology resources.
- Research future audit methodology and technology resources that may be applicable to the client industry.
- Attend relevant company governance meetings, as requested by the Head: GIAS.
- Assist in Coordination of the completion and submission of the weekly timesheets on MS for all Namibian-based auditors.
- Coordinate travel arrangements for the team, when required.
- Champion change initiatives and evaluate them over time and develop new strategies for deepening the impact of positive change
- Assist in the management of the risk associated with fruitless and wasteful expenditure.
- Translate IT organizational goals into individual and team goals.
- Taking ownership for the implementation of assigned goals of the Internal Audit department.
- Actively (and assist other auditors too) live the values of the Capricorn Way
- Build long-term, trusting relationships with auditees of the allocated group entities and business units, based on a demonstrated commitment to their interests over time.
- Assist to identify, determine, and manage strategic engagement priorities that cross business lines and/or geographic boundaries (e.g., resource allocation, capability leveraging strategies).
- Build an internal network - while maintaining independence - that crosses business lines and geographical areas.
- Adapt to varied cultural styles and non-verbal cues by applying interpersonal awareness to read and appreciate others' differences, concerns, and motivations.
- Ensure audit procedures are performed with the required quality throughout all relevant IT engagements, in line with departmental and professional standards.
- Perform quality reviews of audit files before closure in line with the QAIP procedures.
- Leadership and EQ
- Supervision and quality control
- Adhering to the Capricorn Way principles and values
- Business writing and reporting
- Applying expertise and technology
- Planning and Organizing
- Delivering results
- Manage client expectations professionally.
- Entrepreneurial and Commercial Thinking
Minimum Required Experience and Knowledge
- At least 10 years audit experience of which 5 years must be in a management capacity in an internal / external IT audit environment.
- Experience in information security / cybersecurity is required.
- Excellent Data Analytics experience and capability is a must.
- IT Audit experience within the banking industry will be an advantage.
- Completed articles with an external audit firm will be an advantage.
- Computer literate: fluent in the use of Microsoft Office programs, data analytics programs and Power BI.
- Good oral and written communication skills, especially with regards to report writing
- Good research capability
- Good knowledge and understanding of ISO3100, SOX, COBIT ERM Framework, COSOs internal control-integrated framework
- B degree in computer science, management information systems, accounting, or finance
- An honours degree or higher will be an added advantage.
- Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Financial Services Auditor (CFSA),
- GSNA GIAC Systems and Network Auditor will be considered.