General Job Description: The Manager – Information Systems (IS) Audit conducts review of assigned Information Technology and other audit projects, evaluates the adequacy and effectiveness of controls over those activities, plans and executes IS audits and other audit projects in accordance with accepted standards, reports audit findings and makes recommendations for correcting unsatisfactory conditions, and performs special reviews at the request of management.
Responsibilities & Duties:
Under the general guidance of the General Manager - Internal Audit, the Assistant Manager -IS Audit:
1) Develop the annual overall IS audit plan.
2) Identify and evaluate the Information Technology risks / impacts associated with identified business issues.
3) Plan the scope of the IS audit work and prepare an audit program based on objective risk assessments.
4) Determine the auditing procedures and tools to be used.
5) Perform audits of the following core IT processes using Control Objectives for Information and related Technology (COBIT):
Planning and Organization
Acquisition, Implementation and Maintenance of IT solutions.
Delivery and Support of IT solutions.
Monitoring of IT solutions
6) Perform audits of the operating environment and application system control relating to specific business processes.
7) Conduct reviews of Operating Systems, Networks and other IT areas such as
Firewall, IDS, etc.
8) Perform Data analysis using Audit Command Language (ACL) and summarize the results of the analysis.
9) Perform audits of activities of various departments for compliance with plans, policies and procedures.
10) Evaluate the adequacy of internal controls and develop creative and practical recommendations.
11) Obtain, analyze, and evidence data as a basis for informed, objective opinion on the adequacy and effectiveness of the system and the efficiency of performance of the activities being reviewed.
12) Make oral or written presentations to management during and at the conclusion of the examination, discussing deficiencies and recommending corrective action.
13) Prepare formal reports on the IT audit, other audits / assignments carried out, including recommending improvements to processes, policies and procedures.
14) Evaluate the adequacy of corrective action taken to improve deficient conditions.
15) Direct, counsel, and instructs Staff Auditors assigned to the audit, and review their work for sufficiency of scope and accuracy.
16) Conduct special IS audit assignments and follow up on previous IS audit findings and prepare status reports as required.