Internal Auditor: Application and Technology Audit - Absa Group Limited

Job Summary

Information Technology (IT) Auditors help organizations secure its data and systems from external or internal threats by analysing and assessing their technology systems and infrastructure to ensure systems are secure, efficient, accurate and compliant. The IT Auditor will be responsible for planning and executing complex and specialized audits assignments in accordance with the Group Audit Plan and Internal Audit methodology, relevant policies, procedures, and quality standards.

Job Description

Audit planning

• Participate in the 6+6 audit planning cycle, and provide input by taking into account the risk and control profile, business strategy and material risks affecting the business.

Assurance

• Develop an in-depth knowledge of Absa and the various business areas and use this knowledge to execute on assurance responsibilities.
• Actively participate in all the audit phases - planning and scoping (identification of risks and controls), fieldwork (execution of design and operating effectiveness assessments) and reporting (ensure audit observations and planned actions are agreed with management for factual accuracy).
• Perform IT risk assessments to identify high risk areas that require focus.
• Conduct complex IT related audits as guided by the risk-based audit plan to assess the governance and management of data integrity, security, software development and IT governance within the business, including but not limited to:
  • Pre and post-implementation reviews of system implementations or enhancements.
  • Reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
  • Evaluate application and information general computing controls and test compliance with those controls.
  • Systems development audits to verify that systems that are being developed meet development standards.
  • Systems and application audits that evaluate whether systems and applications are controlled, reliable, efficient, secure and effective.
  • IT security audits, including evaluating security vulnerabilities and whether they are properly identified and mitigated.
  • Project assurance to assist management in improving organisational efficiency and effectiveness and minimize risk.
• Provide the business with guidance and recommendations on IT risk management, with particular focus on applications, infrastructure and security.
• Ensure delivery adheres to the audit methodology and quality standards.
• Identify opportunities for using Data Analytics and enhanced automated auditing techniques.
• Prepare audit observations and make sure that they are concise, factually accurate and cover all of the significant issues. The observations must be insightful, address the root causes, and have agreed actions that fully mitigate the risk.
• Verify that risks associated with audit observations have been mitigated by management as committed to, by them.

Teamwork

• Engage proactively with Internal Audit colleagues during assignments and request technical assistance where required and based on knowledge of business areas, provide guidance to other auditors and peers by sharing best practice so that their work meets and sometimes exceeds quality standards

Relationship and Portfolio management

• Business Monitoring and stakeholder engagement - Develop and maintain relationships with the business (including 1and 2 Line of Defence) and actively monitor the risk profile of the business to inform audit planning, reporting, and audit delivery. Support the Combined Assurance effort across the 3 LOD to strengthen the control environment.
• Provide input into Risk and Committee reporting, clear messaging, and impact on the risk and control environment of the business.

Knowledge Management

• Display professional skepticism and apply a residual risk lens to potential audit issues with management and in final reporting.
• Continuous upskilling on both technical and other core competencies.
• Keeping up to date with industry trends, regulatory changes, and professional standards.
• Based on knowledge of business areas, provide guidance to other auditors and peers by sharing best practice so that their work meets and sometimes exceeds quality standards

Documentation

• Document work performed in such a way that an independent party can understand the work performed.

Education & Experience:

• A Bachelor’s degree with CISA certification or other similar IT audit certification.
• Minimum three years of experience in an audit whether it be an external or internal audit.
• Experience in the automation of audit processes and robotics will be advantageous.
• Experience and knowledge of the banking sector especially Retail and Business Banking.

Education

• Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)