IT Auditor

Imagine a world where people live healthier, more enhanced and protected lives… A world in which each organisation is a powerful influencer and responsible corporate citizen, committed to being a force for social good. As a leading innovator in healthcare, wellness, insurance, investments, financial and life planning, Discovery works ceaselessly to make this vision a reality. Fuelled by our passion for enhancing lives and our desire to innovate, Discovery consistently sets global standards, creating shared value through shared intellectual capital. A testament to this is our Vitality programme, which is both a platform to incentivise people to live healthier lives as well as a channel through which shared value is delivered. We are a proudly South African-born, global company with health, life and short term insurance operations in South Africa and the United Kingdom, and a presence in Germany, France, the United States, Canada, Australia, Singapore, Hong Kong, Philippines, Thailand, Malaysia, China and Japan through our Global Vitality Network. One way in which we uphold our promise of shared value is by being a positive disruptor that focusses on bringing about sustainable change in the lives of the people and communities we serve across the globe. Our values of leadership, honesty, innovation and fairness act as our compass, directing our business practices to take advantage of every opportunity while looking for ways to dazzle clients.

Areas of responsibility may include but not limited to

Strategic

Assist in attending to management queries.

Build / maintain relationships with the Discovery companies and other Assurance Providers:

Discovery Invest, Life, Employee Benefits, Insure, Corporate, Health, Vitality RSA, Vitality Group,

Vitality Health, Vitality Life, External Audit.

Facilitate the maintenance of risk profiles (inherent & residual view of IT risks).

Challenge risk management information received from the business and provide meaningful

input to management on where IT risk management processes and controls can be improved.

Technical Knowledgeable in:

IT General Controls

Application Controls

Technical Infrastructure

Project and Programme Management

Cyber and Information Security

Data Assurance, Data Analytics, continuous auditing via Computer Assisted Auditing Techniques

(CAATs): advantageous

Operational

Ensure audits are performed in line with Audit Methodology.

Provide feedback to Audit Management on the planning, execution and reporting of the audits.

Obtain input from the Audit Management relating to risks associated with the audit topic.

Ensuring that all risks are addressed for the specific audit engagements.

Follow up with Group Risk, Compliance and Forensics on any pertinent issues affecting a particular audit.

Defining the purpose, scope and audit approach of each audit for assigned areas of audit coverage.

Assist Audit Management in determining the scope of Internal Audit assignments.

Prepare engagement letter for review by Audit Management.

Prepare/review the Audit Planning Memorandum (APM).

Prepare/review approved system descriptions, walkthroughs and/or process flow diagrams and address/raise review notes where applicable.

Prepare/review risks and controls matrix (RACM) and address/raise review notes where applicable.

Prepare/review test procedures and address/raise review notes where applicable.

Obtain approval from Audit management with regards to any changes to RACM, audit test procedures / sample sizes.

Perform testing and document working papers on Audit Software where applicable.

Review working papers on Audit Software (performed by IT Auditors) and raise review notes where applicable.

Prepare/review the Audit Finalisation Checklist at the end of an audit.

Close day to day supervision of the IT Auditors and process of work.

Provide regular progress updates (at least weekly) on audit assignments.

Keep track of the budget and timesheets on a weekly basis and submit to Audit Management.

Escalate in timely manner to Audit Management if deadlines are not going to be achieved.

Escalate cases where feedback is not received.

Advise Audit Management immediately of any problems experienced on an audit section.

Monitoring of the quality of work performed by the audit team and taking corrective action (where applicable).

Provide training and supervision to audit team in order to ensure that that the required audit objectives are met and that adequate practical coverage is achieved.

Ultimately responsible for quality of audit files (MK or other).

Proactively take on additional tasks as requested by Audit Manager.

Provide meaningful input and monitor the effective and timely implementation of management actions to address any control weaknesses identified through risk profiling, risk events and control self- assessment.

Follow-ups

Follow up on outstanding audit issues and management actions.

Preparation and submission of follow-up progress reports for risk and/or audit committees.

Development

Self-development: studying, attending courses, external courses, e-Learnings.

Present training to the IT audit team.

Completion of mini-appraisals

Schedule meetings with Audit Manager for the combined review of mini appraisals.

General

Stay up-to-date with Internal Audit profession and industry developments.

Ongoing development and improvement of audit methodology.

Travel if required.

Education and Experience

B Degree or equivalent (and relevant) qualification (with Computer Science / Computer Auditing / Information Systems / Auditing as majors)

CIA / CISA / CISM / CRISC / CGIT (one or more of the afore mentioned is required)

2+ years audit experience

IT General Control Reviews.

Application control reviews.

Essential knowledge:

Internal Controls

Risk management framework (COSO)

IT General Control reviews

Application Control reviews

Internal controls

Corporate and IT governance

IT Infrastructure technical knowledge (reviewing of databases and operating systems)

CAATs / data analytics

Cyber and information security

Computer literacy