You will support the delivery of an independent view and assurance over the IT control environment in operation in various EMEA business entities. You will undertakes audit testing across a range of IT Infrastructure and IT applications, and the ongoing monitoring of IT and business related projects to support the delivery of audit opinions.
You will be involved with:
Preparing internal audit working papers in accordance with the Policies and Procedures of Audit Department as documented with the Audit Manual.
Documenting sampling methodology within the working papers and performing testing of the key controls identified.
Preparing draft Audit Control Recommendations for review by the Auditor in Charge.
Responding to working paper review points raised by the Auditor in Charge.
When acting as AIC this also includes:
Preparing planning material to ensure that the internal controls covering the key risks are appropriately tested in order to provide reasonable assurance to the Board, Group Management, Entity Management and other stakeholders, including regulators that an effective internal control environment exists.
Preparing draft Audit Control Recommendations for review by AD Management. The ACRs musts be factually accurate and clearly communicate the findings and recommendations. The Assistant Audit Manager must clearly communicate the issues to AD Management and then to business Management. In doing so, the Assistant Audit Manager may experience some significant challenge and must therefore be resilient and articulate in their presentation of the issues and call on the support of the relevant Audit Partner.
Preparing the final internal audit report. The report must clearly communicate areas of positive assurance as well as areas where improvement in the internal control environment is required.
Undertaking follow-up and closure of internal audit recommendations. This process requires the validation of action taken by line Management for the closure of all High and Moderate Priority recommendations and the provision of assistant and guidance to Management.
Educated to degree standard and holder of a professional qualification, (Usually CISA or CISSP etc)
Strong technology skills and understanding of application controls.
The ability to clearly communicate IT issues to IT/ non-IT Management both verbally and in writing
Some knowledge of the following would be useful: Firewalls (Check Point, Palo Alto, Cisco); Networks (Cisco); Windows including Azure; Office 365; Unix/Linux; Database Management Systems (Oracle, SQL Server); IBM Websphere; Data Analytics including ACL