Job Objective
To review and evaluate automated information systems, related processes, and their interfaces to ensure effective controls are in place and that effective IT and application controls are designed and operating as intended and that established information systems policies, procedures and regulatory requirements are consistently adhered to. The role reports to the Internal Audit Manager and is executed in accordance with the Global Internal Audit Standards (GIAS), IT governance and risk management frameworks.
Duties and responsibilities
Identify, evaluate and document information systems risks, assess the adequacy and effectiveness of associated controls and propose enhancements to improve internal controls and operational efficiency.
Execute the approved annual Information Systems audit plan and support the annual IT risk assessment process.
Analyse and validate system transactions, data integrity, and audit evidence using data analytics and visualisation tools such as Power BI and SQL, to identify anomalies, trends, and control weaknesses.
Assess and test the adequacy and effectiveness of IT general controls, application controls, operational processes, and departmental systems, and recommend corrective actions where gaps are identified.
Evaluate threats and risks to the University's information assets and ensure appropriate access controls and data protection measures are in place.
Promote process improvement by recommending automation of procedures, methods, and standards to enhance productivity.
Prepare and communicate audit findings through clear written reports and presentations to management.
Conduct system investigations and special audits as required.
Perform other audit-related duties consistent with the UniversityÃÂÃÂÃÂÃÂs internal audit mandate, governance structures, and professional standards or as captured in your detailed Job Description .
Qualification and experience
A Bachelors degree in Information Systems, Computer Science or a related field from a recognised/accredited University.
Minimum of 3 years experience in Information Systems Audit, IT Audit, Internal Audit, or a related risk assurance role.
Professional certification, such as Certified Information Systems Auditor (CISA), or demonstrable progress towards certification.
Strong understanding of IT General Controls (ITGCs), system development life cycle (SDLC), IT governance and risk frameworks such as COBIT, ISO 27001.
Working Knowledge of information security principles, data protection, access controls, and system vulnerability assessment.
Experience in using Computer-Assisted Audit Tools (CAATs) such as TeamMate, ACL, SQL Developer, or similar data analytics tools.
Ability to analyse complex systems, interpret data, and assess risks across automated and manual processes.
Excellent understanding of internal auditing standards, ethics, concepts and practices with the ability to communicate technical issues to non-technical stakeholders.