An IT audit is the examination and assessment of the management controls over an organisation's information technology infrastructure, policies and operations. The IT audit determines whether systems are protecting assets, maintaining data integrity and operating effectively to achieve the overall objectives of the business.
The person in this position will report to the IT Audit Head and will oversee and ensure that, IT audit engagements run efficiently and profitably from inception to sign-off by managing all the relevant stakeholders in accordance with The Shard’s policies and procedures. This person further supports the IT Audit Head with clients' commercial management and business development initiatives.
The successful candidate will also be responsible for developing and maturing a data analytics and continuous auditing programme as a forerunner to robotic process automation as well as assisting in effective end-to-end execution of risk-based internal audits. The successful candidate will also be responsible for managing relationships with clients and participating in strategic and/or high-risk projects.
The incumbent will in accordance with The Shard’s Risk Assurance and Advisory Services (RAAS) as approved by Exco, his/her tasks will be to:
Direct and execute the IT project and governance audits of The Shard.
Ensure that the quality of audits executed is aligned to The Shard’s IT Assurance and Advisory Methodology.
Manage the allocation of contracted resources on assignments and projects.
Manage the execution of IT audits, IT consulting engagements and act in the role of a subject matter (SME) expert for audits managed and executed.
Manage the execution of audits and consulting projects within budgeted planned hours.
Ensure timely reporting of assigned audit and consulting engagement tasks and follow established reporting protocols.
Integrate with other teams (e.g. risk and financial/operational audit teams) with regard to knowledge sharing on audit tasks being managed and executed.
Act as liaison with clients.
Positively develop relationships with internal and external stakeholders.
1. Business development and client relationships management:
Contribute towards the Value Proposition Development and ‘’Go-To Market’’ strategies for the service line (RAAS).
Be involved in the preparation of request for proposals (RFPs).
Assist with new client research, presentation and pitch preparation.
Attendance of client functions.
2. Audit task planning:
Review/compile the audit planning memorandum to ensure focus on high risks and consulting scope/objectives; and
Review/compile the audit strategy and approach/methodology program to ensure audit and IT consulting objectives are met.
3. IT consulting / Audit execution/reporting:
Review/prepare audit evidence supporting the reported findings in the audit report;
Manage the execution of the audits and execute own audits to ensure factual and timely reports with flexibility to adapt to change; and
Plan/execute audits overseen, when required.
4. Internal audit reporting:
Periodically compile status reports to all relevant stakeholders for area of specialisation, as appropriate and in accordance with the Reporting Protocol;
Prepare input into quarterly report to Clients’ Audit and Risk Committees and ICT Steering or appropriate oversight Committees and Executive Committees (Excos);
5. Quality control:
Review all audit reports prior to submission to IT Audit Head and ensure that all reporting protocols are observed;
Conduct review of audit working papers;
Assist in conducting quarterly peer reviews of audit working papers;
Complete task assessments of all team members of audit tasks managed and take appropriate corrective actions to ensure corrective measures for quality concerns identified.
6. Specialist advice:
On request, review policy and procedures;
Attend and provide specialist advice on request at audit committee and project steering committee meetings or client meetings;
Ad hoc requests for specialist advice.
7. Special ad hoc requests:
Conduct specific ad hoc IT audit requests as and when required;
Communicate and assess the relevance of requests from clients to the Head of IT Audit and allocate resources as necessary;
Execute special requests by clients’ Audit and Risk Committees as and when required.
8. Co-sourced / Outsourced Auditing:
Audit planning and management:
Assist in developing an annual audit plan for area of responsibility – IT projects and governance;
Develop/execute a functional work plan and schedule in order to execute and to complete the IT audit plan based on priorities and risks with flexibility;
Weekly feedback to IT Audit Head on resource requirements, audit status and budget control of audits allocated and managed by self to enable effective scheduling of annual audit plan;
Perform allocated audit, management and/or administrative tasks as and when allocated by IT Audit Head.
9. The Shard Risk Assurance and Advisory Services (RAAS) Management::
Maintain and update standard audit programs;
Assist with developing tactical plans to support the implementation of The Shard IT Assurance and Advisory Services Strategy;
Act as a change agent and assist in driving the implementation of innovative improvements and tactical changes within The Shard;
Stay abreast of new developments in the assurance, technological advancements and IT project and governance environments and make recommendations on necessary changes;
Manage delivery to ensure requirements/ expectations of The Shard Management and Exco Teams in terms of performance measures are met;
Communicate requirements and assist in implementing skills improvement and team development through training and exposure;
Proactively engage and share knowledge with other teams in order to drive integration between various teams within The Shard.
10. Budget & Billing:
Manage budget to actual;
Assist IT Audit Head with negotiating budgets/fees and overruns for clients once fee base has been agreed; and
Ensure timeous and accurate billing of clients, using fee arrangement letters in liaison with IT Audit Head.
11. Values and Ethics:
Be a role model in living The Shard’s shared values and complying to the Code of Ethics and Professional Conduct for Internal / IT Auditors; and
Relationships, teamwork and Collaboration: Internal and / or external stakeholder management.
Attend, monitor, evaluate and contribute to discussions at Though Leadership Forums IT assurance about the areas of specialisation (e.g., cybersecurity, advanced analytics, repetitive process automation, 4IR and Blockchain technologies) is being discussed;
Identify and communicate any significant risks not yet identified through the risk management process;
Share knowledge, networks and collaborates with IT Assurance and Advisory Services colleagues on audit findings;
Build constructive working relationships with manager, peers, clients and other service providers; and
Communicate and behave professionally so that actions result in high level of credibility, trust and respect.
University B-Degree with Information Security, Information Management and auditing related subjects as majors;
6+ years of relevant experience (of which at least 2 years should be supervisory experience), including auditing experience/ articles (relevant experience at an audit firm);
Experience in the financial services industry is preferred;
Strong written and verbal communication skills; and
Certified Information Systems Security Professional (CISSP) or similar qualification.
Alternative qualifications and experience to be considered that will be an advantage:
University B degree with Honours with Information Technology/Information Management and auditing related subjects as majors, or
6+ years’ relevant experience (of which at least 2 years should be supervisory experience), including the articles of clerkship;
Certified Ethical Hacking (CEH) (advantageous).
Subject matter expertise focusing on:
IT/ IM related auditing using Cobit as basis (IT Governance, Information security, General IT controls, Applications controls and emerging technologies audits;
Information and cyber security audits;
IT project life-cycle framework (Waterfall and Agile);
At least 5 to 7 years’ experience in IT Audit;
Strong training in data analytic related fields ACL/ SQL or IDEA;
Experience in the financial services industry is preferred;
Strong written and verbal communication skills;
Emerging technologies; and
Data analytics and computer assisted auditing techniques.
Additional qualifications/certifications that will be an advantage:
Certified Information Systems Auditor (CISA);
Certified Information Security Manager (CISM);
Information Systems Security Architecture Professional (ISSAP); and
Qualifications relating to emerging technologies.
The Shard (Pty) Ltd, a financial consulting firm based in Johannesburg is looking for an Actuarial Analyst to join their team, on a permanent capacity. We provide a unique combination of professional services including Risk Assurance & Advisory Services, Actuarial, Accounting and Analytics.
Please send your CV, together with your qualifications, to firstname.lastname@example.org by no later than the 25th of February 2022. Should you not hear from us within 2 weeks, please consider your application unsuccessful.