AVP, Information Systems Audit

Job Purpose:

Responsible to carry out audits with the objectives to:

1.   Provide an independent and objective assurance that the auditee’s operations are effectively conducted in accordance to established performance standards and best practice.

2.   Evaluate the management processes, risk management processes, internal control and compliance framework and governance processes and highlighting gaps, if any.

3.    Provide independent and objective assurance that the Risk Management Processes put in place by Management is sound and implemented with integrity.

4.    Provide independent and objective assurance on the adequacy, effectiveness and efficiency of system of Internal Control to manage all critical risks.

Key Responsibilities:

Audit Assignment Objective

1. To ensure all assignment activities are carried out with quality work performed in a timely manner.

Audit Planning

To gather information about the auditable areas with regard to its management, operating methods and compliance with legislative / regulatory requirements.

2. To review significant developments in the auditee’s activities, operations, environment including changes therein, trends, key performance indicators and personnel.
3. To provide balanced / independent view of potential risks and exposures prevalent in that particular auditable areas.
4. To review the permanent file of the audit assignment, previous internal and external audit reports (where applicable), evaluate reports generated from Computer Assisted Audit Techniques (CAATS) tools (where applicable) and to assess risks contained in the risk profiles to determine potential exposure.
5. To assist in the preparation and development / enhancement of process, risk and controls (PRC) documentation, audit working papers (AWP) and audit programs, where required.

Audit Fieldwork

7. To conduct system and / or operational review and evaluate the soundness, adequacy and efficiency of key processes and controls including ascertaining the extent of compliance with established policies, procedures and statutory requirements.
8. To carry out various data gathering activities and audit procedures / tests based on GIA’s audit methodology to establish the existence of sound, adequate and efficient operating procedures and controls in the identified auditable areas.
9. To document all work done including results and conclusions during fieldwork in the PRC and AWP documents.
10. To analyse audit findings and identify people, process, technology or infrastructure deficiencies / weaknesses and recommend solutions for discussion with the Head, Information Systems Audit (or assignment’s Audit Unit Head) and the relevant Department / Auditee Heads.
11. To ensure that serious findings such as fraud, malpractice or significant losses are reported immediately.

Audit Reporting & Finalisation

12. To prepare quality audit findings for auditee’s responses.
13. To review auditee’s responses to audit findings and ensure that appropriate actions had been taken / are being taken for all findings with target date for rectification / resolution.
14. To prepare quality audit reports for review of the Assignment Team Leader / Auditor-in-Charge.
15. To obtain information and / or copies of documentation from the auditee including statistical reports required to be incorporated in the Audit Report
16. To ensure filing of permanent and current audit files with proper cross-referencing for all documents.

Assignment Team Leader / Auditor-in-Charge

17. When carrying out the role of an Assignment Team Leader / Auditor-in-Charge, the following are the responsibilities:

• To prepare Audit Proposal for approval by the GCIA prior to commencement of an audit.
• To review assignment documentation including PRCs and AWPs to provide assurance that the work has been performed adequately and the audit objectives have been met.
• To review and verify audit findings and auditee responses to ensure accuracy of reporting and ensure that appropriate actions had been taken / are being taken for all findings with target date for rectification / resolution.
• To conduct exit meeting with Management.
• To prepare quality audit reports for supervisor review.
• To present audit reports during Audit Committee meetings, when required.
• As a subject matter expert to provide advice on operational, financial and other related matters such as risks and controls.

Other Activities

18. To perform other work or assist in other areas of Internal Audit as and when required by the Head, Information Systems Audit or GCIA.
19. To participate in key DRP and BCP reviews and exercise as an independent observer.

To participate in projects such as system implementation projects to provide an independent feedback or advice on controls, when required by the Head, Information Systems Audit or GCIA.