ICT Infrastructure Auditor

ICT Infrastructure Auditor

Job Purpose

Under the leadership and direction of the Chief Audit Executive, the ICT Infrastructure Auditor, will meet and consult directly with the auditees regarding their ICT systems and systems environment to plan and conduct either ICT audits or computer control reviews to support performance and financial statement audits. The position requires a broad and current knowledge of ICT systems and processes and trends in information communications technology, as well as knowledge of the laws and policies impacting the machinery of the Government of Jamaica.

Key Outputs:

• Audit strategies and risk-based planning supported
• ICT Infrastructure Auditing principles and practices managed 
• Audit principles, procedures and practices applied
• Audit techniques and approaches applied and recommended
• Quality assurance mechanisms supported and maintained
• Audit findings and recommendations assessed and validated
• Wide range of ICT audits conducted/coordinated
• Audit Entrance and Exit Meetings attended and managed
• Preparation of audit reports managed
• Flow-up audits managed
• Technical advice provided
• Monthly performance reports prepared
• Individual work plans developed
• Staff Coached and Appraisals conducted

Key Responsibility Areas:
A.   Management Responsibilities

• Participates in the development of the Branch’s Corporate/Operational Plans, Budget and Individual Work Plans and Work Schedules;  
• Prepares and supervises the preparation of reports to Chief Audit Executive;
• Represents Chief Audit Executive at meetings, conferences, workshops and seminars;
• Prepares reports and project documents as required; 
• Prepares and delivers Internal Audit - ICT presentations as needed;
• Supports and maintains customer service principles, standards and measurements. 
  
  B.     Technical/Professional Responsibilities

• Supports the Chief Audit Executive actively in conducting strategic and risk-based examination of the Agency to aid the crafting of the Audit Programmes and plans;
• Supports the CAE and audit team in all phases of an ICT audit: planning, conducting and reporting. This includes:
• defining the audit objectives, scope, and criteria;
• identifying required resources and timeframes to complete the audit; analysing the ICT environment in terms of risks and controls;
• determining appropriate audit procedures for assigned projects;
• Participates actively in the implementation of annual Audit Plan and Work Plan being guided by the Agency’s policies, regulatory requirements and guidelines;
• Applies knowledge of the principles, procedures and practices of accounting, financial records/record keeping and general audit practices to the audit processes;
• Recommends the appropriate use of techniques as well as tests and sampling methods in the conduct of audits; ensure that team members conform to Internal Audit Standards, Accounting Standards and Financial Regulations;
• Determines audit methodology and scope of audits;
• Conducts Audit Entrance and Exit meetings with Division/Branches ensuring they are done in keeping with established policies and procedures and internal audit standards;
• Conduct ICT performance audits and assessments to evaluate risks and controls in the auditee’s computing environment combined with business processes;
• Gains specific knowledge sufficient to enable analysis of controls in key areas such as: database management, operating system applications and IT infrastructure;
• Applies knowledge of auditing in areas such as: ICT governance, ICT security policies and procedures, ICT strategic planning, systems development, system access, change management, business continuity, and project management;
• Conducts general computer and application controls assessment and design appropriate tests of controls in relation to financial reporting and business processes;
• Supervises the creation of Working Paper files ensuring they are maintained and secured in accordance with International Internal Audit standards
• Reviews audit programmes and control assessments prepared by internal auditors;
• Participates in the planning and execution of information technology (IT) audit assignments;
• Manages the pre-audit functions and activities involving the assessment of leave balance calculations, performance management, resignations, gratuity payments, etc.;
• Supports and maintains an approved quality assurance and improvement programme covering relevant aspects of Internal Audit;
• Provides support to Internal Audit Branchs by conducting quality self-assessments as well as compliance monitoring and risk management activities, as required;
• Manages the preparation and content of audit reports by drawing conclusions and making recommendations based on analysis of evidence gathered;
• Recommends changes to the Branchs standard operating procedures and methodologies in order to ensure consistency and the ability to support the goals, objectives and targets of the GOJ;
• Visits NEPA’s outstations, projects, etc. that are being audited to ensure compliance with audit procedures, resolve challenges and maintain good client relations;
• Reports on deviations and or departure from the approved internal control systems as well as any perceived risks and recommend changes which will safeguard compliance and effectiveness;
• Manages the output of assigned audit team engaged in financial and non-financial audits within the sphere of their assigned responsibilities;
• Assesses the audit findings in order to identify any possible weaknesses, risk exposure and or violations of rules and regulations;
• Provides input in developing and implementing financial and/or non-financial systems and controls whether automated or manual;
• Manages the Audit progress and review compliance with Audit procedures and quality assurance which must be aligned to standard procedure ;
• Provides guidelines and instructions to team members and tailor instructions to each programme and/or functional area;
• Reviews working papers to provide assurance that their preparation conform to Internal Audit policies, processes and standards;
• Conducts follow up audits and site visits to assess the conformance in the implementation of approved changes, recommendations and systems;
• Conducts and or supervise special audits which are assigned by the CAE;
• Monitors assigned audits according to acceptable International Audit standards and practices, the GOJ’s requirements, as well as agreed and measurable targets;
• Reviews adherence to audit procedures and agree performance targets;
• Convenes team meetings to assess accomplishments, discuss upcoming audits and job scheduling as well as issues and concerns which could impact and or prevent the team from delivering according to agreed timelines;
• Maintains cordial and professional relationships with external and internal stakeholders and clients;
• Keeps abreast of emerging audit principles, procedures and practices/guidelines to ensure adherence to international standards and competitiveness.

 C.     Human Resource Responsibilities

•  Contributes to and maintains a system that fosters a culture of teamwork, employee empowerment and commitment to the Branch’s and organization’s goals;
• Assists with the preparation and conducts presentations on role of Division/Unit for the Orientation and Onboarding programme.
  
  D.     Other Responsibilities

 The incumbent may from time to time be assigned duties not specifically outlined within the job description but are within the capacity, qualifications and experience normally expected from a person occupying this position.

Authority

• The position incumbent is authorized to:
• Prepares and recommends requirements for audit assignments including audit engagement budget;

• Access all ICT infrastructure, records, books and documents relevant to the internal audit functions;

• Engage a range of related stakeholders internally and externally.

Performance Standards:

•  Audit strategies and risk-based planning supported in accordance with the Agency’s risk profile, priorities and agreed timeframes;
• ICT Infrastructure Audit strategies and risk-based planning managed in accordance with the Agency’s risk profile, priorities and agreed timeframes;
• Audit principles, procedures and practices applied in keeping with professional standards and timeframes;
• Audit techniques and approaches applied and recommended in keeping with industry standards, GOJ guidelines and timeframes;
• Quality assurance mechanisms supported and maintained in keeping with industry standards, GOJ guidelines and timeframes;
• Audit findings and recommendations assessed and validated in keeping with professional standards and timeframes;
• ICT Infrastructure and Special audits conducted/coordinated in keeping with professional standards and timeframes;
• Working papers, reviewed and approved based on GOJ Guidelines and timelines.
• Preparation of audit reports managed in accordance GOJ regulations, agreed standards and within the required timeframes;
• Follow-up audits managed in keeping with professional standards and timeframes;
• Technical advice provided are evidence-based and timely;
• Audit team(s) managed and coached in keeping with professional standards and timeframes;
• Recommendations and or advice on internal controls, provided are evidence-based and delivered within agreed timeframes;
• Monthly performance reports are prepared in accordance with agreed format, are accurate and submitted on time;
• Individual Work Plans developed in conformity to established standards and within agreed timeframes;
• Staff coached and appraisals completed and submitted in accordance to agreed timeframe and standards;
• Confidentiality, integrity and professionalism displayed in the delivery of duties and interaction with staff.

Internal and External Contacts 

(i)           Internal Contacts

(ii)          External Contacts (required for the achievement of the position's objectives)

Working Conditions

Work will be conducted in an office outfitted with standard office equipment and specialized software.  The environment is fast paced with on-going interactions with critical stakeholders and meeting tight deadlines which will result in high degrees of pressure, on occasions. Will be required to travel locally to conduct audits.

Required Competencies

• Excellent knowledge of Audit Principles and Techniques
• Excellent Knowledge of ICT Audit;
• Excellent  knowledge of the Government of Jamaica’s Accounting and Audit standards.
• Good knowledge of Accounting Principles and Practices;
• Knowledge of GOJ ICT systems;
• Knowledge of the GOJ Financial Administration and Audit Act and the Financial Instructions;
• Good understanding of the public expenditure policy environment and the goals;
• Knowledge of programme/system/policy monitoring and evaluation frameworks;
• Strong ability to synthesize multiple ideas and complex information into a coherent summary, as in reports and briefing notes, and to make cogent recommendation for the modification or creation of legislation, policies and programmes;
• Good verbal and written communication skills, with the ability to deliver presentation with tact, clarity, enthusiasm and accuracy to widely varied audiences;
• A high level of initiative and self-motivation;
• Demonstrated interpersonal and negotiation skills;
• Aptitude for developing and maintaining collaborative relations with team members both within and outside the Agency;
• Familiarity with procedures, policies and legislation governing the machinery of government;
• Knowledge of the Government processes, including policy development, financial planning, performance management systems and basic theories, principles and methods of analysis;
• Knowledge of computerized systems and software, with an emphasis on the MS Office suite.

Minimum Required Education and Experience

• Bachelor’s Degree in ICT, Information Systems, Information Systems/ ICT with Finance/Accounting/Management Studies/Public Sector Management, Public/Business Administration or a related discipline, OR Association of Certified Chartered Accountant (ACCA) Level 2;
• Any of the following Certification (would be a distinct advantage):
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Risk and Information Systems Control (CRISC)
• Four (4) years’ experience in an Auditing environment, with at least two (2) years in a supervisory capacity.

OR    

• NVQJ Level 5 in ICT, Information Systems, Information Systems/ICT with Finance/Accounting/Management Studies/Public Sector Management, Public/Business Administration or a related discipline or related discipline;
• Any of the following Certification (would be a distinct advantage):
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified Risk and Information Systems Control (CRISC)

• Four (4) years’ experience in an ICT Auditing environment, with at least two (2) years in a supervisory capacity.