Senior Internal Auditor (IT Auditor)

Job description:

Responsible for assisting the Director for Internal Audit Services in managing and/or conducting assurance engagements related to IT governance, IT general controls (ITGCs), application controls, cybersecurity, risk management, vendor management and compliance with regulatory requirements, conducting in accordance with the Information Systems Audit and Control Association (ISACA) Professional Standards and with the International Professional Practices Framework (IPPF) for Global Internal Audit Standards, and Ethics and Professionalism issued by The Institute of Internal Auditors (IIA); providing consulting services as requested by the BOT and Senior Management or as provided under the Internal Audit Charter; providing training, coaching and supervision to Internal Auditors in relation to IT Systems audit. Maintains all professional ethical standards and the School's Code of Conduct. Works independently under general supervision with considerable latitude for initiative and independent judgment.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Overall Job Responsibilities

Assisting the Director for Internal Audit Services in managing the IT audit projects, as well as providing training and coaching to Internal Auditors in relation to IT Systems audit, and for the development and execution of a comprehensive IT audit program, and reporting of the results thereof.

Functional Job Responsibilities

A. Internal Audit Services

1. Assist the Director for Internal Audit Services in performing the identification and evaluation of the school's risk areas and provides major input for the development of the annual risk-based audit plan, budget and other audit and administrative reports;

2. Assist the Director for Internal Audit Services in planning, performing, reporting, and monitoring of IT Systems audit engagements/projects;

3. Perform audit procedures including conducting interviews, reviewing documents, and developing and administering surveys to understand the IT projects/application systems/infrastructures/operations/security and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

4. Perform risk and control assessment of the IT projects/processes/application systems/infrastructure and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

5. Prepare audit work program of the IT projects/processes/application systems/infrastructures and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

6. Perform walkthrough to understand the business process, procedures, and internal controls in place of the IT projects/processes/application systems/infrastructure and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

7. Prepare audit work program of the IT projects/processes/application systems/infrastructures and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

8. Prepare working papers of the IT projects/processes/application systems/infrastructures and special projects (e.g., Fraud, Rollback Procedures, Digitization Initiatives, Pre- and Post-Implementation Reviews and Data Analysis) being reviewed;

9. Perform data extraction, analysis, security review and establishes sample size using Computer Assisted Auditing Techniques (CAATs) and available open-source tools;

10. Perform audit procedures, including test of controls or substantive test and analysis of evidence;

11. Prepare audit observation sheet based on the results of the audit procedures performed;

12. Communicate the observation sheet to the unit/division/office head and follow up the management action plan;

13. Prepare the draft and final report prior to submission to the Director for Internal Audit Services for review and approval;

14. Prepare and monitor the quarterly status of implementation of previous audit recommendations/management action plans;

15. Ensure the quality, completeness, and organization of working papers in the Internal Audit One Drive;

16. Assist the Director for Internal Audit Services in planning and executing IT advisory services/consultancy/ad hoc projects and/or management for collaborative projects and recommend practical and viable solutions; and

17. Provide professional assistance and support to colleagues and contribute to their development.

B. Professional Development

1. Pursue professional development opportunities, including external and internal training and professional association memberships, and shares information gained with other Internal Audit Staff.

C. Administrative

1. Provide administrative support to the Director for Internal Audit Services.

2. Prepare and update the following before submission to the Director for Internal Audit Services for review and approval:

a. Board Kit and presentation;

b. Big Board presentation;

c. Internal Audit Manual;

3. Attend and participate in meetings and institutional activities.

EDUCATION AND RELEVANT SKILLS

A. Education

1. Bachelor's degree major in Accounting, Information Technology or other business fields, which provides the ability to effectively communicate proven planning, organizing, controlling, and quality assurance principles.

B. Professional Certification

1. Certification as Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), and/or Certified Internal Auditor (CIA), preferred.

2. Certification as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Controls (CRISC), and other IT-related certifications are an advantage.

Relevant Skills

1. High level proficiency in information technology risk and control concepts;

2. Considerable knowledge of and skills in applying internal auditing (information systems auditing) and accounting principles and practices, and management principles and preferred business practices, as applicable;

3. Considerable knowledge of the ISACA Professional Standards, Code of Professional Ethics and IT Audit and Assurance Standards, Guidelines and Tools and Techniques;

4. Considerable knowledge of the IPPF for Global Internal Audit Standards, and Ethics and Professionalism issued by the IIA;

5. Extensive skills in planning and project management, and in maintaining composure under pressure while meeting multiple deadlines;

6. Excellent analytical skills in collecting and analyzing complex data, evaluating information systems, and drawing logical conclusions;

7. Excellent skills in effective verbal and written communications, including active listening during data collection and when presenting audit observations and recommendations;

8. Extensive knowledge of and skills in the use of CAATs or its equivalent in preparing reports, summaries and data analyses;

9. Extensive skills in using a computer with word processing, spreadsheets, and other business software to prepare reports, memos, summaries, and analyses;

10. Ability to work independently and collaboratively within a team setting; and

11. Ability to establish and maintain harmonious working relationships with co-workers, staff, and external contacts, and to work effectively in a professional team environment.

WORK EXPERIENCE

1. At least 3-5 years of full-time experience in information technology system auditing, business process review, project management, pre- and post-implementation reviews, data analytics, etc.

2. With experience in auditing IT governance, application systems focusing on ITGCs and application controls, information security, database and network security, cybersecurity, IT operations, and other IT-related areas.

3. Preferably with experience or exposure in the use of CAATs or its equivalent in preparing reports, summaries, and data analyses.

4. Preferably with school/academe audit experience.

Job Type: Full-time

• Work Location: In person