Job Objective

To review and evaluate automated information systems, related processes, and their interfaces to ensure effective controls are in place and that effective IT and application controls are designed and operating as intended and that established information systems policies, procedures and regulatory requirements are consistently adhered to. The role reports to the Internal Audit Manager and is executed in accordance with the Global Internal Audit Standards (GIAS), IT governance and risk management frameworks.

Duties and responsibilities

• Identify, evaluate and document information systems risks, assess the adequacy and effectiveness of associated controls and propose enhancements to improve internal controls and operational efficiency.
• Execute the approved annual Information Systems audit plan and support the annual IT risk assessment process.
• Analyse and validate system transactions, data integrity, and audit evidence using data analytics and visualisation tools such as Power BI and SQL, to identify anomalies, trends, and control weaknesses.
• Assess and test the adequacy and effectiveness of IT general controls, application controls, operational processes, and departmental systems, and recommend corrective actions where gaps are identified.
• Evaluate threats and risks to the University's information assets and ensure appropriate access controls and data protection measures are in place.
• Promote process improvement by recommending automation of procedures, methods, and standards to enhance productivity.
• Prepare and communicate audit findings through clear written reports and presentations to management.
• Conduct system investigations and special audits as required.
• Perform other audit-related duties consistent with the University’s internal audit mandate, governance structures, and professional standards or as captured in your detailed job description.

Qualification and experience

• A Bachelors degree in Information Systems, Computer Science or a related field from a recognised/accredited University.
• Minimum of 3 years experience in Information Systems Audit, IT Audit, Internal Audit, or a related risk assurance role.
• Professional certification, such as Certified Information Systems Auditor (CISA), or demonstrable progress towards certification.
• Strong understanding of IT General Controls (ITGCs), system development life cycle (SDLC), IT governance and risk frameworks such as COBIT, ISO 27001.
• Working Knowledge of information security principles, data protection, access controls, and system vulnerability assessment.
• Experience in using Computer-Assisted Audit Tools (CAATs) such as TeamMate, ACL, SQL Developer, or similar data analytics tools.
• Ability to analyse complex systems, interpret data, and assess risks across automated and manual processes.
• Excellent understanding of internal auditing standards, ethics, concepts and practices with the ability to communicate technical issues to non-technical stakeholders.

• Identify, evaluate and document information systems risks, assess the adequacy and effectiveness of associated controls and propose enhancements to improve internal controls and operational efficiency.
• Execute the approved annual Information Systems audit plan and support the annual IT risk assessment process.
• Analyse and validate system transactions, data integrity, and audit evidence using data analytics and visualisation tools such as Power BI and SQL, to identify anomalies, trends, and control weaknesses.
• Assess and test the adequacy and effectiveness of IT general controls, application controls, operational processes, and departmental systems, and recommend corrective actions where gaps are identified.
• Evaluate threats and risks to the University's information assets and ensure appropriate access controls and data protection measures are in place.
• Promote process improvement by recommending automation of procedures, methods, and standards to enhance productivity.
• Prepare and communicate audit findings through clear written reports and presentations to management.
• Conduct system investigations and special audits as required.
• Perform other audit-related duties consistent with the University’s internal audit mandate, governance structures, and professional standards or as captured in your detailed job description.

• Data analytics and visualisation tools such as Power BI and SQL
• IT General Controls (ITGCs)
• System development life cycle (SDLC)
• IT governance and risk frameworks such as COBIT, ISO 27001
• Information security principles
• Data protection
• Access controls
• System vulnerability assessment
• Computer-Assisted Audit Tools (CAATs) such as TeamMate, ACL, SQL Developer
• Ability to analyse complex systems
• Interpret data
• Assess risks across automated and manual processes
• Internal auditing standards, ethics, concepts and practices
• Communicate technical issues to non-technical stakeholders

• A Bachelors degree in Information Systems, Computer Science or a related field from a recognised/accredited University.
• Professional certification, such as Certified Information Systems Auditor (CISA), or demonstrable progress towards certification.