The role is expected to help the Bank to achieve its mission “stimulating a consistent expansion of and diversification of African trade so as to rapidly increase Africa’s share of global trade, while operating as a first class, profit oriented, socially responsible financial institution and a centre of excellence in African trade matters” by providing independent and objective assurance and consulting services, which adds value and improves the operations of the Bank.
The role holder will be responsible for the planning, execution and reporting on audit of IT systems and processes, including data centres, ERP Solutions, network, operating systems, applications and data bases in line with approved annual risk-based internal audit plan.
Duties and responsibilities
- Developing and maintaining the IT Risk Assessment, including identifying areas internal audit should focus.
- Conduct IT audits or lead teams in performance of IT audits and reviews of systems, applications and IT processes including:
- Evaluate information general computing controls and provide value added feedback and test compliance with those controls.
- Various other reviews of IT management policies and procedures such as change management, business continuity planning/disaster recovery and information security to ensure that controls surrounding these processes are adequate.
- IT security audits (such as network, operating system and data centre), including to evaluate whether security vulnerabilities are properly and fully identified and mitigated. Coordinate the scope and performance of these reviews with the IT function/business units and external security experts.
- Pre and post-implementation audit of system implementations or enhancements.
- Maintain quality work paper documentations that adequately support audit findings and conclusions;
- Liaise with Auditees at all stages of the audit and manage the presentation of draft audit findings to stakeholders with a view to obtaining necessary buy-in, including management response commitments;
- Propose recommendations to address the established root cause of observed issues to the respective areas and follow up implementation of agreed management action plans;
- Provide Business and IT management with guidance on IT risk management matters particularly on application and infrastructure security, emerging risks, and international best practices;
- Build and implement tools to analyze data to improve audit efficiency and effectiveness (including risk assessments) and develop analytics to provide business insights or for continuous auditing.
- Assist the Head of Internal Audit Unit with other assignments including involvement in the development of internal audit policies and working practices, conduct audits or lead audit teams in operational/financial audits.