Auditor (Information Systems & Special Projects)

JOB PURPOSE

The Auditor is responsible for conducting Information Technology, Financial, Operational, and Compliance audits under the direction of the Senior Auditor. The role supports the evaluation of internal controls, processes, and systems to ensure efficiency, effectiveness, and compliance with applicable laws, regulations, and internal policies. The incumbent contributes to the Agency’s strategic goals by providing evidence-based audit findings and recommendations.

KEY RESPONSIBILITIES

Technical/Professional Responsibilities

Audit Strategy & Planning

• Conduct preliminary surveys and frame terms of reference (audit objectives).
• Develop comprehensive audit plans, programs, risk and controls matrices aligned with agency objectives.
• Execute risk assessments to identify and prioritize high-risk areas based on vulnerabilities and business impact.
• Conduct a preliminary survey of an entity or programme/activities to determine the desirability of a full-scale audit and conduct other special studies or investigations as requested by the Director, Information Systems Audit, and management.
• Framing the terms of reference for each audit assignment (objectives).
• Document audit procedures for each assignment and keep permanent files of such methods for easy retrieval.

Audit Execution & Testing

• Perform fieldwork: extract, analyze, and validate data using CAATs and specialized tools (e.g., ACL, IDEA, SAS).
• Evaluate application controls (completeness, validity, authentication, authorization, input/output checks) and IT general controls (change management, access, development).
• Review IT management policies and procedures including business continuity, disaster recovery, change control, and information security for compliance with relevant laws and standards such as COBIT, NIST, or ISO.
• Identify and document audit assessment, issues and testing results to ensure that conclusions, findings, and recommendations are supported by sufficient and appropriate evidence and to audit department standards.
• Perform regular audit testing and provide recommendations.
• Assist the divisions, branches, and sections whose work they audit to develop systems and controls for the physical safeguarding of government funds.
• Analyze business systems to determine the completeness and accuracy of already processed transactions

Analysis & Documentation

• Review business systems and protocols to assess completeness and accuracy of processed transactions.
• Document audit procedures, testing results, findings, and recommendations clearly and thoroughly.
• Maintain current and permanent audit files, cross-referencing working papers and ensuring readiness for follow-up.
• Maintain current and completed files with audit working papers and the necessary cross-references and notes of examinations conducted to facilitate follow-up of previously approved recommendations.

Reporting & Communication

• Draft audit observations, conclusions, and recommendations with actionable, time-bound corrective actions.
• Prepare input for formal audit reports and present findings in written and oral formats to management and divisional heads.
• Convey technical audit issues in simplified, accessible language to non-technical stakeholders, facilitating resolution and buy-in.
• Providing advice and guidance on methods and techniques.
• Provide audit findings of discrepancies with Divisional Heads and advise them on satisfying regulatory requirements, saving money, reprogramming funds, eliminating waste and fraud, or improving operations efficiency.
• Maintain effective communication with the Audit Manager and audit team throughout engagements.
• Participate in audit entrance, progress, and exit meetings and present audit findings, where required.
• Support follow-up reviews to monitor implementation of audit recommendations.
• Assist in the planning and execution of audits in accordance with the approved audit plan.
• Follow-Up & Advisory
• Monitor implementation of corrective actions and conduct follow-up reviews.
• Consult with internal divisions to develop or improve systems and controls that safeguard funds, reduce waste, and enhance operational efficiency.
• Collaborate with the Auditor-General’s Department and CIA continuously for coordination on issues requiring escalation.

Governance & Regulatory Compliance

• Stay conversant with the Financial Administration and Audit Act, Customs Act, and other regulatory frameworks governing audit practices.
• Examine external audit reports periodically to verify that improvements have been implemented appropriately.

Teamwork & Professional Development

• Maintain continuous liaison with the Audit Manager and audit team, providing progress updates and highlighting emerging issues.
• Support timing and delivery of Individual Work Plans and performance tracking for junior staff.
• Participate in audit meetings (entrance, progress, exit) and contribute to a collaborative, knowledge-sharing audit environment.
• Stay current with IT audit, tools, regulations, and emerging risks.

Application Controls

• Review, evaluate, and test application controls to ensure transaction completeness, integrity, and alignment with business protocols.
• Assess change-management controls, access controls (authorization, segregation of duties), input/output/process control mechanisms, and disaster recovery requirements (RPO/RTO).
• Analyze business rules and application logic to confirm compliance with objectives and detection of exceptions or anomalies.
• Ensure that direct data access is restricted and monitored to prevent unauthorised alterations.
• Conduct data extraction, analysis and security reviews of audit issues utilising software tools.
• Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness (including risk assessments and project-specific risk and controls matrices).
• Determine and provide recommendations with defined deadlines to improve IT controls and negotiate solutions and corrective action for identified risks that may prevent the Agency from achieving its objectives.
• Review, evaluate and test application controls.
• Analyse application control systems and their business protocols to determine whether business goals are being attained.
• Communicate complex technical issues to the relevant staff in simplified terms.
• Prepare input to the formal audit report and communicate or assist in communicating audit results and consulting projects to management via written reports and oral presentations on time.
• Provide timely updates on audit progress, emerging issues, or delays.
• Liaise with auditees to obtain clarification, documentation, and responses to audit queries.
• Contribute to a team-oriented audit environment and assist peers as required.

Data Analytics & CAATs

• Conduct data extraction and analysis using CAATs (Computer-Assisted Audit Techniques) such as ACL, SAS, Excel, or BI tools to support audit testing.
• Develop smart tools and expectation models for audit automation, anomaly detection, sample extraction, duplicate and gap identification.
• Apply audit data analytics during risk assessment phases to review entire populations and prioritize risk areas.
• Explore emerging capabilities of AI and continuous monitoring to enhance real-time assurance and fraud detection—while ensuring governance and human oversight.

Risk Assessment & Governance

• Plan and perform IT risk assessments: identify risks, analyse threat likelihood and impact, document risk ratings, and define remediation plans and ownership (per NIST, ISO, COSO or Risk IT frameworks).
• Use COSO and other frameworks to map risks to control components: control environment, risk assessment, control activities, information and communication, and monitoring.
• Support the audit planning process by dynamically integrating insights from continuous risk monitoring, data trends, and environment changes.
• Evaluate risks, control activities, and compliance with applicable legislation, regulations, and internal standards.

Compliance & Regulatory Oversight

• Review and audit IT governance policies, including change management, business continuity/disaster recovery, and information security, for alignment with internal standards and relevant legislation (e.g. Financial Administration & Audit Act, custom regulations, SOX Section 404 where applicable).
• Monitor compliance with industry best practices, reporting requirements, and audit committee oversight protocols.
• Collaborate with external audit teams (e.g. Auditor General’s Department) and validate whether action has been taken on reported deviations or weaknesses
• Perform various reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure adequate controls surrounding these processes and compliance with relevant laws, regulations, and best practices about the Agency

Audit Testing & Reporting

• Conduct regular audit testing, fieldwork, and reviews—as part of both full-scale audits and preliminary risk surveys/special investigations.
• Document audit procedures, execute audits based on risk and controls matrices, and maintain timely and comprehensive working papers supporting conclusions and recommendations.
• Summarize audit observations, root-cause analysis, and practical recommendations with clear deadlines. Support management meetings, findings presentations (entrance/progress/exit), and follow-ups.
• Draft formal audit reports, minutes of meetings, and support ongoing communication and transparency with divisional and management staff.
• Maintain audit repository: current and permanent files, working papers, cross-referenced notes, issue logs, and implementation trackers.
• Prepare audit reports draft and related working papers and other support documentation to determine the adequacy of findings, logic and soundness of audit conclusions and feasibility, and suitability of recommendations for remedial action, including changes in programming direction, method, procedures, and practices.
• Conduct efficient and effective IT audit procedures.

REQUIRED COMPETENCIES

Core

• Strong analytical and problem-solving skills
• Sound judgment and attention to detail
• Ability to work independently and as part of a team
• Strong organizational and time management skills
• Ability to communicate, interact and work effectively and cooperatively with technical and non-technical staff in a fast-paced environment.
• Excellent oral and written communication skills, including report writing and presentation skills.
• Excellent research, investigative and analytical skills.
• Strong judgment, problem-solving, decision-making, planning, and organising skills.
• Strong negotiating issues and resolving problems.
• Expert-level interviewing skills
• Proactive, hands-on, results-driven orientation required.
• Ability to produce high-quality work products for the IT groups and Senior Management.
• High level of professionalism, ethics, integrity, and confidentiality.
• Strong initiative and resourcefulness skills
• High absorption rate for understanding new technologies
• Ability to work under pressure and meet deadlines

Technical

• Knowledge of internal auditing standards, techniques, and risk assessment methodologies.
• Familiarity with IT auditing principles and control frameworks.
• Proficiency in Microsoft Office applications and basic use of CAATs (e.g., ACL, Excel).
• Understanding of relevant laws, including the FAA Act, FIEA, and Customs Act.
• Awareness of IIA Standards and Code of Ethics.
• Comprehensive understanding of internal control environments within the IT function.
• Advanced IT skills in the Microsoft Office Suite Applications.
• Expert knowledge of internal auditing, internal controls, risk management, and finance and accounting practices and methods.
• Comprehensive understanding of internal control environments within the IT function.
• Clear understanding of IT audit methodologies.
• Experience with multiple technology domains, including aspects of Windows, Unix, database administration, software development, and networking.
• Working knowledge of the Standards for the Professional Practice of Internal Auditing and the Code of Ethics developed by the Institute of Internal Auditors.
• Working knowledge of project management principles, practices, and processes.
• Understanding information security standards, best practices for securing computer systems, and applicable laws and regulations.
• Working knowledge of other relevant acts and regulations pertinent to the Agency.
• Experience with computer-assisted audit tools is a plus.

MINIMUM REQUIRED EDUCATION AND EXPERIENCE

• Bachelor’s degree in Accounting, Finance, Computer Science, Business Administration, or a related field.
• At least three (3) years of experience in auditing or a related discipline.
• Professional certification or working toward certification (e.g., CISA, CIA, ACCA, CPA) is an asset.
• Experience with audit software (e.g., TeamMate) and data analytics tools is desirable.
• Comprehensive knowledge of the FIEA, FAA Act and other relevant accounting legislation.
• Comprehensive knowledge of Customs activities and operations.
• Any equivalent combination of education and experience may be considered.
• Maintain professional knowledge by staying updated with audit and IT standards, tools, and techniques.

SPECIAL CONDITIONS ASSOCIATED WITH THE JOB

• Normal office environment with field assignments.
• May be required to travel locally for audit engagements and assignments.
• May work beyond normal hours to meet deadlines.
• Exposure to sensitive information requiring high levels of confidentiality.
• Occasional exposure to high-risk environments (e.g., warehouse/dump site audits).

Only shortlisted candidates will be contacted by HRMD