Internal Auditor

at  Tharisa Minerals

QUALIFICATIONS

• Certified Information Systems Auditor (CISA)
• A Certified Internal Auditor (CIA) will be an added advantage.

JOB-SPECIFIC EXPERIENCE

• Minimum of 5 years experience in IT audit, of which at least 3 years must have been in the resources and/or manufacturing industry.
• A member of the Information Systems Audit and Control Association (ISACA) and Institute of Internal Auditors (IIA).

INHERENT REQUIREMENTS

Must be medically fit.

PURPOSE OF ROLE

The Internal Auditor will be responsible for performing integrated IT and operational audits for the Tharisa Group.

ROLE CONTEXT

• Perform integrated IT and operational audits.
• Perform audits of various IT general controls and security aspects, including:
• Risk-based IT audits (e.g. IT projects, application systems, general IT controls, compliance).
• Pre- and post-implementation reviews of system implementations or enhancements.
• IT security audits (e.g. network, database, firewall, cloud security, operating system, infrastructure), including evaluating if security vulnerabilities are properly identified and mitigated.
• IT general computer controls.
• IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security.
• Coordinate with business, finance, project and compliance teams to obtain inputs for audit processing and schedule meetings with management to clearly understand the company processes and policies.
• Document business process flows.
• Determine audit scope and objectives (based on annual & quarterly audit plans) and prepare audit work plans.
• Design internal audit procedures and work programs.
• Assist in audit engagement planning and reporting activities.
• Coordinate, plan and execute audit activities within the organisation and develop and implement complex IT audit test plans.
• Conduct audits to assess the adequacy, effectiveness and efficiency of the established internal controls and procedures.
• Identify key risk areas within the organisation and propose appropriate controls (recommendations) to mitigate the risks.
• Prepare audit reports in line with the approved audit plan.
• Discussion of audit findings and recommendations with management and provide an opinion on the adequacy, effectiveness and efficiency of the internal controls in the organisation or divisional areas.
• Provide insight on divisional risks and associated mitigating controls.
• Utilise data assurance and analytical techniques to analyse data to improve audit efficiency and effectiveness.
• Monitor the implementation of management action plans in audit reports.
• Maintain the audit database of prior audit recommendations and coordinate the follow-up to validate resolutions of findings.