Recruitment: Support Office Job Description – IT Auditor Role: Information Technology Auditor Description: Develop and implement a multi-year risk based IT Audit Plan as part of the overall internal audit plan. Immediate Supervisor: Group Risk Manager One Up Manager: Chief Executive Subordinates: 0 Cost Centre: Internal Audit Grading System: Paterson Grading Level: D2 Minimum Requirements: NQF 7 qualification in Business, Computer Science, Management Information Systems or related technical field CIA and CISA qualification will be beneficial 5 years IT audit experience with relevant broad based business operations background Experience in a moderate or large company with a complex information systems environment with knowledge of control frameworks such as COSO, COBIT and or ITIL is required Report writing, time management and administration skills Knowledge of SAP and Active Retail Working knowledge of the application of CAAT’s is required Key Performance Area Description IT General Controls Reviews Perform IT general controls reviews with focus on adequacy of: o System development standards o Data center operations and security o Database management and security o Network administration o Overall information security Application Control Reviews Determine the effectiveness of controls over individual application systems (particularly those running on SAP and Active Retail) Information Security Assessments Ensure that information contained within Cashbuild’s IT system(s) (workstations, servers and databases) are appropriately secured Utilise Computer Assisted Audit Techniques to perform: CAAT’s Management Information Preparation and Analysis o Data analysis o Trend reviews o Risk identification o Audit planning Identify Key Performance Areas and related Key Performance Indicators Perform trend analysis Present results for management awareness and action Filename533580803 Effective Date: July 2014 Previous Version: February 2013, i.1.0 change PO Revision: i.1.1 Process Owner: Chantelle Hattingh Page 1 of 4 Company Confidential Recruitment: Support Office Job Description – IT Auditor Key Performance Area IT risk identification and assessment Description Participate in the identification and assessments of IT risks in the company Plan IT audit assignments Assist with the planning of Support Office and Operational audit assignments Taking responsibility for the execution of company’s IT Audit Plan Taking responsibility of the reporting of IT Audit results in the form of assignment specific audit reports, and in management information format (Audit Committee packs) Provide weekly feedback of internal audit results and progress against plan to Group Risk Manager in a format that could be presented to Executive Management (via weekly management focus meetings) and Board (via quarterly audit committee meetings) Provide weekly internal audit status update to Group Risk Manager for inclusion in Group Risk Management communication in CB Mail IT related advice and technical assistance to Internal Audit team Providing IT related advice and technical assistance to Internal Audit team Updating the internal audit policies, procedures and guidelines as and when required (at least once per annum) Competencies Description Audit Planning Auditing Report writing Communication of internal audit results to stakeholders Concern for excellence Creativity Communication Decision making Work within a team/ individually to meet standards set by others; Check own work for order, accuracy, quality; Work towards a standard of excellence for self and others within framework of existing structure and time boundaries; Work to improve quality and efficiency of existing systems. Generate longer term physical & operational solutions, innovations; Encourage new and original thinking; Originate new and imaginative ideas and approaches to improve operational systems in work environment; Encourage creativity and innovation among subordinates, team, peers and supervisors. High levels of communication skills required by position; Recognise & proactively deal with situations with potential for miscommunication leading to damaged relationships; Show conviction & enthusiasm during communication; Apply communication strategies to ensure inputs from role players are discussed & acted upon; Demonstrate an understanding of role player interests; Display sound experience of communication processes & techniques. Make decisions that impact department & organisation; Make decisions within framework of organisation policies; Take into account legislation & industry standards; Filename533580803 Effective Date: July 2014 Previous Version: February 2013, i.1.0 change PO Revision: i.1.1 Process Owner: Chantelle Hattingh Page 2 of 4 Company Confidential Recruitment: Support Office Job Description – IT Auditor Competencies Planning Initiative Problem solving Analytical ability Description Take into account consequences on operations, department, organisation, & external environment, as well as external customers; Make decisions based on logical & abstract thinking; Make decisions where consequences may not be immediately visible or may only be visible in 1 - 3 years. Establish departmental 1 year plan; Establish time tables and schedules to achieve team/project deadlines; Budget up to 1 year ahead; Take into account developments related to production, safety, employees, budgets, equipment; Plan in framework of operational/department policies & procedures; Establish priorities & plan schedules/ activities for team; Take into account consequences of incorrect planning on team & team objectives. Engage direct reports, peers and others openly on performance issues in a manner that shows respect for the individual; Demonstrate awareness of own impact on others; Actively seek feedback on own performance, set action plans for improvement; Coach & provide constructive input to others; Establish personal goals that drive career plans and goals; Negotiate time frames, establish realistic deadlines; Each responsibility is seen as a learning experience toward ultimate goals; Seek to learn from every experience and individual. Encourage feedback from superior, peers, team members. Analyse info within organisation & business processes; Deal with info that may often seem unrelated to the situation or issue; Conduct occasional research & development projects; Benchmark within organisation & with competitors; Interpret trends that impact organisation up to 5 years; Identify trends and patterns related to organisation, competitors, financial issues, resources, business plans, operations, customers, environment; Take effective action in solving departmental, systemic & organisational problems. Identify and interpret trends in data Convert data analysis into meaningful management information Distinguish between objective related and non-related information As an Employee of the Company, it would be expected of you to perform all such duties and exercise all such powers in relation to the business of the Company as may from time to time be requested or assigned to you by the Company. It would be expected of you to comply with all policies and procedures of the Company and to abide by all rules and regulations concerning its Employees. Filename533580803 Effective Date: July 2014 Previous Version: February 2013, i.1.0 change PO Revision: i.1.1 Process Owner: Chantelle Hattingh Page 3 of 4 Company Confidential Recruitment: Support Office Job Description – IT Auditor I agree that this job description conveys an accurate description of this job. Manager Name Manager Signature Date Employee Name Employee Signature Date Filename533580803 Effective Date: July 2014 Previous Version: February 2013, i.1.0 change PO Revision: i.1.1 Process Owner: Chantelle Hattingh Page 4 of 4 Company Confidential