Job Openings Senior Manager, IT Audit

About the job Senior Manager, IT Audit

PURPOSE OF POSITION 


This purpose of position will be used in the advertisement. Please describe the role in 2-3 concise sentences. Focus on the core of what this role is supposed to achieve. Describe the purpose of this position and how this position contributes to achieving department objectives and the management and performance of others.

Responsibilities:

  • Prepare and execute annual risk based IT audit plan and strategy in accordance with Woori Bank Policies and Procedures, standards
  • Identify the institution’s risk areas and advice on control gaps and opportunities for improvement. Formulates recommendations regarding control deficiencies and system ineffectiveness;
  • Review IT audit reports and working paper ensuring the quality and adequacy of the audit, compliance with Woori Bank policies and procedures and meet the requirement of audit industry standards.
  • Develop audit program and working paper for IT audit and regularly updates the audit program and working paper to address new risk, process, product, system.
  • Provide supervision and trainings for audit team.
  • This position also requires to conduct and assist audit of branches and head office in accordance with Woori Bank Policies and Procedures and shall review and evaluate the internal control and accounting systems of branches and head office and recommend corrections, improvements and compliance.

Major Activities & End Results Expected

Annual IT Audit Plan (5%)

  • Prepare annual risk-based IT audit plan
  • Annual risk-based IT audit plan is prepared and approved

Audit Program/Working Paper Development (10%)

  • Develop IT audit program and working papers to address new risk, products, processes, regulations or systems.
  • Develop IT audit programs and working papers when there are changes to products, processes, regulations or systems. The audit program and working papers are ready prior to audit.
  • IT Audit Programs and Working Papers are regularly updated new risk, products, processes, regulations or systems.
  • IT Audit Programs and Working Papers are regularly updated new risk, products, processes, regulations or systems.
  • Review WBF IT governance, policy, system and process and identify the institution’s risk areas and advice on control gaps and opportunities for improvement.
  • Identify the institution’s risk areas and advice on control gaps and opportunities for improvement.

Planning and Pre-Audit (5%)

  • Ensure pre-audit procedure and documents are timely performed, completed with quality
  • Approved pre-audit procedure and documents include APM, Sample selection, working Paper at least one working days prior to starting fieldwork.
  • Ensure Pre-audit documents are completed and submitted to Manager for approval at least two working days prior to starting fieldwork.
  • Ensure Pre-audit procedure and documents are performed, completed with quality.

Perform IT Audit Engagement (25%)

  • Execute and monitor risk-based IT audit engagements for WBF branches and head offices according WBF audit frequency policy and general accepted internal audit standard.
  • Perform and coordinate the IT audit assignments of branches and head office based on approved IT Audit plan.


  • Ensure all working papers are completed and in order – initials, cross-references, date, work descriptions, clearance, etc.
  • Clarify all audit findings with auditees during the process of audit fieldwork to minimize discussion time in the exit conference.
  • Ensure that all issues raised are properly documented in working paper, E-Tab, Audit Report and Cross referenced to supporting document.
  • Ensure all working papers are completed and in order – initials, cross-references, date, work descriptions, clearance, etc.
      
  • Timely bring to the Head of Internal Audit’s/CAE’s attention any suspected areas and/or serious misconduct and conflict of interest issue of all level of staff within WBF and any misuse of WBF’s assets.
  • Timely update issues/ suspicion with HIA/CAE via email or phone

Reporting (15%)

  • Initial draft report for 24 hour response is sent to management
  • Initial draft report for 24-hour response is sent to management within two working days after exit meeting.
  • Draft Audit/Investigation Report are timely submitted to Internal Audit Manager with quality and update audit plan
  • Draft Audit/investigation Report (with completed management response) is to be submitted for Audit Manager review within three working days after exit meeting.
  • Ensure that all issues are agreed prior to submitting report to Audit Manager.
  • Ensure that all issues raised are agreed, documented and supported with management response.


  • Ensure quality of Report, Working Papers before submitting draft Report to supervisor or Internal Audit Manager.
  • Ensure that all issues raised are properly documented in working paper, E-Tab, Audit Report and Cross referenced to supporting document.
    

Review Report and Working Paper (15%)

  • Timely review draft IT audit reports and working paper ensuring quality and adequacy of the work performed prior to submission of the draft audit report to HIA for final review.
  • Review draft report, working Paper, and Etab ensuring quality and adequacy of the work performed prior to submission of the draft audit report to HIA for final review.
  • Ensures the quality, adequacy and completeness of the audit samples, completeness of work papers, validity of audit findings and recommendations.
  • Ensures the adequacy and completeness of the audit samples, completeness of work papers, validity of audit findings and recommendations.
  • Quality of report reviews and working paper
  • Excellent quality testing, reports and work paper standards reflected by reduced number of coaching notes and feedback from HIA.
      

Clear Review Note (5%)

  • Timely clear review notes
  • Ensure that all review notes are cleared and sent back to HIA within 1 working day after receiving reviewed report from HIA.
     

Leadership and people management (5%)

  • Manage audit team and Provide performance appraisals for internal auditors and other staff directly and indirectly reporting to.
  • All staff appraisals conducted within deadlines.
  • Positive feedback received from audit team and Management
  • Staff satisfaction within the internal audit department (if measured) over 90%.

Capacity Building: (5%) 

  • Continuously build self and staff capacity building.
  • Complete at least 40 hours CPE training and timely update training records
  • Strengthen the capacity of staff through continuous on-the-job training and other methods
  • Provide on the job training/coaching to less experience team member
  • Provide training to less experience auditor at least two working days
  • Sharing knowledge and experience with other co-workers to help them improving their work process
  • Sharing knowledge and experience with other co-workers to help them improving their work process

Relationship with stakeholders (5%)

  • Build and maintain critical relationships with staff, managers, stakeholders and WBF.
  • Build a good relationship with team, WBF staff and management.
  • Ensure Auditee Feedback Form is completed and received after completion of audit fieldwork.
  • Ensure Auditee Feedback Form is completed and received after completion of audit fieldwork.
  • Positive feedback received from auditee
  • Average feedback received is at least 3.5 on a scale of 1(lowest) to 5 (highest).
  • Open and consider other co-worker’s feedbacks/ideas to improve owns work process and performance.
  • Open and consider other co-worker’s feedbacks/ideas to improve owns work process and performance.
  • Collaborative and assist co-workers when needed
  • Collaborative and assist co-workers when needed

Personal Conduct and Professionalism (5%) 

  • Conduct one’s self in a manner that reflects honesty and integrity, and maintains the effectiveness, values and mission of the organization.
  • Conduct one’s self in a manner that reflects honesty and integrity, and maintains the effectiveness, values and mission of the organization.
  • Professionalism (dress, speech, behaviors, timely resolve customer’s complaints
  • Grooming Standard (Hair, Face, Hand, Accessary, Uniform, Footwear, Attitude)


Perform other tasks as assigned by supervisor (if any) (5%) 

  • Perform or assist audit and investigation of branch and head office , as assigned.
  • Perform or assist audit and investigation of branch and head office , as assigned.
  • Contribute in innovation/Process improvement-automation to improve efficiency and effectiveness of audit
  • Contribute in innovation/Process improvement-automation to improve efficiency and effectiveness of audit
  • Contribute in identifying new risk/new control that add value to organization
  • Perform other tasks as assigned by supervisor
  • Perform other tasks as assigned by supervisor
       

KNOWLEDGE, SKILLS AND ABILITIES 

  • At least Bachelor degree or equivalent degree in Computer Science, Information Systems and/or Accounting/Finance or related field
  • At least 5 years of experience in a Technology Audit role and 2 of which relating to managing a Technology Audit team
  • Professional certification (CISA, CISSP, MCSE, CPA, CIA or other related professional certification is preferred)
  • Experienced with evaluating and testing controls around the full technology stack from application, operating system, database, and networking layers
  • Experience working with Risk, Governance, Internal Controls, and Compliance activities, including IT audit
  • Strong understanding of system security, IT governance, controls, vulnerabilities, and assessment tools
  • Knowledge and understanding of accounting, finance and the IIA Standards is advantages
  • Great interpersonal skills and Excellent communication skills (written and verbal)
  • Knowledge and understanding of all facets of micro-finance operations or banking
  • Knowledge and understanding of local laws and regulations including NBC, Tax, Labor law…    
  • Must understand and agree on WBF’s Vision, Mission, goals, Core values, and systems
  • Must be in good physical and mental health
  • Good analytical skills
  • Good written and spoken English
  • Computer skills – Word, Excel, PowerPoint, etc.
  • Ability to work effectively and efficiently in a team and willing to work under pressure.
  • Willingness to travel very often and to stay in provinces, mainly in districts.
      

Preferred Skills, Knowledge and Experience:

  • Professional certification (CISA, CISSP, MCSE, CPA, CIA or other related professional certification is preferred)

Working Environment: 

  • The position requires ability and willingness to travel locally more than 50% of the time.
  • The position requires ability and willingness to work under pressure and require high commitment


Or refer someone