IT Auditor at Nigerian Stock Exchange

RESPONSIBILITIES:

Review  of System Access Controls

• Review and ensure that access control strategy aligns with the corporate identity policy and the IT architecture of NSE;
• Review and ensure that a unique identity is used to initiate a transaction and ensure that user is currently authorized to perform such action;
• Violation monitoring: ensuring that access violations are identified. e.g. resigned staff accounts still active on NSE applications

Post-Implementation Reviews of IT Projects

• Reviews to identify risks introduced during the vendor selection, pre-implementation and golive due to system adaptation for NSE’s Users and processes; 
• Review and ensure that key controls were embedded through the application acquisition lifecycle and go-live of various applications and processes

Business Continuity Reviews

• Review to ensure continuous operations of business applications (X-stream, Sage etc.) in the event of fires, terrorist attacks, extended power failures, equipment and telecommunications failures;  
• Review appropriately identified risks focusing on NSE processes and known potential risks that affect continuity of IT operations and services;
• Ensure that costs of implementing and managing continuity assurance are less than the expected losses and within management’s risk tolerance

Reviews of Change Management

• Ensure 100% compliance to change management procedures to handle in a standardized manner all requests (including maintenance and patches) for changes to applications, procedures, processes, system and service parameters, and the underlying platforms; 
• Assess the control risk associated with change request of changes within IT infrastructure and Applications;

Revenue Assurance Audit

• Review of the various income heads in the books of the NSE;
• Ensure that income streams protected from income leakages due to wrong configuration or manual process for collection of incomes

Continuous Auditing of IT Related activities

• Ensure that the following activities carried out by IT are reviewed
• Reviews of IT implementation and ensure that the meet the needs of users
• Ensure that the disaster recovery processes in the NSE, would available and sufficient enough to withstand major disruptions to our information systems
• Continuous auditing of x-stream and ensure that data from the application are accurate 

Audit of IT Governance

• NSE’s IT senior management team is engaged in aligning IT strategic plans with current and future business needs
• NSE’s IT performance monitoring and evaluation process reviews: definition of relevant performance indicators, systematic and timely reporting, and timely action upon discovery of deviations

Review and ensure that identification and allocation of IT costs are understood by the senior management to enable NSE make informed decisions regarding the use of IT services

Other Reviews

• Server Operating Systems Review
• Network Operating Systems Review 
• Software Development Life Cycles 
• Review of Technology Governance and Operations
• Information Security Reviews.
• Ensure Data Centre Best Practices
• Ensure adherence to Disaster Recovery / Business Continuity principles,
• Ensure Penetration Testing

Review IT Policies & Procedures Review and  generate Gap analysis Report 

• Ensure proper monitoring of IT Operations  (Backup & Recovery, Job scheduling, Problem and Incident Management)

Audit Reporting

• Maintaining work papers
• Evaluate the sufficiency and appropriateness of audit evidence to support conclusions drawn. 
• Prepare the audit report and presenting it to the head Internal Audit Department 
• Monitor compliance with reporting requirements. 

Follow up and report on implementation of internal and external audit recommendations. 

Performing other duties as assigned to him/her by the Head  Internal Audit

DESIRED COMPETENCY AND SKILLS REQUIREMENTS:

• Thorough knowledge of Various Standards and Frameworks which include: ISACA framework • COBIT •COSO •SOX •ICFR •BASEL 1 & II Etc.
• Extensive knowledge of internal control principles, audit practises and compliance in an IT related Field.
• Must be able to build strong partnership with MOT and other staff, communicate with a wide variety of audience in a clear understandable language.
• Experience in IT Audit 
• Proven track record of performance against deliverables
• Experience in financial sector is highly desirable
• Change management experience.

Generic Skills:

• Personal Integrity 
• Dynamic, service oriented  and Committed to results 
• Problem solver and ready to develop and train others 
• Natural inquisitiveness, Highly motivated, energetic and enthusiastic 
• Ability to work under pressure with strict deadlines
• Ability to recognise and respond to diverse thinking styles and  learning styles  
• Strategically aware of the business environment, with a global mind-set
• Firm in decision making and persuasive. 

Job Specification: 

• A Bachelor’s degree in accounting, Economics,  Information technology or a similar field
• CISA (Certified Information Systems Audit), ICAN, ACCA added advantage.