Principal Specialist - Project Audit

A)     SUMMARY OF RESPONSIBILITIES

The Division objectives are to plan, develop and deliver independent, objective assurance and value added services to the Group Audit Committee (GAC) and Senior Management in project governance, internal controls and risk management processes mainly through project audit and advisory

The incumbent is required to:

a) Assist the Head of Technology Audit in executing project audit activities as part of the annual audit plan approved by GAC throughout the project lifecycle

b) Support the Division’s activities required by the Senior Management and/or organisation’s operations

c) Audit observations reported are to be derived from proper testing, assessment and review of relevant and substantial evidence

e) Develop and/or maintain audit programmes

f) Participate/assist in the other tasks/assignments as assigned by the Head of Technology Audit.

B)     KEY AREAS OF RESPONSIBILITIES

• Provide independent and objective assurance and advisory services in accordance with the Audit Charter and based on “The Standards for the Professional Practice Framework” as prescribed by the Institute of Internal Auditors, BNM Guidelines and any other relevant standards.
• Ensure that all project audit activities are conducted in compliance with regulations, organisation's objectives and policies as well as the Code of Ethics and the acceptable Standards for the Professional Practices of Internal Auditing.
• Aware of and uphold the security responsibilities as stated in the organisation’s Information Security Policy.

Project Audit

• Assist the Head of Technology Audit in carrying out internal audit strategies and executing audit plan for projects.
• Lead and/or participate in project audits within PayNet, which include:
• Undertake comprehensive planning and risk assessment relating to each project to ascertain audit participation and the audit scope
• Communicate and work with project team/stakeholders to identify project and implementation risks and their mitigation, including the review of systems to determine whether they are in compliance with plans, internal policies and procedures, and external regulations/laws which could have a significant impact on operations and reports
• Ensure recommendations are clearly presented and agreed to by the management and audit report is prepared and issued promptly
• Follow-up on all audit recommendations that have been agreed upon by the management and validate adequacy of the action taken by auditee to improve controls and project management practices.
• Observe project activities such as tender opening, understand organisation’s strategy/directions, regulatory landscape, market changes and emerging system implementation risks to value add in project review.
• Develop and maintain quality audit programs, audit documentation, and active participation in internal audit continuous improvement initiatives.

Ad-hoc/Other Assignments

• Participate as an observer in critical activities/processes such as BCP/DR testing and disposal of assets.
• Perform ad-hoc review or any other assignments/investigation as directed.
• Support Division’s activities as required by Senior Management and/or organisation’s operations.
• Carry out any other responsibilities/tasks as assigned by the Head of Department from time to time.

C)     QUALIFICATIONS & EXPERIENCE

Minimum Qualifications & Professional Certification 

• Possess at least a good Bachelor’s degree, preferably in IT, MIS or equivalent. A Master degree is a plus.
• Engage in professional development activities, including completion of a professional certification program CISA/CIA/ISMS Lead Auditor/PMP professional certification will be an advantage.
• At least five (7) years of working experience in IT audit, IT security, IT operations, system development, or project management, preferably in financial services.
• Related experience in large Audit/Consultation Firm or financial services is a plus.
• Demonstrate competency in performing audits and have the required skills and knowledge necessary to perform an audit. Sound knowledge of IT related matters and technologies.
• Demonstrate ability to initiate, plan, executing and control a project/audit assignment. Also, demonstrate the ability to supervise audits and review the work performed by the auditors to ensure adequacy of audit scope and testing performed, and the accuracy of the conclusions reached and completion of the assignment within the stipulated time frame.
• Demonstrate ability in problem escalations which includes identifying, controlling and resolving the problems in a timely manner and communicating the results for further actions.
• Demonstrate competency in providing audit report in an appropriate form to intended recipients upon completion of audit works.
• Demonstrate competency in providing audit report in an appropriate form to intended recipients upon completion of audit works

Other Additional Requirements

• Good organisational/analytical skills particularly in relation to internal controls, security, governance and compliance matters.
• Self-motivated and independent.
• Punctual and reliable, with good time management skills
• Excellent communication/writing skills; Bahasa Malaysia & English and strong presentation skills.
• Computer literate – Microsoft Word, Microsoft Excel, Microsoft Powerpoint.
• Experience in ISMS, COBIT, PCI DSS or any other audit framework is an added advantage.