Risk Advisory – IT Internal Audit (Consultant to Senior Manager)

  • Full-time
  • Service Line: Risk Advisory

Company Description

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organisation”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 312,000 people make an impact that matters at www.deloitte.com.

About the Division

The value that Deloitte Risk Advisory Africa creates for organisations is synonymous with operational excellence. Our five business areas work in unison to provide integrated solutions unique to the organisational requirements of any business.

In a world that is constantly changing, organisations need to adapt quickly to respond to new risks and take advantage of new opportunities. Deloitte's Risk Advisory practice advises organisations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations.

Click here to read more about our Risk Advisory practice.

What impact will you make?

Every day, your work will make an impact that matters, while you thrive in a dynamic culture of inclusion, collaboration and high performance. As the undisputed leader in professional services, Deloitte is where you’ll find unrivalled opportunities to succeed and realise your full potential.

Job Description

This role will primarily focus on the sales and supervision and management of IT Internal Audit and related IT controls assurance engagements.

Specialised Technical Capabilities:

The applying candidate should demonstrate experience in selling and managing the delivery of IT internal audit and related controls assurance engagements as follows:

  • Ability to scope, plan, execute & manage, report & conclude on IT Internal Audit engagements.
  • Ability to drive sales and business development in the form of new engagement requests including new targeting opportunities, RFP bid requests, client relationship building and opportunity identification and targeting etc.
  • Work closely with the Internal Audit teams to sell and manage IT Internal audit scope and plans
  • Ability to deliver on Assurance engagements by identifying risks, performing testing, researching governing policies / regulations, and developing reports
  • Uses industry leading frameworks and tools to analyze client’s documentation and identify risks that require control assurance
  • Tests validity of client’s historical financial and non-financial information, leveraging relevant standards (e.g. ISAE 3000), as appropriate
  • Articulates client’s regulatory framework by leveraging Deloitte’s proprietary approaches and applicable audit standards and guidelines
  • Develops assurance reports to accurately present risks, related controls, and the effectiveness of those controls
  • Ensures findings and recommendations are aligned with the audit objectives by keeping in mind the engagement business context when performing technical work during the assessment process to ensure all risk facets are considered
  • Demonstrated technical skills and methodology application
  • Able to develop customised audit programs for ad hoc systems
  • Demonstrated knowledge of ERP systems including SAP, Oracle etc.
  • Demonstrated knowledge and experience of key databases (SQL, Oracle) and understanding of the associated security issues and vulnerabilities
  • Ability to perform focused IT reviews including data conversion, interface reviews, segregation of duties and SAP authorisations.
  • Ability to execute on Third party assurance engagements (ISAE3402/SOC) and unstructured controls advisory projects
  • Fluent on Digital Risk and highly knowledgeable on Emerging Technologies
  • Ability to execute on unstructured controls advisory engagements including Cloud, Payments, IT risk & governance, RPA etc. Developed skills in Agile and DevOps
  • Strong industry experience in key industries.
  • Ability to supervise others and impart knowledge.
  • Ability to develop, manage, coach and lead the IT Internal Audit team

The candidate should also demonstrate the willingness to develop themselves in the following areas:

  • Ability to form a core technology and data risk skillset through proactively conducting research, and participating to internal and external initiatives
  • Understands and applies the major program management approaches and practices (e.g., SDLC, ITIL)
  • Develops a strong knowledge of technology and data management frameworks (e.g., Technology Risk, Data Risk, Cyber Risk Maturity Model) by conducting independent research, and attending workshops, seminars and training programs
  • Becomes familiar with technology and data risk, as well as industry-specific regulations; keeps up to date with emerging trends.

Technical competencies:

The candidates should have / demonstrate the following:

  • 3- 10 years in a client-facing IT audit / advisory role.
  • Minimum of 4 years’ relevant experience of working within an audit/risk or professional services environment.
  • Demonstrate strong understanding and experience in performance of IT controls engagements across key industries covering large scale ERP application systems and supporting infrastructure, business processes, and security.
  • Solid grasp of technical skills and methodology
  • Demonstrated knowledge and technical skills on “core operating systems” e.g. Windows, UNIX, etc.
  • Experience in performing project audits, systems post-implementation reviews (incl. data migration reviews)
  • Demonstrated knowledge and experience in performance of business process and automated controls testing on the more common applications
  • Developing knowledge of ERP systems like SAP
  • A good understanding of how to link risks and controls to ensure test steps and controls and risks all speak to each other; ability to research “unknown” systems or audit in-house developed systems, i.e. problem-solving/logic capabilities
  • Developing Digital fluency and knowledge on Emerging technologies, including Cloud, RPA, AI, etc.
  • Developing skills in Agile and DevOps.
  • Developing further Industry experience (FSI, TMT, CB, ER&I, etc.)

Behavioural Competencies:

The candidate should have / demonstrate the following:

  • Demonstrates ability to work efficiently and meet all deadlines consistently
  • Displays initiative
  • Takes accountability for delivery of own work as per instruction
  • Active participation and proactive attitude to service delivery
  • Works well within a team and with client management
  • Able to deliver multiple engagements on time and within budget
  • Proven ability to make decisions and the right judgement calls
  • Creates a climate of positive nature
  • Keeps calm under pressure
  • Drives continuous improvement
  • Custodian of the business
  • Project Management capabilities
  • Ability to spot new business opportunities

Qualifications

Minimum qualifications:

Bachelor of Commerce Information Systems and / or Internal Auditing, Bachelor of Science Computer Science.

Desired Qualifications

Relevant Degree, Honours or post graduate diploma.
Professional certifications such as CISA and CRISC + relevant CPD that establishes credibility and capability in the IT Risk / Audit market.

Minimum Experience

The candidate should have / demonstrate the following:

  • 3-10 years in a client facing role.
  • 3-10 years IT Audit, Third Party Assurance and IT Controls Advisory experience selected industries of experience (e.g. financial services, TMT or consumer business, etc.)
  • Broad experience in IT audit, risk management, business process and controls advisory.

 Desired Experience

The candidate should have / demonstrate the following:

  • Demonstrate an understanding of large-scale information technology application systems, infrastructure, business processes and security standards.
  • Demonstrate an understanding of the Deloitte IT audit methodology and its application in major client industries.
  • Demonstrated experience in responding to proposals / business development opportunities.

Additional Information

*Please note that this job advertisement provides a summary of the capabilities required and all candidates shortlisted will receive a full list of capabilities.

Hybrid & Vaccination policy

Deloitte Africa has successfully launched the Hybrid Working model. Aligned with this model is our commitment to maintain an environment for personnel, clients and visitors that is safe and, as far as reasonably practicable, free from health risks.

Medical evidence provides overwhelming and empirical evidence that vaccination is currently the most effective means of preventing the spread of COVID-19 and reducing the likelihood of serious illness, death, transmissions and infections. More information about our mandatory vaccination policy will be discussed during the recruitment process for this position. 

Privacy Policy