• This TOR is to engage one (1) IT Controls Analyst to work on the Compliance Testing for several of the six (6) IT General Control (ITGC) Domains (Access to Program and Data, Application / Infrastructure Change, Application Development, Computer Operations, Entity Level and ITGC over Financial Reporting Spreadsheets) as part of OIST’s annual assertion and attestation exercise.
• OIST’s IT Assurance team is solely tasked to do the Compliance Testing on the six (6) ITGC Domains across 35 functional areas. The current resources under IT Assurance will not be able to complete all the walkthrough and testing procedures, therefore, this additional resource is needed. This resource should have extensive experience in reviewing ITGCs.
• Furthermore, the IT Assurance Team is also working on other governance projects and tasks involving Risk Management, Controls Advisory and Audit Coordination. This resource will also be working supporting the Audit Coordination work of the team.
PRIMARY FUNCTIONS
Tasks | Deliverables |
Conduct Annual Attestation in OIST
Perform Walkthrough and Controls Testing of assigned ITGC Domains |
Compliance Testing Documentation • Compliance Testing Documentation for assigned ITGC Domains – Walkthrough Documentation – Testing Results Documentation |
Update and enhance Risk Control Matrix (RCM) based on the results of the Walkthrough or Controls Testing |
Risk Control Matrix • Updated Risk Control Matrix |
Assist in preparing the documents/reports (e.g. list of control deficiencies) needed by external auditor |
Summary of Audit Deficiencies (SAD) • List of control deficiencies, compensating controls and conclusions on the control objective addressed by the control |
Prepare the electronic and manual Attestation working papers in the company-prescribed format |
Attestation Working Papers • Stand-alone and indexed working papers, including the deliverables and evidence for the Readiness Review and Compliance Testing |
Provide the possible detailed next steps (e.g. testing of compensating, mitigating or alternative controls) for the company to accomplish in order to likely obtain a favorable opinion in the Attestation |
Detailed Attestation Compliance Next Steps • Specific options for the company to facilitate Attestation compliance, including: – recommended nature, extent and timing of test of specific compensating, mitigating or alternative controls to address control deficiencies – recommended update and year-end testing, if applicable |
Suggest recommendations for the company, OIST for the improvement of the ITGC processes and the Attestation approach for these processes |
Attestation Process Recommendations • Recommendations for the improvement of the ITGC Domains • Recommendations for the improvement of the Attestation approach for the company’s ITGC processes |
Support Audit Coordination Work
Assist in scheduling audit meetings with units in OIST and auditors. |
Meeting invite Minutes of the Meeting |
Assists OIST in gathering evidences in preparation for the audit to be done by internal / external auditors. |
Audit Evidences |
Assists in developing and recommending key process steps that need to be implemented for compliance. |
Recommended key process steps |
Assist in doing follow-ups on the audit actions plans on the affected units. |
Audit Follow-ups/Status Updates/Updated Comments |
Assist in updating and managing a repository of compliance related information. |
Updated entries in the OIST Audit Tracking Database |
Assist in providing audit statistics (open, closed, pending, on-hold) |
Audit statistics |
SECONDARY FUNCTION
• Assist in copy editing, rewriting and proofreading of document contents.
• Automate and organize document templates and publishing procedures.
• Perform other related tasks as required for the position.
• Bachelor’s degree, preferably in Business Administration/Management, Accounting, Computer Science, Information Technology or Engineering
• Broad range of knowledge of Information and Communications Technology as applied in an enterprise environment.
• Knowledgeable on IT governance frameworks such as COBIT and ITIL
• Have considerable knowledge and at least 5 years’ experience in identifying and reviewing IT controls, specifically IT General Controls.
• Strong understanding of audit standards and procedures.
• CISA certification is preferred.
• Experience with SOX type review engagement is preferred.
• Must be able to relate to large information-based organizations and comfortable dealing with senior executives from a variety of culture
• Ability to understand and relate details of various compliance issues (people, technology, industry best practices, etc.)
• Excellent written and oral English communication skills
• Willing to work in a team, with long hours while under pressure
• Very attentive to details and methodical with work
• Ability to balance short and long-term priorities
• Proficient in MS Office applications and with working knowledge on MS Project
Subscribe to our referral program and get as much as Php 20,000 in referral fees! Once you subscribe to the e-mail list, we will be sending you news and updates on job offers and more.