• This TOR is to engage one (1) IT Controls Analyst to work on the Compliance Testing for several of the six (6) IT General Control (ITGC) Domains (Access to Program and Data, Application / Infrastructure Change, Application Development, Computer Operations, Entity Level and ITGC over Financial Reporting Spreadsheets) as part of OIST’s annual assertion and attestation exercise.
• OIST’s IT Assurance team is solely tasked to do the Compliance Testing on the six (6) ITGC Domains across 35 functional areas. The current resources under IT Assurance will not be able to complete all the walkthrough and testing procedures, therefore, this additional resource is needed. This resource should have extensive experience in reviewing ITGCs.
• Furthermore, the IT Assurance Team is also working on other governance projects and tasks involving Risk Management, Controls Advisory and Audit Coordination. This resource will also be working supporting the Audit Coordination work of the team.
Conduct Annual Attestation in OIST
|Perform Walkthrough and Controls Testing of
assigned ITGC Domains
| Compliance Testing Documentation
• Compliance Testing Documentation for assigned
– Walkthrough Documentation
– Testing Results Documentation
| Update and enhance Risk Control Matrix
(RCM) based on the results of the
Walkthrough or Controls Testing
| Risk Control Matrix
• Updated Risk Control Matrix
| Assist in preparing the documents/reports
(e.g. list of control deficiencies) needed by
| Summary of Audit Deficiencies (SAD)
• List of control deficiencies, compensating controls
and conclusions on the control objective addressed
by the control
| Prepare the electronic and manual Attestation
working papers in the company-prescribed format
| Attestation Working Papers
• Stand-alone and indexed working papers, including
the deliverables and evidence for the Readiness
Review and Compliance Testing
| Provide the possible detailed next steps (e.g.
testing of compensating, mitigating or
alternative controls) for the company to accomplish in
order to likely obtain a favorable opinion in the
| Detailed Attestation Compliance Next Steps
• Specific options for the company to facilitate Attestation
– recommended nature, extent and timing of test
of specific compensating, mitigating or
alternative controls to address control
– recommended update and year-end testing, if
| Suggest recommendations for the company, OIST for
the improvement of the ITGC processes and
the Attestation approach for these processes
| Attestation Process Recommendations
• Recommendations for the improvement of the ITGC
• Recommendations for the improvement of the
Attestation approach for the company’s ITGC processes
Support Audit Coordination Work
|Assist in scheduling audit meetings with units
in OIST and auditors.
Minutes of the Meeting
| Assists OIST in gathering evidences in
preparation for the audit to be done by
internal / external auditors.
| Assists in developing and recommending key
process steps that need to be implemented
|Recommended key process steps|
| Assist in doing follow-ups on the audit actions
plans on the affected units.
| Audit Follow-ups/Status Updates/Updated
| Assist in updating and managing a repository
of compliance related information.
| Updated entries in the OIST Audit Tracking
| Assist in providing audit statistics (open,
closed, pending, on-hold)
• Assist in copy editing, rewriting and proofreading of document contents.
• Automate and organize document templates and publishing procedures.
• Perform other related tasks as required for the position.
• Bachelor’s degree, preferably in Business Administration/Management, Accounting, Computer Science, Information Technology or Engineering
• Broad range of knowledge of Information and Communications Technology as applied in an enterprise environment.
• Knowledgeable on IT governance frameworks such as COBIT and ITIL
• Have considerable knowledge and at least 5 years’ experience in identifying and reviewing IT controls, specifically IT General Controls.
• Strong understanding of audit standards and procedures.
• CISA certification is preferred.
• Experience with SOX type review engagement is preferred.
• Must be able to relate to large information-based organizations and comfortable dealing with senior executives from a variety of culture
• Ability to understand and relate details of various compliance issues (people, technology, industry best practices, etc.)
• Excellent written and oral English communication skills
• Willing to work in a team, with long hours while under pressure
• Very attentive to details and methodical with work
• Ability to balance short and long-term priorities
• Proficient in MS Office applications and with working knowledge on MS Project
Subscribe to our referral program and get as much as Php 20,000 in referral fees! Once you subscribe to the e-mail list, we will be sending you news and updates on job offers and more.