Role Objective

The incumbent will be charged with the overall responsibility of conducting the examination and the analysis of internal controls and Bank operations. The job holder will develop sufficient audit scope, perform test procedures, and prepare audit reports in conformance with Doha Bank standards. The Auditor will test current Bank controls and report findings, as per the department standards, to the respective Department Head and Section Head.

The job holder will work closely with the Department Head and/or Section Head in performing and performing complex level professional internal audit work and ensuring adequate audit coverage for information systems and applications implemented at Doha Bank. The incumbent will also be responsible for handling special projects such as investigations or tasks, as advised by the Department Head.

Operational Roles and Responsibilities:

• Assist the Department Head and IS&T Audit Team in identifying and evaluating the Bank's risk areas and suggesting workable recommendations.
• Draft and finalize audit reports following the Department’s audit reporting standards.
• Perform audits and reviews, covering General Computer Controls, General Application Controls, and Specific Applications Controls.
• Follow the Annual Audit Plan and contribute to it, as and when required.
• Abide by the Audit Policy, Standards, and Procedures.
• Perform audit procedures, including identifying and defining issues, developing criteria, reviewing and analyzing evidence, and documenting auditee processes and procedures.
• Contribute to the preparation of the annual Risk-based Audit Program in accordance with the functions and policies of the Bank and execution of the Annual Audit Plan.
• Comply with the Bank's policies, procedures, and regulatory requirements.
• Responsible for tracking and perform Audit follow-up reviews timely with the status of audit recommendations.
• Test effectiveness of accounting and risk management controls of the Bank.
• Examine as follow-up with such procedures and controls and Audit the Bank's accounts and records.
• Obtain background information on the areas to be audited.
• Gather preliminary information on risks and controls for an individual internal audit project or assignment.
• As per the audit plan, test the control compliance with the laws and regulations applicable to the Bank and report to the Department Head, who will, in turn, escalate issues to the Chief Internal Auditor and the Audit, Compliance, and Risk Committee, as and when required.
• Evaluate various functional processes and related controls.
• Ensure that the audit approach describes in detail the nature, timing, and extent of the internal audit procedures for an individual audit project.
• Contribute to the preparation of work programs that are aligned with the engagement scope and requirements.
• Review the documents gathered by the Internal Auditor throughout the development and administration of surveys, conducting interviews, the composition of summary memos, and preparation of working papers.
• Work closely with the Department Head to communicate the results of the Audit and advisory projects via written reports and oral presentations to Executive Management.
• Develop and maintain productive auditee and staff relationships through individual contacts and group meetings.
• Direct the examination/evaluation of the adequacy and effectiveness of the IT control systems in place across key processes that incur risk, as per the audit plan.
• Direct the review of processes in place, as per the audit plan, to ensure compliance with legal and regulatory requirements, code of conduct, and policies/procedures.
• Review the testing procedures adopted for controls on the existing MIS relating to information technology and security systems to determine the adequacy, accuracy, and reliability of the reports and records generated by the referenced systems.
• Stay ahead of general business/economic developments and new pronouncements/standards to gain an understanding of their links and impact to the auditee's Business. Understand and apply technical standards.
• Pursue professional development opportunities, including external and internal training and professional association memberships, and share information gained with other Internal Audit employees.
• Ensure high standards of confidentiality to safeguard commercially sensitive information.
• Coordinate with Department Heads of various functions across Doha Bank to ensure the response to auditors' queries and follow-up implementation of agreed recommendations.
• Respect the authorities delegated by the Chief Internal Auditor, Department Head, and delegate authorities to subordinates, where necessary and applicable.
• Attend meetings with the Department Head and take minutes, as and when required.
• Perform other related Internal Audit work as assigned by the Department Head.
• Coordinate with the Department Head and provide information to external auditors, as and when required, to facilitate periodic audits.
• Responsible for meeting set targets, time, and objectives and the performance of the Internal Audit – Information Systems and Technology function against Annual Audit Plan and other set objectives through regular follow-up with function employees.
• Manage the Department, TeamMate, and perform CAAT and Data Analytics using ACL and/or IDEA tools, whenever applicable.
• Manage and administer the TeamMate Audit Management System, provide support and training as needed.

Information Systems and Technology Audit - GCC, GAC, AC Testing

Functions & Responsibilities (Major Duties):

Timely ensure the performance of the following audit activities to assess the established internal control procedures by examining records, reports, operating practices, and documentation revolving around databases and applications:

• Verify assets and liabilities by comparing items to documentation.
• Prepare special audit and control reports by collecting, analyzing, and summarizing database and application information and trends revolving around them.
• Manage and review security and report incidents revolved around applications and databases.
• Review and assess the root causes analysis and resolutions.
• Periodic reviews back-ups and recovery procedures
• Review of Database server's configuration and hardening.
• Review of Application server's configuration and hardening.
• Review the troubleshooting and resolving of database and application problems.
• Ensure audit files are maintained and documented and then reviewed.
• Ensure that the draft reports are timely, complete, accurate, and valid before submitting them to the audit management.
• Ensure completing the assigned audit project, as planned, with the required quality, and submit the full results, audit file, reports following the department standards to the Department Head for review before finalization.
• Ensure audit files are maintained and documented and then reviewed.
• Ensure that the draft reports are timely, complete, accurate, and valid before submitting them to the audit management.
• Ensure completing the assigned audit project, as planned, with the requires quality, and submit the full results, audit file, reports following the department standards to the department head for review before finalization.
• Ensure that the following Information Systems audit and review activities are adequately performed:
• Audit and internal control review procedures are implemented to detect possible violations of information security policies, standards, and procedures.
• Internal audit activities are carried out by designated personnel within the area of responsibility.
• Identify control exceptions and analyze and identify their underlying root causes. Escalate control exceptions and report to stakeholders appropriately.
• A monitoring framework is developed, defining the scope, methodology, and process to be followed for measuring Security Solutions and service delivery and monitoring IS' contribution to the Business.
• Controls are in place, ensuring audit activities are executed with minimal risk of disruptions to business processes and production systems.

RERQUIRED COMPETENCIES, KNOWLEDGE, AND EXPERIENCE

Education and Training:

• Degree in Computer Science or Computer Engineering Science or relevant Business educational degrees
• Understanding of multiple technology domains, including software development, Windows, database management, networking, and UNIX (preferred).
• Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations.

Professional Qualifications:

• Professional qualifications such as CIA, CISA, CPA, CFE, CRISC, CISM, CISSP.

Experience:

• 08-12 years of total experience in financial services/banking industry, entailing responsibilities pertaining to the specific area of discipline.