REF: TNH/HRD/ISA/06/2022

Reporting to the Internal Audit Manager, the successful candidates will be responsible for carrying out independent and objective assurance of the hospital’s information systems through regular audits and/or special investigations in line with the annual audit plan.

ROLES AND RESPONSIBILITIES

• Participate in the preparation of the annual audit plan in line with key risk areas and strategic priorities of the hospital in consultation with the Internal Audit Manager.
• Prepare and submit the audit program including risk assessment, evaluation of control environment, formulation of audit objectives, designing audit procedures, information gathering, and evidence analysis to ensure quality risk-based audits.
• Review ICT policies, procedures and work instructions for adequacy.
• Work closely with the IT project team to provide assurance on the implementation of the ERP/ HMIS and ensure adequate controls are built into the system.
• Evaluate systems processes to determine efficiency, completeness and accuracy.
• Give assurance on protection of Information Assets
• Review Information Systems Operations and Business Resilience.
• Assess entire ICT environment from application systems and business protocols to determine whether business objectives are being attained in a secure environment.
• Review Hospital’s hardware and software to ensure acquisition and deployment and disposal process are in line with best practice and policies.
• Provide assurance on security for the entire ICT environment within the Hospital including infrastructure.
• Participate in the change management process.
• Test and identify network and system vulnerabilities and create counteractive strategies to protect the network. Review information system application servers, backups, IT infrastructure, network, Business Continuity plan, and Disaster Recovery Plan to ensure compliance to policy and best practice.
• Monitor and report on utility of information systems facilities within the hospital for continuous checks and develop report on findings.
• Review, evaluate, and test application controls.
• Provide recommendations and guidance on identified security and control risks.
• Test IT general controls within the Hospital to ensure confidentiality and access management are well managed
• Carry out routine and special audit assignments as requested from time to time and develop report on findings and recommendations that inform on action points.
• Prepare audit reports for review and subsequent presentation to senior management and the Board of Management.
• Conduct integrated audit in collaboration with the Business Processes Auditors to provide assurance of the Business environment taking into account the ICT aspect.
• Carry out audit follow ups when due, based on Board resolutions & management action points and develop reports on implementation status
• Keep abreast on latest technology and trends to provide input to mitigate emerging threats to the Hospital.
• Any other responsibilities that may be assigned to the job holder by the supervisor from time to time.

EDUCATION SKILLS AND EXPERIENCE

CORE COMPETENCIES

• Technical & Behavioural competencies
• Knowledge of internal audit and applicable standards
• Working knowledge of internal audit software such as IDEA & TeamMate
• Understanding of hospital operating model
• Computer literacy skills
• Analytical skills
• Judgement skills
• Independent minded
• Attention to detail
• Planning and organizing skills
• Customer service skills
• Team player
• Accountability
• Integrity