Senior Manager Quality Assurance - Data Audit

1. To make audit plan by adopting a risk-based approach2. To refer framework and standards on information system developed by IASCA (formerly Information Systems Audit and Control Association) for following components:

a.       Report Validation - To provide assurance that the reporting module of the system is working according to the specification, are error free and can be trusted i.e. Functional Audit of the reports produced by the system, formulas used for different calculations (e.g. aging analysis, overdue, and PAR etc.) are in line with industry best practices nationally and internationally

b.      Application software review - To provide assurance whether the financial and operational applications meet the current and future needs of the organization. These business applications include clients’ information and tax processing system etc. The auditor must access control and authorizations, error and exception handling, business process flows within the application software and complementary controls (enterprise level, general, application and specialist IT control) and procedures and validation of reports (operational) generated from the system

c.       Network security review - To provide assurance that the database and the web server system is fully secure and is corresponding to the controls objectives of control system. Review of internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage.

d.      Data integrity review - To provide assurance that the database design and structure provides the best possible design for the organizational needs and corresponding application and future integration needs. The purpose is scrutiny of live data to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews.

e.      Business continuity review - includes existence and maintenance of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaster recovery/business continuity plan, effectiveness of disaster recovery plan, as well as ensuring existence of well-defined Audit manual and its compliance thereon. In line with the above, Auditor is required to perform gap analysis of the business requirements and current functions available in MIS applications. Validation of business system controls in the MIS  applications, covering documentation, transaction origination, input and output controls, processing controls, and most importantly, the accuracy of system generated reports is also required to done. In addition the Auditor must analyze business process risks and controls based on an understanding of planned or implemented controls and identified control gaps.

3. To make sure that SOPs are properly implemented in all areas of data management

4. To facilitate formulation of SOPs related to data monitoring and management

5. To ensure, through regular informed and uninformed audits, that the SOP(s) are being followed

6. To continuously monitor and analyze activities looking for any anomaly that could be indicative of a data security breach / threat and incident or compromise.

7. To ensure that data safety and security issues / short comings are properly identified and neutralized as per approved SOPs

8. To monitor and review various logs related to database.

9. To propose latest techniques/ tools to ensure security and quality of the database

10. To train relevant teams regarding data management and monitoring policies and SOPs

11. To develop a highly skilled data audit cell team

Knowledge, Skills and Abilities Required

• Knowledge of current technological developments/trends in area of expertise
• Knowledge of auditing concepts and principles
• Ability to gather data, compile information, and prepare reports
• Ability to perform control reviews on systems development, operation, programming, control, and security procedures and standards.
• Ability to review system backup, disaster recovery and maintenance procedures.
• Ability to communicate with and understand the requirements of professional staff in area of specialty.
• In-depth knowledge of database design, SQL and data warehousing 
• Advanced SQL development and optimization background Knowledge of data visualization and presentation methods for data analysis and interpretation, performance dashboards, and generating, managing and delivering presentations and reports capable of yielding insights and actionable results Excellent interpersonal, oral and written communication and presentation skills 
• Ability to work in teams towards a shared goal 
• Ability to interface with various levels in an organization 
• Ability to prioritize and organize effectively, advanced problem solving with ability to identify and evaluate solution alternatives 
• Ability to learn new technologies and tools