Chief Internal Auditor
Information Communication Technology Agency of Sri Lanka
مجموع سنوات الخبرة :16 years, 4 أشهر
Executive - Group Corporate Assurance
To carry put planned financial audits, IS audits and risk management
1. Evaluating internal control environment surrounding the IT systems and carry out IT System and IT infrastructure reviews on the organization's technology processes and security management to identify the existing control weaknesses / deficiencies, report them to the audit committee / senior management and to provide appropriate and feasible recommendations there on.
2. Evaluating information security and associated risk exposures, testing effectiveness of existing controls, testing IT general controls i.e. User management, Change management, Password policies etc.
3. Review of corporate policies, procedures and recommend on improvement areas.
4. Identifying new business needs based on technological evolvements and providing independent guidance / advice to management on new ventures.
5. Conduct system pre-implementation reviews in order to identify the new system environments, controls and provide independent suggestions on ways to improve controls and establishing audit trailers for monitoring purposes.
6. Improve the knowledge management procedures within the department and assist in the continuous improvement / productivity within the department.
7. Liaising with external auditors and internal resources as appropriate in extracting the relevant information / evidence.
8. Preparation of Audit Reports, Action Plans, Executive Summaries (for CEO) and conduct Key Risk Review Reports for special purpose assignments.
9. Follow up on the action taken by the responsible parties on the recommendations provided and continuous monitoring of the action progress.
1. Evaluate the company’s information system processes and identify potential problem areas. Recommend alternative procedures or controls that add value to the organization. Carry out risk analysis and prepare or assist in preparing the audit plan or program covering the information technology aspects of operation. Perform sufficient tests, including analysis of technical data, to provide reasonable assurance that those internal controls over the Information Technology infrastructure and related systems are existing and adequate.
2. Study of key processes, management & internal controls and suggesting improvements to such controls to ensure effectiveness.
3. Performing Application controls testing to ensure the information produced by the IT systems to be accurate.
4. Ensuring compliance with statutory and regulatory provisions.
5. Preparation of Reports and reporting to the Manage / Director.
6. Active involvement form planning to finalization of audit assignments.
7. Preparation of Management Letters and obtaining feedback from the company management on the lapses on the IT system control environment.
1. Responsible for carrying out audits of companies, and various other organizations and preparation of financial statements thereof in accordance with relevant standards and legislation
2. Assisting in the preparation of financial statements, auditors’ reports, internal control reports and other reports in accordance with the relevant standards, guidelines and legislation
3. Reporting of the progress and key issues identified, to Audit Manager
4. Study and documentation of the organization’s Objectives and the Strategic Direction with regard to Internal Environment and External Business Drivers.
5. Study of key processes, accounting & internal controls and suggesting improvements to such controls to ensure effectiveness.
6. Application of analytical procedures on Financial Statement assertions and review & documentation of such procedural findings
7. Ensuring compliance with Financial Reporting Standards and statutory and other regulatory provisions
8. Active involvement, from planning to finalization of audit assignments
9. Attending to resolve taxation related issues.
Reading