1. IT Audit and Risk Management

• Plan, lead, and conduct complex IT audits, reviews, and investigations to help manage risks, including those from emerging technologies.

• Assess compliance with IT directives, standards, and governance frameworks.

• Deliver concise, evidence-based reports with risk mitigation and efficiency recommendations.

• Identify risks from new technologies and propose protective controls.

• Support annual audit planning.

2. Advisory and Consulting Services

• Advise on IT policies, standards, and process improvements across government ministries.

• Provide strategic guidance on IT governance, risk, and control frameworks.

• Offer technical and project advice on major IT initiatives to improve service delivery.

• Conduct compliance assessments (e.g., PCI, SyStrust) and recommend cost-effective solutions.

3. Client Relationship Management

• Build trusted relationships with ministry and agency leaders by adhering to professional audit standards.

• Facilitate resolution of audit issues and collaborate on action plans.

• Maintain open communication to align audit support with client goals and challenges.

4. Project Management

• Provide project risk advice and review IT/business projects.

• Develop audit plans outlining scope, approach, and resource needs.

• Lead diverse audit teams and manage external service providers to ensure quality outcomes.

5. Quality Assurance and Process Improvement

• Lead risk assessment workshops and serve as QA resource for high-risk IT projects.

• Drive continuous improvement through quality programs and best practices.

• Promote use of Computer Assisted Auditing Techniques (CAATs) to enhance audit processes.

1. Generally accepted auditing standards, IT control frameworks and specialized auditing techniques to plan, lead and conduct IT and business audit engagements, consulting, advisory and special investigation assignments.
2. Directives, standards and processes to evaluate compliance and to provide advice on risks associated with IT infrastructure, business-IT systems, IT Service management, corporate service management (security, procurement, emergency management, business continuity, disaster recovery management), and service delivery channels.
3. Information Technology, including systems under development, emerging technologies, security, e-commerce, telecommunications and networks, computer operations, and critical business and IT applications and systems to help improve overall control and governance frameworks.
4. IT Governance to assist decision makers support business objectives, strengthen overall corporate governance practices, and avoid failures that result from a misalignment between IT and business strategies.
5. Information Security including the protection of confidentiality, integrity and availability of information assets, information privacy and security of Government information and infrastructure assets against the risks of loss, misuse, disclosure, damage.
6. Information Management including records management, e-discovery techniques to ensure compliance with relevant legislations (FIPPA, PHIPA, PIPEDA, Archives and Recordkeeping Act) and to facilitate use of good information for appropriate decision making by the government.
7. IT risk management methodologies and concepts to assess risk management practices and to provide advice to senior officials and client management. Project management standards, best practices and frameworks to lead and conduct audit of IT projects and business transformation initiatives, and to provide advice to key stakeholders on projects.
8. Oral and written communication skills to prepare audit reports, reviews, research and statistical reports, briefing materials and correspondence; presentation skills to present information and audit findings, options and recommendations to senior officials and managers.
9. Computer software/applications to prepare various materials and products and specialised auditing applications, tools and techniques (e.g. IDEA, ACL, Sharpe Decisions) to facilitate evaluation of data and risks associated with IT systems.