PERM: AD - IT Audit Manager - Vice President
GB
Section 1 - Details |
|
Job Title / Corporate Title |
Audit Manager |
Department / Group |
Audit Department/Internal Audit Group |
Responsible to / Line Manager
|
Executive Director
|
Direct Reports
|
None |
Location |
London |
Date Prepared |
October 2019, updated July 2021, updated June 2022, updated July 2023 |
Certification regime |
Out of scope |
Section 2 – Purpose of Job |
This role exists to deliver an independent view and assurance over the IT control environment in operation in EMEA business entities (SMBC Bank International plc (SMBC BI), SMBC Branches, and other subsidiaries in EMEA Region). It undertakes and manages audits across a range of IT Infrastructure and applications and supports teams of auditors to deliver in depth testing and review to support audit opinions. It contributes part of the Audit opinion provided the EMEA Region Management and SMBC Group Audit Committee in Tokyo. |
Section 3 – Background |
|
Section 4 – Facts / Scale |
ADIA is responsible for the delivery of around 100 internal audit reports per year across the EMEA region. Due to the nature of each business and the three-year audit cycle, the number of audits each Audit Manager is responsible for can vary from year to year. On average an Audit Manager would be responsible for the delivery of around four to six audits per year and contribute to other audit assignments through delivery of fieldwork for other Audit Managers. This may include technically complex and highly regulated areas, large assignments, including theme audits across more than one jurisdiction/ business. These are scheduled so that some will overlap so that two assignments may be open at the same time, closing one and planning another, an Audit Manager will be able to manage both successfully. While the Audit Manager has no direct line reports, they are responsible for the work performed by team members of audits for which they are assigned as AIC, usually between two and six members, occasionally more, these may be located across different areas, or have particular area of expertise for which the team requires particular coaching and/ or guidance. The Audit Manager can be assigned the role as AIC in any of the business for which ADIA has internal audit responsibility. This is an EMEA wide role covering: SMBC BI, SMBC Branches, SMBC Nikko CM Ltd, SMBC Aviation Capital, SMBC Bank EU AG and SMBC Leasing (UK) Ltd. Provide feedback to Line Managers on work performed by the team. There is no monetary budget, but time budgets for the completion of each audit are established and the Audit Manager is expected to deliver the completed audit within the budgeted timeframe. The Audit Manager interfaces with AD Management, ADIA team members and line Management up to MD/ED level, although meetings are held with General Managers in other business areas. |
Section 5 – Accountabilities & Responsibilities |
The Audit Manager is primarily accountable and responsible for the timely delivery of an internal audit assignment. This includes:
The Audit Manager may be also asked to assist the Director/ Executive Director with maintaining relationships with Senior Management (D, ED and MD level) in a nominated area of responsibility, have insight into business activities and be able to comment on key areas of risk for those business areas. The Audit Manager will also be expected to contribute to Audit Department initiatives and work collaboratively across EMEA. |
Section 6 – Knowledge, Skills, Experience & Qualifications |
Educated to degree standard and holder of a professional qualification, (Usually CISA, CISSP etc) with strong technology skills and an understanding of applications controls. The ability to clearly communicate to senior Management both verbally and in writing audit issues and to gain the confidence and trust of Management in their relationship management role. The role holder needs to have a good operational knowledge in some aspects of the Bank to enable them to identify control weaknesses and advice on best practice/ process improvements. Have technical expertise and demonstratable knowledge of Cyber Risks. And a clear understanding of the risk and internal control environment relevant to the information technology being audited which may include:
Attention to detail. The confirmation of factual accuracy and a clear understanding of how the facts should be interpreted is essential. Be able to apply knowledge and skills to other areas and interpret these in the wider context. Be a trusted advisor to the business and undertake problem solving in own role. Advising on possible control solutions and, being able to balance competing demands. Previous internal audit experience is required to demonstrate a track record in effective internal audit delivery and management. |
|
Section 7 – Challenges (This section is optional) |
The main challenges the role will face are:
|