AVP Audit Services, Information Systems
Reporting to the VP of Audit Services, the AVP, Audit Services, Information Systems, has global accountability for the delivery of Information Technology Operations audits and reviews, and for System Development Audits. The primary purpose of Audit Services is to provide audit services that assist the company in achieving its vision, goals and values and to assist our customers in discharging their respective responsibilities. This is done by successfully accomplishing the following objectives:
• continually identifying and understanding risks and exposures in all the company’s activities with particular emphasis on information security, integrity and availability.
• objectively assessing the effectiveness of risk management processes and policies and reporting these assessments to management at all levels (including the CEO and Division General Managers) and the Audit Committee of the Board of Directors in a fair and constructive manner;
• providing value-added and practical recommendations to improve management of risk and efficiency and effectiveness of operations;
• proactively acting as a catalyst for improving management of risk;
• serving as supportive risk management consultants to all levels of management;
• focusing on value-added audit services, avoiding low value activities;
• continually improving our audit processes leveraging technology to its fullest. In particular developing a capability in the use of retrieval audit software and thought leadership in the potential uses of this software
Responsibilities:
1. Design, in consultation with the VPs and CRM’s, the annual information systems audit plan for Information Technology Operations and System Development projects.
2. Direct and guide the world-wide information technology and system development audit program. Providing assurance directly to the VP & Chief Auditor as to the quality and timeliness of the work planned and escalating concerns regarding timeliness of work after suitable discussion with the VP and AVP’s of audit services, as appropriate. Ensuring all significant development efforts worldwide that require audit are appropriately staffed through a combination of remote and local staff as appropriate.
3. Further develop and maintain the audit methodology for Systems Development Auditing.
4. Build relationships with Division and Corporate Information Systems management, in particular with Corporate Information Security office and the division VPs & Client Relationship Managers (CRM’s) worldwide.
5. Scheduling/assigning audit projects to audit staff in a coordinated effort with other AVP’s and Directors worldwide to maximize the utilization of resources and the development of staff
6. Monitor progress of individual assignments reporting any timing problems or budget over-runs to the appropriate VP or AVP Audit Services.
7. Provide a quarterly status report and briefing directly to VP & Chief Auditor of worldwide status and coverage of all System Development project in progress.
8. Review results of audits with AVP, Information Security and ensure EVP and CIO is kept informed of results.
9. Prepare 6 month follow up report of all information systems issues outstanding worldwide for the Chief Information Officer (CIO) with appropriate analysis and briefing.
Qualifications:
• Expert level knowledge of working with SAS 70’s and CICA Section 5900 reports on outsourced IT operations
• Working, hands on knowledge of SOX for all IT areas including effective application of risk based approach
• Excellent knowledge of audit methodologies, project management and system development methodologies, control frameworks and risk management practices, and regulatory requirements (OSFI) and information technology.
• Strong leadership and management skills; thinks strategically, ability to influence peers beyond scope of direct authority
• Ability to effectively communicate ideas and recommendations orally and in writing, and to listen and consider ideas of others
• Ability to quickly understand business and information services processes and their risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations
• Proven relationship skills including a demonstrated ability to deal effectively with staff at all levels to Division CRM’s and business unit VP’s and AVP’s
• University degree plus a recognized project management (PMP) or auditing (CA, CIA, CISA) or security (CISSP) designation with 6 years internal or external audit experience
• Establish a high level of credibility and build professional relationships with key business unit information systems VP’s (CRM’s) and AVP’s and information security officers, the corporate Information Security Office, and Chief Information Officer.
• 4 or 5 audit staff report to this position on a permanent basis. On a project basis, business auditors are assigned to Systems Development Audits and systems auditors in HK and Japan are assigned to assist with work to be completed at those locations on a project bas |
