Senior Operational Risk Audit Manager, Malaysia. My client a global bank is looking for someone to execute audits across operational risk. Ideal candidate will have in-depth understanding of operational risk management, processes and associate control requirements and would of worked within audit internal or external at some point during their career.
The Senior Audit Manager, Operational Risk supports execution of the Bank’s strategy for the audit coverage of Operational Risk. The role also includes audit execution across other Principle Risk Types. Operational Risk is one of the Bank’s 10 Principal Risk Types.
As the home supervisor, the PRA sets out mandatory audit coverage of the Bank’s overall Operational Risk (“OR”) management system (controls and governance); CRR320a. This coverage focuses on the Operational Risk Principal Risk Type Framework (PRTF), its supporting policies / standards, and governance oversight provided by the Group Non-Financial Risk Committee. The OR-PRTF applies across the Group’s geographic footprint, in subsidiaries and branches. Its underlying Control Assessment Standard (OR-CAS) operationalises evidence-based risk and control monitoring across all process universes (PUs).
All Principal Risk Type Framework owners (at country and group-level) utilise OR-CAS output to support their second line oversight. As a result, the role demands technical expertise and engagement with senior stakeholder at the Group-level. The role has two sets of Bank stakeholders that further defines scope of responsibility:
- Internal GIA stakeholders (Product Heads of Audit, Country Heads of Audit) providing guidance and support to enable a consistent approach to (i) auditing the operation of OR-CAS at business client (product) / functions, and (ii) auditing OR supervisory controls at levels below the Group.
- Internal non-GIA stakeholders (Senior Managers in Group Operational Risk) providing audit service through periodic delivery of audits of controls and governance.
Senior Audit Manager is expected:
- To act as a Team Leader on assigned audit work involving Operational risk across the Group. This will entail managing the auditors working on the audit to deliver the Audit Planning Memo, Controls Document, agree issues and action plans with management and submission of draft report to the Team Manager for review;
- To act as Team Manager and take responsibility for overseeing the delivery of high quality audits, including finalising of audit issues and the audit report;
- To confirm that assigned audit work, as well as the work carried out by team members is executed in an efficient and effective manner, within the given budget and timelines, and in line with GIA methodology standards.
- To clearly identify the risks and impact of issues during issue writing, agreeing these issues with management and obtaining quality management action plans to mitigate the risks raised;
- To lead continuous monitoring of assigned countries / portfolio areas, and to build and maintain engagement with stakeholders;
- To take responsibility for the design and implementation of department wide exercises such as annual planning, risk assessment and training;
- To support GIA audit teams by providing product/country knowledge and expertise for their audits relating to the individual’s area of responsibility;
- To attend and present at formal committees and Group meetings on behalf of the HOA or for their own area of responsibility, as required, e.g. Governance Committees and Country Non-Financial Risk Committees; and
- The individual will support the HOA in their role as the GIA portfolio/country subject matter expert, depending on the skills of the individual.
- Issue validation: all audit issue action plans agreed during audit fieldwork should be tracked through to completion in accordance with methodology requirements