Head of Audit - Enterprise Risk and Risk Change

Standard Chartered Bank
25 May 2019
27 May 2019
Job role
Contract type
Full time
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities

The Head of Audit, Enterprise Risk and Risk Change executes the Bank's strategy for the audit coverage of Enterprise Risk Management Framework and Enterprise Risk Appetite. The role also extends to audit oversight of Risk Change (Transformation), and supports execution of project audit coverage.

Enterprise Risk Management (ERM) is a division reporting to the Group Chief Risk Officer (GCRO) that sets requirements and provides oversight of 10 Principle Risk Type Owners. This supports the GCRO in confirming effective operation of the Enterprise Risk Management Framework (ERMF) and alignment to Risk Appetite set by the Board. While not quantitative in nature, the subject matter is broad and complex, and requires technical expertise and engagement with senior stakeholders across risk at the Group–level.

The role has direct responsibility for enterprise risk audit coverage Group–wide, with two sets of Bank stakeholders that further defines scope of responsibility:

1. Internal GIA stakeholders (MD–level; Functional Heads of Audit, Product Heads of Audit, Country Heads of Audit) providing guidance and support to Client Segment and Country audit teams to enable consistent coverage of Enterprise Risk Governance and Risk Appetite at levels below the Group. This includes support in risk assessment and design of audit test programs.

2. Internal non–GIA stakeholders (MD–level; ERM Heads of Risk Governance, Appetite, Change and Internal Risk Review) providing audit service through direct assessment of risk and periodic delivery of audits of controls and governance.

GIA represents the third line of defence and provides independent assurance of the effectiveness of management's control of business activities (the first line) and of the control processes maintained by the Risk Framework Owners and Policy Owners (the second line). GIA works with the Group's other control functions, such as Finance, Risk and Compliance, but does not place unqualified reliance on their work. GIA is an independent function whose primary role is to help the Board and Executive Management to protect the assets, reputation and sustainability of the Group.

As defined in the Audit Charter, all staff in GIA must exhibit the highest level of professional objectivity in gathering, evaluating and communicating information about the activity or process being examined. They must make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments. GIA will adhere to the Definition of Internal Auditing, the Core Principles for the Professional Practice of Internal Auditing, Code of Ethics and the Standards for the Professional Practice of Internal Auditing that are published by the IIA. It is expected that all members of GIA strive to operate as role models for the Group's valued behaviours. GIA methodology has defined "Habits of a Human Auditor" which are aligned to the Group's valued behaviours and communicated across the function.
In addition to the responsibilities defined in the Audit Charter to protect the assets, reputation and sustainability of the group. The PHOA will lead on the delivery of the GIA Strategy for their relevant portfolio – focusing on:
1. Customer experience
2. Effective Group change
3. Identifying Group efficiencies and avoiding disruption from audit

• To act as Team Manager, as necessary, and take responsibility for overseeing the delivery of high quality audits, the performance of which cause minimal disruption to the business. Responsible, where serving as Team Manager, for the finalisation of audit issues and the audit report;
• To role model the valued behaviours and develop an environment in which positive behaviours are celebrated and poor culture is challenged.
• Assigned audit work, as well as the work carried out by the team, should be executed in an efficient and effective manner, within the given budget and timelines, and in line with GIA methodology standards.
• To clearly identify the risks and impact of issues during issue writing, agreeing these issues with management and obtaining quality management action plans to mitigate the risks raised;
• To lead continuous monitoring of assigned portfolio areas, and to build and maintain engagement with stakeholders;
• To take responsibility for the implementation and support of department–wide exercises such as annual planning, risk assessment and training;
• To support GIA audit teams by providing product knowledge and expertise for their audits relating to the individual's area of responsibility;
• To attend and represent GIA at formal committees and Group meetings, providing meaningful challenge and data–driven insights, as required, e.g. Governance Committees and Country Non–Financial Risk Committees; and
• Serve as the GIA portfolio subject matter expert – proactively engage with peers and stakeholders to maintain, build and share knowledge.
• Issue validation: All audit issue action plans agreed during audit fieldwork should be tracked through to completion in accordance with methodology requirements

• Contribute to the GIA risk assessment and design the subsequent risk–based audit plan for the assigned portfolio;
• Audits assigned to the individual in the GIA audit plan should address the key risks identified in the detailed risk assessment and in the audit planning process, and meet relevant regulatory requirements and expectations that are required to be covered by GIA;
• Consider whether the assigned audit plan remains relevant throughout the year as the risk profile of the business changes. Propose changes as appropriate; and
• Ensure that audit team operates in line with the Audit Charter during engagements, remains independent from management and free from interference.

Business (Budget)
• Effectively manage the cost of assigned audits within the allocated budget for audit engagements; and
• Identify and implement opportunities for cost savings and optimal productivity of assigned audit engagements.

Audit Delivery
• To act as Team Manager on assigned audit work involving Enterprise Risk across the Group. This will entail managing the Team Leader and junior colleagues working on the audit to deliver the Audit Planning Memo, Process Risks Controls Matrix, agree issues and action plans with management and submission of draft report to the Team Manager for review;
• Provide clear guidance, detailed review and supervision of the audit team's work so that audit deliverables meet quality standards and timelines in line with the GIA methodology;
• Provide guidance on business/audit technical knowledge and management skills to team leaders and team members to enable them to effectively deliver their assigned contributions for an audit;
• Provide technical input and challenge on audit work being undertaken within the scope of assigned product area of responsibility. This will include working with the audit team to produce outputs of high quality which address the areas of greatest risk;
• Support adherence to the GIA methodology in all areas of the audit engagement, as well as raising awareness and understanding of the methodology;
• Demonstrate sound knowledge of both business/technical areas and expert knowledge in the audit process, including the GIA system, so that audit work is carried out to a high standard that meets all methodology and GIA system requirements;
• Take the lead in presenting the draft report in the GIA report review process (to the tollgate or report approver); and
• Monitor the implementation/delivery of the agreed issues/audit plans for the audits assigned, understanding the key risks arising, provide advice on resolution of issues to auditees/action plan owners and escalate audit findings that remain unresolved.

Risk Assessment
• Update the assigned Continuous Risk Assessment on a regular basis to identify changes in risk profiles and document these in a timely manner, proposing changes to the assigned audit plan, as appropriate;
• Promote early identification and escalation of risks, issues, trends and developments to relevant stakeholders. Be prepared to raise issues/concerns outside the normal audit process;
• Attend relevant meetings relevant to assigned product area (e.g. Management Groups and Committees) provide insights and meaningful challenge, ensuring risks are appropriately identified, discussed and timely remediation plans are put in place;
• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve audit planning; and
• Review MI and reports regularly to keep up–to–date with key trends within the business and audit deliverables.

Stakeholder Management
• Establish and maintain effective working relationships with the management of business units which fall under portfolio responsibility...... click apply for full job details

Similar jobs

Similar jobs