Business Controls Manager - IT

Purpose Statement:

• Works closely with BAT Management to assist with the design and effective operation of internal controls.
• Undertakes and Leads Internal Controls Design activity for both Business as Usual (BAU) and Project or Programme related control changes, with a specific focus on IT application and general controls
• Provides IT Internal Controls expertise, advice and guidance and promotes an awareness of risk management and control practices across the BAT Group.

Key Accountabilities:

• Assess internal controls against industry best practice with a focus on efficient and effective controls, governance processes, technology and communication.
• Lead the testing and associated reporting of key controls, as detailed in the internal control monitoring plan (including SOx testing).
• Undertake incident reviews and analysis, including root cause analysis and adequacy of actions to address identified weaknesses.
• Support in the monitoring and resolution of all reported control issues and identified actions.
• Contribute to the continuous improvement of the Group Controls function including the continued development of the BCT methodology to measure effectiveness of controls and mitigation of risks in the Group’s core processes.
• Build and maintain good working relationships with management, including regular progress meetings with key stakeholders and ensuring any problems or requests are dealt with promptly.
• Prepares or reviews controls reporting prior to submission to relevant BAT Group governance forums, e.g. Audit Committees and Programme Boards.
• For the areas of direct responsibility:
  • Work with BAT management to ensure controls are embedded in processes and operating procedures and adequately mitigate process risks, taking into consideration internal and external best practices;
  • Project management, including creation of accurate and up to date information for internal reporting to Programme Boards and Audit Committees;
  • Execution of stakeholder engagement plan with an aim to improve quality of processes and risk mitigation aligned to the organisation’s risk appetite;
  • Alignment of activities with other assurance providers (e.g. EH&S, various compliance teams, Internal Audit).
• Encourage and enable global team collaboration within BCT.
• Coordinate or participate in the delivery of training to Business Controls staff to support the global delivery of the BCT workplan.Line management responsibility for Senior Business Controls Analysts and Business Controls Analysts on controls work and Project Team management responsibility for individual assignments, including timely, clear and balanced feedback on their performance and development needs.

Knowledge, Skills and Experience:

• Degree educated with relevant professional qualification (e.g. ACA, ACCA, CISA, ITIL, CGEIT or CISSP)
• 5-8 years IT risk and controls experience with significant accounting firm or a global FMCG or similar dynamic operating corporate environment.
• Experience of IT internal controls in a SOx environment.
• Experience engaging with external auditors.
• Good knowledge of internal controls practices, principles and procedures and corporate governance requirements for a global Group, including Internal Controls over Financial Reporting (ICoFR)
• Experience of one or more of BAT’s core business functions, including operations, marketing, finance with a specific focus on IT.
• Experience in reviewing core IT processes and assessing the adequacy of controls, including design and operating effectiveness.
• Experience in reviewing outsourced IT Operations and assessing various forms of Third Party Assurance reports, e.g. SOC reports, for adequacy and impact on the services provided.
• SAP automated controls experience:
  • Experience in reviewing functional SAP components (FI/CO/MM/SD/FSCM), focusing on either the configuration or understanding of table structures and data model relationships.
  • Hands on SAP application reporting and query experience in order to extract internal controls relevant data and information.
• Experience in describing technical IT/SAP system situations into non-technical business scenarios and risks for senior management.
• Effective verbal and written communication skills with the ability to describe technical IT scenarios to senior executives to enable understanding of risks and the impact of controls over those risks and processes.
• The ability to summarise significant amounts of management information into the key messages including impact assessments and recommendations.
• Strong interpersonal skills and the ability to influence key decision makers in order to ensure risks and control scenarios are fully understood.
• Active listening skills and high levels of self awareness to support effective negotiation discussions around internal controls evaluations, for design, operation and change.
• Experience in managing diverse teams as part of both business as usual and one off project work.