Summary
As the Chief Audit Officer, you are responsible for establishing the internal audit vision, and functions. You are responsible for supporting the accomplishment of strategic objectives and helping ensure that established financial, operational and compliance practices, and the related controls, are designed and operating effectively.
You will oversee and report on the the organisation’s compliance, responsible for examining and evaluating technology activities and related risk for the purpose of ensuring regulatory compliance, safeguarding assets, protecting data and improving controls. You will ensure that all audit work conforms to the required standards.
You will report to Executive Board and will provide it with formal assessments of the adequacy of the organisation’s internal control environment.
Background
| Description | Background |
|---|---|
| Understands key issues and opportunities in current IT estate. Understands the objectives of the wider organisation. Able to attract senior stakeholder input and support. Aware of impact of new technology capabilities and developments, as well as enterprise architecture techniques. Has commercial insight into IT and supplier costs. Understands IT and business continuity risks and their mitigation. Able to build high-level plans within a portfolio of business and IT change programmes. Gains senior sponsor authorisation and support. Able to effectively communicate and influence stakeholders given agreed IT strategy and plan. | Prior Knowledge and Skills |
| Has gained expertise in the alignment of performance setting and assessment with organisational goals. Understands processes and procedures of performance management. Manages projects and organises the work of others. Demonstrates a responsible and disciplined approach, even under pressure. Has excellent and developed communication and negotiation skills. Understands the legal and best practice requirements of human resource management. Has a positive attitude towards diversity principles. | Prior Knowledge and Skills |
| Is proficient in quality management techniques, security (IT or cyber security) or assurance activities. Is proficient with ISO standards currently in use in the organisation. Has experience as an auditor running and scoping audits and designing internal standards and audits. Has experience collating audit requirements, and developing and maintaining a roadmap of audits. | Prior Knowledge and Skills |
Work Activity Components
| Title | Details |
|---|---|
| Business needs (Level 6) | Has a clear and thorough understanding of the needs of the business and uses this to develop strategy and plans. Focuses on business risk and continuity issues which impact the strategy. Takes full advantage of wider issues, e.g. commercials, people, processes and systems, for any proposed IT strategy. Understands current IT estate and operations, as well as current enterprise architecture objectives and constraints. |
| Communication (Level 6) | Communicates the strategy and plan as appropriate through-out the organisation, adjusting according to stakeholder needs. Influences across the organisation to ensure its successful adoption and implementation. |
| Engagement (ITSP) (Level 6) | Gains authority in the organisation, including from the wider leadership community. Influences stakeholder groups as required to successfully gain their support and commitment. |
| Exploitation (ITSP) (Level 6) | Exploits new approaches, proposals and technologies to build a credible strategy, building on the existing strengths and potential of the current estate and marrying all relevant organisation objectives with achievable IT goals. |
| Leadership(ITSP) (Level 6) | Leads the strategic planning process. Seeks and gains senior stakeholder involvement and support into the strategic planning process to deliver measurable business value. |
| Monitoring (ITSP) (Level 6) | Regularly monitors and reviews progress on the strategy and plan, communicating, updating and evolving as required with the necessary senior stakeholder support. |
| Advice and guidance (AUDT) (Level 7) | Provides general and specific audit advice to senior leadership teams on ways of improving the effectiveness and efficiency of control mechanisms. |
| Audit execution (AUDT) (Level 7) | Takes responsibility for the delivery of high-profile, large budget, audit programmes establishing and maintaining appropriate management structures to control and monitor audit deliverables. |
| Audit management(AUDT) (Level 7) | Ensures all audits are planned, resourced and executed within roadmap timescales. |
| Audit planning (AUDT) (Level 7) | Approves and authorises audit plans. Ensures costs, operational budgets, staffing requirements, audit resources and risk have been taken into account and appropriate and effective governance arrangements established. |
| Audit point resolution (AUDT) (Level 7) | Runs the action plan following a completed audit. Prepares response within agreed timescales. Reviews and approves audit response. |
| Audit prioritisation (AUDT) (Level 7) | Leads workshops with all stakeholders to review requirements for planned audits. Agrees priorities, timescales, information disclosure approach and audit frequency. Documents agreements made. |
| Audit roadmap (AUDT) (Level 7) | Reviews and approves all plans and the audit roadmap ensuring full scope is covered. |
| Audit scope and requirements (AUDT) (Level 7) | Leads audit requirements definition for high-profile engagements and/or large organisations. |
| Audit standards (AUDT) (Level 7) | Approves new or amended audit policies and standards having first ensured that they have been adequately reviewed and amended following a formal review process. |
| Audit strategy (AUDT) (Level 7) | Leads audit strategy development and definition and ensures that the audit function adds value to the organisation. |
| Function leadership (AUDT) (Level 7) | Leads the definition, implementation, and communication of the organisation's audit function. Ensures appropriate resources are available to deliver organisational audit requirements. |
| Review findings (AUDT) (Level 7) | Assesses collated audit review findings. Identifies and proposes significant control improvement programmes. |
| Stakeholder engagement (AUDT) (Level 7) | Liaises with internal and external stakeholders to ensure audit coverage is relevant and understood. |
| Career paths and mentoring (PEMT) (Level 5) | Advises individuals on career paths, and encourages pro-active development of skills and capabilities. Provides mentoring to support professional development. |
| Empowerment and role model(PEMT) (Level 5) | Facilitates effective working relationships within and between teams of staff. Motivates groups of staff and teams towards a high level of performance. Engages with, and empowers groups of staff. Acts as a role model for groups of staff, setting a standard, acting professionally at all times and working to a professional code of conduct and ethics. |
| Formal appraisals (PEMT) (Level 5) | Conducts formal appraisals of the performance of team members. Facilitates a dialogue with team members about expectations, progress, performance and development needs. Participates, as appropriate, in formal processes such as compensation negotiations, grievance procedures, and disciplinary procedures. |
| Guidance, performance and feedback (PEMPT) (Level 5) | Optimises the performance of people, measuring and reporting on performance against agreed quality and performance criteria. Collects data on the performance of groups of staff. Gives regular feedback to teams and senior staff as to team performance on work packages. |
| Lead, manage and supervise(PEMT) (Level 5) | Manages, supports and guides the work of groups of staff in line with organisational strategy. |
| Team dynamics (PEMT) (Level 5) | Integrates staff into teams to perform packages of work, taking account of individual and team capabilities. Consider the importance of skill mix within teams. Is sensitive towards team dynamics. |
| Transformation and change (PEMT) (Level 5) | Manages teams involved in significant transformation projects and/or during times of change, aligning change programmes with staff skills and capabilities. Supports staff, through difficult and challenging change programmes. |
| Work allocation, support and delegation (PEMT) (Level 5) | Allocates responsibilities, including supervisory and assigns packages of work to groups of staff. Ensures that work packages are aligned with the particular skills and abilities of teams. Supports teams in the delivery of work packages. Delegates work to individuals and teams, taking full account of skills and capabilities. |
| Strategy planning (ITSP) (Level 6) | Builds a robust high-level plan to deliver the strategy. Is aware of the budgetary and other constraints in analysing business proposals and delivering the plan successfully. |
| Risk assessment (AUDT) (Level 7) | Directs use of risk analysis to identify areas for in-depth review. |
Behavioural Skills
| Title | Details |
|---|---|
| Analytical Thinking | Acquiring a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated. |
| Commercial Orientation | Understanding commercial considerations and ensuring alignment with them when making decisions or recommending actions. |
| Conceptual Thinking | Acquiring understanding and insights regarding the underlying issues in complex problems or situations through the development of abstract representations, the identification of patterns and the analysis of hypotheses. |
| Counselling and Developing Others | Helping others to understand their values, needs, goals and limitations and coaching them to develop their effectiveness towards the limits of their potential. |
| Critical Thinking | The ability to think clearly and rationally; review and evaluation of processes and outputs; the ability to engage in reflective and independent thinking; reasoned thinking involving critique. |
| Decision Making | Making decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources. |
| Delegation | Delegating tasks, responsibilities and authorities effectively. |
| Follow-up and Monitoring | Checking progress against targets, taking action to resolve exceptions/ issues and reporting and escalating where necessary. |
| Goal Orientation | Maintaining focus on agreed objectives and deliverables. |
| Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
| Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
| Leadership | Clearly articulating goals and objectives, and motivating and leading others towards their achievement. |
| Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
| Planning and Organisation | Determining a course of action by breaking it down into smaller steps and by planning and resourcing each of these, making allowance for potential problems and escalating if necessary. |
| Providing Direction | Directing others to undertake specified tasks within a defined timescale. |
| Strategic Perspective | Keeping organisational objectives and strategies in mind, and ensuring courses of action are aligned with the strategic context. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Application Systems | Technical or functional understanding of Commercial Off-the-Shelf (COTS) applications and/or other bespoke software deployed within the organisation in order to provide system configuration, audit, technical, and/or functional support. | Familiar with |
| Big Data | The discipline associated with data sets so large and/or complex that traditional data processing applications are inadequate. The data files may include structured, unstructured and/or semi-structured data, such as unstructured text, audio, video, etc. Challenges include analysis, capture, curation, search, sharing, storage, transfer, manipulation, analysis, visualization and information privacy. | Familiar with |
| Business Environment | The business environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners and competitors), in particular those aspects of the business that the specialism is to support (i.e. localised organisational awareness from a technical perspective). | Expert in |
| Cloud/Virtualisation | The principles and application of cloud/ virtualisation (including ownership, responsibilities and security implications). Use of tools and systems to manage virtualised environments. | Familiar with |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Expert in |
| Infrastructure Architecture | The frameworks and principles on which networks, systems, equipment and resources are based both on premises and cloud-based. | Proficient in |
| IT Audit | Principles, practices, tools and techniques of IT auditing. | Expert in |
| IT Environment | The IT environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners), in particular own organisation's technical platforms and those that interface to them through the specialism, including those in closely-related organisations. | Expert in |
| National/International Standards | Current and emerging standards associated with IT practice nationally and internationally, published by authorities such as IEEE, IEC, BSI, ISO. | Expert in |
| Networking and Communications | The planning and management of the interaction between two or more networking systems, computers or other intelligent devices. | Proficient in |
| Operational/Service Architecture | Knowledge of the IT/IS infrastructure and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. | Proficient in |
| Own Organisation's IT Products and Services | The IT products and/or services supplied to internal and external customers by own organisation. | Familiar with |
| Structured Reviews | Methods and techniques for structured reviews, including reviews of technical work products, test plans, business cases, architectures and any other key deliverables. | Familiar with |
| Third Party IT Products and Services | The IT products and/or services supplied to own organisation by external suppliers. | Familiar with |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Appraisal Techniques | Methods and techniques for appraising an individual's performance and potential. | Proficient in |
| Budgets | Principles, methods, techniques and tools for the preparation and monitoring of budgets to manage costs and ensure cost-effectiveness and value for money. | Familiar with |
| Business Proposals | Methods and techniques for preparing and presenting business cases, requests for proposal (RFP) invitations to tender (ITT) and statements of requirements/work both verbally and in writing. | Proficient in |
| Coaching Techniques | Methods and techniques for coaching individuals or groups by a balanced combination of support and direction, which could include use of virtual learning environments plus add-ons to augment feedback specific to work items, workflow or career plans. | Proficient in |
| Disciplinary Issues and Procedures | Managing episodes of unsatisfactory behaviour or performance in accordance with appropriate policies and legislative conformance. Includes changes to circumstances, such as sickness, disability and other personal issues. | Familiar with |
| Document Management Techniques | Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. | Proficient in |
| Financial Management | Knowledge of Financial Management and Management Accounting. Competent management of costs, budgets and cash flow. | Proficient in |
| Legislation | Relevant national and international legislation. | Proficient in |
| Performance Monitoring | Identifying, agreeing and monitoring (usually by face-to-face interviews) objectives and deliverables with individuals. Identifying under-performance issues against agreed quality standards and performance criteria. Identifying gaps in capability and causes, disciplinary or ability-related (needing assistance, training or other support). | Proficient in |
| Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Proficient in |
| Quality Accreditation | Procedures necessary to acquire certification against a recognised quality standard. | Expert in |
| Report Writing Techniques | Methods and techniques for writing clear, accessible and persuasive reports. | Proficient in |
| Resource Allocation | The effective and efficient routine deployment of resources, (but also including reassessment and reallocation in a dynamic multi-project environment), to achieve optimum results. | Proficient in |
| Service Delivery Economics | The economics of service delivery, such as the cost per service line in terms of hardware, software, and manpower used to deliver the service. | Proficient in |
| Stakeholder Engagement | Establishing relationships, analysing perspectives and managing stakeholders from a variety of backgrounds and disciplines. Adapting stakeholder engagement style to meet the needs of different audiences. The identification of key business stakeholders and an assessment of their level of power and interests, and their perspectives to inform the way(s) in which they should be considered and managed. | Proficient in |
| Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Expert in |
| Team Dynamics | Knowledge and understanding of the psychological and environmental forces that influence the direction of team behavior and performance and the tools and techniques to improve team cohesion and performance. | Familiar with |
| Techniques for Effective Meetings | Methods and techniques for running effective meetings and for understanding and influencing the roles played by participants. | Proficient in |
Training
| Title | Details |
|---|---|
| Diversity and Inclusion | Raise diversity in-the-workplace awareness in order to better understand how the world looks through the eyes of people of a different age, race, gender, sexuality, etc, improve communications with people from diverse backgrounds and reduce the levels of unconscious bias in decision-making. |
| Information Security Management | Frameworks and standards for information security management, such as the international standard ISO/IEC 27001 for Information Security. |
| Latest Cyber Security Threats for Senior Execs | Short, high-level, up-to-date and to-the-point briefing on the latest threats and vulnerabilities in cyber security. |
| Software Configuration | Installation, configuration and tuning of applications or systems software. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Gaining Knowledge of Broader IT Issues | Increasing and maintaining currency of knowledge of broader IT issues through reading, attending and participating in seminars or conferences, special studies, temporary assignments etc. | Increasing Knowledge |
| Gaining Knowledge of Standards and Legislation | Gaining and maintaining knowledge of relevant national and international standards and legislation. | Increasing Knowledge |
| Gaining Strategic Knowledge of Employing Organisation | Developing a comprehensive understanding of the business environment in which the employing organisation operates and its position, policies and direction in relation to health and care, country and global issues. | Increasing Knowledge |
| General Management | Continuing learning and development in general management skills, such as effective communication, leadership styles and skills, team building and team roles, motivation and delegation, planning and resource scheduling, influencing, persuasion and negotiation, so as to be in a position to accept greater responsibility at senior management or director (including non-exec) level. | Developing Professional Skills |
| Mentoring | Acting as a mentor, advising those for whom there is no direct responsibility, on matters to do with their job role, career and professional development. | Broadening Activities |
| Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
Qualification Components
| Title | Awarding Bodies |
|---|---|
| IIA Certificate in Internal Audit and Business Risk | Institute of Internal Auditors UK |
| Principal Auditor | International Register of Certificated Auditors |
| Leading Practitioner | The Federation for Informatics Professionals |
The Professional Body Responsible for this job family is BCS. This job role profile was created in collaboration with BCS, using Role Model Plus.