EXTERNAL CLIENT ROLE
Summary of the position
The Senior Auditor performs a preliminary assessment of the audited activity and its internal control framework. He/she performs independent testing and analysis on specific controls in order to meet the audit’s objectives. He/she also contributes to drafting the debriefing presentation and the final report sent to Management.
Depending on the assignment, Senior Auditors may have to directly supervise one or several Auditors and may act as deputy to the Lead Auditor.
The Senior Auditor may either work independently or supervise one or several auditors.
I – Conduct of assignment
When working independently, the Senior Auditor is responsible for carrying out audit work autonomously as per the audit planning within the defined timeframes in accordance with methodology and procedures and Internal Audit standards. This includes:
- To independently carry out audit planning and fieldwork, including:
- A preliminary assessment of the audited activity highlighting the related risks and controls
- Interviews, testing and analysis of the results of the controls planned in the audit program
- Assessing controls for compliance with regulations, regulatory guidance including but not limited to Federal Financial Institutions Examination Council (FFIEC) IT Examination Booklets, NY Department of Financial Services (DFS) 500, DFS 504, Gramm–Leach–Bliley Act (GLBA), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT) etc.
- Assessing processes and controls within core IT infrastructure, IT operations, cybersecurity, business continuity planning and IT disaster recovery, business applications, data governance and management.
- Assessing control design, effectiveness and sustainability
- To document clearly and precisely in test sheets the controls performed and the conclusions reached
- To communicate succinctly and precisely in verbal and written communications
- To identify and report on strengths and weaknesses of the audited areas, to analyze the root causes and consequences of the identified weaknesses, to formalize possible remediation and recommendations to address the findings and to conclude on the effectiveness and efficiency of the control set-up and business practices
- To present audit conclusions to management and to the management of the audited unit (debriefing presentation, final audit report, etc.)
- To keep his/her management informed of the progress on the audit work assigned, and to escalate any issue that may impact or delay the audit’s execution or to raise any other relevant information on the assigned audit and the risk and control environment
- To proactively conduct recommendations follow-ups to monitor whether adequate corrective actions have been taken prior to closing any recommendations
- To ensure proper archiving of any supporting documentation, audit evidence and deliverables.
- To demonstrate accountability and ownership for the work assigned
II – Team management
The Senior Auditor, when supervising one or several Auditors, is responsible for:
- Training the Auditors on the audit techniques and expected deliverables
- Reviewing the work performed by the auditor to ensure that the test results and the findings are adequately documented and the recommendations are relevant
- Providing regular feedbacks to the Auditor and contributing to the definition of objectives and to the end of assignment assessment related to the team allocated during assignment
- Ensuring collaborative and productive relationships within the team and good coordination throughout the International Network and with auditees
III – Continuous improvement Program / Transversal topics
The Senior Auditor contributes to the continuous improvement of methodologies and processes. As part of her/his responsibilities, she/he:
- Prepares or updates audit guides, scorecards or training materials related to specific activities based on existing knowledge, documentation, interviews, etc.
- Monitors the implementation of recommendations issued
- Builds and shares knowledge (e.g. through contributing to SynerGIA, delivering training or taking part in various Methods and Support workstreams or assignments)
- Participate in one or several knowledge communities