Internal Audit Manager

Job Overview:

The Internal Audit Manager (IAM) will be responsible for delivering and managing the design of internal controls, including process walkthroughs through to testing and feedback related to key financial and business processes, with a primary focus on SOX and SOX outcomes (both from an internal perspective and as viewed and concluded by the company’s external auditor).

With support from the Chief Financial Officer, the IAM will provide guidance and subject matter expertise across the company’s functions and staff to drive continual improvement of, primarily, financial and reporting risk and, as time allows other business risks in accordance with the company’s risk and controls matrix (RACM).

This role involves understanding business processes, designing, implementing, and monitoring an appropriate and effective internal control framework, conducting risk assessments, providing technical guidance and advice for remediation of internal control gaps and ensuring compliance with US GAAP and PCAOB standards. The IAM will report directly to the CFO and be supported at a high-level by external IA resource. The IAM will have exposure to the company’s Audit Committee.

Responsibilities:

SOX and controls:

• Plan, organize, design, document, update, and continuously monitor the internal controls framework, including the drafting and preparation of controls, manuals, and internal audit plans where appropriate.
• Complete testing of SOX controls in accordance with the agreed timeline.
• Identify and validate IT dependencies (ITDs) that support SOX key controls, ensuring the completeness and accuracy of information used in control activities. This includes validating automated controls, key reports, and segregation of duties.
• Implement and monitor specific IT controls such as access controls, change management controls, and data backup and recovery controls. Ensure that only authorized individuals can access sensitive financial data and systems, and that changes to financial systems are properly authorized and documented.
• Working closely with the Information Security Lead, establish and maintain robust SOX-compliant IT general controls, including controls over software development, data backup, system security, and IT operations and conduct regular ITGC risk assessments and ensure that IT systems operate effectively and securely to support SOX and financial reporting.
• Conduct risk assessments across all operating cycles to identify potential process weaknesses and implement or amend controls to mitigate associated risks.
• Report risk management issues and internal control deficiencies however identified to the CFO and Audit Committee, providing recommendations for improvement.
• Support the business in planning, designing, testing and implementing SOX-compliant financial controls for new in-scope services or new acquisitions.
• Monitor and evaluate compliance with existing policies and procedures, identifying exceptions and deficiencies, and proposing modifications as needed.
• Track and monitor overall SOX assessment status for monthly and quarterly reporting to senior management and the Audit Committee.
• Hold full responsibility for the management of the company’s controls repository and workflow, currently managed within the Open Pages system.

Support, liaison and collaboration:

• Support the external SOX audit process through the coordination of SOX process and control walkthroughs, reporting progress within agreed timelines.
• Stakeholder management and influencing control and process owners, managers, and external auditors.
• Serve as the primary liaison with internal audit advisors and external auditors, facilitating effective communication and coordination.
• Act as the bridge between the company's management and external auditors ensuring clear communication and timely, efficient and effective collaboration.
• Collaborate with key control owners to review identified control deficiencies and responses to internal and external audit matters raised, ensuring recommended remediations are implemented and action items are resolved.
• Assist management and staff in their performance of controls, providing guidance, training and support to ensure the design of each control remains effective and control testing is performed as required.
• Engage in continuous education of staff regarding the company's obligations, standards, and requirements related to SOX and best industry practices. Provide training for staff on SOX compliance to ensure they understand and can effectively implement SOX requirements as they relate to their areas.

Consistency, quality and improvement:

• Drive consistency, quality, and continuous improvement of business processes and controls, including proactively implementing and managing the automation of processes.
• Ensure appropriate controls are embedded within company policies, updating existing policies and drafting new ones as necessary.
• Keep abreast of all PCAOB publications and guidance related to SOX, advising management of any matters that may impact the company's SOX work or internal control framework.

Other work and projects:

• Proactively support in the planning and delivery of ad hoc risk and internal audit assignments.
• Assist in creating plans for streamlining or changing work processes beyond SOX and oversee the necessary testing and implementation as such things may affect SOX and controls.

Key Targets / KPIs:

• Ensuring all IA and SOX deliverables and deadlines are met in accordance with requirements.
• Minimization of Significant Deficiencies identified and remediated, with a target to minimize the occurrence of Significant Deficiencies (for example, <5) at any given financial year end.
• Specifically minimise the number of IT Control Deficiencies (for example, <3) in any given financial year, with focus on IT dependencies.
• Number of material weaknesses identified and remediated, with a target to avoid any material weaknesses at any given financial period end.
• Ensuring all staff are appropriately informed, trained and are thus able to deliver their elements of the SOX program in a robust, reliable and timely fashion.
• Maintain a proactive, positive, progressive and professional relationship with the company’s external auditors to facilitate a smooth path towards a clean SOX opinion at year end.
• Manage any external SOX or IA support that may be engaged to assist the company in conjunction with the CFO and Audit Committee.
• Maintain certifications and participate in continuous professional development activities.
• Ensure level of satisfaction of stakeholders (audit committee/management boards and senior management) remains high, maintaining confidence in the company’s IA function.

Requirements:

• Qualified Accountant or Internal Auditor (ACA, CA, ACCA, and/or IIA, CIA).
• Minimum 5 years post-qualification experience with the majority spent in internal audit, internal controls, or a similar position, with very strong focus on SOX compliance and controls testing.
• Strong knowledge of US GAAP, SOX requirements, the COSO framework, IIA and PCAOB auditing standards, and general business process best practices.
• Detailed understanding of risk and control frameworks through prior work experience, with strong analytical and problem-solving skills and an ability to identify and address control weaknesses and risks appropriately.
• Previous experience of using a risk management / IA tool such as OpenPages.
• Methodical approach with strong attention to detail and a proven ability to see and identify key risks to ensure the company reaches a sound and strong risk and financial outcome.
• Excellent communication skills with an ability to convey complex issues and collaborate with diverse stakeholders across all levels of the business with, in particular, very strong written English language skills.
• Logically minded self-starter with strong Excel, analytical, project management and problem-solving skills, alongside good organisational skills and strong time management abilities.
• Experience of coordinating with multiple stakeholders and across multiple geographies.
• Availability to travel internationally (typically not short notice) and work at London office at least 3 days per week.
• Some knowledge of wider legal and compliance subject areas such as KYC, conflicts, sanctions, AB&C etc. as they might apply to the company’s operations.
• Experience in the maritime, shipping, or energy sectors is an advantage.
• Chartered Internal Auditor (CMIIA) or Certified Information Systems Auditor (CISA) is a plus, as is familiarity with audit management software and data analytics tools.