Role and Responsibilities
Digital & Technology Audit Department comprises four sections:
- Applications - Focuses on OCBC Bank IT application systems including hubbed systems that are being used by international offices, branches, and subsidiaries.
- Digital Transformation & Subsidiary Applications - Focuses on digital transformation initiatives and subsidiaries application systems. These subsidiaries include Bank of Singapore ("BOS"), OCBC Securities Pte Ltd ("OSPL"), and OCBC Wing Hang (China) (previously OCBC Bank (China)).
- IT Infrastructure - Focuses on IT infrastructures of OCBC Singapore and OCBC Wing Hang (China) including data centres and operating systems.
- Cybersecurity - Focuses on cybersecurity, technology, and information risk management framework, policies, standards, and related governance and processes. This includes the management of network security.
Strategic Management - Assist Head DTA, GA in the following:
- Drive Group Audit's mission, which is to provide independent and objective assessments to help improve the quality and effectiveness of governance, risk management and internal control processes, and enable OCBC Banking Group to accomplish its strategic objectives.
- Drive adherence to the Internal Audit Charter which set out the terms of reference for Group Audit which defines the purpose, authority, and responsibility of the internal audit function within OCBC Banking Group.
- Align strategic initiatives to the vision and strategic direction for DTA and take into consideration changes in stakeholders' expectations, emerging trends, and leading practices in internal auditing.
- Lead, motivate and manage the audit teams to ensure they have sufficient knowledge, skills, and experience to fulfil the key attributes of the internal audit profession, i.e., professional ethics, professional competence, due professional care, independence, and objectivity.
- Set measurable key performance indicators for the audit teams that will enable the Department to meet or exceed its mission and goals.
- Support guest auditor programs to provide learning opportunities for guest auditors to better understand audit requirements and process as well as strengthen their risk awareness and control consciousness; and conversely to encourage the guest auditors to contribute business perspectives and practical balanced approaches to OCBC's auditing process.
- Lead by example by modelling the Bank's desired behaviours, so that staff are inspired to do the same.
- Champion a prudent risk and compliance culture that promotes good ethics, accountability, and good conduct among staff.
- Cultivate a conducive environment that allows staff to learn, grow and consistently exhibit the core values of the Bank.
- Formulate an annual audit plan for DTA, using an appropriate risk-based audit methodology and including the key risks and emerging requirements associated with the Banking Group's corporate strategy, business model and activities, and operating environment.
- Monitor the execution of the audit plan, manage it within budget, and report the status and results of executing the audit plan.
- Make necessary changes to the audit plan to address any emerging risks and concerns, regulatory developments or shifts in the Banking Group's corporate strategy.
- Report, on periodic basis, any significant issues related to the governance, risk management and internal control processes of the Banking Group, including potential improvements to the processes, and provide information concerning such issues through to resolution.
- Provide, at least annually, a report on the state of internal controls by assessing the adequacy and effectiveness of the Banking Group's governance, risk management and internal control processes.
- Provide consulting or advisory service (for example special reviews at the request of Senior Management or regulators) where the objective is to add value and improve the governance, risk management and control processes of the Banking Group without Group Audit assuming management responsibility.
- Assist in investigations (if requested, and as appropriate) into alleged staff misconduct or suspected internal frauds that may arise from whistle-blowing or referred by Businesses.
Internal Audit Practice Management
- Assist in the development and maintenance of the audit methodology, standards and practices that are relevant to the Banking Group and take into consideration leading practices in internal auditing.
- Develop and maintain the application audit methodology, guidelines, and procedures to provide independent assessment of key application security and application controls.
- Assist in the improvement of quality assurance program to assess DTA's conformance with the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing and put in place measures to address any gaps and enhance the internal audit practices.
Stakeholders Management - Assist Head GA in the following:
Qualifications The ideal Candidate will meet the following requirements:
- Prepare and propose an annual audit plan, financial budget, and key performance indicators for review by the CEO and approval by the Audit Committee.
- Report on periodic basis to the Audit Committee and the CEO the results of audit activities, any significant issues or concerns, the progress in execution of audit plan and status of meeting key performance indicators.
- Ensure that reports and information requested by the regulator are provided to the regulator according to the agreed frequency.
- Engage Divisional Management periodically to discuss business developments, organisational changes, key initiatives, state of internal controls, emerging developments/risks, and culture/conduct concerns to facilitate proactive decision-making and foster strong risk and control culture.
- Coordinate and work with external auditors to ensure comprehensive audit coverage.
- Provide audit support to other departments within Group Audit in respect of control assurance and Basel related assignments
- University Degree in Computer Science or a related discipline
- Professional certifications such as Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
- Minimum 10-12 years of working experience, with at least 8 years in IT audit
- Willing and able to operate effectively in a leadership position or a team player
- Independent and committed with high level of initiative
- Good written, verbal communication and presentation skills
- Strong interpersonal and communications skills
- High level of integrity, drive, and sense of urgency
- Willing to travel 10%-20% (MY/CN primarily, with occasional worldwide)