Perform assigned audit engagements, from start to finish, inclusive of preplanning, wrap up activities ensuring application of risk and control concepts to scenarios encountered, and identify any potential issues.
Assist in the periodic Risk Assessments and development of the Risk-Based Work Plans focusing on IT risks.
Professional Ethics
• Assist in initiating/promoting the establishment and continuous improvement of the Corporate Governance Framework including Enterprise Risk Management, Corporate Code of Conduct, Ethics and Values.
Internal Audit Plan
• Assist in the development of Annual Audit Plan (AAP) based on the results of risk assessment exercise focusing on IT risks.
• Participate in reviewing and updating the IT audit universe to ensure it covers all IT risks.
• Provide input for the periodic reporting on IT audit activities and performance relative to its plans, significant risk exposures, control/governance issues and other related matters.
Audit Execution
• Lead the IT auditors in the examination and analysis of records through executing audit program steps for the assigned audits.
• Develop a detailed audit program / Risk & Control Matrix (RCM) for the assigned audit including the objectives, potential risk, key controls, audit procedures and the use of audit techniques and tools to evaluate governance, risks and controls processes, and submit audit program to the management for review and approval.
• Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, statistical sampling method or others.
• Ensure that adequate working papers and all relevant information are continuously documented and updated in the automated Audit Management System in accordance with pre-defined templates and audit procedures.
• Identify, obtain, analyze and appraise related systems and evidentiary data/information.
• Appraise the adequacy of the corrective actions taken by management on audit recommendations through follow up audits and periodically review and update the status of management action plans.
• Ensure that approved audit objectives have been met with adequate coverage of all relevant areas and sufficient audit evidence is obtained to support the conclusion and recommendations, in accordance with professional audit standards.
• Participate in conducting special reviews and undertakes administrative duties as directed by Head of Internal Audit.
• Supervise audits in accordance with the approved RCM and professional standards on internal auditing.
• Ensure tasks assigned to junior staff are adequately performed and deliverables are in accordance with ADNOC Internal Audit procedures and quality standards.
• Identify high risk areas and key control points of the system to be reviewed.
Audit Reports
• Prepare audit report with conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems and the efficiency with which activities are carried out. Recommend improvement options to rectify reported deficiencies, for Section Head / Department Manager’s review.
• Recommend practical enhancements in IT governance, risks and control processes to assist in the achievement of the company business objectives.
• Follow-up on replies to issued draft and final audit reports and review the adequacy of the corrective actions taken on audit recommendations / improvement options.
• Assist in the periodic reporting to the Audit Committee and Senior Management on internal audit activities, performance, significant risk exposures, controls/governance issues and other related matters.
Coordination
• Assist the Secretary of the Audit Committee in arranging Audit Committee meetings, preparing the agenda, and minutes of meetings (MOMs) and reporting on Corporate Governance Framework, General Controls and other related issues as prescribed in the Audit Committee Charter.
• Conduct workshops or presentations to create awareness about IA function and demonstrate value addition across the ADNOC.
• Communicate identified issues with Internal Audit management to ensure potential high risk area of concerns are addressed in a timely and effective manner.
• Provide professional advice on Group Companies’ Audit Committee Charter,
IA Charter and IT Audit Methodology/Procedures. Provides assistance in the establishment of the Group Audit Committees/IA functions and related governance, when assigned.
• Participate in initiating and coordinating the Group-wide specialized professional training programs.
• Conduct research and benchmarking to resolve audit issues, identify gaps and support IA function.
Supervision
• Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.
• Train and develop the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.
Budgets
• Provide input for preparation of the Function / Department / Section budgets, assist in the implementation of the approved Budget, and work plans to deliver Section objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.
Policies, Systems, Processes & Procedures
• Implement approved Function/ Department/ Section policies, processes, systems, standards and procedures in order to support execution of the work programs in line with Company and International standards.
Performance Management
• Contribute to the achievement of the approved Performance Objectives for the Function/ Department/ Section in line with the Company Performance framework.
Innovation and Continuous Improvement
• Design and implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with best industry standards in order to define intelligent solutions for issues confronting the function.
Health, Safety, Environment (HSE) and Sustainability
• Comply with relevant HSE policies, procedures, controls, applicable legislation, and sustainability guidelines in line with international standards, best practices and ADNOC Code of Practices.
Reports
• Provide inputs to prepare MIS and progress reports for Company Management.
• Regular Contacts with operational level management within all auditable departments throughout ADNOC.
• Frequent contacts within ADNOC at all levels of Management up to SVPs/Directors with respect to audit programs, the conduct of the audits, audit reports, findings and recommendations.
• Regular contacts with Management within the assigned ADNOC Group Companies up to Manager level with regards to the Group Company audits.
• Occasional Contacts with Internal Audit Service Provider(s) to coordinate audit activities, when required.
• Occasional Contacts, as required, with Abu Dhabi Accountability Authority (ADAA) regarding government audits.
• Occasional Contacts with ADNOC External Auditors and other assurance providers to ensure adequate audit coverage and minimize duplicate efforts.
• Regular contacts with ADNOC Group Companies’ Internal Audit Managers with respect to knowledge sharing of audit standards, frameworks, methodologies, policies, processes and coordination across ADNOC Group Companies.
Bachelor Degree in Computer Science or related IT discipline, Finance/ Auditing or equivalent discipline
• 8 years of relevant experience in IT internal auditing, with varied experience in oil and gas operations and their inherent challenges/risks in the context of corporate function.
• In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, ISO27000, NIST) and their interpretation/application to IS/IT auditing practice.
• Experience in managing and tracking time for different Internal Audit related activities.
• Awareness/knowledge of Operational Technology (OT) processes and systems
• In-depth knowledge of IT processes including, but not limited to, system development, infrastructure review, access right management and change management.
• Expertise in collecting and analysing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions
• Extensive knowledge of planning and project management areas
• Advance technical knowledge of different operating systems, databases, network infrastructure components (routers, switches, firewalls etc.) and ERP.
• IT audit certification, CISA, is mandatory.
• Other related certifications (CISSP, CISM, GIAC, etc.) are preferred.
Physical Effort
Minimal
Work Environment
Normally air-conditioned office environment, however exposed to prevailing weather conditions while in the operating sites / field visits.
Job Family / Sub Family: Governance/Audit