Job Purpose

Perform assigned audit engagements, from start to finish, inclusive of preplanning, wrap up activities ensuring application of risk and control concepts to scenarios encountered, and identify any potential issues.
Assist in the periodic Risk Assessments and development of the Risk-Based Work Plans focusing on IT risks.

Job Specific Accountabilities (Part 1)

Professional Ethics
• Assist in initiating/promoting the establishment and continuous improvement of the Corporate Governance Framework including Enterprise Risk Management, Corporate Code of Conduct, Ethics and Values.
Internal Audit Plan

• Develop the audit universe to ensure it covers Digital Systems & Solutions (DS&S) risks in line with the other D&T risk areas (such as Digital governance, process, infrastructure, information systems/security, interfaces/connectors and emerging technologies) that could affect the ADNOC Business operations.
• Review and update the D&T audit universe specially for Digital Systems & Solutions.
• Develop and implement strategic initiatives of One ERP Assurance Plan and other Business Applications / Business Solutions Plan and support other strategic initiatives (such as Infrastructure, OT and Process enhancements) that impact the group-wide audit plans and oversee the execution to ensure it fulfills the objectives.
• Coordinate with AGCs and verify for adequacy of coverage of the DS&S universe and risks and ensure that AGCs audit plans incorporate the objectives of Group Assurance plans.
• Provide relevant business and technology insights into the current, emerging & potential technology issues, trends & opportunities affecting AGCs and BLDs. Provide input for the periodic reporting on Digital and Technology audit activities and performance relative to its plans, significant risk exposures, control/governance issues, and other related matters.
  Audit Execution
• Perform audits, advisory engagements, and other influencing activities in highly technical areas of current/emerging technologies within ADNOC and Group Companies.
• Develop a detailed audit program / Risk & Control Matrix (RCM) for the assigned audit, including the objectives, potential risk, key controls, audit procedures, and the use of audit techniques and tools to evaluate governance, risks, and controls processes, and submit audit program to the management for review and approval.
• Determine auditing procedures to be applied, including the use of Information Systems Audit Techniques, data analytics, statistical sampling method or others.
• Ensure that adequate working papers and all relevant information are continuously documented and updated in the automated Audit Management System in accordance with pre-defined templates and audit procedures.
• Identify, obtain, analyze and appraise related systems and evidentiary data/information.
• Appraise the adequacy of the corrective actions taken by management on audit recommendations through follow-up audits and periodically review and update the status of management action plans.

Job Specific Accountabilities (Part 2)

• Ensure that approved audit objectives have been met with adequate coverage of all relevant areas and sufficient audit evidence is obtained to support the conclusion and recommendations in accordance with professional audit standards.
• Participate in conducting special reviews and undertakes administrative duties as directed by Management.
• Identify high-risk areas and key control points of the system to be reviewed.
• Adapt the audit approach to the ever-changing technology landscape and deliver critical and complex technology audits that impact the group-wide internal controls.
• Lead the Technology auditors in the examination and analysis of records through executing audit program steps for the assigned audits.
• Supervise audits in accordance with the approved RCM and professional standards on internal auditing.
• Ensure tasks assigned to external or junior staff are adequately performed and deliverables are in accordance with ADNOC Internal Audit procedures and quality standards.
• Establish a Centre of Excellence for critical technology areas and provide on-going support within HQ and Group Companies during the execution of the audit deliverables.\

Audit Reports

• Prepare an audit report with a conclusion, expressing professional opinions on the adequacy and effectiveness of risk management, control systems, and the efficiency with which activities are carried out. Recommend improvement options to rectify reported deficiencies for Department Manager's review.
• Recommend practical enhancements in Digital and Technology governance, risks, and control processes to assist in the achievement of the company's business objectives.
• Follow-up on replies to issued draft and final audit reports and review the adequacy of the corrective actions taken on audit recommendations/improvement options.
• Assist in the periodic reporting to the Audit Committee and Senior Management within ADNOC and Group Companies on internal audit activities, performance, significant risk exposures, controls/governance issues, and other related matters.
• Perform quality assurance activities on digital & technology components during the entire audit cycle by ADNOC GC auditors and service providers.

Job Specific Accountabilities (Part 3)

Coordination

• Assist the Secretary of the Audit Committee in arranging Audit Committee meetings, preparing the agenda and minutes of meetings (MOMs), and reporting on Corporate Governance Framework, General Controls, and other related issues as prescribed in the Audit Committee Charter within ADNOC and Group Companies.
• Assist in the periodic reporting to the Audit Committee and Senior Management on Technology audit activities, performance, significant risk exposures, controls/governance issues, and other related matters within ADNOC and Group Companies within ADNOC and Group Companies.
• Conduct workshops or presentations to create awareness about IA function and demonstrate value addition across the ADNOC.
• Communicate identified issues with Internal Audit management to ensure potential high-risk areas of concern are addressed in a timely and effective manner.
• Provide professional advice on Group Companies' Audit Committee Charter,
  IA Charter and Technology Audit Methodology/Procedures. Provide assistance in the establishment of the Group Audit Committees/IA functions and related governance when assigned.
• Participate in initiating and coordinating the Group-wide specialized professional training programs.
• Conduct research and benchmarking to resolve audit issues, identify gaps and support IA function.
• Conduct workshops and presentations on dynamic and complex technology risks to the ADNOC Group Audit Council.
• Conduct advisory activities to improve the status of internal controls in the operational process of AHQ and AGC. Drive implementation of top-down initiatives that originate at the AHQ level, but implementation may span across the group.
• Challenge the status quo to bring continuous improvement over audit delivery.

Generic Accountabilities

Supervision

• Plan, supervise and coordinate all activities in the assigned area to meet functional objectives.
• Mentor and developed the assigned staff on relevant skills to enable them to become proficient on the job and deliver the respective section objectives.
• Plan and supervise AGCs auditors on relevant skills and enable them to fulfil the audit execution of respective technology.
• Evaluate the performance and capabilities of the auditors in AHQ and Group.
• Oversee and manage the Guest Auditor program to ensure successful delivery of the audit scope and objectives.

Budgets

• Provide input for the preparation of the Function / Department / Section budgets, assist in the implementation of the approved Budget, and work plans to deliver Department objectives.
• Investigate and highlight any significant variances to support effective performance and cost control.

Policies, Systems, Processes & Procedures

• Implement approved Function/ Department/ Section policies, processes, systems, standards and procedures in order to support the execution of the work programs in line with Company and International standards.

Performance Management

• Contribute to the achievement of the approved Performance Objectives in line with the Company Performance framework.

Innovation and Continuous Improvement

• Implement new tools and techniques to improve the quality and efficiency of operational processes.
• Identify improvements in internal processes against best practices in pursuit of greater efficiency in line with best industry standards in order to define intelligent solutions for issues confronting the function.

Generic Accountabilities (continue)

Internal Communications & Working Relationships

• Regular contacts with operational level management within all BLDs within ADNOC and Group Companies.
• Frequent contacts within ADNOC and Group Companies at all levels of Management up to SVPs/Directors with respect to audit programs, the conduct of the audits, audit reports, findings, and recommendations.
• Regular contacts with Management within the assigned ADNOC Group Companies up to Manager level with regards to the Group Company audits.
• Regular contacts with ADNOC Group Companies with respect to knowledge sharing of standards, frameworks, methodologies, policies, and processes across ADNOC and Group Companies.
• Participate in technology risk awareness presentations to senior management, including Group Companies' management and Audit Committees

External Communications & Working Relationships

• Occasional Contacts with Internal Audit Service Provider(s) to coordinate audit activities, when required.
• Occasional Contacts, as required, with Abu Dhabi Accountability Authority (ADAA) regarding government audits when required.
• Occasional Contacts with ADNOC External Auditors and other assurance providers to ensure adequate audit coverage and minimize duplicate efforts when assigned.

Minimum Qualification

• Bachelor's degree in computer science or related Technology discipline, or equivalent discipline.

Minimum Experience, Knowledge & Skills

• 8-10 years of relevant experience in D&T or IT auditing / application domain (SAP/ GRC), with varied experience in oil and gas operations and their inherent challenges/risks in the context of corporate function.
• Advance technical knowledge of enterprise/business applications landscape (SAP & GRC solution), operating system, process flows, database (Oracle / MS SQL) and underlined infrastructure.
• Sound knowledge with relevant experience in technology-related risks in emerging areas such as Cloud, Software as a Service (SaaS), Access Management, digitalization and automation (RPA, IoT, Power BI) etc..
• In-depth knowledge of DS&S processes, including, but not limited to, system/software development, infrastructure review, access-right management, and change management.
• In-depth knowledge of International Professional Practices Framework for IT Assurance/IT Assurance Framework (ITAF) and other related frameworks/standards (e.g. COBIT, ITIL, OWASP, ISO27001, ISO20000) and their interpretation/application to IS/IT auditing practice.
• Expertise in collecting and analysing complex data using data analytics tools, evaluating information and systems, and drawing logical conclusions.
• Extensive knowledge of planning and project management and SDLC areas.
• Experience in managing and tracking time for different Internal Audit-related activities.
• Awareness/knowledge of Operational Technology (OT) processes and systems

Professional Certifications

• IT audit certification, CISA, is mandatoryor willing to obtain within one year of joining.
• Other related certifications (CISM, COBIT, CDPSE, etc.) are preferred.
• Technical certifications (SAP, GRC, RPA, MCSA etc.) are desirable.

Work Condition, Physical effort & Work Environment

Physical Effort
Minimal
Work Environment
Normally air-conditioned office environment, however exposed to prevailing weather conditions while in the operating sites / field visits.

Additional Details

Job Family / Sub Family: Governance/Audit