Senior IT Audit Manager

The National Audit Office (NAO) supports Parliament to hold the government to account for the way public services are delivered. Our primary role is to scrutinise public spending for Parliament. We do this by certifying over 400 government accounts and produce around 65 Value for Money (VFM) reports each year. The bodies the NAO audits are investing in IT systems to address the challenges they face in fulfilling their role. This includes investing in new finance systems and related support systems. These investments mean that, increasingly, the NAO's financial audits are relying on automated controls, necessitating increased requirements for IT Audit to support the NAO's audits of financial statements. As such this role will provide the opportunity to work with organisations operating large complex IT platforms and undertaking major technology enabled transformations so will provide the opportunity to develop technical and business skills which will provide significant opportunities for future advancement both within and outside the NAO. The Senior IT Audit Manager will be joining an existing team made up of an IT Audit Director and three other Senior IT Audit Managers. This senior team has access to a group of 19 IT Auditors comprised of experienced professionals and trainees to deliver work across around 50 different audited bodies covering all areas of the NAO's financial audit base. The Senior IT Audit Managers will support the IT Audit Director and the Senior IT Audit Managers in planning and delivering an annual programme of IT audit work to support the external statutory financial audit of the NAO's audited bodies. The NAO is also seeking to build the level of IT audit skills across the organisation, so the Senior IT Audit Managers will also have an important role in developing the skills of both IT Audit Specialists and non-specialists. Given the relatively small IT Audit Team, in relation to the size and complexity of the external central government bodies the NAO audits, the Senior IT Audit Manager would also be required to take on a share of the hands-on delivery work for IT audit, especially in the more complex areas.,

• Supporting the IT Audit Director in the development of IT Audit within the NAO
• Supporting the development and planning of the annual programme of IT audit work and monitoring the delivery of that IT audit plan
• Delivery of specific IT audit engagements
Development of quality IT Audit within the NAO
• Assisting with review and updating of the overall IT audit development strategy
• Assisting with developing IT audit skills of both IT Audit Specialists and financial audit teams on IT audit matters
• In conjunction with the IT Audit Director and Senior IT Audit Managers, reviewing the outcome of the annual audit quality review processes and then developing appropriate responses to ensure that any quality related issues are effectively responded to on a timely basis
• Designing, developing, planning and delivering a programme of IT audit specialist training
• Providing insight on IT matters to the wider office e.g. through such means as "lunch and learn" sessions, developing guidance notes, attending team meetings
• Assisting in developing IT audit approaches that respond to new and emerging technologies and related risks arising from IT
• Assisting in the review and development of the NAO's IT audit methodology, and supporting tools and documentation, to ensure that the methodology remains up to date and delivers the highest quality audit in an efficient and effective way
Supporting the planning and delivery of the annual IT audit work programme
• Responsible for a portfolio of IT audits, with overall responsibility for ensuring the provision of appropriate IT support to that portfolio and the delivery of high quality IT audit work.
• Working with the Senior IT Audit Managers to: develop an annual plan of IT audit work to be delivered; to develop the resourcing plan to support the delivery of the annual plan; to ensure appropriate processes are in place to monitor quality and delivery of the annual IT audit plan and to respond proactively to any delivery or quality issues arising
• Collaborating with the Financial Audit Data & Analytics Operations Team and our Data Analytics Research Team (DART) to ensure that the wider NAO is provided with guidance on how to use technology to ensure the most effective delivery of IT audit work that adds the most value.
Delivery of specific IT Audit engagements
• Working with individual financial audit teams to scope and plan the IT audit work that needs to be done to support reliance on automated controls and / or IT dependent manual controls i.e. mitigate identified risks arising from IT in relation to financial statement audit;
• Establish and build excellent relations with audited bodies' staff i.e. briefing on the IT audit work to be done and the reason for doing this, on-going engagement and maintenance of those relations with a view to adding value at all levels, including at senior levels e.g. C-Suite / Those Charged With Governance.
• Hands-on involvement in all aspects of the delivery of audit work, including: management of the IT audit team; requesting and gathering sufficient and appropriate audit evidence; coaching of staff; review of IT audit work done to ensure work done to appropriate quality standards; reaching conclusions on the level of assurance that can be obtained over IT controls / whether the risks have been mitigated based on outcome of testing.
• Drafting reports for both audited body staff (including Those Charged With Governance) and the financial audit team to communicate the results and possible impact from IT audit testing and to address any issues arising with proposed recommendations for enhancement to controls and processes.
  
  UK Nationals
• Nationals of Commonwealth countries who have the right to work in the UK
• Nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS), A strong academic background. We will need to see evidence of academic achievement which may be through attendance at university, or similar institution.
• At least 5 years of IT audit experience at a managerial level, with a significant portion of that experience arising from IT audit work in support of the financial audit.
• An IT audit qualification (e.g. CISA) is preferred, but evidence of strong practical experience of delivering IT audits in support of the financial audit is more important than a qualification.
• Experience of working on clients with large complex systems. Experience in Oracle and SAP systems would be of particular interest.
• A formal finance qualification would be an advantage (e.g. CCAB), but evidence of a good understanding of accounting concepts enabling you to understand the impact of issues identified can achieve the same.
Abilities
• Strong understanding of how IT audit supports the financial audit and the factors that ensure high quality IT audit work
• Proven technical skills on the audit of IT systems. We would be looking for technical strength (in the context of the financial audit) in some of the following: Active Directory, Azure AD / Entra ID, Unix, Oracle, SAP, Microsoft Dynamics, SQL.
• Experience of both hands-on delivery of IT audit work and acting as first stage reviewer to ensure quality IT audit work, pre-empting challenges arising from second-stage, internal and external quality reviews.
• Experience of managing a team of IT auditors to ensure the efficient delivery of high-quality IT audit work.
• Experience of working with and advising financial audit teams, interpreting the results of IT Audit work (whether from internal or external third-party) assurances.
• Experience of drafting reports for client management on matters arising from IT audit work done
• Experience of working with senior level client IT management
• Experience in developing and delivering training on IT audit and related matters.
• Understanding of end-to-end business processes (e.g. Order to Cash; Purchase to Pay; Record to Report, Hire to Retire) and how IT systems and controls fit into and add / mitigate risk in these processes.
• Experience of testing IT dependent controls, particularly as part of end-to-end business processes (e.g. SOx testing)
• Experience of identifying, documenting, evaluating and testing supporting general IT controls required to support the effective operation of IT-dependent controls.
Attributes
• Intellectual curiosity, especially about technology and business process related matters
• Work co-operatively, collaboratively and inclusively as part of a team
• Positive "can do" attitude showing drive and determination to overcome obstacles, resistance or challenges in order to achieve goals
• Good communication skills and ability to flex these/interpret complex IT issues to address the various audiences from junior audit staff through to senior level client staff
• Commitment to personal development and keeping technical skills up to date
• Be an excellent role model, able to motivate and inspire individuals and teams to deliver to the best of their abilities while demonstrating the NAO's core values and behaviours
• Act as a mentor to team members providing desk training and pastoral support in assisting them to achieve their personal and professional development objectives.
• At all times represent the NAO in a positive light to our stakeholders both nationally and internationally.
  
  The National Audit Office (NAO) is the UK's main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects and activities. We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ some 950 staff, most of whom are qualified accountants, trainees or technicians. They work in one of two main areas, financial audit or value for money (VFM) audit.
The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people have the opportunity to develop and maximise their full potential. As members of the Business Disability Forum and Two Ticks Disability Scheme we guarantee to interview all disabled applicants who meet the minimum criteria. The NAO supports flexible working, with a minimum number of days required in the office, and is happy to discuss this with you at application stage.