Description:
Ideal candidate would have the equivalent of a Big Four manager experience, and must have the appropriate level of knowledge across both Accounting/Business Process controls and ITGCs as they will be expected to assist in both areas depending on need.
To provide internal control guidance, evaluate control effectiveness, and recommend improvements to control-related practices across NFCU business process and IT systems and applications. Research and establish new practices to ensure credit union control alignment with a Section 404 of the Sarbanes Oxley Act (SOX) like environment. Work closely with key business partners to understand processes, financial statement risks, and key financial controls to reduce the risk of financial misstatement. Collaborate with business units to mitigate risk by virtue of new control-centric processes and automation. Responsible for gathering data, creating reports, documenting and assessing Internal Control over Financial Reporting (ICFR), and producing evidence of control operational and design effectiveness for facilitate the delivery of auditable evidence to internal and external auditors. Lead complex/unusual tasks of considerable impact that require advances analysis.
Responsibilities
- Lead multi-disciplinary control initiatives to evaluate controls (business process and IT) and ultimately transform any control gaps into mature control environments
- Evaluate the operational performance of existing controls and devise remediation strategies that align control performance with the appropriate risk mitigation methodology
- Gather and review existing policies, process narratives, and process models to develop insight into the current state of business processes and IT systems and applications
- Partner with external and internal auditors establish audit scope, evidence, priorities and testing procedures that will serve as the foundation for the subsequent audit execution strategy
- Design, develop, and implement Key Control Matrices (KCMs) that summarizes a broad range of business processes into a control-centric and executive-ready audit deliverable
- Creates and recommends remediation plans for existing ICFR related Information Technology General Computer (ITGC) controls to address control gaps in design effectiveness
- Validate and update SOX documentation (e.g., Business Process Modeling Notation [BPMN] modes, process narratives, and KCMs) as needed to ensure accuracy and completeness
- Identify industry best practices associated with risk management and develop subordinate qualitative and quantitative methodologies needed to address those risks using effective controls
- Produce detailed timelines and milestones for control-related project the enables external tracking and performance appraisal
- Review results from control and substantive testing to facilitate the remediation of control gaps and escalate possible critical issues to senior management
- Lead project teams that resolve highly technical and complex preventative, detective, or corrective control problems
- Serve as resource for the resolution of complex and/or unique problems
- Ensure preventative, detective, and corrective controls are properly identified and aligned with business priorities such that new controls have an insignificant negative impact on the successful realization of business objectives
- Solve control-related business problems by defining the problem, interviewing stakeholders, identifying and evaluating alternatives, and presenting findings
- Identify business areas that may benefit from SOX 404 or industry best practices as applicable
- Perform other related duties as assigned
Qualifications
- Significant experience that commensurate with what SOX 407 describes as "expert": Advanced knowledge of SOX including GAAP principles, financial statement preparation, and internal accounting controls
- Significant experience with General Ledger (GL) technology including but not limited to data integration, accounting rules engines, and financial data hubs/warehouses/marts
- Significant experience re-designing processes to be consistent with SOX 404 guidance and partnering with business unit personnel to complete the transformation
- Significant experience with extracting and documenting information technology application control/process information (e.g., access controls lists, change controls, segregation of duties, etc.)
- Extensive experience in problem resolution including determining root cause, scope and scale of issues
- Significant in leading large projects/initiatives which have business risk and impact
- Extensive experience in managing multiple priorities independently and/or in a team environment to achieve goals
- Experience in leading, guiding and coaching professional staff
- Extensive experience that demonstrates the ability to research, compile, and document data, business processes, and workflow
- Desired - Certified Public Accountant (CPA) designation
- Desired - Certified Internal Auditor (CIA) designation
- Desired - Certified Information Systems Auditor (CISA) designation
- Advanced knowledge of databases (Oracle/DB2/SQL Server) and queries (SQL), data analysis skills, report mining experience (Monarch/IDEA), and process modeling (BPMN) experience
- Advanced skill presenting to stakeholders & management
- Expert skill interpreting and synthesizing large amounts of information
- Advanced skill in project management to include establishing and leading project teams; managing timelines/deadlines/resources; ensuring successful project implementation
- Advanced skill analyzing and organizing problems or work processes for technical solutions
- Advanced skill presenting findings, conclusions, alternatives and information clearly and concisely
- Advanced skill interacting with staff, management, vendors and members diplomatically and tactfully
- Bachelor's degree in Accounting, or related field, or the equivalent combination of experience, education and training