Roles: The Head of Internal Audit is responsible for managing the internal audit function including areas of corporate governance, risk management and process improvement. S/he is to provide independent assurance that the governance, internal control and risk management processes of the Authority are running effectively. Advising the Authority on the management of risk including the design, implementation and operation of systems of internal control and promote risk and control concepts is part of the role. S/he is required to enhance the efficiency and effectiveness of risk and control management by identifying opportunities to save on costs and avoidance of operational losses.

Major Responsibilities:
(a) Identify and prioritize potential risk areas the Authority will be facing in both short-term and long-term, develop and propose the 3-year internal audit plan to the Audit Committee;
(b) Oversee the planning and execution of risk-and-effectiveness-based audits and routine audits as well as manage co-sourced audits;
(c) Follow up the implementation status of audit recommendations for internal audits to ensure audit suggestions are compiled and adopted in different divisions to prevent/correct risk areas;
(d) Perform risk assessment by analysing and identifying current risk areas and anticipating potential risk areas that are affecting the Authority;
(e) Maintain the risk register, gather necessary information from different divisions to update the risk management system and risk inventories and alert management/division with the potential risk identified;
(f) Evaluate the Authority’s measures and capability of handling risks, develop measures, instruments and processes to enhance the risk management process of the Authority;
(g) Generate and apply preventive and corrective measures to ensure risk management procedures are improved and enhanced and keep track, review and update the process of implementation;
(h) Oversee and monitor the ISO 9001 annual internal and external audit exercises; and
(i) Design, maintain and conduct the internal control self-assessment on a regular basis, present the Audit Committee with report findings, alert the management with potential internal control risk and provide them with professional advice & recommendations.

Requirements:
(a) A recognized university degree in Accounting, Finance, Business Administration or related discipline, a higher degree in the related area is preferable;
(b) Professional qualification in accounting or internal auditing or risk management is required, e.g. qualified accountant, Certified Internal Auditor;
(c) Substantial experience in internal auditing and risk management, at least 8 years of which should be at a managerial level in a sizeable organisation or public sector;
(d) Conversant with international best practices in internal auditing and risk management;
(e) Strong analytical thinking, with knowledge and experience in benchmarking analysis, able to draw good insight and recommendations from results;
(f) Good understanding of ISO standards, preferably with relevant qualification;
(g) Excellent communication, presentation and interpersonal skills; and
(h) Proficiency in both written and spoken English and Chinese.