* Scope of Services
* Internal Controls Framework (ICF): The IT Department operates circa 80 Internal Controls over Financial Reporting. The role includes monitoring compliance for ICF controls in order to flag controls that are at risk of failing earlier, documenting operating procedures for ICF controls in order to be used as reference documents for the teams and auditors. Testing of control operation in line with the bank’s ICF testing methodology.
* Risk Register: Raising issues related to non-compliant controls in the banks Risk Register system, agreeing remediation actions with owners and monitoring progress of remediation.
* SWIFT CSP attestation: Assistance in gathering evidence and testing of controls in support the annual SWIFT CSP compliance assessment.
* Audit: assisting the external audit process by collecting evidence related to ICF controls in order to reduce duplication on IT teams.
* Deliverables
* Documentation of ICF control operating procedures.
* ICF control monitoring, follow up with control owners in order to ensure timely remediation of any failures.
* Completion of control testing to validate compliance in line with the bank’s ICF testing methodology
* Assist in documenting control deficiency waivers and risk acceptances where required in line with the existing risk acceptance procedures.
* Update the IT Risk Register, liaise with issue and action owners in order to ensure timely completion of actions.
* Documentation of risk and compliance processes and creation of templates for new processes including guidance.
* Liaise with external auditors, tracking evidence requests to ensure timely responses.