Internal Auditor
Shanghai, CHINA Auditing
Job description
Richemont owns some of the world’s leading luxury goods Maisons, with particular strengths in jewellery, fine watches and premium accessories. Each Maison represents a proud tradition of style, quality and craftsmanship and Richemont seeks to preserve the heritage and identity of each of its Maisons. At the same time, we are committed to innovation and designing new products which are in keeping with our Maisons’ values, through a process of continuous creativity.
JOB TITLE: INTERNAL AUDITOR
REPORTING TO
Department: Richemont Internal Audit (RIA)
Direct report: Head of Internal Audit, Digital & YNAP, in Milan office
LOCATION: Shanghai
MAIN PURPOSE
Richemont Internal Audit is a Group function reporting to the Audit Committee of the Compagnie Financière de Richemont Board. It is independent of all other functions and its overall mission is to provide to the Audit Committee and Management with independent assurance that risks with adverse impact on the achievement of Richemont objectives are promptly identified and adequately and effectively managed. This should happen with the aim to improve the organisation’s activities and control framework, protect and add shareholder value. The scope of activity includes the operations of Compagnie Financiere Richemont SA, a Swiss listed company, and all operating companies within the Group.
The department uses a risk register derived from and supporting the overall Group Enterprise Risk Management concept to conduct its engagements in the following fields:
· Risk assessments & Business Processes
· Business and Financial Controls
· Retail and Compliance
· Project Assurance
· Special Investigations (ad hoc, fraud, post-acquisitions, etc.)
The department comprises of the Group Head of Internal Audit and a Management & Team currently falling into four centres of excellence. One of them relates to the creation of a dedicated approach for IT and Digital audit globally. It is in combination with the needs to reinforce audit capabilities to support Richemont’s digital development after the acquisition of YNAP and Watchfinder&Co and the JV with Alibaba that the underlying job offer of INTERNAL AUDITOR is made.
This job ideally will suit an organized person with a great balance between a good overall understanding of business context and the motivation for detailed focus at transactional level, all this paired with plenty of team spirit. As the relay of a world-wide operating team in the major markets, the Internal Auditor ensures regular assessment of digital processes and control effectiveness across the organisation, thus also increasing control awareness of its various stakeholders. Furthermore, the Internal Auditor supports the increased need for IT audit, in particular by providing assurance that Technology objectives align with/and support the achievement of the wider group strategic objectives. Furthermore, ensuring that Technology organisation and processes are efficiently and effectively designed and operating, and that sound controls over digital operations as well as information and privacy security are embedded in the systems development lifecycle. This can also be done in the wider context of the annually planned Internal Audit cycle comprising Maison and Platform audits.
KEY RESPONSIBILITIES
Key responsibility 1: IT and DIGITAL AUDIT
Conduct a regular and operational review of the e-commerce and digitally enabled processes, information technologies and information security matters for continuous control improvement and increased risk awareness.
· Ensure appropriate understanding and full coverage of e-commerce and digitally enabled processes, information technologies and information security matters, data privacy. Elaborate a comprehensive and efficient digital/e-commerce and IT audit planning.
· In coordination with the Head of Internal Audit, Digital & YNAP, develop and maintain the risk assessment for Digital/E-Commerce and contribute to the development of the Information Technology (including audit tools) and Cyber Security knowledge and capabilities of the department.
· Conduct audits or lead audit teams in performance of IT audits and reviews of systems, applications and IT processes. These include;
· Perform pre and post- implementation reviews of system implementations or enhancements.
· IT security audits (e.g. network, operating system and data center), including evaluating if security vulnerabilities are properly identified and mitigated.
· Evaluate information general computing controls and provide value added feedback. Test compliance with those controls. Coordinate with ICS teams as applicable.
· Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.
· Maintain close relationship with Technology / Data & Analytics / Security and Cyber Resilience / Privacy / ICS and Legal departments, to keep the internal audit department up to date on new technology, cybersecurity and compliance topics and for the purpose of potential joint activities.
· Develop, build & implement tools to analyse data to improve audit efficiency and effectiveness, (including for risk assessments).
Key responsibility 2: INTERNAL AUDITS and PROJECT MANAGEMENT
Be a referent in terms of controls also on other internal audit assignments and through project activities.
· Conduct independent financial and operational audits in accordance with the global plan approved by the Audit Committee.
· Support the Markets and Shared Services with advice through participation in control related projects.
· Identify, analyze and report on risks, control weaknesses, compliance issues, corrective actions and provide sound recommendations for solutions.
· To participate in the development of the RIA function, and more specifically to enhance the department’s skills base through projects with other team members.
PROFILE
Education
· University degree in Finance / Controlling or Computer Science
· 6-8 years of work experience as an IT Auditor (big 4 as a plus)
· Fluent in English and the local language of employment site, French a plus
· Understanding of multiple technology domains including software development, Windows, database management, networking, software development methodologies (particularly Agile and Waterfall).
· Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations.
Main Technical Competences
· Certified Information Systems Auditor (CISA) (essential).
· Clear understanding of IT audit methodologies.
· Excellent communication and persuasive presentation skills (English reporting)
· Computer literate, knowledge of SAP and data extraction tools is a strong asset
Main Personal Skills
· Empathy and Team Spirit
· Cultural versatility with an international perspective in a complex organisation
· Analytical, ability to synthesize and discern facts from opinions
· Flexibility: willing to travel 30-50% of the time
· Autonomous and well organised
CARREER PATH AND PERSPECTIVES
The career path within RIA relies upon the skills, motivation and performance as well as a predefined internal career plan, including promotions to Business Risk Auditor, Senior Internal Auditor, Senior Business Risk Auditor, etc. Audit Management will closely accompany the internal auditor in this journey, allowing the person to familiarise with the various businesses and processes in this exiting Group.
The fast-paced and supportive environment at RIA will offer the candidate never ending opportunities for development on the job, but also within the team retreats or external training. These benefits for the future career will then hopefully serve as a stepping stone and facilitate a management career within operations or corporate functions in the wider Richemont world, as already proven by many former internal audit colleagues!