Supports achievement of the corporation's business objectives by performing extremely complex, high risk audits involving multiple departments and providing project leadership and risks and controls advice on multiyear companywide programs spanning 3-10 years in length. Includes identifying opportunities for broader controls and risk mitigation improvements across multiple departments.
Provide proactive control advice to senior management on companywide risk management frameworks, policies, controls design, processes and procedures, systems under development, and company initiatives.
• Reporting of results (presentations, written reports) is to varying levels of CP management up to the level of Executive and the Audit Committee of the Board of Directors and as required to external parties.
• Lead significant high risk audit projects which may include selecting and directing Senior Auditors, Auditors, and/or consultant project resources which may change over the course of the multi-year projects. Coach and mentor Senior Auditors, Auditors, campus graduates, summer students, and Rotational Candidates ( from CP IT or business departments)
• Identify emerging and current business risk and evaluate approaches to minimize corporate risk. Provides control advice to CP senior management in subject areas as a subject matter expert to add value to management’s various corporate wide initiatives.
• Provide multi-year controls advice for all aspects of complex high risk computer applications (both in production and in development ( e.g. SAP – expanded footprint, train control systems, web based applications) and the related technical infrastructure (internet/extranet networks, cloud computing, computer operating systems, networks (voice, data, trackside), database management systems, Firewalls and mobile computing/communication devices, etc)
• Act as an Internal Audit department representative to Executive Management or the Audit Committee of the Board of Directors on multiyear companywide initiatives or large system development projects spanning 3- 10 years. Also acts as alternate when Director is not available.
• Improve the effectiveness of business controls using automated tools (ACL, SAS ) and maintain/enhance the use of audit tools (GRC, SAP time reports) for audit planning, reporting and conducting audits.
• University undergraduate degree (Finance, Commerce, Accounting, Computer Science, Mathematics, Engineering preferred) or equivalent work experience. Will depend on the area of Audit. Graduate degree or post-graduate designation preferred
• Professional designation/certification in Audit, Accounting, Engineering or IT required (e.g. CIA, CISA, CFE, CA, CPA, CMA, P. Eng., Oracle, CISSP)
• Minimum 10 years of auditing or related IT business experience, preferably in a large public company with complex regulated multi-jurisdictional/ international businesses
• Broad knowledge of risk and control frameworks (COSO,ERM,COBIT, ISO standards)
• Excellent analytical skills ( SAS, ACL user is an asset)
• Broad complex computer client server experience (UNIX, Windows NT or Windows 2000 knowledge) and knowledge in the majority of IT areas such as networks, programming, systems analysis, security, IT systems project management or IT quality assurance is required. Web applications experience, database administration or server support/administration would be useful. SAP knowledge or related audit experience would be a definite asset.