Internal Audit Manager

Position Summary

The Internal Audit Manager is responsible for leading and managing internal audit assignments across a Holding Company and its subsidiaries, divisions, and business units.

The role covers a diversified holding-company environment where audit needs may differ by entity. Some entities may have their own internal audit function, some may require partial audit support, and others may require full-scope internal audit coverage.

The Internal Audit Manager will be assigned to specific entities, divisions, or audit areas by the Chief Internal Auditor and will be responsible for audit planning, execution, reporting, team supervision, follow-up, and control improvement recommendations.

Key Responsibilities

Audit Planning and Risk Assessment

• Support the Chief Internal Auditor in preparing and updating the annual risk-based audit plan.
• Assist in maintaining the Group Audit Universe across entities, divisions, functions, and key processes.
• Conduct risk assessments for assigned entities and audit areas.
• Identify key operational, financial, compliance, governance, fraud, technology, and strategic risks.
• Define audit scope, objectives, testing approach, timelines, and required resources.
• Recommend the appropriate audit coverage model for each entity, whether standalone, partial, full-scope, targeted, or special review.

Audit Execution

• Manage audit engagements from planning to fieldwork, reporting, and follow-up.
• Lead opening and closing meetings with management and process owners.
• Review policies, procedures, approvals, contracts, system reports, reconciliations, and transaction records.
• Supervise audit fieldwork and ensure proper testing, evidence collection, and documentation.
• Review audit findings to ensure they are valid, evidence-based, risk-focused, and clearly presented.
• Challenge weak controls, incomplete evidence, unclear explanations, and insufficient management responses.
• Escalate significant control failures, suspected fraud, regulatory breaches, repeated issues, or management resistance to the Chief Internal Auditor.

Multi-Entity and Divisional Audit Coverage

• Manage audits across different entities, divisions, and business units within the holding structure.
• Adapt the audit approach based on each entity’s size, complexity, maturity, risk profile, and internal audit capability.
• Coordinate with entities that have their own internal audit departments where required.
• Provide partial or full audit coverage for entities without sufficient internal audit resources.
• Lead cross-divisional audits covering common Group processes.
• Identify repeated weaknesses across entities and recommend Group-level improvements.

Internal Control and Governance Reviews

• Evaluate the design and operating effectiveness of internal controls.
• Assess control gaps, segregation of duties, approval limits, documentation quality, system access, reconciliations, and policy compliance.
• Review operational, financial, compliance, and governance controls.
• Recommend practical improvements to strengthen controls, reduce risk, and improve process discipline.
• Ensure recommendations are suitable for the size, nature, and complexity of each business.

Audit Reporting and Follow-Up

• Prepare clear and professional audit reports for review by the Chief Internal Auditor.
• Draft findings covering issue, risk, root cause, impact, recommendation, management response, owner, and target date.
• Classify findings by risk level or severity.
• Discuss audit findings with management before finalization.
• Track management action plans and verify implementation.
• Escalate overdue, repeated, partially implemented, or ineffective corrective actions.
• Prepare periodic audit status and follow-up updates.

Team Leadership

• Lead and supervise assigned audit team members.
• Allocate audit tasks based on capability, experience, and engagement requirements.
• Review audit workpapers, evidence, testing procedures, and draft findings.
• Coach auditors and provide technical guidance and feedback.
• Monitor team performance, productivity, quality of work, and professional conduct.
• Support the development of audit staff through training, mentoring, and on-the-job coaching.

Quality Assurance and Methodology

• Ensure audit work complies with the Internal Audit Department’s methodology, templates, and documentation standards.
• Ensure workpapers are complete, organized, reviewed, and supported by sufficient evidence.
• Support the department’s Quality Assurance and Improvement Program.
• Contribute to improving audit tools, templates, reporting formats, risk assessment methods, and follow-up trackers.

Special Reviews and Investigations

• Lead or support special reviews, investigations, and sensitive assignments as directed by the Chief Internal Auditor.
• Review suspected fraud, misconduct, policy violations, procurement abuse, inventory losses, cash shortages, unauthorized approvals, document manipulation, or control failures.
• Maintain strict confidentiality and evidence-based documentation.
• Coordinate with Legal, HR, Finance, IT, Compliance, or external specialists where required.

Data Analytics and Technology-Enabled Auditing

• Use data analytics to improve audit coverage and identify exceptions.
• Analyze sales, collections, receivables, payables, inventory, payroll, procurement, credit, discounts, approvals, write-offs, and system access data.
• Identify red flags such as duplicate payments, unusual vendors, excessive discounts, manual overrides, abnormal margins, overdue receivables, inventory shrinkage, and unauthorized transactions.
• Work with IT and business teams to obtain reliable data from ERP and other systems.

Required Qualifications

• Bachelor’s degree in Accounting, Finance, Business Administration, Risk Management, Internal Audit, or a related field.
• Master’s degree is an advantage.
• Professional certification is preferred, such as CIA, CPA, SOCPA, ACCA, CISA, CRMA, CFE, CA, or CMA.

Required Experience

• 8–12 years of experience in internal audit, external audit, risk assurance, compliance, governance, finance controls, or business process controls.
• At least 3–5 years of experience leading audits or managing audit teams.
• Experience in a holding company, diversified conglomerate, family business group, or multi-entity environment is strongly preferred.
• Experience auditing multiple industries or business models is preferred.
• Big Four or major professional services experience is an advantage.
• In-house internal audit experience is strongly preferred.
• Experience with ERP systems, audit management tools, and data analytics is preferred.
• Experience in Saudi Arabia or the GCC is preferred.
• Experience in investigations or special reviews is an advantage.

Required Skills and Competencies

• Strong knowledge of internal audit, risk-based auditing, internal controls, governance, risk management, and compliance.
• Ability to lead operational, financial, compliance, and governance audits.
• Strong understanding of segregation of duties, delegation of authority, approval workflows, reconciliations, inventory controls, procurement controls, revenue controls, and financial close processes.
• Strong audit planning, fieldwork, workpaper review, and report-writing skills.
• Strong analytical, problem-solving, and critical-thinking skills.
• Ability to challenge management professionally and constructively.
• Strong leadership, communication, presentation, and stakeholder-management skills.
• High level of integrity, independence, objectivity, confidentiality, and professional judgment.
• Strong Microsoft Excel skills.
• Knowledge of Power BI, SQL, ACL, IDEA, ERP reporting tools, or audit management systems is an advantage.
• Knowledge of Saudi regulatory requirements, SOCPA-related requirements, ZATCA-related processes, and corporate governance expectations is an advantage.