Director of Internal Audit

Role Purpose & Context

Role Summary

The Director of Internal Audit (CQHS) is responsible for building and running our audit programme across all things Compliance, Quality, Health, and Safety. You'll set the annual audit plan, lead a team of experienced auditors, and make sure we're giving the board a clear, unbiased picture of our risk landscape. This isn't just about finding problems; it's about helping the business fix them before they become big, expensive headaches. You'll work at the intersection of regulatory requirements and operational reality, translating complex risks into actionable insights that our executive team can use to make better decisions. When this role is done well, we avoid major fines, prevent serious incidents, and maintain our reputation. If it's not, we could face significant legal penalties, operational shutdowns, or even tragic accidents. The challenge is balancing the need for independence with being a trusted advisor, often navigating tricky political waters. The reward is seeing your work directly contribute to a safer, more compliant, and ultimately more successful organisation.

Reporting Structure

• Reports to: Chief Audit Executive (CAE)
• Direct reports: Roughly 5-8 direct reports, including Senior Auditors and Leads
• Matrix relationships: Head of Internal Audit (CQHS), Audit Director, Compliance & Safety, VP, Internal Audit (CQHS),

Key Stakeholders

Internal:

• Chief Audit Executive (CAE)
• Executive Leadership Team (CEO, COO, CFO)
• Board Audit Committee
• Heads of Compliance, Quality, Health & Safety
• Legal Department
• Operations Leadership

External:

• External Auditors (PwC, Deloitte, EY, KPMG)
• Regulatory Bodies (e.g., HSE, Environment Agency)
• Industry Associations
• Key Suppliers and Partners

Organisational Impact

Scope: This role directly shapes the organisation's risk posture in critical areas like safety and regulatory compliance. Your insights drive executive decisions on control investments, operational changes, and strategic direction, ultimately protecting the company's licence to operate and its financial health. Get it right, and we're resilient. Get it wrong, and the consequences can be catastrophic for our people, our finances, and our brand.

Performance Metrics

Quantitative Metrics

1. Metric: Audit Plan Completion Rate
2. Desc: Percentage of planned audits completed within the annual cycle.
3. Target: 100% of the annual audit plan completed.
4. Freq: Quarterly and Annually
5. Example: If we planned 20 CQHS audits for the year and completed all 20, that's 100%. If two were pushed to next year, it's 90%. We aim for no deferrals without strong justification.
6. Metric: High-Risk Finding Remediation Rate
7. Desc: Percentage of high-risk audit findings that have been fully remediated by their agreed-upon due dates.
8. Target: Greater than 90% of high-risk remediation plans implemented by their due date.
9. Freq: Quarterly (tracked by Audit Committee)
10. Example: Out of 10 high-risk findings in Q1, 9 were closed on time. That's 90%. The one outstanding needs a clear explanation and revised plan for the Audit Committee.
11. Metric: Audit Budget Adherence
12. Desc: How closely the actual spend for the CQHS audit function aligns with the approved annual budget.
13. Target: Within ±5% of the approved annual budget for the CQHS audit function (excluding unforeseen, approved scope changes).
14. Freq: Monthly and Annually
15. Example: If your budget is £500,000, you should aim to spend between £475,000 and £525,000. Going over requires a good reason and prior approval.
16. Metric: Regulatory Non-Compliance Incident Reduction
17. Desc: The trend in the number of significant regulatory non-compliance incidents directly attributable to control weaknesses identified by internal audit.
18. Target: A year-on-year reduction of at least 15% in such incidents.
19. Freq: Annually
20. Example: If we had 4 major regulatory fines in 2023 linked to audit findings, we'd aim for 3 or fewer in 2024. This shows our work is preventing real problems.

Qualitative Metrics

1. Metric: Board Audit Committee Confidence
2. Desc: The level of trust and confidence the Board Audit Committee places in the internal audit function's reporting and insights.
3. Evidence: Consistently high ratings from Audit Committee feedback surveys. Committee members proactively seek your input on strategic risk matters. Your reports are accepted without significant challenge on factual accuracy or independence. They'll ask 'What does Internal Audit think about X?' in other meetings.
4. Metric: Executive Leadership Engagement
5. Desc: How actively and constructively executive leaders engage with internal audit findings and recommendations.
6. Evidence: Executive leaders respond promptly to audit reports, actively participate in closing meetings, and show a genuine commitment to addressing findings. They'll invite you to their leadership meetings to discuss risk, not just to present audit results. You're seen as a partner, not just a critic.
7. Metric: Team Development & Retention
8. Desc: The growth and stability of your direct reports and the broader CQHS audit team.
9. Evidence: High retention rates within your team (e.g., >85%). Positive feedback in annual performance reviews regarding development opportunities. Successful promotion of team members to higher levels within audit or the business. You're building a strong bench, not just filling seats.
10. Metric: Strategic Risk Foresight
11. Desc: The ability of the audit function to anticipate emerging CQHS risks and integrate them into the audit plan before they become critical issues.
12. Evidence: You're regularly presenting on emerging risks to the Audit Committee and executive team. Audit plans are proactively adjusted to cover new regulatory landscapes or operational shifts. The business often comes to you asking for your perspective on new risks, rather than you having to chase them.

Primary Traits

• Trait: Professional Skepticism (at a strategic level)
• Manifestation: You're the one who questions the assumptions behind the risk assessment presented by management. You don't just accept that a new control 'will fix it' without seeing a robust implementation plan and evidence of testing. You'll challenge the narrative, even from senior leaders, if the data or evidence doesn't stack up. It's about looking beyond the surface, asking 'what if this isn't true?' or 'what's the hidden agenda here?'
• Benefit: At this level, you're providing assurance to the Board. If you're not deeply sceptical, you risk rubber-stamping ineffective controls or missing systemic issues that could lead to major regulatory breaches or safety failures. Your independence and critical eye are our last line of defence against complacency.
• Trait: Diplomatic Tenacity (with executive presence)
• Manifestation: You can stand firm on a high-risk finding with the COO, even when they're pushing back hard, without damaging the relationship. You'll follow up relentlessly on critical remediation plans, but you'll do it in a way that encourages action, not resentment. It means being able to deliver bad news gracefully but firmly, ensuring the message lands and action is taken, even when it's uncomfortable. You're not afraid to challenge, but you know how to pick your battles and when to escalate effectively.
• Benefit: You're dealing with senior executives and board members who are busy and often defensive. Getting them to own and fix significant control weaknesses requires a delicate balance of persistence, respect, and clear communication. If you can't do this, findings get watered down, and risks remain unaddressed, undermining the entire audit function.
• Trait: Structured Strategic Thinking
• Manifestation: You can break down a complex, multi-year regulatory change into an auditable programme of work for your team. You're able to see how a small control failure in one department could have ripple effects across the entire organisation's CQHS posture. You're not just thinking about the 'what' but the 'why' and 'what next', linking individual audits to the broader enterprise risk framework. You'll build a logical, risk-based annual audit plan that makes sense to the Board, even when the underlying issues are messy.
• Benefit: The CQHS landscape is vast and complex. Without a structured, strategic approach, you'll end up chasing symptoms rather than addressing root causes, or worse, missing critical risks entirely. Your ability to bring order to chaos ensures our audit resources are focused on what truly matters, providing maximum value and assurance to the Board.

Supporting Traits

• Trait: Executive Communication
• Desc: You can distil complex audit findings and technical details into clear, concise, and impactful messages for the Board and C-suite, both in writing and verbally. It's about telling a compelling story with the data, not just presenting facts.
• Trait: Resilience Under Pressure
• Desc: You can handle the stress of contentious audit findings, tight deadlines, and senior-level pushback without losing your cool or compromising your professional judgement. You'll bounce back from difficult conversations and keep the team focused.
• Trait: Ethical Leadership
• Desc: An unwavering commitment to integrity and objectivity. You'll lead by example, ensuring your team maintains the highest ethical standards, even when faced with pressure to compromise.
• Trait: Talent Development
• Desc: You genuinely enjoy mentoring and developing your team, helping them grow their skills and careers. You're a coach, not just a manager, and you'll invest time in your people.

Primary Motivators

1. Motivator: Protecting the Organisation
2. Daily: You get a real buzz from knowing your work helps prevent major safety incidents, environmental damage, or regulatory fines. You're driven by the sense that you're a critical guardian of the company's integrity and future.
3. Motivator: Driving Continuous Improvement
4. Daily: You're not just happy finding problems; you want to see them fixed properly and permanently. You're motivated by helping the business become better, safer, and more efficient through your insights and recommendations.
5. Motivator: Strategic Influence & Board Engagement
6. Daily: You thrive on engaging with senior leadership and the Board, influencing strategic decisions, and seeing your insights shape the company's risk management framework. You want your voice to be heard at the highest levels.

Potential Demotivators

Honestly, this role isn't for everyone. You'll often be the bearer of bad news, and sometimes you'll face resistance or even outright hostility from those you're auditing. You'll spend a lot of time reviewing other people's work, ensuring quality, which can sometimes feel like you're not doing 'real' audit work yourself. You might also find yourself fighting political battles to ensure findings aren't watered down or ignored. The 'internal police' stigma is real, and you'll constantly be working to overcome it. If you need constant positive affirmation or prefer to avoid confrontation, you'll likely find this role frustrating.

Common Frustrations

1. The 'Internal Police' Stigma: Constantly fighting the perception that you're there to get people in trouble, rather than to improve the process and protect the company.
2. Political Downgrading: Finding a clear high-risk issue, but facing pressure from senior management to downgrade it to 'medium' or 'low' before it gets to the Audit Committee.
3. Repeat Findings: Presenting the same finding you wrote last year because management agreed to a remediation plan but never actually implemented it.
4. Resource Constraints: Having a massive audit universe but limited budget and headcount, meaning you can't audit everything you'd like to.
5. Scope Creep: An audit of a simple process uncovers a major issue, and suddenly your two-week engagement balloons into a two-month investigation that you're not staffed for, pulling resources from other planned audits.

What Role Doesn't Offer

1. A quiet, low-stress environment where everyone agrees with you.
2. A role where you're solely focused on technical execution without people management.
3. Immediate gratification for every finding – some remediation takes years.
4. A path to directly run a business unit (though it provides great exposure).

ADHD Positives

1. The strategic nature of the role, constantly shifting focus between different audits, risks, and stakeholder groups, can be engaging for those with ADHD.
2. The need for innovative problem-solving and connecting disparate pieces of information to identify systemic risks can be a strength.
3. The high-stakes environment and pressure to deliver critical insights can provide stimulating challenges.

ADHD Challenges and Accommodations

1. Managing multiple complex audit programmes and a team requires strong organisational skills; using structured project management tools and delegating effectively is key.
2. The detailed review of workpapers and reports, while necessary, can be challenging; using checklists, peer review processes, and AI-assisted drafting tools can help.
3. Long meetings with the Board or executive team require sustained focus; strategies like taking frequent short breaks or having a co-presenter can be beneficial.

Dyslexia Positives

1. The ability to think conceptually, identify patterns in complex data, and understand systemic risks can be a significant advantage.
2. Often strong verbal communication skills can be highly effective in stakeholder engagement and presenting findings to the Board.
3. A 'big picture' perspective is crucial for setting audit strategy and can be a strength for dyslexic thinkers.

Dyslexia Challenges and Accommodations

1. Extensive report writing and review are core to the role; using dictation software, grammar and spell checkers (like Grammarly), and having a strong editorial review process is essential.
2. Reading lengthy regulatory documents can be demanding; using text-to-speech software or summarisation tools (including AI) can help.
3. Organising detailed workpaper files requires clear templates and digital tools; leveraging GRC platforms and collaboration suites for structure is vital.

Autism Positives

1. A strong adherence to logic, facts, and evidence is fundamental to internal audit, aligning well with an autistic thinking style.
2. The ability to spot inconsistencies, patterns, and anomalies that others might miss is a powerful asset in risk identification.
3. A deep focus on specific regulatory frameworks and technical details can lead to exceptional expertise in CQHS compliance.

Autism Challenges and Accommodations

1. Navigating complex organisational politics and subtle social cues during executive interactions can be challenging; clear communication protocols and a trusted mentor can provide support.
2. Dealing with unexpected changes to audit plans or stakeholder resistance requires adaptability; having structured escalation paths and clear communication of changes is helpful.
3. Leading and motivating a team involves understanding diverse communication styles; formal training in leadership communication and regular 1-on-1 check-ins can support this.

Key Responsibilities

Experience Levels Responsibilities

1. Level: Director of Internal Audit (CQHS)
2. Responsibilities: Define the annual CQHS audit strategy and plan, making sure it covers the biggest risks to the business. This means looking at everything from environmental regulations to employee safety programmes, and deciding where our audit efforts will have the most impact.
3. Lead and develop a team of 5-8 internal auditors. You'll be responsible for their performance, career growth, and making sure they've got the skills and support they need to do their best work. Think coaching, mentoring, and tough conversations when necessary.
4. Present audit findings and the overall control environment to the Board Audit Committee and executive leadership. They'll expect clear, concise reports and you'll need to answer their challenging questions with confidence and evidence.
5. Manage the entire CQHS audit budget, making sure we're using our resources wisely and getting good value for money. This includes making decisions on external co-sourcing or specialist consultants when needed.
6. Act as the primary liaison with our external auditors for all CQHS-related matters. You'll coordinate their work, share information, and make sure there are no surprises for either party.
7. Drive the continuous improvement of our audit methodology and tools, especially looking at how we can use data analytics and AI to make our audits more efficient and effective. This means staying on top of industry best practices.
8. Provide strategic advice to the business on emerging CQHS risks and control improvements. You're not just finding problems; you're helping them build better, more resilient processes. Sometimes it's about being a trusted advisor, other times it's about holding them accountable.
9. Supervision: You'll operate with a high degree of autonomy, reporting strategically to the Chief Audit Executive (CAE) through monthly strategic alignment meetings and quarterly performance reviews. Day-to-day, you're expected to manage your function independently, making key operational and strategic decisions within your remit.
10. Decision: You'll have full authority over the CQHS audit plan, including scope, timing, and resource allocation. You can approve audit reports and findings before they go to the CAE. You'll manage a budget of roughly £500K-£1M, with approval authority for expenses up to £100K. Hiring and firing decisions for your direct reports are yours, in consultation with HR and the CAE. Strategic decisions that impact the wider Internal Audit function or require significant cross-departmental investment will need CAE approval.
11. Success: Success looks like a highly effective, respected CQHS audit function that consistently delivers value. Your team will be engaged and high-performing. The Board Audit Committee will trust your insights implicitly, and executive leadership will view you as a critical partner in risk management. We'll see a measurable reduction in high-risk control failures and regulatory incidents due to your team's work.

Decision-Making Authority

• Type: Annual Audit Plan Scope & Prioritisation
• Entry: N/A
• Mid: N/A
• Senior: Propose audit areas and risk ratings to Lead Auditor.
• Type: Annual Audit Plan Scope & Prioritisation
• Entry: N/A
• Mid: N/A
• Senior: Propose audit areas and risk ratings to Lead Auditor.
• Type: Audit Methodology & Tool Selection (within CQHS)
• Entry: N/A
• Mid: N/A
• Senior: Recommend specific tools/methodologies for individual audits to Lead Auditor.
• Type: Audit Report Approval (pre-CAE)
• Entry: N/A
• Mid: N/A
• Senior: Draft audit findings and reports for Lead Auditor review.
• Type: Team Hiring & Performance Management
• Entry: N/A
• Mid: N/A
• Senior: Provide input on junior auditor performance and development.
• Type: Budget Allocation (CQHS Audit Function)
• Entry: N/A
• Mid: N/A
• Senior: N/A

Competency Requirements

Foundation Skills (Transferable)

At this level, your foundation skills are about leading, influencing, and navigating complex organisational dynamics. It's less about doing the individual audit work and more about guiding the strategy and ensuring your team can execute it effectively.

• Category: Strategic Leadership & Influence
• Skills: Setting a clear vision for the CQHS audit function that aligns with enterprise risk objectives.
• Building strong, credible relationships with the Board Audit Committee and executive leadership.
• Influencing senior stakeholders to take action on audit findings, even when it's difficult.
• Navigating organisational politics and managing resistance to change effectively.
• Category: Executive Communication & Presentation
• Skills: Articulating complex audit findings and risk insights clearly and concisely to non-technical audiences.
• Crafting compelling narratives for Board-level presentations and executive reports.
• Handling challenging questions and defending audit positions with confidence and evidence.
• Active listening to understand stakeholder concerns and build rapport.
• Category: People Management & Development
• Skills: Recruiting, developing, and retaining a high-performing audit team.
• Providing effective coaching, mentoring, and performance feedback.
• Delegating effectively and empowering team members to take ownership.
• Managing team workload, morale, and professional development.
• Category: Risk Management & Governance
• Skills: Understanding enterprise-level risk management frameworks and their application.
• Assessing the effectiveness of governance structures related to CQHS.
• Identifying emerging risks and proactively integrating them into the audit plan.
• Providing independent assurance on the overall control environment.

Functional Skills (Role-Specific Technical)

You'll need a deep, strategic understanding of audit methodologies and CQHS specifics. It's not about executing the tests yourself, but about designing the programme, ensuring quality, and interpreting the results at an executive level. You'll also need to be a champion for advanced audit tools.

Technical Competencies

• Skill: Risk-Based Auditing (Strategic Design)
• Desc: Designing and overseeing the implementation of a risk-based audit methodology that effectively prioritises and addresses the highest inherent risks within the CQHS domain across the entire organisation. This means moving beyond a 'check-the-box' approach to truly focusing on systemic issues.
• Level: Expert
• Skill: COSO Framework Application (Enterprise Level)
• Desc: Applying the COSO framework to assess the effectiveness of internal controls across entire CQHS processes and reporting to the Board on the overall control environment. You'll be mapping complex operational controls to the five components and seventeen principles at a strategic level.
• Level: Expert
• Skill: ISO Standards Auditing (Strategic Oversight)
• Desc: Providing strategic oversight for audits against ISO 9001 (Quality), 14001 (Environmental), and 45001 (OH&S) standards. This includes ensuring audit programmes are robust, findings are impactful, and the organisation maintains its certifications. You're not doing the audit, but you're accountable for its quality and outcome.
• Level: Expert
• Skill: Root Cause Analysis (Oversight & Challenge)
• Desc: Guiding your team in applying advanced root cause analysis techniques (e.g., 5 Whys, Fishbone Diagrams) to significant control failures and challenging management's proposed corrective actions to ensure they address the true underlying causes, not just symptoms.
• Level: Advanced
• Skill: Audit Report Writing & Issue Validation (Executive Review)
• Desc: Reviewing and approving all audit reports and findings, ensuring they are clear, concise, commercially relevant, and adhere to the '5 C's' (Criteria, Condition, Cause, Consequence, Corrective Action). You'll be the final sign-off before reports go to the CAE and the Board.
• Level: Expert

Digital Tools

• Tool: GRC Platform (e.g., Intelex, LogicGate, ServiceNow GRC)
• Level: Strategic
• Usage: Leading the selection, implementation, and optimisation of the GRC platform for the entire CQHS audit function. Defining the enterprise-wide GRC data architecture and ensuring integration with other key business systems. Using it to track and report on the overall control environment to the Board.
• Tool: Audit Analytics (e.g., Galvanize/Diligent, IDEA)
• Level: Architect
• Usage: Setting the strategy for continuous auditing and monitoring within CQHS using these tools. Defining data governance standards for audit analytics and championing their use to identify anomalies and improve audit efficiency. You're not writing the scripts, but you're defining what needs to be built.
• Tool: EHS/QMS Software (e.g., Enablon, Cority, MasterControl)
• Level: Strategic
• Usage: Assessing the suitability and effectiveness of the organisation's EHS/QMS platforms for managing CQHS risks. Providing assurance to the board on their configuration, access controls, and data integrity. You'll understand the system's capabilities and limitations at a high level.
• Tool: Data Visualization (e.g., Power BI, Tableau)
• Level: Strategic
• Usage: Designing and championing the use of executive-level risk dashboards for the Audit Committee. This means translating complex audit data into clear, actionable visualisations that provide a real-time view of the control environment and emerging risks.
• Tool: Advanced Excel (Power Query, Power Pivot, VBA)
• Level: Advanced
• Usage: Understanding the limitations of Excel for large-scale audit analytics and championing the move to more robust tools. You'll still use it for ad-hoc analysis, budget tracking, and reviewing complex data models built by your team, but you'll push for better solutions where appropriate.

Industry Knowledge

• Area: Current & Emerging CQHS Regulations
• Desc: Deep, up-to-date knowledge of key UK and international regulations impacting our industry, including HSE, environmental protection, quality management standards, and relevant industry-specific compliance requirements. You'll need to anticipate future regulatory changes.
• Area: Operational Processes & Risk Points
• Desc: A comprehensive understanding of our core operational processes (e.g., manufacturing, supply chain, R&D) and the inherent CQHS risks within them. This allows you to design effective audit programmes that target the most vulnerable areas.
• Area: Enterprise Risk Management (ERM)
• Desc: A strong grasp of ERM principles and how internal audit contributes to the overall risk management framework of the organisation. You'll link your CQHS audit plan to the broader enterprise risk register.

Regulatory Compliance Regulations

• Reg: Health and Safety at Work etc. Act 1974
• Usage: Ensuring audit programmes effectively assess compliance with this foundational UK health and safety legislation, including duties of employers, employees, and the role of risk assessments. You'll provide assurance on the overall safety culture and management systems.
• Reg: Environmental Protection Act 1990 / Environmental Permitting Regulations
• Usage: Overseeing audits that verify compliance with environmental permits, waste management, pollution control, and broader environmental protection legislation. You'll ensure the business is meeting its legal obligations and minimising environmental impact.
• Reg: ISO 9001, ISO 14001, ISO 45001
• Usage: Directing audits against these international standards for Quality, Environmental, and Occupational Health & Safety Management Systems. You'll ensure our internal audit processes align with these standards and provide assurance on our certification status and ongoing conformance.
• Reg: Corporate Governance Code (e.g., UK Corporate Governance Code)
• Usage: Understanding how internal audit's role in CQHS contributes to good corporate governance, particularly in areas of risk management, internal control, and reporting to the Board. You'll ensure your function supports the principles of accountability and transparency.

Essential Prerequisites

• Extensive experience (10+ years) in internal audit, with a significant portion focused on Compliance, Quality, Health, and Safety within a complex organisation.
• Proven track record of leading and managing audit teams, including performance management and talent development.
• Demonstrated ability to interact and influence at a senior executive and Board level, presenting complex information clearly and concisely.
• Deep understanding of enterprise risk management frameworks and how to translate them into an effective audit plan.
• Strong commercial acumen and the ability to link audit findings to broader business objectives and financial impact.

Career Pathway Context

Typically, you'd have spent several years as a Lead or Senior Internal Audit Manager, perhaps with a specialisation in CQHS, before stepping into this Director role. You'd have already proven your ability to manage complex audit programmes and lead a team. This isn't a role for someone who's just managed a couple of projects; it requires a track record of strategic leadership and significant stakeholder engagement.

Qualifications & Credentials

Emerging Foundation Skills

• Skill: AI Governance & Ethical AI Auditing
• Why: As our organisation increasingly uses AI in operations, product development, and even CQHS processes (e.g., predictive maintenance, safety analytics), the need to audit the AI itself for bias, fairness, transparency, and data privacy becomes critical. Regulators are already looking at this, and we need to be prepared.
• Concepts: [{'concept_name': 'AI Risk Frameworks', 'description': 'Understanding frameworks like NIST AI Risk Management Framework or ISO/IEC 42001 for AI management systems.'}, {'concept_name': 'Explainable AI (XAI)', 'description': 'Concepts and techniques to interpret and explain AI model decisions, which is crucial for auditing.'}, {'concept_name': 'AI Bias Detection & Mitigation', 'description': 'Methods to identify and address biases in AI models, especially relevant for safety and quality.'}, {'concept_name': 'Data Lineage & Provenance for AI', 'description': 'Tracking the origin and transformations of data used to train AI models to ensure integrity.'}, {'concept_name': 'AI Ethics & Regulatory Compliance', 'description': 'Understanding emerging regulations around AI (e.g., EU AI Act) and ethical considerations.'}]
• Prepare: This quarter: Attend an executive briefing or webinar on AI governance and risk management.
• Next 6 months: Work with our Legal and Data Science teams to understand their current AI initiatives and associated risks.
• Next 12 months: Develop a draft internal audit approach or framework for auditing AI-driven processes within CQHS.
• Ongoing: Read industry reports and thought leadership on AI auditing and governance.
• QuickWin: Start by identifying one or two key AI applications within our CQHS domain (e.g., predictive quality control) and initiate a preliminary risk assessment with the business owners. You don't need to audit it yet, just understand it.
• Skill: ESG (Environmental, Social, Governance) Assurance
• Why: ESG reporting is no longer optional; it's a critical expectation from investors, regulators, and customers. Internal Audit has a vital role to play in providing assurance over the accuracy and reliability of ESG data and the effectiveness of related controls, particularly for environmental and social aspects that fall under CQHS.
• Concepts: [{'concept_name': 'ESG Reporting Standards', 'description': 'Familiarity with frameworks like GRI, SASB, TCFD, and IFRS Sustainability Disclosure Standards.'}, {'concept_name': 'Greenhouse Gas (GHG) Emissions Accounting', 'description': 'Understanding Scope 1, 2, and 3 emissions and how they are measured and reported.'}, {'concept_name': 'Supply Chain ESG Risks', 'description': 'Identifying and assessing environmental and social risks within the supply chain.'}, {'concept_name': 'Social Impact Metrics', 'description': 'Understanding how to audit metrics related to employee safety, diversity, and community engagement.'}, {'concept_name': 'Double Materiality', 'description': 'Concepts of financial materiality and impact materiality in ESG reporting.'}]
• Prepare: This quarter: Review our latest annual report's ESG section and understand what's being reported.
• Next 6 months: Engage with our Sustainability team to understand their data collection processes and control points.
• Next 12 months: Propose an initial ESG assurance plan, focusing on one or two key environmental or safety metrics.
• Ongoing: Follow regulatory developments in ESG reporting and assurance (e.g., CSRD in Europe).
• QuickWin: Start by auditing the data collection process for one key environmental metric (e.g., water consumption or waste generation) that we already report publicly. This will give you a practical understanding of the challenges.

Advancing Technical Skills

• Skill: Advanced Data Analytics & Visualisation for Continuous Auditing
• Why: Moving from periodic audits to continuous monitoring requires a deeper understanding of how to set up automated data feeds, apply sophisticated analytical models, and visualise real-time risk indicators. This allows us to spot issues faster and focus human effort where it's most needed.
• Concepts: [{'concept_name': 'Real-time Data Integration', 'description': 'Understanding how to pull data from various source systems (ERP, EHS/QMS) for continuous monitoring.'}, {'concept_name': 'Predictive Analytics in Audit', 'description': 'Using statistical models to predict potential control failures or high-risk areas.'}, {'concept_name': 'Automated Anomaly Detection', 'description': 'Setting up rules and algorithms to automatically flag unusual transactions or events.'}, {'concept_name': 'Interactive Dashboard Design', 'description': 'Designing executive-level dashboards that clearly communicate continuous audit results and risk trends.'}, {'concept_name': 'Data Governance for Audit Analytics', 'description': 'Ensuring the quality, integrity, and security of data used for continuous auditing.'}]
• Prepare: This quarter: Review existing continuous monitoring efforts (if any) and identify gaps.
• Next 6 months: Work with your Lead Auditors and Data Analytics specialists to define requirements for a new continuous audit dashboard.
• Next 12 months: Oversee the development and deployment of a pilot continuous audit dashboard for a high-risk CQHS area.
• Ongoing: Regularly review new features and capabilities of our audit analytics platforms.
• QuickWin: Identify one high-volume, low-complexity control (e.g., mandatory training completion) and work with your team to automate its continuous monitoring and reporting through an existing data visualisation tool.

Education Requirements

• Level: Minimum
• Req: A Bachelor's degree (or equivalent OFQUAL Level 6 qualification) in Accounting, Finance, Business Administration, Engineering, Environmental Science, Occupational Health & Safety, or a related field.
• Alts: Extensive (20+ years) relevant professional experience in internal audit or a senior CQHS role, coupled with relevant professional certifications, may be considered in lieu of a degree.
• Level: Preferred
• Req: A Master's degree (or equivalent OFQUAL Level 7 qualification) in a relevant field, such as an MBA, MSc in Risk Management, or Environmental Management.
• Alts: N/A

Experience Requirements

You'll need at least 16-20 years of progressive experience in internal audit, with a substantial portion (at least 8-10 years) directly focused on Compliance, Quality, Health, and Safety within a large, complex organisation. This should include at least 5 years in a leadership role, managing teams of auditors and presenting to executive leadership or Board committees. We're looking for someone who has genuinely 'been there, done that' at a senior level.

Preferred Certifications

• Cert: Certified Internal Auditor (CIA)
• Prod: The Institute of Internal Auditors (IIA)
• Usage: The gold standard for internal audit professionals, demonstrating a comprehensive understanding of internal audit principles and practices at a global level.
• Cert: NEBOSH National Diploma in Occupational Health and Safety
• Prod: NEBOSH
• Usage: Demonstrates advanced knowledge in health and safety management, crucial for auditing OH&S systems and compliance.
• Cert: IRCA Certified Lead Auditor (ISO 9001, 14001, or 45001)
• Prod: CQI and IRCA
• Usage: Shows expertise in auditing management systems against international standards, directly relevant to our CQHS focus.
• Cert: Certified Information Systems Auditor (CISA)
• Prod: ISACA
• Usage: Valuable for auditing IT controls that underpin CQHS systems and data integrity.

Recommended Activities

• Regularly attending industry conferences and workshops focused on internal audit, risk management, and specific CQHS regulations (e.g., IIA conferences, HSE seminars).
• Maintaining active membership in relevant professional bodies (e.g., IIA, IOSH, CQI).
• Engaging in continuous learning on emerging technologies like AI, machine learning, and advanced analytics, specifically their application in audit.
• Participating in executive leadership development programmes to hone strategic thinking and influence skills.
• Seeking out opportunities to mentor junior professionals, both within and outside the audit function.

Career Progression Pathways

Entry Paths to This Role

• Path: Lead Internal Audit Manager (CQHS)
• Time: 3-5 years
• Path: Senior Manager, Risk & Compliance (from the business)
• Time: 4-6 years
• Path: External Audit Partner (from Big 4/Advisory)
• Time: 2-4 years

Career Progression From This Role

• Pathway: Chief Audit Executive (CAE)
• Time: 3-5 years
• Pathway: VP, Risk & Compliance (Business Side)
• Time: 4-6 years

Long Term Vision Potential Roles

• Title: Chief Audit Executive (CAE)
• Time: 5-10 years
• Title: Chief Risk Officer (CRO)
• Time: 7-12 years
• Title: Chief Compliance Officer (CCO)
• Time: 6-10 years

How Zavmo Delivers This Role's Development

DISCOVER Phase: Skills Gap Analysis

Zavmo maps your current competencies against all requirements in this job description through conversational assessment. We evaluate your foundation skills (communication, strategic thinking), functional skills (CRM expertise, negotiation), and readiness for career progression.

Output: Personalised skills gap heat map showing strengths and priorities, estimated time to competency, neurodiversity accommodations.

DISCUSS Phase: Personalised Learning Pathway

Based on your DISCOVER results, Zavmo creates a personalised learning plan prioritised by impact: foundation skills first, then functional skills. We adapt to your learning style, pace, and neurodiversity needs (ADHD, dyslexia, autism).

Output: Week-by-week schedule, each module linked to specific job responsibilities, checkpoints and milestones.

DELIVER Phase: Conversational Learning

Learn through conversation, not boring modules. Zavmo uses 10 conversation types (Socratic dialogue, role-play, coaching, case studies) to build competence. Practice difficult QBR presentations, negotiate tough renewals, and handle churn conversations in a safe AI environment before facing real clients.

Example: "For 'Stakeholder Mapping', Zavmo will guide you through analysing a complex enterprise account, identifying key decision-makers, and building an engagement strategy."

DEMONSTRATE Phase: Competency Assessment

Zavmo automatically builds your evidence portfolio as you learn. Every conversation, practice scenario, and application example is captured and mapped to NOS performance criteria. When ready, your portfolio supports OFQUAL qualification claims and demonstrates competence to employers.

Output: Competency matrix, evidence portfolio (downloadable), qualification readiness, career progression score.