The IT Senior Auditor, under the supervision of a Lead Auditor, performs preliminary assessments of the audited activity and its internal control framework. The IT Senior Auditor performs analysis on specific controls, primarily in Information Technology, CyberSecurity, and Data Governance in order to meet the audit objectives. He/she also contributes to drafting the debriefing presentation and the final audit report sent to Management.

I - Conduct of assignment

When working independently, the Senior Auditor is responsible for carrying out audit work autonomously as per the
audit planning within the defined timeframes in accordance with the Internal Audit department of the Bank's methodology and procedures and Internal Audit standards. As such, they are expected to independently carry out audit planning and fieldwork, including:

- A preliminary assessment of the audited activity highlighting the related risks and controls;
- Interviews, testing and analysis of the results of the controls planned in the audit program;
- Assess processes and controls within core IT infrastructure, IT operations, business continuity planning, and IT disaster recovery, business applications, CyberSecurity, Outsourcing processes, data governance and management.
These are assessed against the Control Objectives for Information and Related Technology ("COBIT") framework,
local and global policies of the Bank;
- Clearly and completely document in test sheets the controls performed and the conclusions reached;
- Identify and report on strengths and weaknesses of the audited areas, analyze the root causes and risk impact of
the identified weaknesses, draft recommendations to address the audit findings and conclude on the effectiveness of
the control set-up and business practices;
- Maintain open communication with auditees throughout the audit, including issue vetting with control owners;
- Suggest approaches (including innovative ones) in order to build the Audit Program for each audit assignment
- Present audit conclusions to management and to management of the audited unit (debriefing presentation, final audit report, etc.);
- Keep the Lead Auditor in charge of the assignment/ Local Head of Audit informed of the progress on the audit work
assigned, and escalate any issues that may impact or delay the audit execution, or raise any other relevant
information on the assigned audit and the risk and control environment;
- Follow up with Management on remediation status to address audit recommendations, and conduct validation of
corrective actions completed;
- Adhere to the audit work paper management practices to ensure complete archiving of all supporting
documentation, audit evidence and deliverables in the designated tools;

Supplementary Information
II - Team management
On some engagements, the IT Senior Auditor may be asked to assist junior team members or external resources by
providing:
- Guidance on audit techniques and expected deliverables
- Feedback on testing, documentation, and conclusions of test results and findings
- Assistance in developing collaborative and productive relationships within the team throughout the International
Network and with auditees

III - Continuous improvement Program / Transversal topics
The IT Senior Auditor contributes to the continuous improvement of methodologies and processes. In addition to the audit responsibilities, she/he may be requested to:
- Provide input to update audit guides or training materials related to specific activities based on existing knowledge,
documentation, interviews, etc.
- Build and share knowledge (e.g. through delivering training or taking part in various methods and Support work-streams or assignments)
- Participate in one or several knowledge communities within the department
At a minimum, the IT Senior Auditor must also complete within the defined timelines all annual required training on
banking and regulatory matters to maintain a sufficient knowledge of the audited area for which she/he is responsible