Job Description

Job Purpose

The Group SOX Controller will be responsible for undertaking the necessary activities to ensure the proper functioning of the internal control environment i.e. controls are being executed on as expected and are operating effectively. This entails assessing the adequacy of controls and the operating effectiveness of the same, identifying and evaluating deficiencies, leading remediation efforts to address deficiencies, and providing recommendations as appropriate. All of the aforementioned needs to be done in an efficient and effective manner. This is a hands-on role so be prepared to roll up your sleeves and get the work done.

Duties and Responsibilities (What you will be doing):

In conjunction with the Group SOX Manager you will be responsible for financial reporting compliance, project planning, risk assessment, process flow documentation, internal control design, documentation and evaluation, evaluation of control deficiencies and guiding management in terms of deficiency evaluations. Maintaining and contributing to the methodology for the SOX compliance function. Ensure that there are standardized process documents and risk and control matrices (RACM's) for your specific business units/entities, ensuring the same is maintained and accessible by all relevant process and control owners. Ensure continuous alignment between process documents and RACM's. Establish a documented training and awareness campaign of process owners and control owners' roles and responsibilities in the SOX process and provide training and coaching for new process owners and control owners. Serving as liaison between the key business process and control owners and both the internal and external auditors. Ensuring best practice methodologies are implemented while not compromising the internal control over financial reporting environment. Building and maintaining relationships with stakeholders across the organisation and externally at all levels and cross functionally. Leading and driving cost saving initiatives related to SOX activities. Providing coaching to the business on an ongoing basis on the importance of the internal control environment. Analysing and identifying the strengths and weaknesses of options and exercise critical thinking, problem solving, and judgment skills in determining the best solution to closing control gaps as well as strengthening the overall control environment. Drive the digitisation and transformation of SOX processes and internal controls. Work independently and with minimal supervision while maintaining high quality of work. Implementing and imparting your knowledge and understanding of internal controls, IT security controls risk assessment, management and governance, fraud, auditing techniques and related methodologies.

Design of the control environment:

Develop a deep understanding of the company's business and IT processes while working closely with the Divisional CEO's, Divisional CIO's, Financial Managers, Group CFO and Group CEO (or equivalent) and cross functional business units to identify, design, and document the Company's internal control environment. Develop and maintain an effective control environment that complies with the testing and reporting requirements of SOX sec 404. Develop and manage the SOX project lifecycle for your specific business units/entities which includes the risk assessment, process understanding and documentation of the same, remediation and reporting on deficiencies (manual/process level and IT general controls)Perform a risk analysis to identify financial reporting risks within in-scope systems and processes and identify, draft, and implement SOX controls to address the identified financial reporting risks. Collaborate with process and control owners on the ongoing design, documentation, and remediation of control deficiencies. Adapt timeously to changes in the internal operational environment and any resulting impact on the Company's internal controls over financial reporting. Proactively identify and monitor process and system changes, and other areas of change that have a direct impact on the Company's financial statements and related disclosures for your specific business units/entities.

Operating effectiveness of the control environment:

Devise a risk-based control testing plan to ensure that controls are tested on a monthly basis, gaps are identified and remediated timeously in order to ensure a smooth SOX 404 testing process. Focus on digitisation related to the designing of new controls or the recommendations related to the closure of control deficiencies. Work with business to implement and track the necessary remediation to address control deficiencies. Ensure that the quarterly control attestation process is undertaken for the assigned business unit/s in support of the certification under SOX sec 302. Collaborate with internal audit, external audit, process owners and control owners to ensure that the controls as designed are operating effectively.

Evaluation and reporting:

Evaluation and grading of control deficiencies identified within the group and reporting thereof to management, the Executive team, and the Audit Committee. Regular collaboration and reporting on the status of the implementation of SOX controls. Alignment and reconciliation of control deficiencies identified by management with deficiencies identified by external audit. Annual reporting and memorandum preparation of the internal controls affected by the external audit findings as well as the preparation of a remediation plan to address the same.

Knowledge and Experience Required (What you'll need to succeed):

Educational Level:

Be in possession of a NQF 8 qualification (Post graduate Diploma / Honours Degree / Professional Qualification Degree) in Internal Auditing, Accounting or similar qualification.

Advantageous Accreditations:

CA(SA) would be advantageous. CPA (US) with controls experience would be advantageous. CISA accreditation would be advantageous. Certified Internal Auditor (CIA) would be advantageous.

Experience Required:

Have a minimum of 3 years SOX testing and/or implementation related experience. Have IT control testing and Manual audit or control documentation experience and process understanding. Understand and/or perform location scoping and materiality assessments. Be experienced in the drafting of and presentation of deficiency evaluations. Be a critical thinker with problem identification & solving abilities. Be able to manage conflicts and resolve problems. Have good verbal and written communication skills. Be proficient in the application of SOX sec 404 & 302 requirements and internal control concepts. Be proficient in identifying key financial reporting risks and controls. Possess a strong understanding of and demonstrate proficiency in applying the COSO Internal Control Integrated Framework. Have a sound understanding of the PCAOB and SEC requirements and developments. Be proficient in reviewing the work of team members/process & controls owners to ensure that it meets the requirements in terms of the SOX methodology and PCAOB guidance. Skilled in leveraging data analytics to drive insights or strong analytical skills with a focus on driving data-driven decisions. The use of AI to transform/digitise business processes or controls is preferred. Have advanced computer skills (MS Office and Excel). Have good financial and business acumen.

Personal Characteristics (What you'll bring):

The ability to operate both at a strategic and operational level. Be a proactive individual who is a self-starter and gets things done. The ability to work well with people and collaborate to develop practical and simple solutions to mitigate risks in the business. Good stakeholder management ability and the ability to develop relationships across senior and junior levels. Good written and verbal communication skills. An innate drive to succeed and a passion for the internal control environment. A business orientated, practical and pragmatic mindset to the internal control environment. A desire to drive transformation and automation of processes and controls across the SOX environment.

Key Stakeholders:

The relevant business and product/process/functional process and control owners across the Group. The relevant Executive Management as is appropriate. Internal and External Audit. * The Audit Committee as is appropriate.