The Head of Internal Audit is responsible for establishing, implementing, and maintaining the independent Internal Audit function of KIRA Financial Brokers LLC across all licensed activities: CAT 1 (OTC & International Market brokerage), CAT 5 (Consultancy, Introduction, Promotion), and pending CAT 2 (Fund & Portfolio Management).
This role acts as the Third Line of Defense (3LOD), providing independent, objective assurance to the Board, Audit Committee, and Senior Management that the Firm's governance, risk management, and internal control frameworks are designed adequately and operating effectively. The Head of Internal Audit evaluates the combined effectiveness of the First Line (management controls) and Second Line (risk, compliance, fraud oversight), with particular focus on CMA/SCA prudential requirements, client asset segregation, capital adequacy, financial reporting integrity, and fraud prevention mechanisms.
Key Responsibilities
1. Audit Framework & Charter Governance
· Own, maintain, and evolve the Internal Audit Charter, ensuring it is Board-approved and aligned with CMA/SCA regulations, International Standards for the Professional Practice of Internal Auditing (IIA standards), and UAE corporate governance best practices.
· Lead the annual charter review cycle and initiate ad-hoc revisions following regulatory changes, material incidents, or structural changes (e.g., new licenses, new products).
· Ensure the Internal Audit function maintains complete operational independence, with direct access to the Audit Committee and Board.
2. Risk-Based Audit Planning
· Develop and maintain a multi-year strategic audit plan and an annual risk-based audit plan, prioritizing audits based on inherent risk, regulatory criticality, time since last review, and control environment strength.
· Submit the annual audit plan to the Audit Committee for approval, including resource requirements, budget, and coverage of all key areas: capital adequacy, client money segregation, daily reconciliation, financial reporting, payment controls, fraud management, trade surveillance, AML/CFT, IT systems, and BCP/DR.
· Adjust the audit plan dynamically throughout the year in response to emerging risks, regulatory changes, fraud incidents, or control failures.
3. Audit Execution & Testing
· Lead and execute end-to-end internal audits, including planning, fieldwork, testing, reporting, and remediation validation.
· Design and perform substantive testing, control effectiveness testing, and compliance testing against CMA/SCA Decision No. 13/Chairman of 2021 (particularly Chapter 3 – Client Money, capital adequacy, and financial reporting obligations).
· Conduct forensic-style testing of client fund segregation, daily reconciliations, payment authorization controls, and fraud detection mechanisms.
· Perform surprise audits (unannounced) on fraud-sensitive functions (e.g., accounts payable, client payments, reconciliation) as defined in the annual audit plan.
· Evaluate the design and operating effectiveness of controls within the Centralized Back Office System, including audit trail logs, segregation of duties, and automated serial numbering.
4. Regulatory & Compliance Audits
· Conduct compliance audits specifically targeting CMA/SCA regulatory filings, including the monthly Accounts Segregation Report, quarterly financial reports, annual audited financial reports, capital adequacy notifications, and ICAAP/IRAP submissions.
· Audit the Firm's adherence to client money segregation rules, including bank account designations, trust status, prohibition on use of client funds, and monthly segregation reporting.
· Review capital adequacy monitoring processes, breach escalation procedures, and ICAAP stress testing methodologies.
· Assess the effectiveness of the Fraud Management Framework, including prevention, detection, investigation, and reporting mechanisms.
5. Reporting to Audit Committee & Board
· Prepare and present quarterly Internal Audit reports to the Audit Committee, including: audit plan status, completed audit findings, control ratings, management action plans, outstanding remediation items, and emerging risk observations.
· Escalate immediately to the Audit Committee any material control failures, significant breaches of CMA/SCA regulations, client fund segregation breaches, capital adequacy breaches, or confirmed fraud incidents.
· Issue final audit reports within 15 business days of audit closure, containing: scope, objectives, detailed findings, root cause analysis, risk ratings, recommendations, and management's action plan with deadlines.
· Maintain a centralized Audit Issue Tracking Log, monitoring remediation progress and validating control effectiveness prior to issue closure.
6. Coordination with Second Line of Defense
· Evaluate the effectiveness of the Second Line of Defense in performing their oversight responsibilities.
· Avoid duplication of work by coordinating audit coverage with the Risk Manager's RCSA process, Compliance Officer's monitoring program, and Head of Fraud's investigation activities.
· Provide independent assurance on the Risk & Control Self-Assessment (RCSA) process, including accuracy of inherent/residual risk scores and control strength ratings.
· Review the Fraud Incident Register and validate that all confirmed fraud incidents were properly investigated, reported to regulators, and resulted in control enhancements.
7. External Audit & Regulatory Coordination
· Coordinate with external auditors to ensure efficient coverage of financial statement audits, client asset audits, and capital adequacy audits, minimizing duplication while ensuring no gaps in assurance.
· Provide the CMA/SCA with access to internal audit reports, working papers, and findings upon request during regulatory examinations.
· Respond to CMA/SCA and external auditor inquiries regarding internal control deficiencies, remediation progress, and overall control environment health.
8. IT & Systems Audit
· Audit the Centralized Back Office System's technical controls as specified in Annex No. (2) of CMA/SCA regulations, including: audit trail completeness, segregation of duties within the system, date/time stamp integrity, and reporting capabilities.
· Assess the effectiveness of IT general controls (access management, change management, backup/recovery, cybersecurity controls) and their impact on financial data integrity.
· Review the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) testing results, ensuring that financial and client asset systems can be recovered within acceptable timeframes.
9. Fraud & Whistleblowing Support
· Serve as an independent recipient for the Firm's confidential whistleblowing channel (in addition to the Head of Fraud), ensuring reporters have an alternative, fully independent avenue to raise concerns without fear of retaliation.
· Investigate any whistleblowing complaints involving the Head of Fraud, Fraud Manager, Compliance Officer, or Senior Management, reporting findings directly to the Audit Committee.
· Provide forensic audit support to the Head of Fraud during complex internal fraud investigations, including electronic evidence preservation and transaction reconstruction.
10. Continuous Improvement & Professional Standards
· Maintain the Internal Audit function's conformance with IIA Standards and CMA/SCA expectations for an independent 3LOD function.
· Conduct periodic internal quality assurance reviews (self-assessments) and arrange for an external quality assessment every 5 years.
· Benchmark audit methodologies against financial services industry best practices, particularly for brokerage, investment firms, and asset managers.
· Deliver fraud awareness and control training to First- and Second-Line personnel, reinforcing the importance of control design and adherence.
Education
Bachelor's degree in Accounting, Finance, Auditing, Business Administration, or related field. Master's degree (MBA, MA) preferred.
Experience
Minimum 10–12 years of progressive experience in internal audit, external audit, or risk assurance within the financial services industry, with at least 5–7 years in a leadership role (Audit Manager or above). Direct experience in an CMA/SCA-regulated entity (brokerage, investment firm, or bank) is essential.
Regulatory Knowledge
Deep understanding of CMA/SCA Decision No. (13/Chairman) of 2021, particularly Chapter 3 (Client Money), capital adequacy, ICAAP, financial reporting obligations, and client asset segregation rules. Knowledge of IIA Standards and UAE corporate governance codes.
Technical Skills
Proficiency in audit management software, data analytics tools (e.g., ACL, IDEA, Excel Power Query), centralized back-office systems, and IT general control testing. Advanced Excel and data interrogation skills required.
Key Competencies
· Independence & Objectivity: Ability to remain completely impartial, challenge any level of management, and report findings without fear or favor. Willingness to escalate issues directly to the Audit Committee.
· Regulatory Rigor: Deep understanding of CMA/SCA client money, capital adequacy, and financial reporting rules; ability to audit compliance with precision.
· Analytical & Forensic Mindset: Meticulous attention to detail in testing reconciliations, payment controls, segregation reports, and transaction samples. Zero tolerance for undocumented or unsupported control assertions.
· Professional Skepticism: Critical questioning mindset; does not accept management representations without corroborating evidence.
· Communication & Influence: Ability to present complex control deficiencies clearly to the Audit Committee, Board, and regulators. Persuasive in driving remediation without compromising independence.
· Integrity: Impeccable ethical standards; absolute confidentiality regarding audit findings and whistleblowing information.
Key Performance Indicators (KPIs)
· Annual audit plan completed on time, within budget, with no major scope deviations without Audit Committee approval.
· 100% of audit findings formally accepted by management with documented action plans and deadlines.
· Remediation validation completed for 100% of high and medium-risk findings; no findings closed without evidence of control effectiveness.
· Zero instances of management refusing access to information, personnel, or systems required for audit execution.
· All quarterly Internal Audit reports submitted to Audit Committee within 15 business days of quarter end.
· Any material control failure, segregation breach, or capital adequacy breach escalated to Audit Committee within 24 hours of detection.
· Fraud Incident Register reconciliation completed quarterly; any discrepancies investigated.
· External audit findings on internal control deficiencies (management letter points) tracked and benchmarked against prior periods; reduction target of 20% year-over-year.
· 100% of audit staff complete mandatory annual CPE (continuing professional education) in financial services auditing.
· Whistleblowing complaints (where reporter provided contact) acknowledged within 24 hours.
Working Conditions & Special Requirements
· Confidentiality
· Professional Skepticism Environment
· After-Hours Work
· Travel
· Stress Management
Key Interfaces with Other Roles
Audit Committee- Direct reporting; audit plan approval; escalation of material issues; quarterly reporting
Head of Risk (2LOD)- Evaluate RCSA accuracy; test risk appetite monitoring; avoid duplication; challenge risk assessments
Head of Fraud (2LOD)-Review Fraud Incident Register; validate investigation quality; serve as independent whistleblowing recipient
Compliance Officer (2LOD)-Audit regulatory reporting (segregation, capital, financial statements); test AML/CFT controls
Head of Accounts (1LOD)-Test daily reconciliation, client money segregation, payment controls, financial reporting
Operations Manager (1LOD)-Audit trade and settlement processes; test reconciliation of client financial product records
IT Department-Audit Centralized Back Office System controls; IT general controls; BCP/DR testing
External Auditors-Coordinate coverage; share non-confidential audit working papers; avoid duplication
CMA / SCA-Provide audit reports upon request; respond to regulatory examinations
Work Location: In person
