Apply now »

Job Title:  Senior Business Controls Analyst - IT

Job Number:  25745

Country: Malaysia
Function: Finance
Level: Experienced Professional
Appointment Type: Permanent

Purpose Statement

  • Leads and manages IT SOx Design Effectiveness and Operating Effectiveness for target BAT IT processes.
  • Undertakes Internal Controls Assurance activities and report findings using structured tools and techniques to support the internal control process, with a specific focus on IT application and general controls
  • Provides IT internal control expertise, advice and guidance and promotes an awareness of risk management and control practices with BAT management.


Key Accountability

  • Support the development of the overall role of the Business Controls Team as a second line of defence within BAT.
  • Manage internal control assurance activities and ensuring certain elements of Controls Assurance work is completed in line with Auditing Standards to enable reliance from External Audit.
  • Ensuring all work is fully documented in line with the BCT Methodology and the SOx Testing process, reflecting current good practice in internal controls.
  • Reviewing action plans with management to bring about the necessary improvements in the processes to address the control gaps.
  • Providing recommendations to improve the quality of the overall risk management and internal control practices.
  • Lead and manage the planning and execution of IT SOx design and operating effectiveness testing in line with agreed testing schedules, with a focus on IT applications and general controls.
    • Communicate results of SOx testing to key stakeholders in a timely manner.
    • Support Control Owners to develop strong remediation plans and address issues in a timely manner.
    • Track and report on outstanding actions relating to SOx findings to key stakeholders and governance forums.
  • Delivery of training to Control Operators and Owners to support the effectiveness of internal controls over financial reporting across the Group.
  • Coordinate or participate the delivery of training to BCT staff to support the global delivery of Internal Controls services across the Group.
  • Line management responsibility for outsourced partners for SOx testing, and Business Controls Team management responsibility for individual assignments (e.g. SOx testing).  This includes active coaching, timely and clear feedback on their performance and development needs.
  • To assist in driving the delivery of the Three Lines of Defence model an Internal Controls Framework within BAT.


Knowledge, Skills and Experience 

  • Degree educated with relevant professional Internal Controls qualification (e.g. ACA, ACCA or equivalent, CISA, ITIL, CGEIT or CISSP).
  • 3+ years IT risk, internal controls and audit experience with significant accounting firm or corporate industry experience.
  • Experience dealing with external auditors, statutory and regulatory bodies.
  • Good knowledge of internal controls practices, principles and procedures and corporate governance requirements for a global Group, including Internal Controls over Financial Reporting (ICoFR).
  • Experience of one or more of BAT’s core business functions, including operations, marketing, finance with a specific focus on IT.
  • Experience in reviewing core IT processes and assessing the adequacy of controls, including design and operating effectiveness.
  • Experience in reviewing outsourced IT Operations and assessing various forms of Third Party Assurance reports, e.g. SOC reports, for adequacy and impact on the services provided.
  • SAP automated controls experience:
    • Experience in reviewing functional SAP components (FI/CO/MM/SD/FSCM), focusing on either the configuration or understanding of table structures and data model relationships.
    • Hands on SAP application reporting and query experience in order to extract internal controls relevant data and information.
  • Experience in describing technical IT/SAP system situations into non-technical business scenarios and risks for senior management to enable understanding of risks and impact of controls over those risks and processes.
  • Experience of IT internal controls in a SOx environment with knowledge of SOx best practice and testing and reporting approaches.
  • Experience in internal or external audit, or other SOx testing of IT processes, and able to identify control gaps, provide recommendation to address the issue and conclude testing results independently.
  • Experience in managing diverse teams of SOx testers, including active coaching and providing constructive feedback in completion of SOx testing.
  • Effective verbal and written communication skills with the ability to articulate control issues, risk, impact and recommendations to management.
  • Organised and structured day to day working style with the ability to effectively multi-task.
  • Knowledge of BAT’s Internal Audit approach, including testing and reporting practices, and how it can be applied to Business Controls work is preferred.


Working Relationship


  • Align BCT activities with the review activities of other BAT departments, e.g. other Line of Defence Teams including Compliance, EH&S, Global Security, IT Services Risk & Controls, IT Security, and Internal Audit.
  • Promotes an awareness of risk management and control practices and builds effective working relationships.
  • Provides advice, guidance and feedback in the areas of risk management and internal controls.


External Auditors:

  • Alignment of BAT SOx testing with external audit test schedules and test plans
  • Respond to queries and requests for information and support the external audit activity.


SOx Third Party Support:

  • Liaison with and management of third-party SOx testing staff.



British American Tobacco is one of the world’s leading multinational companies, with brands sold in over 200 markets, made in 44 factories in 42 countries.

We are proud that we are consistently among the top 5 companies on the London Stock Exchange.

Our portfolio includes our world-famous Global Drive Brands – Dunhill, Kent, Lucky Strike, Pall Mall and Rothmans – along with many other leading international brands, such as Vogue, Peter Stuyvesant and State Express 555.

Alongside our traditional tobacco business, we are also developing products that offer consumers potentially less risky alternatives to regular cigarettes. Our Next Generation Products are already leading the way in the Industry of vapour and tobacco heating devices. We continue to develop a solid portfolio of consumer solutions which already include well known global brands like Vype, glo and Voke.

Contractual Legal Entity: BAT Aspac Svc Centre S.B. (MY51)

Apply now »