Position Purpose: As an Internal Auditor, the role’s primary responsibility is to establish and execute an independent internal audit function in line with: ● CBK Prudential Guidelines (2021) ● CBK Risk Management Guidelines ● CBK Outsourcing Guidelines ● Institute of Internal Auditors (IIA) Standards ● National Payment System Regulations ● Data Protection Act, 2019 This role provides independent, objective and assurance services to add value and improve operations and risk posture. The Internal Auditor will report functionally to the Board Audit Committee and operationally to the CEO, and must maintain full independence from daily operations and control functions. Key Responsibilities: Reporting directly to the Head of Compliance & MLRO, the Internal Auditor will own a comprehensive set of duties spanning the four core mandatory Compliance obligations and extended compliance support: 1. Internal Audit Governance & Planning: ● Develop a risk-based annual internal audit plan, aligned with the company's strategic objectives and regulatory requirements. ● Obtain Board Audit Committee approval for the audit charter, scope, frequency, and resources. ● Maintain a clear, independent reporting line to the Board Audit Committee, with regular updates on audit findings and control weaknesses. 2. Audit Execution & Reporting: ● Conduct internal audits across all business units: operations, finance, technology, compliance, data privacy, merchant onboarding, and fraud management. ● Evaluate the effectiveness of governance, risk management, and internal control systems. ● Prepare clear, actionable audit reports, including recommendations, management responses, and timelines. ● Ensure follow-up reviews to track implementation of audit findings and regulatory observations. 3. Risk-Based Assurance: ● Align internal audit activities with the risk appetite, risk register, and regulatory expectations. ● Support early identification of control weaknesses, fraud indicators, and compliance breaches. ● Collaborate with the Risk and Compliance functions to avoid duplication and ensure holistic coverage. 4. Continuous Improvement & Advisory: ● Champion a continuous auditing approach using digital tools and audit analytics. ● Advise management on internal control design during product development, vendor onboarding, and system changes. ● Conduct special audits, fraud investigations, or advisory reviews as requested by the Board Audit Committee or CEO. Role Exclusions: To clarify the boundaries of the Internal Auditor role, the incumbent shall not: ● Engage in operational decision-making – The auditor must maintain objectivity and shall not participate in activities or decisions that may later be subject to audit or assurance reviews. ● Override established management controls – The auditor is not authorized to alter or bypass control procedures implemented by management unless formally requested to test or validate those controls under the approved audit scope. ● Assume responsibility for risk ownership – While audit findings may highlight control weaknesses or risk exposures, the responsibility for risk mitigation and operational response remains with respective departments and process owners. ● Disclose audit findings without clearance – All internal audit findings, working papers, and reports must be handled with strict confidentiality and only shared in accordance with the approved audit reporting protocols. ● Conduct unauthorized investigations – The auditor must operate within the bounds of the approved audit plan or formal management requests, and cannot initiate special reviews without authorization from the Board or Audit Committee. ● Audit outside their scope of competence – Where specialized technical knowledge is required (e.g., IT systems, cybersecurity), the auditor must seek expert support or escalate to the Head of Internal Audit for appropriate action. Requirements Education: ● Bachelor’s degree in Accounting, Finance, Audit, Risk Management, or related discipline. ● CPA, ACCA, or equivalent accounting certification is required. ● Professional audit certification (e.g., CIA, CISA, CFE) is strongly preferred. Experience: At least 3 to 5 years’ experience in internal audit, risk management, or compliance in a regulated financial institution (e.g., bank, PSP, fintech). Demonstrated experience in: ● Leading end-to-end internal audits, ● Evaluating internal controls and risk frameworks, ● Working with regulators or participating in regulatory inspections. Technical Knowledge: ● Familiarity with IIA standards, COSO frameworks, and risk-based auditing. ● Strong understanding of the CBK Regulatory Framework, especially for PSPs. ● Knowledge of data protection, anti-fraud, and financial compliance controls. ● Comfort with auditing digital platforms, payment systems, and IT environments. Skills and Attributes: ● Analytical Thinking: Able to evaluate risk exposure and control effectiveness using data and structured logic. ● Attention to Detail: Precise in documenting audit workpapers, findings, and conclusions. ● Professional Judgment: Demonstrates independent thinking, objectivity, and balanced risk assessment. ● Communication Skills: Strong report writing and ability to clearly communicate findings to senior executives and Board members. ● Integrity: Upholds strict confidentiality and ethical conduct in all audit activities. ● Critical Thinking: Proactively identifies emerging risks, control gaps, and improvement opportunities. ● Collaboration: Builds rapport across teams while maintaining audit independence. Key Competencies ● Analytical Thinking: Ability to objectively assess financial and operational data, processes, and controls to identify inconsistencies, inefficiencies, or non-compliance with policies and regulations. ● Attention to Detail: Maintains precision and accuracy when reviewing records, audit trails, risk controls, and compliance documents to ensure no critical findings are missed. ● Professional Skepticism: Demonstrates a questioning mindset when evaluating audit evidence, management representations, and control environments—ensuring conclusions are based on facts, not assumptions. ● Regulatory and Standards Knowledge: Strong understanding of internal auditing standards (e.g., IIA Standards), risk management frameworks, and regulatory expectations under the CBK guidelines and National Payment System framework. ● Communication Skills: Able to clearly document and present audit findings, risks, and recommendations to both technical and non-technical audiences in a concise and professional manner. ● Objectivity and Integrity: Upholds high ethical standards in conducting independent and unbiased audits, and maintains confidentiality when handling sensitive financial or operational data. ● Risk Awareness: Understands how audit observations link to broader business risks, compliance obligations, and control effectiveness—enabling actionable audit outcomes. ● Collaboration and Influence: Works well with cross-functional teams during audits, balancing assertiveness with diplomacy to promote adoption of audit recommendations without compromising independence.