WHAT DOES A CONTROLS MANAGER DO?
Published: August 20, 2024 - The Controls Manager is responsible for reviewing non-financial risk data and assessing its impact on the risk profile in CMB, including the identification of potential control weaknesses. This role involves conducting root cause analysis of issues and events to support resolution efforts and the development of additional controls. The manager also provides insights through management information and prioritizes material items for escalation to senior risk management meetings.
A Review of Professional Skills and Functions for Controls Manager
1. Controls Manager Responsibilities
- Training Program Implementation: Be responsible for the activities needed to ensure the implementation of an effective training program in the laboratory.
- Material Procurement: Ensure procurement of all related materials of the right quality on time to prevent any delays in analysis.
- cGMP Compliance Oversight: Perform oversight to ensure that analytical activities are performed according to cGMP requirements.
- Laboratory Operations Support: Ensure the availability of necessary equipment, tools, and materials for laboratory operations.
- Equipment Calibration and Maintenance: Ensure that equipment in the laboratory is calibrated, maintained, and periodically verified as per the pre-established plans/procedures.
- Document Review: Review the procedures, protocols, and other cGMP documents.
- Stability Analysis and Data Review: Ensure that the stability analyses, data review, and investigations on drug substance, and drug product are performed according to established methodology.
- Internal Control Positioning: Effectively position the Company’s internal control conclusions to internal and external auditors.
- Internal Control Training: Execute the development and delivery of internal control-related training for the business to build knowledge and understanding of risks and controls.
- Special Project Participation: Participate in special projects.
2. IT Internal Controls Manager Job Summary
- IT Knowledge Maintenance: Maintain knowledge of developments in the IT field that may have an impact on the company, the risk assessment, or the company’s audit methodology and procedures.
- IT Risk Identification: Proactively identify existing and emerging IT risks that may be of importance to the Company’s executive management and the audit committee.
- COSO/COBIT Compliance: Support compliance with the COSO/COBIT frameworks of internal controls for financial reporting.
- Risk Control Matrix Development: Develops and maintains the risk control matrix for each full-scope ICS entity.
- Onboarding and Training Plans: In conjunction with the Director, Internal Controls, develops comprehensive onboarding plans, training, and testing plans for new full-scope ICS entities as assigned.
- Audit Coordination: Liaisons with the Internal Audit team to promote efficient audits and coordination of remediation.
- ITGC Compliance Guidance: Integral team member guiding ITGC internal controls compliance throughout the US Field, US Manufacturing, and TKE international entities.
- ITGC Consultation: Assist in the consultation with members of business and IT regarding the purpose of testing ITGC, provide guidance on implementation of ITGC, and provide suggestions on how to improve their ITGCs.
- Project Status Communication: Communicate project status, concerns, or issues to Management on time.
- ITGC Evaluation: Evaluate IT general controls (ITGC) including information security, change management, security, computer operations, disaster recovery, and systems development life cycle (SDLC).
- Annual IT Risk Assessment: Perform an annual IT risk assessment to determine those IT risks to be included in the annual testing plan, as well as identify specific divisional/location IT risks and objectives.
3. IT Internal Controls Manager Details
- Automated Systems Controls Assessment: Document, assess, and evaluate automated systems controls including interface completeness and validity, authentication and authorization, and input/output controls to support the sensitivity of data and privacy.
- IT Controls Monitoring and Testing: Perform monitoring and testing of IT controls at the application, database, operating system, and process levels.
- Testing Documentation and Reporting: Document and report testing results with recommended best-practice solutions for issue remediation and provide necessary input to the ICS team in Germany.
- Risk Mitigation Recommendations: Develop recommendations to mitigate risks or correct control deficiencies or gaps.
- Risk Assessment Support: Assist in risk assessment and identification of significant gaps against best practices.
- Risk and Control Matrices Management: Work with process owners in the creation and maintenance of Risk and Control Matrices for processes identified through risk assessment.
- Process Reviews and Guidance: Work with business process owners in guiding the performance of semi-annual segregation of duties, user access reviews, and review of other high-risk processes.
- Control Descriptions Review: Review control descriptions, process narratives, and testing strategies for reasonableness and accuracy.
- Test Planning and Execution: Perform proper planning to execute the required test steps by established deadlines with minimal supervision.
- Task Prioritization and Feedback: Be able to prioritize assignments, apply sample size guidelines appropriately, and provide constant and clear feedback to management and process owners.
- Design and Operating Effectiveness Testing: Participate in design and operating effectiveness testing of in-scope processes/systems.
4. Senior Internal Controls Manager Duties
- Internal Control Design: Drive continuous improvement in internal control scoping and design such as accounting processes, payroll accounting, and procurement (P2P).
- Risk Identification: Identify and anticipate weaknesses and recommend solutions to mitigate issues and strengthen processes.
- Risk Management Improvement: Improve current risk management processes and align with Group and Divisional standards.
- Financial Impact Evaluation: Evaluate the potential financial impact of control deficiencies and develop risk mitigation strategies.
- Documentation: Develop and maintain clear and concise risk assessment and control documentation.
- System Automation: Identify opportunities to leverage systems and automation in a practical and value-added way.
- Trend Awareness: Stay current on evolving trends in internal control guidance and practice.
- Liaison: Serve as a trusted liaison for control owners, as well as for internal and external auditors.
- Control Assessment: Collect evidence and document assessment of key controls monthly.
- Control Optimization: Design and optimize internal controls associated with new business processes, system changes, new regulatory standards, and potential acquisitions to ensure the adequacy of controls while maintaining process efficiency.
- Communication: Communicate to Senior Management and Corporate office in Germany.
5. Controls Manager Accountabilities
- Quality System Development: Oversee the development, implementation, and sustainability of multiple manufacturing sites’ Quality Systems, ensuring multiple sites are following a unified Quality System.
- Quality Assurance: Ensure manufactured products meet set standards of quality, reliability, and performance by setting and implementing internal quality requirements to ensure company products meet customer expectations.
- Product Inspection: Manage the inspection and testing of products to ensure adherence to established quality standards.
- Goal Setting: Set goals, objectives, and daily directives for direct reports.
- Staff Development: Develop quality control staff job results by planning, monitoring, and appraising job results accompanied by coaching, counseling, and disciplinary action.
- Corrective Action Management: Initiate and manage corrective actions to improve compliance with quality specifications.
- Standards Establishment: Establish new or improved quality and reliability standards, control methods, and/or procedures to ensure an effective quality control process.
- Inspection Standards: Establish in-process and final product inspection standards by studying methods, and devising testing methods and procedures.
- Product Disposition Standards: Establish standards for the disposition of finished products by devising evaluation tests, methods, and procedures.
- Quality Policy Implementation: Design, implement, and maintain quality policies, specifications, procedures, manuals, and instructions to support business processes.
- Collaboration: Maintain product quality by enforcing quality assurance policies and procedures and requirements, collaborating with other members of management to develop new products, engineering designs, manufacturing, and/or training methods.
6. Controls Manager Functions
- Report Preparation: Prepare product and process quality reports by collecting, analyzing, and summarizing information and trends.
- Business Improvement: Lead and participate in business improvement efforts for the sites.
- Quality Control: Assess the implementation of Quality Control Plans, ensuring testing standards, procedures, and equipment provide reliable results and prevent shipment of off-quality products.
- Benchmarking: Benchmark quality programs against industry leaders and develop strategies to implement best practices, achieving world-class quality excellence.
- Audit Support: Support the manufacturing facilities during audits, tours, and onsite customer witness activities.
- Professional Development: Maintain professional and technical knowledge by participating in educational opportunities, reviewing professional publications, establishing personal networks, and participating in professional societies.
- EHS Compliance: Adhere to and promote the environmental, health, and safety policies of AFL.
- Operational Risk Support: Liaise with relevant stakeholders within Wholesale and other Global Lines of Business and Functions to provide Operational Risk support and guidance.
- Risk Communication: Ensure appropriate, timely, and relevant information is provided to senior management and the relevant Risk committees.
- Continuous Improvement: Assist with programs to prevent or eliminate defects/issues in new or existing products and drive continuous improvement programs for products, manufacturing, and business processes by leading and mentoring cross-functional teams using proven problem-solving techniques (Six Sigma, 8D, SPC, FMEA, 5-Why, etc.).
7. Project Controls Manager Job Description
- Project Control Systems: Refine and implement project control systems and procedures for the Construction phase.
- Baseline Scheduling: Establish baseline schedules and key performance indicators.
- Deviation Management: Ensure early identification and notification of deviations and variances to project baseline schedule and spending.
- Scope Management: Monitor and manage scope growth.
- Performance Reporting: Provide Project Team members with information and reports that support assessment of performance and help facilitate decision-making.
- Cost Control Collaboration: Collaborate with the Cost Control Manager on all estimating, cost management, and forecasting processes, including budgeting and forecasting, and ensure that cost, schedule, and progress processes are aligned and support earned value reporting.
- Earned Value Reporting: Implement earned value reporting and ensure that project planning and progress reporting processes are effective.
- Contractor Support: Support contractors and vendors in the implementation of project control procedures required by the project.
- Document Control: Oversee the implementation and maintenance of project document control systems and procedures.
- Risk Management: Act as a champion of the overall Enterprise Risk Management program through facilitated sessions, risk identification, and action follow-up and coordination.
- Project Reporting: Compile and contribute to weekly and monthly Project reports (written and PowerPoints) for internal and external use, and ensure reports meet required quality standards.
- Project Training: Provide project training for Project team members.
8. Business Unit Controls Manager Overview
- Audit Management: Management of external/internal audits and policy and procedure management
- Testing Script Development: Develop/Implement First Line of Defense “First Line” testing scripts to assess Servicing compliance with regulatory and investor requirements
- Testing Oversight: Ensure timely completion of First Line testing, identification of process deficiencies, and periodically report testing results to management
- Process Tracking: Track, monitor, report statuses, and validate the effective implementation of process changes required to address process deficiencies
- Audit Coordination: Manage and ensure timely completion of internal and external audits, including scheduling, provisioning documentation, exception management, and preparing audit responses
- Training and Performance Management: Ensure departmental training is completed, manage productivity and effectiveness, and ensure timely evaluation of team member performance
- Technical Writing: Provide technical writing support and management of Servicing Policies and Procedures
- Liaison and Support: Liaison between Compliance, Risk, Legal, and Operational areas to provide support for operational risk identification/management and control design
- Process Re-engineering: Team with staff to re-engineer internal processes as part of the digitalization and accounting transformation
- Audit Follow-up: Lead follow-up activities related to corporate internal audit findings, including supporting functional leaders throughout the organization
9. Controls Manager Tasks
- Risk and Control Culture: Create a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
- Due Diligence: Provide control-related due diligence to guide the Middle Office (Client Onboarding, Client Service, and Client Experience) business operations function to foster a proactive risk and control culture that leverages proven evaluation strategies and sound change management protocols.
- Emerging Risks: Identify and manage emerging risks via the Material Risk Inventory (MRI) framework.
- Controls Management: Primarily responsible for controls to minimize risks across Commercial Bank platforms and processes.
- Data Analysis: Review and analyze program-related data (e.g., KRI/KPI) to support business-related programs and strategies.
- Leadership Support: Provide leadership support for the end-to-end execution of the Risk and Control Self-Assessment, including control breaks and resolutions, to reduce financial loss, regulatory exposure, and reputational risk.
- Engagement: Engage with control colleagues across the firm, business, operations management, legal, compliance, risk, audit, regulators, and technology control functions.
- Operational Risk Framework: Understand and execute the JPMorgan Operational Risk Framework (CORE) effectively.
- Risk Expertise: Act as a point of expertise for operational risk, advising business partners and other functional groups on emerging and key risk trends, risk events and issues, Key Risk Indicators, and other metrics, risk identification, risk appetite, tolerance, and governance.
- Risk Assessments: Conduct regular Risk Assessments/Deep Dives for the Middle Office, identifying key risks and mitigation measures.
- Process Assessment: Independently assess operational processes, highlight risk scenarios/recommend solutions, and proactively manage risks resulting from industry regulatory and/or business decisions and strategic initiatives.
10. Controls Manager Roles
- Review Non-Financial Risk Data: Lead the review of non-financial risk data monthly and understand the changes and how they impact the risk profile in CMB, including changes to risks, controls, issues, losses, etc.
- Conduct Thematic Reviews: Conduct and support thematic review activity to ascertain potential weaknesses in the control environment.
- Root Cause Analysis and Control Resolution: Review issues and events for root cause analysis and understanding of any control deficiencies, then work with Risk Owners, Risk Stewards, and Control Owners to support resolution and agree on any additional controls.
- Management Information Development: Responsible for the development and analysis of management information providing insights to identify emerging issues that may impact the risk landscape and escalate as appropriate.
- Prioritize and Advise Material Items: Review, prioritize, and advise material items for escalation to senior risk management meetings, including Risk Management Meetings, Non-Financial Risk Management Board, and others.
- Support Read-Across Process: Provide support to the Wholesale Read-across process, proposing issues and events that require read-across and advising on potential impact to other jurisdictions.
- Develop Reporting and Dashboards: Lead the development, with the support of the Centre of Excellence team, of insightful reporting and dashboards.
- Enhance Risk and Control Library: Work alongside Global Operational Risk and Resilience and Risk Stewards stakeholders to develop and enhance HSBC’s risk and control library.
- Understand and Advise on Controls: Engage with the Risk Stewards and Control Owners to understand the actual controls that mitigate the most material risks impacting CMB.
- Control Advisory Support: Provide control advisory support across the various risk categories.
- Analyze Helios Data: Review Helios data to understand trends impacting the Wholesale business.