APU is seeking an experienced, independently driven Internal Audit professional to establish and lead the Internal Audit function as a senior individual contributor. Reporting directly to the Audit Committee, this is a high-visibility role that demands a practitioner who can operate with full autonomy - personally planning, executing and reporting on all internal audit activities across APU's financial, operational, IT, regulatory and compliance domains.
Key Responsibilities:
1. Annual Audit Planning & Risk Assessment
- Develop, maintain, and execute a risk-based Annual Internal Audit Plan spanning financial, operational, compliance, IT, and education-sector regulatory domains.
- Maintain the Audit Universe and continuously update audit risk ratings to reflect changes in APU's operating environment, regulatory landscape, and stakeholder expectations.
- Engage with the Audit Committee and senior management to align audit priorities with institutional risk appetite.
2. Audit Execution & Reporting
- Independently execute end-to-end audit engagements - process scoping, walkthrough interviews, fieldwork, control testing, working paper documentation, and report preparation.
- Prepare clear, evidence-based audit reports with risk-rated findings and practical recommendations for Audit Committee review.
- Track all audit findings and agreed management action plans to verified closure; escalate overdue or high-risk items to the Audit Committee without delay.
3. Regulatory & Compliance Audit
- Conduct structured compliance audits against APU's full regulatory and quality assurance framework, including:
- ISO 9001 QMS - process adherence, document control, corrective action closure, and SIRIM QAS certification maintenance obligations.
- QAA IQR standards - ongoing alignment with ESG benchmarks and mid-cycle review commitments.
- MQA / MOHE - programme accreditation status (COPPA/COPIA), student enrolment limits, Malaysian Qualifications Register (MQR) currency, and PHEI Act 1996 compliance.
- MDEC PDTI designation requirements.
- POPA 2010 - student and staff personal data handling, consent management, and breach notification controls.
- International student obligations - eVAL system, EMGS reporting, and Immigration Department requirements.
- Monitor, track, and verify the closure of all findings raised by external auditors, government authorities, and regulators - including MQA, MOHE, MDEC, LHDN, EPF, SOCSO, and any other relevant bodies.
- Maintain a centralised external findings tracker and provide regular closure status reports to the Audit Committee.
4. IT & Cybersecurity Audit
- Assess IT general controls (ITGC) - access management, change management, backup and recovery, and IT security governance.
- Evaluate application-level controls in student information systems, examination platforms, financial systems, and learning management systems.
- Investigate IT incidents and vulnerabilities, including root cause analysis of any unauthorised access attempts or threats to academic integrity systems (e.g. examination portals, student records).
- Identify and communicate systemic IT control weaknesses that could expose APU to security, data, or reputational risk.
5. Fraud Investigation & Special Reviews
- Lead or support fraud investigations, whistleblower referrals, and special reviews as directed by the Audit Committee.
- Apply forensic audit techniques where warranted; maintain strict objectivity, confidentiality, and due process throughout.
- Produce factual, evidence-based investigation reports suitable for board, regulatory or legal purposes.
6. Governance & Stakeholder Engagement
- Act as the primary internal audit interface with the Audit Committee - prepare and present all Audit Committee papers independently.
- Build effective, trust-based working relationships with the Vice Chancellor's office, CFO, Registrar, Head of IT and all relevant functional heads.
- Liaise professionally with external auditors, SIRIM, QAA assessors, MQA, MOHE, MDEC and other regulatory bodies as required.
- Contribute proactively to the continuous strengthening of APU's Governance, Risk and Compliance (GRC) framework.
Minimum Requirements:
- Bachelor's Degree in Accounting, Finance, or a related discipline.
- Minimum 12 years of progressive internal audit experience, with demonstrated full-scope coverage across financial, operational, compliance and IT audit.
- Proven experience working as a sole internal audit practitioner or individual contributor - personally owning the complete audit lifecycle from planning through to committee reporting.
- Hands-on experience in monitoring and verifying the closure of findings issued by external auditors, government authorities, and regulatory bodies.
- Solid understanding of quality management systems and regulatory compliance frameworks applicable to private higher education in Malaysia is an advantage.
- Strong command of written and spoken English; able to communicate complex findings clearly and concisely to board-level audiences.
Professional Certifications:
Chartered Accountant - MIA/ ACCA/ ICAEW/ CPA/ MICPA/ CIMA
Added Advantage:
- Familiarity with ISO 9001 internal audit principles or experience as an ISO QMS internal auditor.
- Knowledge of MQA, MOHE, QAA, or MDEC regulatory frameworks relevant to Malaysian private higher educational institutions (PHEls).
- Working IT literacy - sufficient to assess system architectures, access control configurations, and cybersecurity vulnerabilities and to engage credibly with technical teams.
- Proficiency in data analytics tools such as ACL, IDEA or Power Bl.
- CIA/ CISA/ CFE
We thank you for your application. Please note that only shortlisted candidates will be notified.
