Karen Livingstone - CPA, CIA, CISA
Summary
Senior Compliance/Audit Professional with 15+ years experience in corporate
governance, risk mitigation and process improvement within the finance,
operations and information technology (IT) disciplines. Successful
project manager with a credible track record in cost reduction and process
improvement projects and strategies. Multi-industry experience facilitating
"best practices" knowledge. Exceptional communication skills with the
ability to affect change and work effectively with experienced leadership,
as well as direct and indirect reports.
Education
Master of Accounting/Management Information Systems (M.a.CC), Florida
Atlantic University, Boca Raton, Florida
Bachelor of Business Administration (B.B.A.), Florida Atlantic University,
Boca Raton, Florida
Industries Served
Technology, Retail, Insurance, Utility, Pharmaceutical, Aerospace,
Entertainment, Health Care, Financial Services, Manufacturing,
Publishing/Media, Public Accounting
Principal Areas of Practice
Information Technology/Processes Knowledge
Networking, IT Security, Disaster Recovery/Business Continuity, Change
Management, User Access Administration, Systems Administration, Storage
Management, Job Scheduling, Help Desk, Wintel, Unix (Sun Solaris, AIX,
HP/UX), AS/400, Perimeter Protection (firewall, router, IDS), Vulnerability
Assessment, Data Center Operations
Success Attributes
. Ability to negotiate and execute
. Leverage technology and compliance
. Cross functional collaboration/communication
. Articulation of complex ideas
. Continuous process improvement
. Management of people and processes
. Best practices
Professional Experience
Audit Director - HEICO Corporation, Hollywood, Florida (2005-2009)
A publically traded aerospace company with 34+ operating units located in
the U.S. and abroad
. Designed, executed and monitored all financial, operational and IT risk
mitigation activities for 34 domestic and international subsidiaries.
Scheduled all audits with corporate and subsidiary business unit
leadership considering peak financial reporting cycles and other needs
. Streamlined the risk assessment process by using relevant quantitative
and qualitative criteria (materiality, historical and forecasted
consolidated financial information, subsidiary line of business, high
growth, new systems implementation, complex accounting issues, and new
acquisition status) in accordance with regulatory guidance promoting the
use of a scaled scoping approach and reduced testing activities resulting
in a significant cost savings
. Recruited, hired, and mentored a team of professionals with skill sets,
competencies and capabilities required to achieve audit and compliance
activities removing reliance on third-party consultants achieving a cost
savings of $1.1M
. Educated and assisted new acquisitions with the development of financial
and IT-related policies, procedures, and processes aligned with corporate
requirements
. Partnered with senior leadership to develop and implement a rationalized
SOX internal controls framework in accordance with PCAOB No. 5 and SEC
guidance (prior to publication) resulting in a $1.4 M cost savings
. Partnered with external audit firm to successfully negotiate reliance on
the work performed by the Internal Audit function resulting in the
reduction of audit fees by one third/$300K
. Designed and assisted with the implementation of a formal Fraud
Management Program in accordance with regulatory guidance inclusive of
data analytics and consistent with authoritative guidance and external
audit requirements
. Selected, configured and trained internal staff, subsidiary unit
Controllers and external auditors on an audit/compliance software
solution automating all testing, remediation and documentation changes
increasing the overall ease and efficiency of the audit/compliance
process
. Developed and implemented a methodology to configure preventative
controls within the ERP system (aligned with financial and IT policies
and procedures) significantly reducing the amount of detective controls
tested
. Administered the anonymous Whistleblower Hotline and worked with general
counsel on issue resolution
. Managed the Internal Audit budget
. Provided regular reports to the Audit Committee on the company's system
of internal controls, significant audit recommendations and
investigations into fraudulent activity
Executive Director - Enterprise Risk Management Inc., Coral Gables, Florida
(2002-2005)
A professional services firm offering audit, security and regulatory
compliance services
. Developed and managed practice for the outsourcing of financial,
operational and IT and compliance audits for numerous public and
financial services organizations
. Performed compliance audits at numerous financial institutions with
regard to FFIEC, OCC, BSA, GLBA, PCI and Basal II regulations
. Developed and managed the practice for the provision of SAS 70 services
. Supervised, trained and evaluated the performance of internal project
consultants
. Performed and managed SOX compliance activities focusing on the
identification and mapping of key controls to control objectives and
financial reporting risks, as well as the development of financial and IT-
related policies and procedures for several manufacturing and financial
services corporations
. Performed and supervised numerous IT security audits inclusive of
perimeter protection devices (firewall, router, intrusion detection) and
database, operating and application systems for various clients
. Consulted (pre-implementation) and reviewed (post-implementation)
financial, process and IT security controls configured within differing
ERP systems
. Performed and managed multiple financial application controls reviews
including web-based e-banking and credit card processing systems
. Speaker for multiple professional associations such as the Internal
Auditors Association (IIA), the Information Systems Audit and Control
Association (ISACA), and the Florida International Bankers Association
(FIBA)
. Engaged in development activities and client proposal generation
Senior Integrated Audit Manager - Knight Ridder, Inc., Miami, Florida
(1997-2002)
Second largest publically traded media publisher
. Managed 50% of the integrated Internal Audit function reporting directly
to the Vice President of Internal Audit. Responsible for all phases of
risk assessment, planning, fieldwork and report generation for integrated
audits performed at properties located throughout the U.S.
. Reviewed and performed financial and operational audits
. Reviewed and performed IT general and application controls reviews
inclusive of physical security, program change controls, backup and
recovery, disaster recovery planning, system administration and multi-
platform security
. Managed the IT audit budget and assisted with the preparation of Audit
Committee meetings
. Consulted on the redesign of financial processes operating in a shared
services environment from both a control and operational efficiency
perspective
. Audited the implementation of new and/or modified computer systems to
ensure compliance with the SDLC methodology
. Managed numerous network security assessments utilizing both commercial
and shareware hacking tools and techniques to evaluate vulnerabilities
and risks associated with critical network devices
Senior Internal Auditor - Florida Power and Light Co., Miami, FL (1994-
1997)
Publicly traded Energy Company with presence in 27 states and Canada
. Responsible for performing financial, operational and IT audits over
various processes and utility-specific applications
. Participated as a team member on various system projects providing
consultation on system development lifecycle and internal control
requirements
. In-charged all audits (financial, operational, IT) for the Nuclear
Division and performed risk assessments with the division's President
Auditor - Arthur Andersen LLP, Miami, Florida (1992-1994)
Big 4 Public Accounting/Consulting firm
. Participated in the performance of financial audits with the financial
engagement team
. Performed general control reviews in support of financial audits for
several clients with varied IT environments
. Documented financial control processes in flowchart form using
transactional flow analysis
. Developed audit programs for the review of access control software
packages and operating systems with security features in the mainframe,
midrange and microcomputer environment. Trained clients' IT audit staff
on the audit, control and security of the OS/400 operating system
Associations, Memberships, and Volunteer Work
Instructed courses in Accounting and Auditing Information Systems at
Florida Atlantic University for several terms. Volunteer mentor for the
Women in Community Service (WICS) Program.
. SOX Stewardship (risk assessment, testing, remediation, reporting)
. SOX Rationalization/Cost Reduction
. Internal Audit Startup, Resource Alignment, Training
. Financial, Operational, IT Audit
. Fraud Management
. Continuous Monitoring
. Policy/Procedure Development
. Internal Control Framework Development
. Process Re-engineering
. Project Management
. Financial Application Systems Audit
. IT General Controls Audit
. Operating Systems Audit
. Firewall, Router Configuration Audit
. Financial Application Systems Design and Configuration
. Strategic Planning
. Disaster Recovery/Business Continuity
. SAS 70 Reviews
. GAAP, CAAS, COSO, COBIT, ERM, IIA, IPPF, ISACA, PCI, ITIL, PCAOB, FFIEC,
OCC, BSA, GLBA, Basal II
.