Frederick D. Cox, CISA, CIPP
DIRECTOR IT AUDIT / GRC / SAS 70
GRC TECHNOLOGY RISK MANAGEMENT TECHNOLOGY & SERVICE PROVIDER AUDITS
SOX 404 COMPLIANCE, AML & OFAC
EXECUTIVE PROFILE
Extensive experience in Technology Auditing, IT risk management, and Third Party controls, with twenty
plus years in technology audit for banks, financial institutions, retail, manufacturing, and government.
Proven ability to manage projects and instill confidence in technology internal controls by providing IT audit
solutions that are robust, cost effective and compliant with regulations. GRC/SOX Compliance Automation.
ORGANIZATIONAL CORE COMPETENCIES
Building Key Business Relationships Budgeting /Audit Cost Containment
Staff Development / Coaching Remediation Specification
Leadership and Teamwork Project Management
Presentation Skills and Communication Process Analysis
TECHNICAL CORE COMPETENCIES
Governance, Risk and Compliance Policy Creation TPA / SAS 70 control assessment
COSO / COBIT Enterprise Risk Management Framework Sarbanes-Oxley 404 Technology Audits
AML / OFAC / Know Your Customer (KYC) ACL Data Mining, Data Masking
SDLC Pre-Post implementation & Change Management W indows NT, AS400, UNIX, Nessus, NMAP
PROFESSIONAL EXPERIENCE
PRIVATE FIRM, WEST PALM BEACH, FL MARCH 2007 – June 2009
Internal Audit Manager – IT
Created firm wide internal control / GRC program, by creating a GRC Internal Control Risk Assessment.
Developed the audit plan to assess functionality and reliability of controls in the risk assessment. Created IT
and IT Security Policy, and policy for their 3 operating divisions and corporate functions.
FDC ASSOCIATES, LLC, (WWW.FDCASSOCIATES.COM) July 2006 - Present
A technology audit firm offering GRC solutions for IT-related corporate governance, risk assessments, audit
scope and planning, policy creation, gap analysis.
Chief Executive Officer / Founder
Founded a consulting firm for GRC based IT risk management technology and security audits. Audits
performed include: General Controls, Application Reviews and Type I & II SAS 70’s, SOX 404, GLBA,
AML/OFAC/KYC and state privacy and identity theft programs. Created risk assessments, (COSO, COBIT,
ISF, and BS7799 based) used for audit scope and planning, policy creation and gap analyses, for over 40
firms. Supervised five (5) full time consultants and oversee company financials, marketing and sales. Audits
of AS/400, Windows NT, Novell, Metavante & Jack Henry Access security reviews. Data Masking Projects.
Key Accomplishments:
Created multiple risk assessments used for internal audit planning and SOX compliance.
Achieved no material weaknesses for SOX clients, the work was relied upon by all Big Four firms.
Received Satisfactory or better ratings in IT for my clients, from the regulators.
9100 Quail Trail, Jupiter, FL, 33478 or 26 Remsen St. Valley Stream, NY 11580 abnoes@r.postjobfree.com 561-***-****
Frederick D. Cox 561-***-****) page 2
ACCUME PARTNERS, F ORT LAUDERDALE, FL AND NEW YORK, NY April 2000 – June 2006
A national CPA provider of governance, compliance and risk management.
Managing Director, IT Audit Services (May 2003 – June 2006)
Directed, planned, and managed all aspects of the IT Audit practice for the Florida office. Audit effort
included Risk assessment creation, GRC based SOX 404 reviews for over 40 firms. Third Party Controls,
SAS 70’s (Type II), IT General controls, / entity level control reviews. Managed a staff of fifteen to twenty
(15 to 20) professionals. Audits of AS/400, Windows NT, RACF. Multiple ACL Data mining projects.
Key Accomplishments
For regulatory institutions: achieved satisfactory or better ratings on audits for banks and financial
institutions 100% of time. For SOX clients: experienced no material weaknesses for my clients 100% of
time and the external auditors relied on our work.
For SAS 70 clients – Clean opinions achieved, and no concerns for all SAS 70 reports issued.
Brought budgeted 1500 man-hour SOX technology audit project to within 3 hours of budget.
IT Director (April 2000 – April 2003)
Responsible for project management to include: preparing/implementing risk assessments, creating annual
scope and plan for Audit Committee approval. Directed and supervised IT General Controls reviews,
application reviews, (including Fedline and AML / OFAC wire transfer reviews), network security reviews
and AML / OFAC / KYC and GLBA Privacy Act reviews. Managed a staff of eight (8) professional. Built
strong client, external auditor and regulator relationships.
SUMITOMO BANK LIMITED, T HE AMERICAS, NEW YORK, NY December 1997 – April 2000
Sixth largest bank in the world during this time.
Vice President and Project Manager, Year 2000 Project (Y2K) - February 1998 – April 2000
Managed the Y2K project for the Bank. Liaison between IT and Management to scope, and verify the
functionality of the Bank’s computer systems for the Y2K transition. Managed multiple Bank departments
(clients) needs and projects, integrating Y2K and regulatory concerns simultaneously.
Vice President and Technology Auditor - December 1997 – January 1998
Directed the Technology Audit program for bank operations in the Americas (North and South America),
including annual audit scope, planning, staffing and presenting audit reports to the Audit Committee.
Managed a staff of eight auditors in New York and two auditors located in Mexico City auditing operations
in South/Central America.
Key Accomplishments:
Achieved a satisfactory rating from the Federal Reserve Board for IT audits. (As their IT Auditor)
Performed a successful pre-implementation review of the Year 2000 Project.
Successful Year 2000 migration of Sumitomo’s computer platform. (As Y2K Project Manager)
BANK OF T OKYO-MITSUBISHI, NEW YORK, NY February 1997 – December 1997
Largest bank in the world during this time
Audit Technology Officer
Responsible for the management of a risk assessment methodology project to identify audit risks and
controls that mitigate these risks. Created a risk-ranked audit plan to assess the functionality of controls for
high risk items. Determined extent to which IT security measures safeguarded assets, and maintained data
integrity.
Key Accomplishments:
Performed global telecommunications network audits resulting in significant improvements to the
integrity of global telecommunications.
Successful project management of a firm-wide risk assessment documentation tool for self-assessment of
auditable entities.
Implemented AML program, including OFAC reviews.
9100 Quail Trail, Jupiter, FL, 33478 or 26 Remsen St. Valley Stream, NY 11580 abnoes@r.postjobfree.com 561-***-****
Frederick D. Cox 561-***-****) page 3
KFS COMMUNICATIONS, ST. T HOMAS, US VIRGIN ISLANDS November 1994 – February 1997
A marine telecommunications company providing communication services for freighters to call landlines.
Consultant
Project Manager responsible for: The integrity and privacy of the telecommunications network; Controls
over the interfaces between the public telephone systems and the KFS global ground station network.
Key Accomplishments:
W orked on service provider controls and network security reviews over single side-band (SSB) and
Satellite communications (Up Link & Down Link) networks.
SALOMON BROTHERS I NC., NEW YORK, NY March 1993 to October 1994
Wall Street investment bank founded in 1910; acquired by Travelers Group in 1998 (now Citigroup).
Senior Technology Auditor
Responsible for audits of front, middle and back operations, including derivative trading (CAPS, Floors,
Swaps and Options). Conducted IT audits of wire transfer and out-trading. Established data mining program
using ACL. Supervised two IT auditors.
Key Accomplishments:
Achieved improvements in wire transfer controls as a result of wire transfer audits (SWIFT/MERVA).
Improved out-trade controls: derivatives, trading floor controls, and confirms.
Provided auditing process to insure accuracy of wire transfers with a daily volume of $17 to $20 billion.
JP MORGAN, NEW YORK, NY September 1988 – February 1993
A leading financial services firm with one of the largest client franchises in the world.
Assistant Treasurer (formerly titled Technology Auditor Officer)
Responsible for audits/reviews in private banking, futures/options, and third party software, (McCormick &
Dodge) accounts payable, payroll, and general ledger. Performed additional third party reviews on
mortgage-backed securities vendor, (Cantor Fitzgerald) and Global Custody, using Dyatron’s International
Security Processing System. (ISPS). Supervised a staff of three IT auditors.
Key Accomplishments:
Achieved significant improvement in the internal controls over automated accounts payable and
controls over mortgage backed securities; improved controls of futures trading operations and clearing for
Futures and options (caps, floors, swaps and options).
DEPARTMENT OF THE NAVY, NAVAL STATION NEW YORK DECEMBER 1985 – August 1988
Manager EDP Auditing (UA-14)
Created a global Technology Audit Department from scratch for NAVRESSO. Received a Citation for
excellence from the GAO.
EDUCATION
Tulane Law School, Certificate in Corporate Governance
Carnegie-Mellon University, Pittsburgh, PA. Tepper School of Business, 1981-1982
University of California at Santa Cruz, Santa Cruz, CA. Bachelor of Arts in Economics and Bachelor of Arts
in Psychology
CERTIFICATIONS
Certified Information Systems Auditor (CISA); Certified Information Privacy Professional (CIPP)
CGEIT (Certified in Governance of Enterprise IT), pending.
PROFESSIONAL DEVELOPMENT
Tulane Law School – Corporate Governance, Federal Reserve Board Operations Risk Conference 2007-09,
Institute of Internal Auditors (IIA) Governance, Risk & Compliance Conference Aug 2008; SANS Institute Courses
ISACA North American Computer Audit, Control and Security Conference (CACS) May 2009
9100 Quail Trail, Jupiter, FL, 33478 or 26 Remsen St. Valley Stream, NY 11580 abnoes@r.postjobfree.com 561-***-****