Manager Project
Resume:
SURESH VAT, CPA, CGMA
SUMMARY
Highly organized IT auditor entrusted with multi-system SOX, ICFR, and SAS70/SSAE16 projects, with a reputation for adept leadership of business-to-IT process and rapport with business executives. Certified Public Accountant (CPA-US) candidate and top-ranked IT audit consultant skilled in connecting business requirements to IT/audit needs.
SOX Compliance: Executed SOX readiness audit within IT operations, Change Management, Physical/Logical security and End User Computing System for Global corporations, financial institutions and big 4 audit firm by documenting, testing, remediating and reporting on Internal Control over financial reporting (ICFR).
Big 4 Advisory: Developed understanding of the key topics around risk, compliance, governance, process management, business and financial performance and the core Advisory approaches relating to them.
Risk Mitigation: Optimized protective measures during SOX implementation and readiness projects, recommending additional processes and remediation controls.
SAS70/SSAE16/SOC1/SOC2 Audits: Provided thought leadership, cultivating trust among IT and business staff as go-to resource for audit questions and recommending testing alternatives to uncover areas of risk and vulnerability.
Financial Accounting: Hands on with the financial accounting process including, GL, AR, AP, Income statement, Balance sheet, Fixed assets, Month-Quarter-YE closing process, Financial analysis, Budgeting, Planning and Reporting process, with top notch Business analysis skills.
Team Building: Supervised, guided, mentored and coached team members for excellence in efficiency, team effort and output.
Client Focus: Retained corporate businesses through effective exit interview strategies, providing value added recommendations and suggestions for process improvements and positive client feedback from quality deliverables.
PROFESSIONAL EXPERIENCE
EXL SERVICE, JERSEY CITY, NJ 5/2017 - PRESENT
E&Y-Pfizer, New York, NY
Corporate Audit - (Contract) - SAP in Production Audit (IT General Controls SOX)
Executed audits in accordance with Pfizer Global auditing standards and guidelines, and within prescribed time, budget and scope parameters.
Scheduled Business Process Owner (BPO) interviews, documented current processes, analyzed gaps and deviations to internal control processes.
Prioritized the controls for testing and identified best practice opportunities and benchmark improvements.
Assisted Pfizer’s Corporate Audit with the development of audit work programs and testing procedures relevant to risk and test objectives.
Scheduled and lead walkthroughs for the SOX in-scope controls testing with the BPOs.
Re-defined the testing approach for changes in control activities since previous annual audit.
Documented test results and recommended additional/mitigating controls for failed tests.
Provided timely responses to external audit queries and helped auditors complete their annual SOX testing.
JOHNSON & JOHNSON, New Brunswick, NJ
Corporate Internal Audit-SAP (Contract) - IT General Controls & SOC2: SAP Change Management / SDLC
Executed audits in accordance with established Johnson & Johnson audit standards and related guidelines, and within prescribed time, budget and scope parameters.
Assisted management with SOC2 audit, identified, documented and reported gaps and process improvement opportunities for Johnson & Johnson critical outsourced services, like Data center operations.
Scheduled SME interviews, documented processes, analyzed gaps
Reviewed Section 3 of the SOC reports from the vendor
Actively participated in risk assessments, scoping, and planning activities for internal audit projects and assurance activities.
Assisted with the development of audit work programs and testing procedures relevant to risk and test objectives.
Conducted IT operational and business process reviews within relevant SAP platforms under Johnson & Johnson global operations.
MORGAN STANLEY, New York, NY
Wealth Management Technology Audit (Contract) - ITGC & SOC1 - APPLICATION & ACCESS CONTROLS
Executed audits in accordance with established Morgan Stanley standards and within prescribed time, budget and scope parameters.
Evaluated, tested, documented and reported on SOC 1 compliance and ensured Morgan Stanley’s service providers managed data integrity, availability and security supporting the ICFR controls.
Consulted and engaged subject matter experts from other IT Audit groups and identified objectives for the process, system or department being evaluated.
Worked with the Audit Manager/Senior Audit Manager and VP Technology audit to coordinate audit review, reporting and closure processes.
Developed strong understanding of current business risks to adequately assess business impacts.
Executed audit steps and ensured completion of documentation of audit work in a clear, concise, logical manner as required by Morgan Stanley methodology.
Took ownership of audit findings follow-up and closure verification process, working with auditees to make sure finding resolutions milestones are met.
CONTROL SOLUTIONS INTERNATIONAL, NEW YORK 12/2004 – 3/2017
TREASURY BOARD SECRETARIAT (OPS - Ontario Public Service), Toronto, ON
Sr. IT Audit Specialist (Contract)
WIN (Worker Information Network) PeopleSoft 9.0 upgrade to version 9.2 & Data migration:
Provided consulting to Project team based on Ontario Government's Information and Information Technology Strategic Planning and Systems Development Methodology for WIN (Worker Information Network) PeopleSoft 9.0 upgrade to version 9.2 & Data migration.
Reviewed ministry’s Systems and Information Technology policies and procedures.
Reviewed and applied ministry’s risk-based approach to the phases of the project and evaluated effectiveness of risk management, communications, internal controls and project governance.
Provided independent assurance to management with regards to PeopleSoft upgrade over material risks to the project in terms of budget, timelines, quality, security and data integrity.
Represented Ontario Internal Audit Division (OIAD) and provided independent, objective and quality assurance to the Audit Committee for PeopleSoft upgrade and data migration with regards to data integrity, availability and security during migration and upgrade process as per Board-approved Enterprise Risk Management Policy.
PwC, Toronto, ON
IT Audit-Senior Associate (SOX) (Contract)
External Audit: ITGC controls testing for key financial SOX applications for Royal Bank of Canada (RBC)
Assessed financial and operational risks and prioritize areas of focus based on the preliminary risk assessment.
Applied top down, risk-based approach to the review.
Identified the need for and document policies, internal controls and procedures.
Identified objectives for the process, system or department being evaluated.
Evaluated internal controls from a design and operating effectiveness perspective and document test procedures and results.
Identified causes and contributing factors relating to deficiencies in processes.
Prepared audit reports detailing observations, risks and recommendations.
E&Y (TD Canada Trust, Toronto, ON)
Finance Internal Auditor (SOX) (Contract)
External Audit: Conducting process narrative walkthrough for E&Y statutory audit (SOX) certification
Executed annual operational audits in accordance with established standards and prescribed time, budget and scope parameters.
Evaluated the effectiveness of controls implemented within finance and other corporate groups.
Contributed to the completion of the overall audit process, including identification of risks and controls, scoping, development and application of appropriate audit programs, on-going client communications, reporting, and post-audit procedures.
Presented objective and independent conclusions regarding the adequacy of internal controls in accordance with audit standards.
Executed the follow-up of findings arising from internal audits within established standards and timelines.
Maintained open and transparent communications process with the business during and after audit fieldwork.
KPMG, Toronto, ON
Audit Specialist (Contract) - ITGC AND SOC 2
External Audit: Conducting process narrative walkthrough for statutory audit (SOX) certification
Reviewed, evaluated and executed SOC 2 testing for KPMG annual compliance certification as they relate to security, availability, processing integrity, confidentiality, and privacy of a system
Evaluated internal controls from a design and operating effectiveness perspective and document test procedures and results.
Assess financial and operational risks and prioritize areas of focus based on the preliminary risk assessment.
Identify the need for and document policies, internal controls and procedures.
Identify objectives for the process, system or department being evaluated.
Identify causes and contributing factors relating to deficiencies in processes.
Prepare audit reports detailing observations, risks and recommendations.
E&Y (CIBC, Toronto, ON)
Audit Consultant (Contract)
External Audit: Conducting process narrative walkthrough for statutory audit (SOX) certification
Reviewed the process narratives for Change Management, Logical Access, and IT Operations.
Evaluated the design and operating effectiveness of key controls.
Identified redundant processes and controls with a view to increase speed and operating efficiency.
Evaluated open gaps and deficiencies and suggested recommendations to address through existing (mitigating / compensating) controls.
CHIEFTAN METALS, Toronto, ON
Internal Controls Specialist (Contract)
Migration from COSO 1992 to 2013 framework: Recommended new processes and Internal Controls to comply with COSO 2013 framework
Reviewed the process documentation and related Financial/IT controls matrix and mapped to COSO 2013 framework.
Evaluated the controls for compliance with COSO 2013, identified gaps/deficiencies and recommended remediation measures to mitigate risk and ensure compliance with COSO 2013 framework.
Documented the process narratives based on the recommendations formally approved by Chieftan and modified the controls matrix to reflect the updated process.
Reviewed and validated the Budget Management process narrative, identified and documented the key control, control objective and designed a uniform controls matrix.
WOLSELEY CANADA, Burlington, ON
IT Auditor (Contract)
Provided value added suggestions to IT processes to facilitate fast and efficient internal/external audit requirements
Lead IT controls testing in time for external audit readiness for SOX-404 compliance and certification.
Tested and validated ITGC controls, Application controls and Access controls.
Documented testing results and updated the control governance templates.
Opened GAPs for control weaknesses and failed test results and suggested remediation and improvement measures.
Identified opportunities to mitigate the risks to the Business and suggested improvements in processes and controls.
Facilitated external audit and assisted with the timely completion of annual audit and SOX certification testing.
(OPS) MINISTRY OF SOCIAL WELFARE, Toronto, ON
Financial Analyst (Contract)
Assisted with Budget/Forecast planning and revisions.
Conducted monthly meetings with Managers for variance explanation in their respective score cards.
Allocated monthly salaries to cost centers based on Headcount/FTE ratio.
Provided month end accruals to GL accountant for entry in the system.
Assisted with LE update and reasons for deviation from budget.
Used Vlookups, Pivots and advanced logical formulas to generate reports in excel for managerial decision making and cost center performance evaluations.
SHERIDAN COLLEGE, Oakville, ON
Financial/Audit Analyst (Contract)
Ensured compliance with Sheridan college policies and procedures.
Tested and validated internal controls and general computing controls.
Identified gaps and control weaknesses and suggested remediation.
Assisted internal and external auditors with periodic testing of key financial systems and process.
Evaluated internal controls design adequacy to address the risk arising from changes in the system, process and applications.
BRENNTAG CANADA, Toronto, ON
Inventory Control Analyst (Contract)
Handled key inventory tasks and monitored for inventory discrepancies.
Entered parts information into SAP.
Maintained and updated SAP based inventory tracking system.
Ensured parts and materials are stowed in proper locations.
Generated inventory reports for various plants in SAP.
Reported materials and pricing to accounting and ensured current costs are used in billing.
Reported on any required materials delays and expedited deliveries as per acceptable standards and procedure.
Scheduled production orders for the plants in the system.
Prepared POA (Purchase Order Approval) in SAP system. Submitted the POA for approval based on SAP configuration for stock turnover & ROI
Provided support to Sales & Customer Service team by making available stock in SAP.
Liaised with the Product Coordinators for procurement and stock transfers Analyzed inventories and calculated ROPs (Reorder Points) taking into account seasonality and other strategic requirements.
Worked closely with Product Group to establish contingency plans for hard to manage products, material shortages, slow moving and/overstocking and in conjunction with other identified roles.
GTAA, Toronto, ON
IT Business Process Analyst (Contract)
Reviewed PwC’s IT & Bill 198 (NI 52-109) documentation for GTAA’s Revenue & Billing process.
Reviewed GTAA’s current process documentation and practice for:
Revenue generation process from various revenue streams
Revenue recognition process in Oracle Financials
Accounts receivable & application of customer credit
Resolution of disputed billing process
Confirmed through Subject Matter Expert (SME) interviews, the above process in practice.
Assessed the adequacy of existing controls vs risk.
Identified and documented both manual and automated key controls that addressed the inherent risks.
Modified the relevant areas that had the gaps and deficiencies within GTAA’s Revenue & Billing Process documentation.
Conducted and exit interview with the Controller & Accounting Manager and apprised them of scope for further improvement in addressing the risk to Controllership objectives in particular.
GLOBAL ERP SOLUTIONS, Brampton, ON
IT RISK & COMPLIANCE (UNIMARK REMEDIES) (Contract)
Performed SOX compliance testing to ensure:
System Security
Change Management
Reviewed SAP Security Policies and Procedures.
Reviewed the SAP system security test procedure controls matrix.
Reworded the control objectives based on CobIT framework and rewrote the controls matrix.
Performed Operating Effectiveness Testing (OET) and documented the test results and deficiencies.
AVIVA CANADA, Toronto, ON
IT RISK & COMPLIANCE SPECIALIST (Contract)
Reviewed the overall IT SOX scoping documentation and standard set by Aviva UK.
Reviewed the current process documentation and practice for:
Change Management
Incident & Problem Management
Services Management (IT operations and SLA)
SDLC Process for development & implementation
Confirmed and documented through Subject Matter Expert (SME) interviews the process followed for above.
Identified the minimum key controls required by Aviva UK from the process documentations.
Developed Risk & Control Matrix (RCM) for the above processes.
Identified and documented gaps and deficiencies through operating effectiveness testing.
MANULIFE FINANCIAL, Toronto, ON
SR. IT Governance - Sox Auditor
Identified key controls using a top down risk model.
Followed up on unclosed deficiencies and gaps from previous audit.
Presented to the business units/clients the new risk-based controls testing
Reviewed client policy and procedure.
SOX certification testing and test results documentation.
Documented test plans and scripts; and performed operating effectiveness testing and documentation for:
Access Security, Development & Change, IT Operations
PwC, TORONTO, ON
SOX/BILL-198 IT Compliance Consultant (Contract)
Evaluated user/administrative access to UNIX platform.
Evaluated user/administrative access to Windows NT/2000.
Reviewed client policy and procedure.
Identified key controls through client interviews and documented the control process.
Evaluated key controls using CobiT and COSO frameworks.
Assessed the adequacy and design effectiveness of controls to address inherent risks.
Documented test plans and scripts; designed effectiveness testing and documentation for:
Computer operations
Change Management
IT security
Entity level controls
Application controls for JDE, PCC (sales), Empath (payroll)
Recommended design/control improvement for gaps and deficiencies.
RBC-ROYAL BANK, Toronto, ON
Sox IT Compliance Consultant (Contract)
Business process – Deposit Systems, Insurance, RBC Centura (US operations), Global Investments.
Identified key IT general computing and application controls, mapped to CobIT objectives.
Tested and documented IT general computing control effectiveness for: SDLC (System software) change management.
Conducted Operating Efficiency Test for Electronic Data Control Distribution (EDCD) in the presence of external auditors (D&T), as per RBC’s SOX testing methodology.
Documented the testing results in the areas of: Computer Operations; Backup & recovery; Physical & Logical security and Change Control, using Audit Pilot (Lotus notes document management software)
CP RAIL, Calgary, AB
SOX IT Risk & Compliance Consultant (ITGCC) (Contract)
Evaluated user/administrative access to UNIX platform.
Evaluated user/administrative access to Windows NT/2000.
Reviewed CP Rail’s Policies and Procedures.
Identified the control objectives according to CobiT and COSO frameworks.
Evaluated and analyzed the appropriateness and completeness of the test plan/scripts.
Re-wrote the test plan/scripts wherever appropriate.
Tested and documented the operating effectiveness of the controls.
Submitted to the SOX management, recommendations to close the control gaps.
Areas covered:
Acquire/develop application software
E-mail security
System security
SAP-Basis Security – Manage configurations
Project Senior (SOX) (Contracts) 12/2004 – 01/2006
Completed 12 projects for global corporations in the implementation, testing, remediation, and documentation of internal controls (IT) over financial reporting, in accordance with Sarbanes-Oxley and Bill 198 acts. Assessed existing internal controls over financial applications and IT operations, identified control gaps, and recommended control measures to mitigate the risks. Received compliments from the client and project manager for completion of the projects within the budgeted time line.
SOX CONTRACTOR (CANADA) 6/2004 – 11/2004
SOX IT Risk & Compliance Consultant (ITGCC) (Contract)
Provided IT SOX consulting on behalf of MLC Solutions Inc. Canada to Unimark Remedies, in the documenting of significant process narratives, testing IT general computing controls, documenting deficiencies and reporting to the client project manager.
Unimark Remedies (Pharmaceutical):
Performed the internal research and recommend steps needed to be positioned to comply.
Offered advice and recommendations to remediate any gaps or deficiencies.
Compiled information in a COBIT format of the IT General Computer Controls and Application Controls.
Performed testing for:
IT General Controls and Application Controls
Within the tests, documented the findings of the observed activity and evaluated:
Control Design Adequacy and Operating effectiveness
APPLICATIONS IDENTIFIED
Oracle Financial Suite; GL, Projects (Allocations), OPM (Oracle Process Management), Inventory, Supply Chain Management and LTA (Long Term Assets).
EDUCATION/ ACCREDITATION/AFFILIATION
ISACA (CISA) – Expected to complete in 2019
Certified Internal Auditor – Expected to complete in 2019-20
Chartered Accountant Reciprocity Examination (CARE) – Pursuing evaluation
American Institute of Certified Public Accountants – CPA and CGMA
SAP trained & certified Associate in FI (ECC 6.0)
Bachelor of Commerce (Accounting & Auditing), University of Mumbai, Mumbai, India
Contact this candidate