Manager Systems
Resume:
ARIEL L. GARCES, CISA, CPA
The Malayan Plaza, ADB Avenue, Ortigas Center, Pasig Metro Manila
PHILIPPINES 1600
Mobile no. +63-917-***-**** Email:
***********@*****.***
_
CAREER SUMMARY
20+ years experience in internal audit, risk management and compliance,
mostly in the financial services industry in the Philippines, Saudi Arabia
and United Arab Emirates. Specialization in Information Systems Audit
(CISA certified in 1994). Certified Public Accountant (CPA certified in
1986 - 8th Placer, October 1985 CPA exams). Magna Cum Laude - 1985,
University of the Philippines, Diliman QC, B.S. Business Administration &
Accountancy.
_
Date: May 2009 - Present
Position: Vice President, Head of IT / Operations Risk Management
Organization: Asia United Bank (Pasig City, Philippines)
Asia United Bank (AUB) started operations in 1997 and has become one of the
fastest growing commercial banks in the Philippines. Mr. Garces joined AUB
as Head of IT / Operations Risk Management. In this post, he is
responsible for developing and implementing the Bank's IT & Operations Risk
policies and procedures. He recently developed the IT Risk Management
manual of the Bank which provides the practical guidance necessary for
assessing and mitigating risks identified within the IT systems to better
manage IT related business risks. He initiated the development and
implementation of Key Risk Indicators (KRIs) and Risk & Control Self
Assessments (RCSAs) in the various operating units of the Bank. He is also
involved in the development of the Bank's Internal Capital Adequacy
Assessment Process (ICAAP).
Date: October 2006 - January 2009
Position: Vice President, Offshore Regulatory Compliance Officer
Organization: Citibank N.A. (Quezon City, Philippines)
Citibank is the largest foreign financial services organization in the
Philippines. It has been voted the Best Consumer Bank in the Philippines
for two years (2006 and 2007) in row by the Consumers League of the
Philippines. Citibank Philippines is the single largest credit card issuer
in the Philippines. Mr. Garces joined Citibank Global Consumer Group (GCG)
in the Philippines as Vice President - Offshore Regulatory Compliance
Officer. In this post, he is responsible for ensuring compliance of third
party service providers of Citigroup US businesses with Citigroup policies
and standards, US and local legal/regulatory requirements.
Key achievements included:
> Developed a comprehensive review program for Philippine vendors of US
Citigroup businesses
> Established relationships with key vendor officers and staff for the
continued compliance of vendor operations with Citigroup standards, US
and local regulations
> Developed Compliance & Control Best Practices note which was circulated
across vendors in the Philippines and India to ensure consistency in
policies and procedures across offshore vendors
> Developed Offshore Compliance Unit's Compliance Manual to document the
team's compliance methodology and processes
Date: September 2003 to October 2006
Position: Assistant Vice President, IT Audit
Organization: ABS CBN Broadcasting Corp. (Quezon City,
Philippines)
ABS-CBN Broadcasting Corporation (ABS-CBN), a Philippine multi-media
conglomerate, is the country's largest television and radio broadcast
company. It was founded on June 13, 1946, becoming Asia's first commercial
television broadcaster. It is part of the Lopez Group of Companies. It
also broadcasts content to the rest of the world through The Filipino
Channel. In September 2003, Mr. Garces joined the Communications Group -
Audit as Head (AVP) of IT Audit for ABS CBN Broadcasting Corp., SkyCable
and Bayantel. As Head of IT Audit he managed a team of IT auditors that
conduct installation, application, systems development, pre-implementation
and other special reviews of computerized systems in the said companies.
Key achievements included:
> Integrated the conduct of IT audits with the Financial/Operations Audit
Team to ensure complete coverage of auditable areas and eliminate
duplication of audit efforts
> Pioneered the use of Computer-Assisted Audit Techniques (CAATS) in the
performance of IT, financial and operations audits through the purchase
of ACL (Audit Command Language) and training of IT, financial and
operations auditors on the use of said audit software
> Initiated the early involvement of Audit in the review of systems under
development to ensure that controls are properly embedded into systems
that are being developed
> Established good working relationships with key officers and staff of the
companies covered under the team's audit mandate
Date: January 2000 to August 2003
Position: Senior Computer Auditor (Manager level)
Organization: Riyad Bank (Riyadh, Saudi Arabia)
Riyad Bank is one of the largest financial institutions in Saudi Arabia,
with a strong and growing corporate and retail banking franchise. The bank
has emerged as a lead financier, arranging and participating in a flow of
syndicated loans in the oil, gas, petrochemicals, power and water sector,
including some of the kingdom's most notable infrastructure and
construction projects. In 2000, Mr. Garces joined Riyad Bank as Senior
Computer Auditor. In this post, he performed reviews of systems development
projects relating to debit/credit cards, ATM systems, loans and credit
systems, payments and funds transfers, and financial systems. He also
developed specifications for the use of computer-assisted audited
techniques (primarily via ACL) which would facilitate financial and
operational audits of various banking products and services. Mr. Garces is
regarded as a key member of the audit team of the Bank because of his
highly integrated audit skills. He could perform high quality financial,
operational and systems audits.
Key achievements included:
> Represented Internal Audit in a special project team that studied the
implementation of new IAS standards, particularly IAS 39, in the bank
> Supported the financial/operations audit team by performing process
reviews of various areas outside the scope of IT audit work
> Lead a special investigation of the Bank's long outstanding balances in
suspense accounts which arose after performing an audit of the General
Ledger system
> Pioneered the use of computer-aided software (ACL) in the performance of
financial, operations and IT audits
> Represented the Audit Team in various committees of systems that were
being developed to ensure compliance with required standards and controls
are incorporated in the design of new systems
Date: July 1997 to January 2000
Position: IT Audit Manager (Senior Manager level)
Organization: Jardine Davies, Inc. (Makati City, Philippines)
In 1997, Mr. Garces joined the Jardine Davies Group of Companies, a highly
diversified group involved in the marketing of agricultural chemicals,
building systems, sugar milling, transport, shipping and real estate. As
the I.T. Audit Manager, he set up the computer audit function within the
group's internal audit department. He pioneered the integration of systems
audit with the financial/operations audit in the group. He was heavily
involved in the review of existing computerized systems for Year 2000
compliance and business continuity plans of the group's various business
units.
Aside from reviewing existing applications, Mr. Garces participated in
reviewing proposed software applications prior to acquisition to ensure
adequacy of controls in the design of systems being evaluated. Mr. Garces
also performed installation reviews of the group's various computerized
environments operating on Novell and Windows NT client-server platforms, as
well as Unix-based systems on the IBM RS6000.
Key achievements included:
> Integrated the conduct of IT audits with the Financial/Operations Audit
Team to ensure complete coverage of auditable areas and eliminate
duplication of audit efforts
> Trained financial and operations auditors on basic IT audit techniques
(e.g. access, application, input and output controls) to eliminate the
need to hire additional IT auditors
> Pioneered the early involvement of Audit in the review of systems under
development to ensure that controls are properly embedded into systems
that are being developed
Date: January 1995 to February 1997
Position: Senior Information Systems Auditor
Organization: Emirates Bank International (Dubai, United Arab
Emirates)
In 1995, Mr. Garces joined Emirates Bank International, one of the top
three commercial banks in the UAE with assets over US$4 billion as of 1995,
as Information Systems Auditor. In this position, Mr. Garces performed
reviews of the ITN (Information Technology) department of the Bank to
ensure compliance with company standards in the following areas: logical
and physical security of systems and data processing facilities, computer
operations and administration, systems acquisition/development and
maintenance, contingency planning and disaster recovery. He was involved in
the review of the quality assurance procedures of the bank's information
processing activities in various platforms: AS/400 models 320 and 310
running under OS/400 ver. 3.1, Tandem CLX-R (for ATM/POS networks) running
under Guardian 90, as well as local area networks on Windows NT 3.5 and
Novell Netware 3.12 and previous versions.
He evaluated and developed computerized audit software to assist
financial/operations auditors in the conduct of their reviews. Mr. Garces
is familiar with ACL (Audit Command Language), IDEA (Intyercative Data
Extraction and Analysis) and PANAudit/Easytrieve Plus.
He was involved in reviewing systems projects at the development stage to
ensure compliance with life cycle standards. In the last quarter of 1996,
Mr. Garces reviewed the bank's compliance with the newly implemented PIN
security standards launched by VISA International.
Mr. Garces was also primarily responsible for the review of existing
business applications such as Base 24 ATM/POS, Cardpa/400, Kapiti/Equation,
and the New Cash card system, the first multi-purpose smart card
application launched in the Gulf.
Key achievements included:
> Used his programming experience to develop automated retrieval programs
that were used by financial/operations auditors when conducting branch
examinations
> Trained financial and operations auditors on the use of automated
retrieval programs for branch audits which resulted in significant
reduction of audit fieldwork time spent at the branches
> Developed and maintained the server of the Audit Team which ran daily,
weekly and monthly programs to routinely select transactions and samples
to be used for regular financial and operations audits
Date: June 1992 to December 1994
Position: EDP Audit Supervisor
Organization: Philippine Commercial & International Bank
(Makati City, Philippines)
In 1992, he joined the Philippine Commercial & International Bank (PCIB),
one of the top 5 commercial banks in the Philippines with over 250 branches
nationwide, as Audit Supervisor for the newly created EDP Audit Division of
the bank. In this capacity, his worked focused more on acting as consultant
on the control aspects of systems under development by reviewing
requirements/design documents and evaluating the adequacy of test plans and
results. At the same time, he supervised the reviews of existing
computerized applications (e.g., online tellering systems, ATMs, consumer
loans, credit card systems) and data processing operations in the IBM 9030
(MVS-ESA) environment. He was also involved in investigating computer-
related frauds.
Key achievements included:
> Pioneered the early involvement of Audit in the review of systems under
development to ensure that controls are properly embedded into systems
that are being developed
> Provided support to branch auditors by providing them advice on audit
findings that were related to or were caused by errors or weaknesses in
applications systems being used at the branches
Date: June 1989 to May 1992
Position: EDP / Operations Auditor
Organization: Cityrust Banking Corporation (Makati City,
Philippines)
In 1989, Mr. Garces joined Cityrust Banking Corporation as EDP/Operations
Auditor. At this post, he performed audits of the bank's retail branch
operations and computerized systems. Using his experience as an
analyst/programmer, he developed the bank's computerized audit retrieval
programs which facilitated the conduct of branch and head office units'
examinations.
Key achievements included:
> Used his programming experience to develop automated retrieval programs
that were used by financial/operations auditors when conducting branch
and head office units' examinations
Date: November 1985 to May 1989
Position: Audit Staff I/ Technical Staff I, II
Organization: Sycip, Gorres, Velayo & Co (Makati City,
Philippines)
Mr. Garces started his professional career with Sycip, Gorres, Velayo (SGV)
& Co. (an affiliate of Arthur Andersen & Co.) in 1985 as staff auditor
where he was exposed to external audit assignments covering organizations
in the banking, manufacturing and trading industries. Due to his desire to
learn more about the growing field in computers, he transferred to the
Management Services (Consulting) Division of the said firm in 1986 as
technical staff assistant. In this position, he was exposed to systems
development jobs as programmer initially (in mainframe COBOL and Dbase
III), and systems analyst later on. During this time, he was exposed to the
structured systems methodology used by Arthur Andersen called Method/1. He
underwent Arthur Andersen based training such as Computers in Our Practice
School (Cobol programming), Business Practices School (BPS) and Systems
Installation (SI) School (for systems analysis).
PROFESSIONAL QUALIFICATIONS
Certified Information Systems Auditor (CISA cert. No. 9414052), after
having passed the CISA examinations in June 1994 on his first attempt with
a total score of 84, and having complied with the work experience and
educational requirements.
Director for Membership (1999), Information Systems Audit & Control
Association (ISACA) - Manila Chapter.
Member of the Institute of Internal Auditors (IIA) - Philippine Chapter.
Certified Public Accountant (CPA) under Philippine laws after having passed
the local licensure examinations in 1985 with a rating of 90.29% which
ranked him eighth (8th) out of over 12,000 candidates who sat for the
examinations, of which only around 2,000 candidates passed.
PERSONAL DETAILS
Nationality: Filipino
Marital Status: Single
Address: 184 Int. Capt. Roja St., Addition Hills, San Juan Metro Manila
Philippines 1500
Contact Details: Manila Tel: + 63 2 7243296
Manila Mobile: +63-917-*******
Education: 1980 - 1985, University of the Philippines, Diliman,
Quezon City
Philippines
Bachelor of Science in Business Administration &
Accountancy
Magna Cum Laude
Workshops / Training: Available upon request
Contact this candidate