Financial Reporting Internal Controls
Resume:
Varun K
************@*****.***
Over 9+ years of experience out of which 7+ years as an IT Auditor, specializied in SOX 404 compliance and Internal Control over Financial Reporting (ICFR).
Expertise in evaluating IT General Controls (ITGC) to ensure accurate financial reporting and mitigate security risks.
Well-versed in assessing and managing access controls to ensure proper segregation of duties and reduce unauthorized access risks.
Demonstrated ability to lead SOX 404 audits, ensuring compliance across critical areas such as logical access, change management, and information security.
Proficient in report drafting, ensuring clear and comprehensive communication of audit findings to stakeholders.
Adept at presenting audit results to senior leadership, providing recommendations to strengthen internal controls and mitigate risks.
Skilled in using GRC tools like Archer, SharePoint, ServiceNow, Audit Board, BOX, and OneTrust to streamline audit processes and track remediation efforts.
In-depth experience in configuration management, ensuring that systems are securely configured to meet compliance and regulatory standards.
Skilled in utilizing MS Suite (Word, Excel, PowerPoint) for report creation, data analysis, and presentation of audit findings.
Strong analytical and problem-solving skills, with the ability to assess the effectiveness of internal controls and recommend improvements.
Committed to continuous professional development, staying current with industry best practices and regulatory changes to ensure ongoing compliance.
Proven ability to manage complex audit projects, ensuring that all objectives are met while maintaining a high level of quality and efficiency.
Technical Skills
Data Analysis
Proficient in analyzing large datasets to identify trends, anomalies, and areas of concern, using tools such as Excel and SQL.
Financial Reporting
Expertise in preparing and reviewing financial statements and reports to ensure accuracy and compliance with regulatory standards.
Financial Analysis
Skilled in performing detailed financial analysis, including profitability, liquidity, and solvency assessments.
Financial Accounting
Strong understanding of accounting principles, standards, and practices, ensuring proper financial record-keeping.
Internal Auditing
Extensive experience in conducting internal audits, evaluating internal controls, and ensuring financial compliance with organizational policies.
SOX Compliance
In-depth knowledge of SOX 404 requirements and experience in assessing IT General Controls (ITGC) to ensure compliance.
Regulatory Compliance
Expertise in adhering to industry regulations, including SOX, and providing recommendations for compliance improvements.
Education:
Master’s: Computer Science at Avila University, Kansas.
Bachelor’s: Bachelor of Commerce Computer Applications.
Professional Experience
Client: Thomson Reuters - Atlanta GA Sept 2023- Present
Role: IT Audit SOX Consultant
Responsibilities:
Assist in internal financial audits/assessments by performing tests related to financial system controls compliance and ensuring alignment with SOX and SOX404 requirements.
Conduct audit procedures to assess the design and operating effectiveness of IT general controls and IT application controls, ensuring cybersecurity solutions are implemented effectively.
Perform risk assessments to identify potential issues related to IT security controls and compliance with relevant policies, standards, and regulations.
Support Governance, Risk, and Compliance (GRC) efforts by evaluating business processes and internal controls to ensure compliance with regulatory standards and mitigate risks.
Review and analyze work papers to document and validate the assessment and effectiveness of access control, incident management, and change management processes.
Assist in the identification and assessment of risks within GRC frameworks, providing recommendations for effective remediation and continuous improvement.
Review and evaluate the organization’s disaster recovery plans, ensuring they comply with IT security controls and are aligned with industry best practices.
Ensure compliance with SOC, SOC2, and relevant SOX regulations by performing thorough audits of IT security controls and assessing the integrity of access control mechanisms.
Support FISMA security audits by ensuring proper access control and cybersecurity solutions are in place to protect financial systems and data.
Draft audit findings related to the effectiveness of direct change management procedures and the implementation of change management processes.
Utilize IT general controls to evaluate access control, cybersecurity solutions, and other key internal control processes for financial systems.
Collaborate with team members to walk through work papers and ensure appropriate documentation of audit results, findings, and recommendations.
Perform an evaluation of HPA (High Process Areas), UPA (User Process Areas), and UDA (User Defined Areas) controls within the context of financial audits and risk assessments.
Conduct testing of IT application controls to assess the effectiveness of automated processes within financial systems, focusing on compliance with industry standards.
Ensure compliance with SOX404 requirements, specifically the design and effectiveness of controls around IT general controls, change management, and disaster recovery plans.
Engage in the development of IT sampling plans to effectively test control procedures related to access control and IT security controls.
Prepare audit-related data for reporting purposes, ensuring that all findings are accurately documented and meet regulatory requirements.
Demonstrate knowledge of the Federal Government’s financial and management responsibilities in relation to internal controls and compliance.
Assist in drafting and preparing audit project deliverables, contributing to a comprehensive report that addresses financial system risks, compliance, and internal control effectiveness.
These responsibilities are aimed at preventing, detecting, and investigating potential issues related to IT, risk, fraud, and compliance with various standards.
Environment: The work environment is structured around regulatory compliance (e.g., SOX, FISMA, SOC) with a focus on IT security controls, cybersecurity solutions, and risk management. It promotes collaboration, continuous learning, and professionalism in client-facing audits and assessments. The environment emphasizes secure documentation, detailed audit findings, and adherence to industry standards.
Client: Kinder Morgan – St. Louis, MO April 2022- Aug 2023
Role: IT Risk Analyst
Responsibilities:
Ensure quality methods and procedures are executed by the IT department to maintain compliance with SOX, SOX404 and contractual requirements.
Support the collection, review, and approval of compliance evidence, including utilizing network monitoring tools and security tools during assurance activities.
Administer the IT Compliance Management Systems and Governance, Risk, and Compliance (GRC) tools to track compliance and support audit processes.
Walk through work papers to document and validate evidence supporting compliance with regulatory standards and internal controls.
Escalate any out of compliance items to senior management and ensure timely remediation of risks.
Participate in the implementation of technology-based tools, such as GRC, to streamline IT risk management and enhance compliance monitoring.
Ensure IT security controls are properly implemented and tested to safeguard sensitive information and maintain system integrity.
Perform assessments to verify that cybersecurity solutions are in place and meet SOX, SOC, and regulatory requirements for a secure IT environment.
Collaborate with cross-functional teams to ensure proper execution of disaster recovery plans and their alignment with IT security controls.
Review and assess the effectiveness of access control measures to ensure restricted access to critical systems and data.
Conduct risk assessments and identify vulnerabilities, focusing on HPA, UPA, and UDA, and ensure appropriate controls are implemented.
Assist in incident management by identifying, documenting, and addressing security incidents that could impact compliance.
Perform vulnerability assessments and support risk assessments to identify potential gaps in security and compliance measures.
Assist in the evaluation of change management procedures, including the assessment of direct change processes and their compliance impact.
Ensure SOC reports and other relevant documentation are reviewed to validate the effectiveness of IT security controls.
Gather and analyze compliance evidence to confirm that internal controls related to IT systems are functioning effectively and meet regulatory standards like SOX.
Act as a liaison between IT teams and senior management, escalating control gaps and non-compliance issues and recommending corrective actions.
Review and validate the design and effectiveness of IT general controls, ensuring compliance with SOX and related standards.
Provide support for FISMA security audits by ensuring compliance with federal regulations and identifying gaps in cybersecurity solutions.
Assist in the implementation of patching tools and firewall policy testing to manage security vulnerabilities and ensure compliance.
Support the ongoing monitoring of disaster recovery plans, access control, and other critical IT processes to ensure systems are resilient and compliant.
Ensure audit compliance, risk assessments, and vulnerability assessments are conducted efficiently to identify areas of improvement and compliance risks.
Environment:
The work environment is highly structured and compliance-focused, emphasizing adherence to regulatory standards such as SOX, and FISMA. It promotes a collaborative, team-oriented culture where knowledge sharing and continuous learning are essential. The work is centered around IT security and risk management, utilizing tools like GRC and ServiceNow to monitor and mitigate compliance risks. Employees engage in both remote and on-site activities, ensuring systems are secure and compliant with industry standards.
Client: Coyote Logistics – Chicago, IL Oct 2021 - March 2022
Role: SOX Consultant
Responsibilities:
Led the implementation of SOX financial controls for an acquired subsidiary, ensuring compliance with regulatory standards.
Assessed and identified required financial controls, aligning them with the established SOX framework.
Collaborated with cross-functional teams to implement effective financial control processes across the subsidiary.
Conducted detailed gap analysis to identify areas requiring remediation and improvement in the control environment.
Developed and documented control procedures, ensuring they were consistent with internal policies and external compliance requirements.
Provided training and guidance to subsidiary teams on SOX compliance, control documentation, and financial reporting processes.
Managed the execution of control testing and remediation efforts, ensuring timely resolution of deficiencies.
Worked closely with external auditors and internal stakeholders to ensure smooth audit processes and accurate reporting of financial controls.
Environments: SAP, Oracle Financials, SOX Compliance Framework, Internal Control Documentation, Risk Assessment Tools, Microsoft Excel, and Reporting Software. Collaborated with cross-functional teams including Finance, IT, and Internal Audit. Ensured alignment with regulatory requirements such as Sarbanes-Oxley and external audit standards.
Client: Ally Financial – Detroit, MI Aug 2020 – Sept 2021
Role: IT Auditor
Responsibilities:
Assist IT teams throughout internal and external audits, reviewing systems, applications, and IT processes to ensure compliance with established standards and regulations.
Participate in key SOX controls for IT, including conducting user access reviews and termination reviews to ensure proper segregation of duties and compliance with IT General Controls (ITGC).
Assist in pre- and post-implementation reviews of system implementations or enhancements, ensuring controls readiness and supporting the design, implementation, or remediation of necessary processes.
Engage in IT security reviews, evaluating the network, operating system, and data center for security vulnerabilities, and coordinate the scope and execution of these reviews with IT Leadership.
Participate in evaluations and testing of IT compliance with existing controls, providing value-added feedback to enhance control effectiveness and mitigate risks.
Maintain the IT enterprise policy library, including document creation, periodic reviews, and updates to ensure alignment with current standards and regulatory requirements.
Perform reviews of IT drills and exercises, such as penetration tests, business continuity planning, disaster recovery tests, and incident response, assisting in remediation efforts when necessary.
Undertake special assignments or tasks as assigned by supervisors, contributing to the overall effectiveness of the IT audit, policy management, and security frameworks.
Environment: The environment is collaborative and compliance-driven, focusing on ensuring IT systems meet regulatory standards. Security reviews, risk management, and continuous improvement are key priorities, with regular audits and policy updates. The team works closely on IT General Controls and SOX compliance, ensuring strong governance. Preparedness for incidents and disaster recovery is emphasized through drills and exercises.
Client: Genpact -Axis Bank – India Mar 2017 – Dec 2019
Role: Process Developer, Internal IT Auditor
Responsibilities:
Support the manager in planning, executing, and reporting audits, ensuring alignment with objectives and testing procedures.
Lead risk assessments, evaluate business processes, and identify vulnerabilities or opportunities for improvement.
Leverage data analytics for more efficient and effective evaluations during audit engagements.
Perform audits in accordance with corporate SOX, audit methodologies, and documentation requirements.
Guide the audit team, promote knowledge sharing, and maintain thorough documentation of audit findings.
Assess audit gaps, evaluate their impact, and propose practical remediation steps in collaboration with management.
Focus on continuous professional development by attending training and obtaining relevant certifications to stay current with audit standards.
Environment: The internal auditor will work in a collaborative, fast-paced environment, ensuring audits are performed efficiently while adhering to corporate standards and methodologies. They will focus on continuous improvement and effective risk management.
Client: Tech Mahindra - India Jan 2015 – Dec 2016
Role: Executive Associate.
Respond to customer inquiries via online chat in a timely, professional, and courteous manner.
Efficiently resolve customer issues and complaints, ensuring a positive and empathetic interaction.
Provide detailed information about products and services and assist customers in navigating various processes.
Escalate complex issues to senior representatives or appropriate departments to ensure resolution.
Consistently meet or exceed performance metrics, including response time, eNPS, resolution time, and customer satisfaction.
Maintain a thorough understanding of product knowledge and stay updated on changes in company policies and procedures.
Maintain a high level of professionalism, ensuring a positive customer experience at all stages of interaction.
Proactively seek feedback from customers to continuously improve the service delivery process.
Environment: The work environment at Tech Mahindra is dynamic, fast-paced, and customer-centric, primarily focused on delivering seamless online support. It emphasizes teamwork and collaboration, enabling efficient resolution of customer issues. Employees are encouraged to stay adaptable and continuously update their knowledge in a technology-driven, evolving work setting.
Contact this candidate