Financial Reporting Change Management

Varun K

************@*****.***

913-***-****

Over 9+ years of experience out of which 7+ years as an IT Auditor, specializied in SOX 404 compliance and Internal Control over Financial Reporting (ICFR).

Expertise in evaluating IT General Controls (ITGC) to ensure accurate financial reporting.

Well-versed in assessing and managing access controls to ensure proper segregation of duties.

Demonstrated ability to lead SOX 404 audits, ensuring compliance across critical areas such as logical access, change management, and information security.

Proficient in report drafting, ensuring clear and comprehensive communication of audit findings to stakeholders.

Adept at presenting audit results to senior leadership, providing recommendations to strengthen internal controls and mitigate risks.

Skilled in using like Archer, SharePoint, ServiceNow, Audit Board, BOX, and OneTrust to streamline audit processes and track remediation efforts.

In-depth experience in configuration management, ensuring that systems are securely configured to meet compliance and regulatory standards.

Skilled in utilizing MS Suite (Word, Excel, PowerPoint) for report creation, data analysis, and presentation of audit findings.

Strong analytical and problem-solving skills, with the ability to assess the effectiveness of internal controls and recommend improvements.

Committed to continuous professional development, staying current with industry best practices and regulatory changes to ensure ongoing compliance.

Proven ability to manage complex audit projects, ensuring that all objectives are met while maintaining a high level of quality and efficiency.

Technical Skills

Internal Auditing

Extensive experience in conducting internal audits, evaluating internal controls, and ensuring financial compliance with organizational policies.

SOX Compliance

In-depth knowledge of SOX 404 requirements and experience in assessing IT General Controls (ITGC) to ensure compliance.

Regulatory Compliance

Expertise in adhering to industry regulations, including SOX, and providing recommendations for compliance improvements.

Education:

Master’s: Computer Science at Avila University, Kansas.

Bachelor’s: Bachelor of Commerce Computer Applications.

Professional Experience

Client: Thomson Reuters - Atlanta GA Sept 2023- Present

Role: IT Audit SOX Consultant

Responsibilities:

Conduct audit procedures to assess the design and operating effectiveness of IT general controls and IT application controls, ensuring cybersecurity solutions are implemented effectively.

Review and analyze work papers to document and validate the assessment and effectiveness of access control, incident management, and change management processes.

Review and evaluate the organization’s disaster recovery plans, ensuring they comply with IT security controls and are aligned with industry best practices.

Ensure compliance with relevant SOX regulations by performing thorough audits of IT security controls and assessing the integrity of access control mechanisms.

Draft audit findings related to the effectiveness of direct change management procedures and the implementation of change management processes.

Utilize IT general controls to evaluate access control, cybersecurity solutions, and other key internal control processes for financial systems.

Collaborate with team members to walk through work papers and ensure appropriate documentation of audit results, findings, and recommendations.

Conducted ISO 27001 control assessments and gap analyses as part of IT audit engagements, ensuring alignment SOX-relevant IT General Controls (ITGCs) for financial reporting integrity.

Collaborated with cross-functional teams to map ISO 27001 Annex A controls to SOX ITGC frameworks, enhancing internal audit processes and supporting effective risk mitigation and compliance monitoring.

Led the testing of SAP-based internal controls as part of SOX compliance efforts, identifying and mitigating risks associated with financial reporting and ensuring adherence to regulatory standards assessments.

Conduct testing of IT application controls to assess the effectiveness of automated processes within financial systems, focusing on compliance with industry standards.

Reviwing and checking the setup of SAP system security, user roles, and access permissions to make sure people only have the access they need and ensuring compliance with SOX regulations.

Led audits leveraging COSO and COBIT frameworks to assess the effectiveness of IT controls and ensure proper alignment with organizational objectives.

Ensure compliance with SOX404 requirements, specifically the design and effectiveness of controls around IT general controls, change management, and disaster recovery plans.

Engage in the development of IT sampling plans to effectively test control procedures related to access control and IT security controls.

Lead SOX and finance-related projects, providing status reports and presentations to stakeholders.

Prepare audit-related data for reporting purposes, ensuring that all findings are accurately documented and meet regulatory requirements.

Track compliance efforts, review test findings, and provide regular status updates.

Demonstrate knowledge of the Federal Government’s financial and management responsibilities in relation to internal controls and compliance.

These responsibilities are aimed at preventing, detecting, and investigating potential issues related to IT, fraud, and compliance with various standards.

Environment: The work environment is structured around regulatory compliance (e.g., SOX, SOC) with a focus on IT security controls, cybersecurity solutions. It promotes collaboration, continuous learning, and professionalism in client-facing audits and assessments. The environment emphasizes secure documentation, detailed audit findings, and adherence to industry standards.

Client: Kinder Morgan – St. Louis, MO April 2022- Aug 2023

Role: IT Auditor

Responsibilities:

Ensure quality methods and procedures are executed by the IT department to maintain compliance with SOX, SOX404 and contractual requirements.

Support the collection, review, and approval of compliance evidence, including utilizing network monitoring tools and security tools during assurance activities.

Walk through work papers to document and validate evidence supporting compliance with regulatory standards and internal controls.

Escalate any out of compliance items to senior management and ensure timely remediation of risks.

Identify control deficiencies and collaborate with control owners to address them.

Recommend process improvements to minimize risk and ensure SOX compliance.

Ensure IT security controls are properly implemented and tested to safeguard sensitive information and maintain system integrity.

Support risk management activities and stay updated on SOX regulations.

Perform assessments to verify that cybersecurity solutions are in place and meet SOX and regulatory requirements for a secure IT environment.

Collaborate with cross-functional teams to ensure proper execution of disaster recovery plans and their alignment with IT security controls.

Review and assess the effectiveness of access control measures to ensure restricted access to critical systems and data.

Assist in incident management by identifying, documenting, and addressing security incidents that could impact compliance.

Assist in the evaluation of change management procedures, including the assessment of direct change processes and their compliance impact.

Gather and analyze compliance evidence to confirm that internal controls related to IT systems are functioning effectively and meet regulatory standards like SOX.

Act as a liaison between IT teams and senior management, escalating control gaps and non-compliance issues and recommending corrective actions.

Review and validate the design and effectiveness of IT general controls, ensuring compliance with SOX and related standards.

Assist in the implementation of patching tools and firewall policy testing to manage security vulnerabilities and ensure compliance.

Support the ongoing monitoring of disaster recovery plans, access control, and other critical IT processes to ensure systems are resilient and compliant.

Environment:

The work environment is highly structured and compliance-focused, emphasizing adherence to regulatory standards such as SOX. It promotes a collaborative, team-oriented culture where knowledge sharing and continuous learning are essential. The work is centered around IT security, utilizing tools like ServiceNow to monitor and mitigate compliance risks. Employees engage in both remote and on-site activities, ensuring systems are secure and compliant with industry standards.

Client: Coyote Logistics – Chicago, IL Oct 2021 - March 2022

Role: SOX Consultant

Responsibilities:

Led the implementation of SOX financial controls for an acquired subsidiary, ensuring compliance with regulatory standards.

Assessed and identified required financial controls, aligning them with the established SOX framework.

Collaborated with cross-functional teams to implement effective financial control processes across the subsidiary.

Conducted detailed gap analysis to identify areas requiring remediation and improvement in the control environment.

Developed and documented control procedures, ensuring they were consistent with internal policies and external compliance requirements.

Provided training and guidance to subsidiary teams on SOX compliance, control documentation, and financial reporting processes.

Managed the execution of control testing and remediation efforts, ensuring timely resolution of deficiencies.

Worked closely with external auditors and internal stakeholders to ensure smooth audit processes and accurate reporting of financial controls.

Environments: SAP, Oracle Financials, SOX Compliance, Internal Control Documentation, Microsoft Excel, and Reporting Software. Collaborated with cross-functional teams including Finance, IT, and Internal Audit. Ensured alignment with regulatory requirements such as Sarbanes-Oxley and external audit standards.

Client: Ally Financial – Detroit, MI Aug 2020 – Sept 2021

Role: IT Auditor

Responsibilities:

Assist IT teams throughout internal and external audits, reviewing systems, applications, and IT processes to ensure compliance with established standards and regulations.

Participate in key SOX controls for IT, including conducting user access reviews and termination reviews to ensure proper segregation of duties and compliance with IT General Controls (ITGC).

Assist in pre- and post-implementation reviews of system implementations or enhancements, ensuring controls readiness and supporting the design, implementation, or remediation of necessary processes.

Engage in IT security reviews, evaluating the network, operating system, and data center for security vulnerabilities, and coordinate the scope and execution of these reviews with IT Leadership.

Participate in evaluations and testing of IT compliance with existing controls, providing value-added feedback to enhance control effectiveness.

Maintain the IT enterprise policy library, including document creation, periodic reviews, and updates to ensure alignment with current standards and regulatory requirements.

Perform reviews of IT drills and exercises, such as penetration tests, business continuity planning, disaster recovery tests, and incident response, assisting in remediation efforts when necessary.

Undertake special assignments or tasks as assigned by supervisors, contributing to the overall effectiveness of the IT audit, policy management.

Environment: The environment is collaborative and compliance-driven, focusing on ensuring IT systems meet regulatory standards. Security reviews and continuous improvement are key priorities, with regular audits and policy updates. The team works closely on IT General Controls and SOX compliance, ensuring strong governance. Preparedness for incidents and disaster recovery is emphasized through drills and exercises.

Client: Genpact -Axis Bank – India Mar 2017 – Dec 2019

Role: Process Developer, Internal IT Auditor

Responsibilities:

Support the manager in planning, executing, and reporting audits, ensuring alignment with objectives and testing procedures.

Leverage data analytics for more efficient and effective evaluations during audit engagements.

Perform audits in accordance with corporate SOX, audit methodologies, and documentation requirements.

Guide the audit team, promote knowledge sharing, and maintain thorough documentation of audit findings.

Assess audit gaps, evaluate their impact, and propose practical remediation steps in collaboration with management.

Focus on continuous professional development by attending training and obtaining relevant certifications to stay current with audit standards.

Environment: The internal auditor will work in a collaborative, fast-paced environment, ensuring audits are performed efficiently while adhering to corporate standards and methodologies. They will focus on continuous improvement.

Client: Tech Mahindra - India Jan 2015 – Dec 2016

Role: Executive Associate.

Respond to customer inquiries via online chat in a timely, professional, and courteous manner.

Efficiently resolve customer issues and complaints, ensuring a positive and empathetic interaction.

Provide detailed information about products and services and assist customers in navigating various processes.

Escalate complex issues to senior representatives or appropriate departments to ensure resolution.

Consistently meet or exceed performance metrics, including response time, eNPS, resolution time, and customer satisfaction.

Maintain a thorough understanding of product knowledge and stay updated on changes in company policies and procedures.

Maintain a high level of professionalism, ensuring a positive customer experience at all stages of interaction.

Proactively seek feedback from customers to continuously improve the service delivery process.

Environment: The work environment at Tech Mahindra is dynamic, fast-paced, and customer-centric, primarily focused on delivering seamless online support. It emphasizes teamwork and collaboration, enabling efficient resolution of customer issues. Employees are encouraged to stay adaptable and continuously update their knowledge in a technology-driven, evolving work setting.

Contact this candidate