Internal Audit and Vendor Management

Steven L Gonzales MBA, CFE, CCBIA

Arvada, CO

(**3) 807- 4941 ***********@*****.***

MANAGEMENT / BOARD REPORTING AUDIT TESTING / IT COMPLIANCE

VENDOR COMPLIANCE / OVERSIGHT FRAUD PREVENTION / DETECTION

DUE DILLIGENCE & SIG QUESTIOAIRES INTERNAL CONTROLS / PCI-DSS

BANK AUDITS/CASH OPERATIONS POLICIES & PROCEDURES

SOX / ITGC / ICFR TESTING FINANCIAL SERVICE INDUSTRY

COSO / IIA / ACFE STANDARDS AUDIT REMEDIATION

PROFESSIONAL EXPERIENCE

FirsTier Bank, Broomfield, Colorado 12/2024-5/2026

Bank Senior Internal Auditor/Director

Responsible for entire Internal Audit Function: Built and led an internal audit function to meet FDICIA compliance, evaluating key risks and driving improvements in internal control efficiency.

Audit Strategy & Planning: Lead enterprise-wide annual risk assessments to develop and execute a dynamic, risk-based internal audit plan.

Audit Execution & Oversight: Conduct complex audits across diverse banking domains, including: Cash and Cash Equivalents (Branch Audits), Retail Banking, Corporate Finance & Accounting, Treasury, IT/cybersecurity, Third Party Vendor Management, Loan Accounting and Operations, Commercial, Residential, & Consumer Lending, Allowance for Credit Losses & Credit Administration, Other Real Estate Owned, Deposit Accounting and Operations, Investment Securities & IRR, and Human Resources & Payroll.

Regulatory Compliance: Act as the primary liaison for regulatory examiners (e.g., OCC, FDIC, Federal Reserve), coordinate exam schedules, and ensure remediation of Matters Requiring Attention (MRAs). Liaison with our external auditors who conduct our annual audit.

Reporting & Governance: Synthesize findings into clear, actionable audit reports. Present insights, control deficiencies, and recommendations to the Audit Committee and senior executive leadership. Manage the process to track, follow-up, and ultimately close all open audit issues leveraging the Audit Committee. Developed and designed comprehensive presentation materials for Audit Committee meetings.

Emerging Risk Monitoring: Monitor banking industry trends, including digital banking disruptions, stress testing, and macroeconomic shifts.

Committee Meetings: Attend monthly Bank Operations, IT Steering, Loan Operations and ALCO (Asset & Liabilities) and lead Audit Committee.

Charles Schwab, Lone Tree, Colorado 4/2021-1/2024

Manager, Vendor Oversight and Compliance/Audit

Partnered with vendors, business, and corporate stakeholders to complete annual vendor compliance reviews.

Based on my knowledge of corporate and departmental procedures, I obtained and evaluated key risk and performance

factors with followed up on any inconsistencies. Implemented a new document retention procedure for audit exams

performed by external auditors.

Monitored third party issues and remediation actions associated with control gaps to ensure

timely closure. I coordinated across vendors, business owners and risk review teams to confirm controls are adequately

addressed as well for SLA’s (Service Level Agreements) per their contract requirements.

Evaluated Information Security Controls (Infrastructure Security, Access Management, Physical Security, etc.)

Support reporting requirements/compliance of other audit exams, as necessary.

Led the creation and maintenance of departmental processes and procedures and functioned as a point of contact for

questions from the business related to Third Party Risk Management and contract issues.

Implemented new processes and procedures for collection of SOC reports (System and Organization Controls).

Maintained record management including document routing, storage, retrieval, and reporting to Senior Management

and external auditors.

Collaborate with cross-functional teams, including legal, operations, and IT to address compliance issues and implement

corrective measures.

Completed accurate risk assessments and monitoring questionnaires in a timely manner for critical vendor relationships.

Facilitated due diligence annual meetings associated with SEC Rule 38a-1for requirements of the 1940 Act Rule.

This is a critical role in ensuring adherence to regulatory requirements, with a focus on the Investment Company Act of 1940

(Section 38a-1 compliance), and high-risk vendor management. This position required a keen understanding

of regulatory frameworks in the financial services industry, as well as expertise in auditing and assessing vendor risks.

Facilitated compliance meetings with Schwab’s high-risk vendors relating to Transfer Agency, Custody, Blue Sky Laws,

and Intermediary functions.

Collaborated in assessment scope validation, meeting with Schwab’s Vendor Managers and high-risk vendors to prepare them for the assessment, as well as conduct documentation collection and preparation of assessment work-papers.

Confirmed audit findings were remediated by vendors.

Experis/Jefferson Wells, Denver, Colorado 7/2019- 11/2020

Senior Internal Auditor & Operational Risk/Regulatory Consultant (Contractor) – Charles Schwab & Lucent

Perform internal control walkthroughs and Sarbanes-Oxley (SOX) testing procedures for key controls.

Recommend improvements that add value to risk management, internal control, governance, and business processes

and communicate control findings to process owners/audit clients.

Supported Senior Team Manager in coordinating information responses with each respective Charles Schwab Business

Units when the companies to which they provide services for submit requests for due diligence information.

Functioned as the Point of Contact on Vendor Management Team – Incoming Due Diligence at Charles Schwab.

Gathered supporting documentation needed to complete the due diligence questionnaires submitted by current and

potential clients. This included completing Shared Assessments Program, Standard Information Gathering (SIG)

Questionnaires; Service Organization Control Reports (SOC 1 & 2); and other forms of due diligence, as necessary.

Provided responses to incoming due diligence requests and assisted in improving efficiencies of the IDD function, including maintaining and improving functional processes, procedures and policies, tools, and a reporting framework.

Tri-State Generation & Transmission Association, Inc., Westminster, Colorado 0/2013-12/2018

Staff Auditor / (Promoted to Senior Auditor on12/23/2018)

Conduct diversified special and complex audits of Association activities and compliance of various external companies.

Including contract, financial, information technology and operational audits.

Prepare audit outlines, perform audit fieldwork, evaluate, and analyze audit results, conduct opening and exit interviews

with auditees, and prepare and present formal audit reports for Executive Management and the Board of Directors.

Examine, test, and consult with management in the development of internal accounting, administrative, and operational

controls which include all financial, energy, inventory and fuel management systems, and other Association systems and

policies, as necessary.

Observe and review physical inventory / cycle count procedures and methodologies, including test counts or other techniques for the

verification of physical assets and supply chain management issues.

Provide direct assistance for the External Auditors in conjunction with the Association's annual financial audit and IT audit.

Test of Controls, process walkthroughs and SOX / ITGC (Control testing over entire IT environment including access,

infrastructure, applications & data) compliance support for and with external auditors.

Performed a Quality Assessment Review (QAR) on the Internal Audit Function.

Perform supervisory duties in the absence of the Manager.

Coordinate the work of staff auditors when assigned to assist with special/complex audits.

Coordinate Joint financial and operational audits with other utility entities with shared partnerships in coal mines and power plants.

EDUCATION

Master of Business Administration – Business/Finance

University of Denver – Denver, CO

Bachelor of Science – Finance & Accounting

University of Colorado – Boulder, CO

CERTIFICATIONS TECHNICAL SKILLS

Certified Fraud Examiner (CFE), Certified Community Bank Internal Auditor (CCBIA), MSHA (Mine Safety and Health Administration)

Microsoft Office, SharePoint, ACL, Epic, Lawson, Oracle, SAP, SAS, Fiserv, Workiva, Workday, Ariba, Tableau, Alteryx

Contact this candidate