IT AUDITOR
Resume:
Education & Professional Certifications: Bachelor of Science in Computer Sc./Economics, Nigeria – 1998
Masters in Business Administration (Finance) , Nigeria - 2005
Certified Information Systems Auditor (CISA) - 2007
Microsoft Certified Systems Engineer (MCSE) - 2008
Information Tech Professional (PG Cert) Sarnia, ON, CA - 2008
Certified Internal Auditor - 2009
Project Experience
IT General Control Testing
Business Process Review & Application Control Testing
Internal Audit
Information Security
JDE Security & Segregation of Duties (SOD)
SAP ITGC & Application Control Testing for clients using SAP R/3
Data Analytics - CAAT Data Testing (using ACL)
SAS70 Reporting
Membership of Professional Societies: Information Systems Audit and Control Association (ISACA)
Institute of Internal Auditors (IIA)
Seminars & Trainings Various Seminars/Trainings at PricewaterhouseCoopers Calgary AB CA and various In-house and External IT Audit seminars in Nigeria.
These seminars include Sarbanes-Oxley Readiness; Consulting Skills; IT Governance; Risks & Controls; IT Outsourcing; International Financial Reporting Standards (IFRS); Business Continuity Planning; Database Audit Considerations; Auditing Security in Various IT Platforms and Auditing ERP Applications (SAP, JDE and PeopleSoft, AS400 etc), IT Security Frameworks (COBIT, ISO 27001, PCI DSS etc)
Professional Experience:
From – To July 2008 to present
Employer PricewaterhouseCoopers LLP, Calgary, AB
Position Held &
Description of Duties Associate - IT Advisory Services
ASSURANCE
• IT General Controls. Assessing the adequacy of IT control procedures implemented by clients in various industries: manufacturing, banking, insurance, advertising, communication, research & development, oil & gas, shipping and transportation services. It also covers significant security review of IBM AS/400, Mainframe, Windows, UNIX, Oracle, and SAP R/3.
• Application Controls. Reviewing variety of computerized information systems such as General Ledger, Accounts Payable, Accounts Receivable, Inventory, Financial Consolidation, Deposit & Loan, Credit Card, and Banking Payment systems for various companies operating in Canada
• Segregation of Duties (SOD) Reviews. Performing JDE and SAP SOD runs and result analyses.
• Business Process Reviews. Evaluating the risks and effectiveness of IT controls in the areas of purchases to payments and financial reporting.
• SOX. Performed SOX compliance review in relation to IT and business controls for various clients.
IT CONSULTING / ADVISORY
• Internal Audit. Involved in the design and operating effectiveness testing of IT general computer controls (which includes IT Security Policies and Change Management) and application controls of various companies (oil & gas, finance/investment, manufacturing etc)
• US SOX SAS 70 / Canadian CICA 5970 Reporting. Assisted in the documentation required to comply with the regulatory requirements. This includes preparation of internal controls checklist, development of IT general computer, application narratives, key controls testing and coordination with management and external auditors. Also performed the development of business process narratives and testing of the design & operational effectiveness of these processes
• Security Review. Reviewed the design & implementation plans of SSL VPN solution, and identified & recommended improvements.
• Identity Management. Reviewed and evaluated the design of the client’s Identity Management process and recommended improvements. The review includes assessing the adequacy of the proposed infrastructure design to support the proposed processes.
• IT Control Assessment & Design. Using COBIT’s framework assessed the current maturity of IT control objectives within COBIT’s IT processes; identified the gaps between the client’s IT Control requirements and current control maturity; and developed an IT control design. This design recommends specific control practices to be implemented.
• Manual Journal Entry Testing and other CAAT Data Testing using ACL tool.
Clients for Assurance and Advisory services include EnCana Corporations, Canadian Pacific Railway, Suncor Energy, CE Franklin, Opti Canada., Shell Canada, Western Financial Group/Bank West and Trimac Equipment Leasing Limited.)
From – To October 2005 to May 2007.
Employer Intercontinental Bank Plc, Nigeria
Position Held &
Description of Duties IS Audit Specialist – IT Audit Department
• IT General Controls: Assessed the adequacy of IT control procedures implemented by the Bank (One of the biggest commercial banks in Nigeria)
• Reviewed general computer controls and security in various environments including IBM AS/400, Windows NT/2K, Windows Server 2003, UNIX, Oracle, SQL Server.
• Application Controls review for web-based applications (Integrated delivery channels i.e., Platform Banking, Tellering and Call Center) and mainframe-based application and interface control review.
• System Development: Review of major application systems in a commercial bank. System Upgrade and Data Conversion/Migration Review and Review of Application Process/Interface Controls.
• Risk & Control Consultant within the project team that implemented a new banking application.
From – To April 1999 to September 2003
Employer Ecobank Nigeria Plc
Position Held &
Description of Duties IT Auditor
• Performed IT Control testing (General and Application Controls) - Change Management, Access to Programs & Data, IT Projects and Computer Operations.
• Evaluated the security of banking applications and supporting infrastructure (Networks, Operating Systems, Databases and Applications.
• Participated in the Disaster Recovery Planning and Business Continuity Planning projects.
OTHER EXPERIENCE
From – To September 2003 – October 2005
Employer Access Bank Plc, Nigeria
Position Held &
Description of Duties Resident Internal Auditor
• Retail Banking Operational Audit / Process Review
• Fraud Investigation and Prevention
• Ensuring compliance of banking operations to the company policies and statutory regulations
• Identification of key risks associated with banking functions and the identification of the appropriate control activities and the development of testing procedures.
Contact this candidate