Senior Forensic Auditor
Abu Dhabi National Oil Company (ADNOC)
Total years of experience :21 years, 3 Months
Responsibilities:
• In charge of executing assigned IT audit reviews - determine the objectives, plan the scope, prepare the audit program, determine the auditing procedures, perform the audit, prepare the working papers and prepare the audit report including recommendations to rectify reported deficiencies.
• Review, evaluate and assess the adequacy/effectiveness of IT governance & management framework.
• Ascertain the extent to which established IT policies, plans and procedures are adequate and complied with.
• Review, evaluate and assess the adequacy/effectiveness of application controls and IT general controls.
• Appraise the adequacy of corrective actions taken by management on audit recommendations.
• Participate in the identification and assessment of IT risk areas, by identifying areas subject to IT audit coverage, for the development of the Annual IT Audit Work plan.
• Provide advice and support to internal auditors on IT related aspects of their audit reviews.
Assignments:
• IT Governance & IT Management reviews.
• IT Security Management reviews.
• General IT and application control reviews of the majority of ADNOC’s major applications utilized by various business functions, such as Exploration & Production, Finance, Human Resources, Marketing, Procurement, Administration and Petroleum Port Authority.
• General IT controls & Security review of SAP ERP, SAP HANA, SAP SuccessFactors & SAP Ariba.
• IT Service Management reviews.
• IT project management reviews.
• Business Continuity Management & Disaster Recovery Planning review.
• Investigations and IT forensic examinations.
Responsibilities:
• Conduct computer forensic examinations.
• Perform analysis and interpretation of computer-related evidences.
• Ensure that evidence collection methods are conducted, managed and archived in a manner consistent to maintain preservation and protection of data and evidence.
• Perform all other tasks as necessary and required.
Assignments/Achievements:
• Identified system weaknesses which were exploited to commit fraudulent or unauthorized activates.
• Performed system reviews and data analytics to identify fraudulent activities/transactions which can be presented as evidence in litigations.
• Implemented EnCase Enterprise software.
• Utilized EnCase Enterprise for acquiring and analyzing images during investigations.
Responsibilities:
• Drafting/modifying audit program for audit jobs as identified by the Audit Manager.
• Plan and execute complete reviews of audit assignments in accordance with accepted professional standards.
• Lead the audit team during audit fieldwork, including assigning specific work to team members.
• Evaluate the adequacy and effectiveness of internal controls in IT installations, computerized systems, local area networks, database systems, technical support, systems development, and related IT processes.
• Monitor compliance with the Group’s information system and security policies, procedures, and processes.
• Ensure that management is kept aware of issues as they develop, assist in obtaining management responses and response timelines and assist in following up on issues at their required due dates.
• Report audit findings and make recommendations for correcting unsatisfactory conditions, improving operations and reducing cost.
• Perform or to assist in the performance of special reviews at the request of the Audit Manager.
• Present written findings and recommendations.
• Follow-up to determine adequacy of corrective actions.
• Prepare comprehensive written audit reports and audit presentations.
• On-the-job training and supervision of staff auditor(s).
• Provide or assist in providing guidance to Internal Audit Staff in conducting audits and other IT-related issues.
• Perform special studies and projects as may be assigned by audit management
• Assist fraud investigators with data analysis to identify fraudulent activities.
Assignments/Achievements:
• General IT and application control reviews of Oracle e-Business suite modules (Financials, Property Manager, CRM & HR) for Dubai World and its subsidiaries (e.g. Nakheel, DP World, Dubai Customs, Istithmar, Tejari).
• IT governance reviews of several Dubai World subsidiaries.
• ISO 27000 and ISO 2000 compliance reviews of several Dubai World subsidiaries.
• Security review of a newly developed Electronic Fund Transfer application.
• General IT application controls reviews of Maximo Procurement and Oracle Customer Care & Billing.
• Review of the Dubai World corporate portal which is a SharePoint web-based application for document management and workflow automation.
Responsibilities:
Delivering financial audit support solutions, providing business process and application control reviews and general IT control reviews.
Assignments/Achievements:
• Performed IT audit reviews of COBIT’s Ensure System Security process (DS5) at Kuwait Turk Bank.
• Participated in the Sarbanes-Oxley 404 Compliance Evaluation of General IT Controls in the National Bank of Greece (Athens). My responsibilities included understanding and documenting IT processes (Narratives, Flowcharts, and Risk & Control Matrices).
• Performed a detailed review of access privileges within SUN Accounting to establish a system-access baseline which ensures appropriate Segregation of Duties (SOX Compliance review). The baseline was developed to be implemented in all Ashmore Energy subsidiaries which utilize the same system and was done in coordination with the EY Houston office.
• Participated in the Sarbanes-Oxley 404 Compliance testing of General Computer Controls in Ashmore Energy, Bausch & Lomb and ABB.
• Participated in COBIT based IT audit reviews at Kuwait Turk Bank. Performed general IT controls review of the change management process based on the COBIT framework and delivered application control reviews.
• Performed External Audit Support (revenue assurance) for Turk Telecom, the largest company in telecommunications sector in Turkey. Delivered application and general IT control reviews on public switched telephone network (PSTN) revenue streams.
• Performed General IT and Application Controls Evaluation reviews for the external audit support engagements of audit clients from various sectors including banking, insurance, manufacturing logistics and telecommunications (Coca Cola, C Bank, Kuwait Turk Bank, TEB Insurance, Autoliv, Enka, Federal Mogul, Anadolu Efes, Cimsa, Ekol Lojistik, Latek Lojistik).
Lotus Notes Specialist
Responsibilities:
• Designing Lotus Notes databases.
• Maintenance of existing Lotus Notes databases.
• Providing support to the company staff with problems related to Lotus Notes & Lotus Notes Mail.
• Reading new documentations related to EY global system updates (Lotus Notes & Operating Systems) then taking part in implementing those updates, finally testing the new systems and reporting my observations to the IT management.
• Creating domain user accounts and user folders in the servers.
• Creating Lotus Notes user accounts.
• Data backup & restore.
• Windows 2000 & Windows XP support.
• MS Office 2000 & MS Office 2003 support.
• EY AWS Support.
Accomplishments:
• Designed a Lotus Notes database (Expense Report) used for entering and submitting the expenses made by the staff when they are in the filed, the print outs are then handed to the accounting department. The database is currently used by 500 employees (the database includes all the projects and their managers names, only one report can be submitted in each time period)
• Designed a Lotus Notes database for the Tax department (Tax Client 2005) upon the request of one of the tax partners. The database holds detailed information about the 2005 Tax projects including figures and is used by all the tax partners and managers.
• Designed a Lotus Notes database for one of the audit partners (Quality & Risk Management Policies & Procedures). When a new entry is made to the database the related department is notified by e-mail.
• Designed another 3 small databases.
•Responsible for Network Administration, Network Installation and Desktop Computers Running Windows 98/NT/2000/XP.
•Currently changing the design of the company’s website. In addition to Turkish the site will serve in English, Arabic, Russian, Italian, German, Spanish and French.
•Designing a new system for viewing “newspapers clippings” for customers whom we serve online.
•Suggesting new programs foe scanning and editing “newspaper clippings” viewed by customers online.
•Web Design of the company’s web site.
•Network maintenance.
•Maintained and configured the hardware and software of the network computers.
The program is designed to deliver a balanced set of management and computer courses in order to prepare students for developing and maintaining business information systems. The main subject list includes organization, economics, marketing, finance, system design concepts, database management, data communication and software engineering. The department incorporates an emphasis on managerial and end-user concerns related to modern information systems. Special attention is given to attaining proficiency in the development of management applications and implementations.