Senior Internal Auditor (Head of IT Audit)
Abu Dhabi Gas Industries Ltd. (GASCO)
مجموع سنوات الخبرة :26 years, 10 أشهر
Setup Internal Audit function in terms of Charter, procedures, development and validation of a Risk Universe, develop Risk Register through determination of, assigning weights to and scoring risk factors and presenting them of the Senior Management.
Selection and implementation of Audit Workpaper solution and Data Analysis solution with continuous controls monitoring through ACL scripts.
Reviewed and recommended changes of Supervisory Control and Data Acquisition (SCADA) / Process Industrial Control Systems (PCS / ICS) networks with industry and information security best practices embedded as well as ensured continuous active monitoring of critical infrastructure.
Reviewed and recommended changes to provisions pertaining to SCADA and PCS/ICS Policy in coordination with the appropriate corporate departments during internal audits.
Lead the internal audit transformation initiative through (a) implementation of internal audit management and electronic working papers solution ensuring adequate level of user knowledge through internal learning and knowledge sharing projects; and (b) managing the development of internal audit plan through risk assessment of all business units and HQ.
To Manage & Execute the Internal Audit Engagements with special focus on IT Audits and related forensic engagements. To ensure that effective controls exist in the organization’s IT infrastructure and carry out Audits of various systems and processes that are facilitating the business, and identify and report the critical weaknesses requiring immediate management action and support.
Primary responsibility for managing the IT Internal Audit function. Develop IT Internal Audit Plans to include IT audits and to assess and report on the quality of controls, including compliance with approved policies, procedures, and standards. Key tasks include:
Performing enterprise-wide risk assessments for the purpose of developing comprehensive IT audit plans, and presenting audit results/MIS to the Board, Audit Committee, and Senior Management;
Assess and report on the reliability and integrity of accounting records and management reports;
Assess the reliability, integrity and security of business systems and applications;
Ensure the execution of a systematic, disciplined and balanced approach to evaluate and improve the effectiveness and efficiency of processes, internal controls, risk management, and governance processes;
Promote high levels of ethical awareness and facilitate investigations of potential ethical concerns/violations and/or conflicts of interest;
Assess fraud risk across the various business functions, and to increase the awareness level of fraud within the organization;
Appreciate the operating requirements and standards of the Company’s business & IT operations; and
Partner with executive leadership in developing strong, professional and independent relationships to ensure a comprehensive understanding of the business to enable value-added recommendations that improve efficiency and effectiveness of operations.
Manager - Technology Risk Services Mar 2011 to Date
Protiviti Middle East.
Managing the Technology Risk Services (TRS) service line and looking after a diversified portfolio of various IT Engagements including IT Risk Assessments, IT Vulnerability and Security Reviews, IT Project Management Audits, BCP DR Engagements, Data Centre and Control Room Audits along with ERP Pre/Post Implementation Reviews, and IT General Controls Review. My responsibilities include:
Managing IT audits and IT Security Reviews, IT Governance Reviews and IT Project Reviews for various clients including Government and Semi-Government;
Preparing business proposals and negotiating engagement fee with key client management.
Leading and conducting IT Audits, IT Compliance reviews and IT Risk Assessments.
Ensuring quality of audit documentation and standardization of audit programs and key working papers.
Planning, recruiting, on job monitoring, controlling, counseling and training of audit staff members.
Conducting seminars and organizing staff training sessions on ISACA and IIA Standards and developments
Working in the capacity of an Audit Supervisor in Group Internal Audit (GIA) department looking after and managing a portfolio of 100 audit engagements in UAE, USA, and UK. I am responsible for Managing a Team of 5 people and responsibilities includes:
Executing, Supervising and Managing IT audits and IT Security Reviews, IT Governance Reviews and IT Project Reviews of various Dubai World Entities;
ERP Implementation Reviews;
Review of Security policies and procedures;
Review, Analysis and Assessment of Business Processes Risks and Controls;
Review and Preparation of Audit Plan;
Carrying out IT Risk Assessments for the Dubai World group companies.
Worked as Information Systems Auditor in the Internal Audit Department, where my responsibilities included:
Review and evaluate the reliability and integrity of Information Systems (IS) inside the company.
Planning of audits, preparing kick-off presentation, detailed audit programs, CEO and audit committee presentations and final audit reports.
Review compliance with policies, plans, standards, laws, and regulations which could have significant impact upon IS Systems or operations.
Involvement in System Development audits to ensure controls are built in during the systems development life cycle (SDLC) process.
Expanding use of computer-assisted audit techniques (CAAT) to support audit projects.
Analyses of SDLC methodology, providing for internal audit input at key points in the process.
Worked in the capacity of a Manger in Enterprise Risk Services (ERS) department looking after and managing a portfolio of 100+ clients in UAE, Qatar, Oman, Kingdom of Saudi Arabia and Jordan. I was responsible for Managing a Team distributed in the region and responsibilities included:
Executing, Supervising and Managing IT audits and IT Security Reviews, IT Governance Reviews and IT Reviews of various multinational, local companies and banks;
SAP and other ERP Implementation Reviews;
Development of Security policies and procedures;
Review, Analysis and Assessment of Business Processes Risks and Controls.
Review of security administration process and testing of Segregation of duties in an ERP.
Worked as an Assistant Manager for a 6 months contract in Technology & Security Risk Services department where the responsibilities include:
Managing, and conducting IT audits, IT Governance Reviews and IT Reviews of various multinational and local companies and banks;
Development of policies and procedures; and
Review of Business Processes and controls under Sarbanes - Oxley Act.
Worked as an Assistant Manager in IRM Division where the responsibilities included:
Managing, Supervising and conducting IRM audit reviews for statutory audits of various multinational and local companies, banks and special assignments;
Review of internal controls, appraising management of significant weaknesses identified and make recommendation to follow best practices;
Review of Business Processes and controls;
Planning and administration of staff; and
Planning and Conducting Training and professional development programs of the firm locally.
Worked as a Project Manager looking after development and implementation of Banking Application. As part of Project Manager, I undertook the implementation and assisted the Senior Project Manager in development and implementation of Islamic Banking Software at Bank Al Falah and Al Falah Islamic Bank. Besides development responsibilities also included marketing of products and providing consultancy services to the clients.
Developed an Accounting System for the company using Visual Basic 6 and MS Access. Further responsibilities included Installing, Administering and Maintaining Window NT Server 4.0 for the clients. Installing and configuring Windows NT Workstation and Windows 95/98. Configured DHCP, DNS, and WINS. Configured TCP/IP as main protocol for Connectivity.