Manager Governance Risk and Compliance
Gadoon Textile Limited
Total years of experience :10 years, 4 Months
As Manager of Governance, Risk and Compliance, I am directly reportable to Director IT and my roles and responsibilities as part of IT Governance and Audit review team include:
Identify, assess, and prioritize risks across the organization, and create effective mitigation plans to minimize potential negative impacts.
Draft, review, and update compliance policies and procedures to align with changing regulatory requirements and business needs.
Lead compliance audits and reviews, including internal and external audits, and establish a robust monitoring program to ensure ongoing compliance.
Conduct special audits and consulting assignments according to internal audit manual.
Gained a diversified experience of various assignments of Internal Audit, Risk Assessment, Internal Controls Environment Review, Gap Analysis, Process Improvement, Policies & Procedures and Manual Preparation etc.
Provide high quality, professional day-to-day execution of internal audit engagements and other projects within agreed upon timeframe, resources and budgetary constraints;
Review business processes (i.e., Purchase to Pay, Order to Cash and Hire to Retire etc.) and related to the system(s) as part of audits to identify IT risks, evaluate controls and implementation of preventive, corrective and detective controls on systems;
In Application analyzing the current business systems, understanding the entity requirements and designing a new system achieving the client’s requirements and objectives. Mapping different processes of Application modules with the Business Processes. Further, preparing documentation of current and future processes of the client as well as ensuring the quality of documents such as Operational Training Manual; and
Author timely reports, summarizing findings, and present to executive management, the Audit Committee and the Board of Directors, with clear recommendations.
Planning and execution of IT Audit of audit plan Understands, assesses, and evaluates an audited entity's IT systems and processes, IT risks, IT general controls and IT applications controls. Tests and evaluates internal controls to assess impact on engagement. Supports /manage and execute the engagement, including project management, team management and remediation of deviations from the audit plan and timeline. Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk and develop remediation strategies. Keep the audit team informed through regular update meetings or at the debriefing meeting as to the issues identified and discussions with the management. Contributing to the development of innovation solutions to deliver IT audit assurance work efficiently and effectively. Performing the full audit cycle including risk management. Control management over operations' effectiveness, financial reliability and compliance with all applicable directives and regulations. Reviews of information systems. Also consulting with regulatory and statutory bodies on technical matters and resolving complex accounting issues.
ERP IT Audit
IT External Audit and IT Internal Audit
Managed off site IT audit support work of 25 plus clients for 2014 and 2022;
Simultaneously manage multiple client engagements of varying size, scope and complexity. Starting from planning, execution and reporting phase including testing of IT Application Controls (ITACs), Report testing and testing corresponding General IT Controls (GITC) over in-scope application within entity's control environment;
Assisting the core assurance team in testing of clients' General IT Controls (Entity Level Controls, Access Management including Privilege Access, Change Management, Computer Operation and Program Development) and IT dependent controls (Process Level Controls, Segregation of Duties, Interface Controls and IPE Controls) related business to support the financial statements enabling reliance over the internal control environment;
Review security settings for the core business applications (SAP, Oracle EBS, MS Dynamics and Temonus-24 etc.) having a financial impact on the Organization;
Perform pre/post-implementation reviews of system enhancements and cyber security reviews.
Identifying and evaluating IT risks and impacts associated with identified issues, preparing written reports on findings and recommendations from engagement work. Follow-up on audit findings to ensure that management has taken corrective actions;
Conduct fieldwork, assess internal controls, and maintain up-to-date documentation.
Worked on the ISAE 3402 based Reports on Controls at a Service Organization and performed reviews for Type I reports assisting in the IT External Audit clients.
Assisting the core assurance team with respect to extraction and testing of data over the transactions processed at various entities with focus from a “fraud and error” perspective. The concerned activity utilizes the Data Analytics tool and covers the assessment of Journal Entries and Master Data that may be of interest for audit purposes
Review of IT Controls in ICFR Review engagements. Review Pre/Post ERP implementation SAP /Oracle ERP. Experience in working in SAP GRC and various tools of monetary policy. Experience in IT Risk management or transformation, IT Assurance and/or Audit role. Simultaneously manage multiple client engagements of varying size, scope and complexity. Starting from planning, execution and reporting phase including testing of IT Application Controls (ITACs). Assists with the design and planning of the IT component of the audit execution with a focus on significant risks for the audited entity. Review of technology platforms and is experienced in deploying and using analytics and robotics Tests and evaluates internal controls to assess impact on engagement. Developed and review of IT Governance, IT general controls, IT application controls and testing of Information Produced by Entity (IPE) / system generated reports. Leading and managing team of professionals to deliver quality IT advisory services to top tier clients in the manufacturing industry. Utilizing firms analytical tools related to segregation of duties, annual and financial risk assessment. Leading engagement teams, through planning and execution stages of various advisory engagements. Developed and review of IT Governance, IT general controls, IT application controls and testing of Information Produced by Entity (IPE) / system generated reports
AUDIT AND ASSURANCE 2014 - 2022 INFORMATION TECHONOLOGY SAP/Oracle ADVISORY Atlas Honda Limited Bank Alfalah Limited. Lucky Motor Corporation Limited. ICI Pakistan Limited. Sui Southern Company Limited. Pak Arab Refinery Limited (PARCO) Pakistan Petroleum Limited (PPL)
Performing the full audit cycle including risk management. Prepare and present reports that reflect audit's results and document process. Identifying the weaknesses in a systems network and creating an action plan to prevent security breaches in the technology. Act as an objective source of independent advice to ensure validity, legality and goal achievement Control management over operations' effectiveness, financial reliability and compliance with all applicable directives and regulations.
Custodian of IT governance and IT process governance frameworks. System Automation of all IT governance processes. process. IT Procurement End to End business process, documentation, system process. Internal and external audit liaison. Administration of key IT processes. Involved in change management, incident management, policy exception management, etc. IT risks management (secondary focus area). Main risk management responsibility is to identify improvements and breakdowns in IT.
Leading engagement teams, through planning and execution stages of various advisory engagements. SAP R/3 Business System Controls and Security Review process. Task and Responsibilities: Performed walkthrough testing of business system controls of SAP FI/CO/MM/SD/HCH Modules as identified in the Business Process Documentation and Operations Manual for provided by SAP consultants, Further, performed review of the SAP Netweaver BASIS, which includes Review of security parameters; Access controls; User access management procedures; Users Profiles / Composite Profiles, Segregation of duties; and Security administration. Work as a Team Lead (Supervisor) in IT Advisory department and participated in various IT Audit, external and internal audit engagements and is responsible for execution, review, and reporting phase for different engagement of KPMG IT Audit. In-depth experience in reviewing IT General controls that are embedded within IT processes that provide a reliable operating environment and support the effective operation of the business. Performed Analysis and documentation for business process objectives to identify required information systems controls and performed testing of information systems controls to verify effectiveness and efficiency. Performed Entity Level Controls, Application Controls of Core Business Applications, and System review for Access to Program and Data, Infrastructure and Application Change Management, and General Computer Operations and IT Application Controls. Simultaneously managing multiple IT Audit engagements of varying size, scope and complexity independently with little supervision. Leading and managing team of professionals to deliver quality IT advisory services to top tier clients in the manufacturing industry. Utilizing firms analytical tools related to segregation of duties, annual and financial risk assessment. Reviews of information systems. Also consulting with regulatory and statutory bodies on technical matters and resolving complex accounting issues. Identification and mapping of significant accounts & disclosures along with the relevant financial reporting assertions with business processes / cycles and sub-processes / cycles.
Master of Arts (Economics)
URL removed due to policy violation. Please contact support for further information.