Experienced Manager - IT Risk Assurance Services
PWC (PricewaterhouseCoopers)
مجموع سنوات الخبرة :12 years, 9 أشهر
❑ Ragheed is a Risk Assurance manager at PwC serving clients in the Middle East. He has over 12 years of experience in Internal Audit and Risk Assurance with focus on Information Technology.
❑ He has managed an IT audit and IT security review of a governmental Civil Aviation body in the GCC.
❑ Ragheed also performed a needs assessment and gap analysis of information systems at a semi-governmental higher education institution in Lebanon.
❑ As a project manager for a medical devices company, Ragheed managed a team to deliver system requirements of the to-be-process for Sales, Procurement, Finance, Inventory, Compliance and Regulations.
❑ Ragheed performed an ERP post-implementation review of an Oracle E-business Suite implementation.
❑ As an internal auditor to an automotive company, Ragheed performed internal audit of relevant cycles to the automotive industry: Sales, After Sales, Parts, Finance and other support functions (Custom clearance, HR).
❑ Ragheed previously worked in an Internal Audit capacity for more than five years in a multinational company (ALJICO) and led audits of automotive and advertising entities.
❑ Ragheed’s other key experience comes from his work in the IT controls' assurance practice assessing (automated) business controls and general computer controls:
- Automated business controls audits of companies in various industries. Insurance companies’ scope covered underwriting, claim and re-insurance controls. Other work covered expenses allocation and deferred acquisition costs. Financial services scope controls covered retail banking, ATM management systems, treasury and foreign exchange income. Other reviews included payroll processing controls, and interfaces of operational activities with the financial reporting applications.
- General Computer Controls Audits - conducting audits of application and database and operating system and network security, business continuity and disaster recovery plans, application system interfaces, user/ software change management, batch and backup procedures, etc.
❑ Ragheed has served clients mostly in the financial (bank and investment companies), insurance, telecommunications, automotive, education, healthcare, hospitality and F&B.
Feb 2007 till June 2012 Abdul Lateef Jameel International Co. (ALJICO)
IT Auditor (Supervising Senior / Assistant Manager)
Company: ❑ Toyota, Lexus, Daihatsu and Subaru car distribution in nine countries and dealerships in three countries, and Media company (DRIVE Communication) branches in eight countries.
Key responsibilities: ❑ Full ownership of audit engagement procedures including understanding, preparing audit programs and working papers, communicating with IT, Business and Audit management, performing fieldwork and testing activities, training junior auditor, and preparing and presenting audit reports to top management.
❑ Preparing annual IT audit plans
❑ Auditing I.T. Environments of ALJICO group subsidiaries and related entities.
❑ Conducting Internal Audit engagements with IT dependant controls such as reviews of users' access on business applications and evaluating segregation of duties conflicts; and evaluating functional and reporting features of business applications.
❑ Prepare auditing work programs and integrate into "TeamMate" audit software.
❑ Document and update the IT audit guidelines in the Internal Audit department's audit manual,
Key projects: ❑ Application Post-Implementation Review - of an Oracle E-business Suite implementation in an automotive environment, where he assessed the congruence of system and business processes, ERP setup and configuration, data integrity, reporting, application and database security. Reviewed system controls of the ordering, receiving, logistics, stock, sales, delivery and after-market cycles. Post implementation review of an Oracle E-business Suite implementation in an automotive environment. Audited the completeness and quality of project activities and deliverables during the implementation.
❑ Network Configuration Review - of an enterprise with connections to branch offices and business partners. Reviewed the configuration of the firewalls, core switches, and routers, intrusion detection/prevention systems. Key review points included network segmentation, protection of critical resources, and external connections.
❑ Application assessment - of an AS400 based system for an automotive entity in the context of system utilization and process automation.
December 2004 till Feb 2007 Deloitte & Touche - Dubai
Information Systems Consultant (Semi-Senior)
Key responsibilities and projects: ❑ Evaluated control procedures relating to Information Security, Information system operations, Application Systems Implementation and Maintenance, Database Support, Network Support, System software support, Business Continuity Planning, Information resource and strategy, hardware support and relationship with vendors. Prepared and presented client management with audit reports regarding all of the above.
❑ Carried out network security reviews of online businesses, as well as reviews of their overall IT environment.
❑ Conducted post-implementation reviews for clients that have undergone system implementations and data migration projects.
❑ Performed Internal Audits of IT environments of governmental and financial entities.
❑ Tested applications (Oracle/Baan/Kerridge) and system controls of business cycles (Revenue, Expenditure, Inventory) as part of financial audit assignments.
❑ Employed knowledge of databases, programming, information security and network security standards such as ISO / IEC 17799 and CoBIT to carry out full audits of diverse IT environments in the following industries: construction, financial (banks, credit bureaus), investment, insurance, manufacturing, real estate, retail and wholesale.
❑ Exposure to a diverse set of key industry ERPs and platforms (Oracle, Baan, Premia, AS400)
❑ Clients included companies listed in the Kuwait, Dubai, and Saudi Arabian Stock Exchanges
January 2003 till Dec 2004 Albazie & Co. - RSMi Kuwait Office
Information Systems Auditor (Semi-Senior)
Company: ❑ A leading Auditing and Public Accounting firm in Kuwait, member of RSM international.
Key responsibilities and projects: ❑ Evaluated control procedures relating to access to data and programs, system development and change control, data processing operations, systems programming and technical support, business continuity and disaster recovery planning, networks and communications and database administration
❑ Carried out audits, risk assessments on the integration of information systems for clients undergoing acquisitions and mergers
❑ Was a part of the team that provided consultation on the transfer of business data between different accounting information systems belonging to two different investment companies
❑ Prepared audit reports covering the IT infrastructure and related functions as part of the internal audit assignment, external audit assignments as well as internal control reviews for compliance purposes (as per "Central Bank of Kuwait" guidelines) for banks and investment companies
❑ Clients included a number of companies listed in the Kuwait Stock Exchange
❑ Bachelor of Sciences in Management Information Systems from University of Arkansas at Fayetteville (1997-2002) - Included practical courses in the analysis, design and development of systems, and programming using SQL, COBOL, Java, Visual Basic 6.0 as well as .NET