Group Internal Audit Director (Head of IA)
Royal Group
مجموع سنوات الخبرة :23 years, 2 أشهر
Business Title:
Group Internal Audit Director (Head of IA) - UAE (June 2015 to Present)
Key Strengths and Responsibilities:
LEADERSHIP
Leading an IA team of 9 employees at the Group level, with additional 4 auditors at specific subsidiaries.
Upon joining met with key organizational stakeholders to survey their opinions about GIA, then performed assessment of the team’s skillset & developed roadmap to implement tactical improvements.
Transformed GIA’s reputation into one of professional provider of objective and independent assurance with real value-add (i.e. quantifiable savings, avoidance of costs/penalties, and process improvements).
Recruited GIA talent comprising of financial, operational, IT, cyber security, and engineering auditors.
Ensured the function’s compliance with the IPPF (International Professional Practices Framework).
Co-ordinating outsourced IA and the external audit relationships, including service provider appraisals.
Implemented a data analytics and dashboarding solution to enhance reporting to the Audit Committee.
Serving as Secretary to the Group's Audit Committee (A.C.) & as advisor to a subsidiary Audit Committee.
Developed Audit Committee Charter, Group Internal Audit Charter, and Group Internal Audit Manual.
Building professional relationships with auditees’ executive management and Board members.
AUDIT PLANNING & DESIGN
Assisting the Group in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of governance processes.
On the annual basis, preparing a risk assessment and developing (or updating) dynamic annual internal audit plan for the Group (i.e. 65+ subsidiaries) and obtaining approval from the Audit Committee.
Preparing an annual audit schedule and assigning internal audits to team members.
Formally announcing each internal audit to heads of business units and chairing audit kick-off meetings.
AUDIT EXECUTION
Delegating day-to-day administrative and audit execution responsibilities to the Group Audit Manager.
Professional audit standards are maintained via quality control monitoring throughout the whole audit.
Plan and conduct operational, financial, & compliance audits on the effectiveness of internal controls.
Remediation of control weaknesses & mitigation of risks is tracked via annual follow-up audits.
Performing special investigations, as requested by the Audit Committee and by the Boards of Directors.
REPORTING
Reviewing audit documentation & issuing draft reports to the auditees’ executives for their comments.
Ensuring final reports are issued only after exit meetings & management comments have been received.
Tracking, following up, updating, and reporting on the consolidated risk register for the whole Group.
Quarterly Audit Committee reporting with more frequent one-on-one meetings with the A.C. Chairman.
Reporting to the subsidiaries’ Audit Committees and presenting to their Boards of Directors.
PEOPLE MANAGEMENT & DEVELOPMENT
Managing the headcount, recruiting, and deploying resources with the right mix of skills and strengths.
Managing performance planning, coaching, and completing annual/semi-annual employee appraisals.
Business Title:
AVP, Group Head of Enterprise Risk Management - UAE (April 2014 to June 2015)
Reason for Leaving: In 2015, a German shipping company, Hapag-Lloyd, announced that it would be acquiring UASC and streamlining its UAE operations.
Key Responsibilities:
Mandate for ensuring that the ERM function delivered value to the organization by achieving demonstrable risk reduction and improved risk management that was recognized by Executive Management and the Board of Directors.
Champion the ERM program with the goal of implementing an organization-wide risk management framework based on the ISO 31000, ISO 31004, and supplementing it with the COSO risk management framework.
Responsibility for conducting workshops and interviews as part of the risk assessment to identify, analyse and prioritize key risks the organization faces.
Member of the Financial Risk Management Committee and the Asset / Liabilities Committee (contributed on the topics of hedging interest on long-term debt and analysis of the cash flow projections.
Took on additional responsibility for corporate compliance programme, including setting the objectives, defining schedule, visiting ships along with key clients, and recruiting a compliance officer.
Key Strengths:
Providing subject matter assistance to the risk owners in developing practical treatment plans to address key risk exposures.
Regular review and updating of the corporate risk register.
Semi-annual progress presentations to the Board of Directors.
Regular engagement with the heads of departments in respect of the emerging risks with the goal of raising awareness of risk management’s importance to successful operation of the business.
Facilitating training workshops in respect of risk management topics and new guidelines.
Business Titles:
Director, Enterprise Risk Services - UAE (October 2013 to March 2014)
Senior Manager, Enterprise Risk Services - UAE (September 2012 to October 2013)
Key Responsibilities:
Full responsibility for developing an IT Risk advisory practice in Dubai and Northern Emirates with primary service delivery concentrating on outsourced and co-sourced IT internal audits, process improvement, project risk management, governance, compliance engagements, and due diligence.
Responsibility for building, recruiting, and developing the Dubai IT risk advisory team of 13 staff.
Responsibility for the profit centre, including client relationship management at the executive level, billing, presentation of proposals, negotiation of contracts, and project management of multiple simultaneously on-going engagements.
Primary interaction and professional relationship development with VVIPs (Fujairah; Sharjah), Representatives of Government Departments, Heads of IA, CIOs, CFOs, COOs, and etc.
Presented to and reported at the Audit Committee and Executive Steering Committee meetings.
Held responsibility for forensic advisory work (e.g. forensic investigations, anti-fraud control design).
Key Strengths:
Internal audits, IT audits, SOX, fraud investigations, business continuity reviews and advisory.
Financial and IT risk assessment projects, including development of risk registers.
Practical application and reviews utilizing CobIT, ITIL, COSO, ISO, and AIM frameworks.
Development of risk assessments and alignment of such with the organization-wide ERM.
Enterprise Risk Management along with benchmarking studies and comparison to best practices.
Assistance with development of policies and procedures for business process areas.
Establishment of an internal audit strategy, including risk & control matrices, defining scope of review, developing approach to testing, resourcing, and dealing with budgetary oversight.
Conducting quality assurance and compliance reviews.
Presentation of results to Audit and Steering Committees, including one-on-one discussions.
Technical IT application / database / infrastructure reviews, including physical security.
Performance of advanced CAATs (Computer Assisted Audit Techniques), using the ACL tool.
Facilitation of training courses to staff and conducting workshops for clients.
Business Titles:
Senior Manager, Risk Assurance - Bermuda (January 2008 - June 2012)
Manager, Risk Assurance - Bermuda (January 2007 - January 2008)
Key Responsibilities:
Oversaw multi-location audit support and SOX engagements with teams in the UK, US, and Canada.
Held group responsibilities for interviewing, resourcing, assurance portfolio management, learning and development, performance appraisals panel member, budgeting, and reporting.
Supervised the work and evaluated performance of 4 senior associates and 3 managers.
Primarily interacted and developed professional relationships with Heads of IA, CIOs, CFOs, COOs, CEOs, compliance, etc.
Managed outsourced / co-sourced internal audits and reported to Heads of IA and Audit Committees.
Was a lead senior manager in charge of developing forensic services business unit at PwC Bermuda (i.e. overall strategy, tactical go-to-market plans, and key relationships at government and within industry).
Led all fraud and forensic investigations and working closely with Bermuda and UK police, government regulatory authorities, auditor general of Bermuda, etc.
Led teams in performing A/P, A/R, procurement, underwriting, claims, life insurance, investments pricing, and IT process reviews and advisory engagements.
Held responsibility for Business Continuity Management business development in the Bermuda market.
Developed COSO-based risk assessments by business process, as well as created risk registers.
Led PwC internal audit performance QA reviews at PwC offices in Bahamas, Barbados, and Moscow.
Key Strengths:
Team leadership and development.
Professional relationship development with C-suite contacts.
Development of go-to-market strategy.
Insurance and re-insurance industry sector expertise.
Reporting and presenting at the Audit Committee meetings.
Gap assessment and policies/procedures/SOPs development.
SOX (Sarbanes-Oxley) readiness and compliance reviews.
COSO risk assessment and internal control frameworks expertise.
COBIT and ITIL frameworks expertise.
Research and advisory to clients on technical matters (e.g. risk management, internal controls).
BCM (Business Continuity Management) expertise, including DRP (Disaster Recovery Planning).
IT General Controls expertise.
SAP and Oracle ERP controls expertise.
Business Titles:
Manager, Enterprise Risk Services - UAE (September 2004 to January 2007)
Senior Consultant, Enterprise Risk Services - Canada (June 2002 to September 2004)
Technology Risk Consultant, Enterprise Risk Services - Canada (September 2001 to June 2002)
Key Responsibilities:
Oversaw resourcing, scheduling of work, completion of engagements, file reviews, and reporting on all financial statements audit support engagements in Canada, United Arab Emirates, Oman, and Qatar.
Supervised the work and evaluated performance of up to 14 senior and junior associates.
As part of financial statements audit support activities, utilized the ACL tool to perform fraud and error analysis over manual journal entries for the two largest banks in Canada.
Performed fraud and forensic investigations across Canada and Middle East region.
Contributed in a computer forensics specialist role on a joint team of Deloitte professionals and the federal police engaged by the government of Canada (high profile public case) to investigate large scale potential fraud within a crown corporation.
Played a key supervisory role on a special advisory engagement to perform a detailed investigation of the A/P department of a large Canadian crown corporation with primary focus on the procurement cycle. The goal was to conduct interviews and interrogate SAP data utilizing the ACL tool in order to identify inappropriate disbursements and overpayments to vendors or/and related parties. Resulting evidence in respect of more than 10.5 million examined transactions was presented to the executives.
Supervised the fieldwork on the SOX readiness engagement for the world’s 2nd largest wine producer.
Acted as a lead senior auditor on the annual 3rd party assurance engagement (i.e. 3 years) involving a review of internal controls for an items and transactions processing organization for a leading Service Bureau in the Banking sector with processing centres in most provinces in Canada (incl. cheque processing, currency operations, bank back office operations, exceptions handling).
Managed internal controls review within Dubai’s government entity, including supervision and training a team of people from the Internal Audit department (i.e. Emiratization Initiative).
Facilitated training courses on Ethics and Integrity, Independence, IT audit basics & Fraud.
Key Strengths:
Computer forensics expertise, including ISA 240 standard.
Technology process re-engineering and improvement.
Business process re-engineering and improvement.
Financial statements auditing.
IT auditing, including utilization of the ACL tool for CAAT (Computer Assisted Auditing Techniques).
SOX (Sarbanes-Oxley) readiness and compliance reviews.
Financial Services Industry expertise.
Third party assurance reviews under the SAS 99 standard.
Lead senior on the annual 3rd party assurance engagement (i.e. 3 years) involving a review of internal controls for an items and transactions processing organization for a leading Service Bureau in the Banking sector with processing centres in most provinces in Canada (incl. cheque processing, currency operations, bank back office operations, exceptions handling).
As part of financial statements audit support activities, utilized the ACL tool to perform fraud and error analysis over manual journal entries for the two largest banks in Canada.
Computer forensics specialist role on a joint team of Deloitte professionals and the federal police engaged by the government of Canada (high profile public case) to investigate large scale potential fraud within a crown corporation.
Comprehensive review of the client’s business continuity management process and framework.
Business Title:
Staff Auditor, Core Audit Practice - Canada (May 2000 to August 2000)
Professional summer internship.
Key Responsibilities:
Executed financial assurance engagements with a primary focus on the manufacturing and government sectors.
Business Title:
MIS (Management Information Systems) Associate, Finance - Canada (May 1999 to August 1999)
Professional summer internship.
Key Responsibilities:
Designed and implemented a Hyperion reporting module to produce and submit budgeting information to the Global Head Office in Amsterdam (Netherlands).
Compiled an extensive and detailed user manual with respect to the operation of specific modules within the Hyperion database.
CRISC (Certified in Risk and Information Systems Control)
CFE designation received on 08-Jan-2008.
CISA designation received on 20-Oct-2004
CA (Chartered Accountant) designation received on 13-May-2004.
Honours diploma of Bachelor of Business Administration with a major in Accounting and minor in Psychology