ITGC & ITAC Testing
- Execute ITGC walkthroughs across 4 control domains (Access management, Privileged access, Change Management,
Operating systems, IT Risk Management) on SAP S/4HANA, ECC 6.0, and SAP Business and also for the generic information systems
for 8-10 client engagements per year.
- Perform ITAC testing — automated controls, interface controls— verifying SoD enforcement against PCAOB and ISAE 3402
standards.
- Rate control deficiencies (Critical/High/Medium/Low) and deliver audit workpapers consistently with zero rework requests from
senior managers.
SOX Compliance & IT Controls (Sections 302 & 404)
- Planned and executed SOX IT compliance testing by assessing the design and operating effectiveness of IT General Controls
(ITGCs) supporting financial reporting.
- Evaluated key control domains, including user access management, privileged access, change management, computer
operations, and interface controls, in accordance with SOX and PCAOB requirements.
- Assessed the impact of ITGC deficiencies on financial reporting risks and coordinated remediation activities with control owners
and external auditors.
- Developed and maintained Risk and Control Matrices (RCMs), performed control walkthroughs, documented test results, and
prepared audit evidence to support managements SOX certification.
- Collaborated with finance, IT, and business stakeholders to ensure compliance with SOX Sections 302 and 404, contributing to
successful internal and external audit engagements.
SAP Access Management & GRC
- Review SAP authorisation objects, role assignments, and profile parameters (SU01, SU10, SUIM, SE16, SM30) to detect
excessive access and SoD conflicts across client landscapes.
- Run batch risk analysis via SAP GRC Access Control (ARA, ARM, EAM); assess critical access combinations and validate
mitigating controls for unresolvable conflicts.
- Analyse SAP_ALL / SAP_NEW assignments, Firefighter (EAM) logs, and basis-level misconfigurations (S_TCODE, S_RFC,
S_DEVELOP) across production and non-production systems.
- Deliver SoD remediation roadmaps — avg. 30-40 high-risk access conflicts identified and resolved per engagement.
SOC 1 & SOC 2 / Regulatory Compliance
- Review SOC 1/2 (Type I & II) reports; assess CUECs and map findings to client control frameworks.
- Evaluate compliance with ISO 27001, ISO 22301, COBIT 2019, and NIST CSF; deliver risk-ranked remediation roadmaps to C
level management.
Client Advisory & International Missions
- Present findings to CIOs, IT Directors, and CFOs across Canada, Luxembourg, and Francophone Africa; participate in S/4HANA
migration reviews (greenfield & brownfield) validating migration controls and post-go-live monitoring.
- Company industry:
- Accounting