Associate Director
Kpmg
Total years of experience :15 years, 8 Months
Currently within the Advisory department at KPMG Qatar office. Looking after IRM function to support in the financial audit engagements as “Specialists” and looking after IT consulting services within ERP area. Led and managed different type of IT advisory projects for the following clients: -
•QatarGas
•Qatar Petroleum
•QNB
•QIA
•Doha Bank
•QIB
•Woqod
•Ezdan Group
Worked within the Risk Services division at Melbourne office. Have been equipped with expertise in SAP Basis and Business Process reviews, SAP GRC Implementation and configuration, Risk Assessments and managing IT General controls reviews.
•Key Responsibilities
•SAP Security and GRC business development and strategy
•Helped clients with GRC enablement solutions in the following ways:
•Assess client’s GRC structure within the scope of best practices and PwC GRC methodology and identify a roadmap;
•Develop a framework comprising all GRC processes (for example, risk management, internal control, audit & Access control)
•Assess and adapt GRC tools to enable corporate GRC activities in the organization.
•Support for GRC tools (SAP GRC, RSA Archer …etc.)
•Enterprise Resource Planning Controls (SAP & Oracle)
•ERP Post implementation reviews / Project assurance
•IT Security Reviews (IT Infrastructure and Business Applications)
•Key Achievements
AGL - SAP access and process controls uplift
•Reviewed underlying business processes and mitigating controls in place
•Conducted review of controls to gauge maturity of the process
•Evaluated risk materiality and risk appetite for each function
•Mapped the potential risk to understand the high level risk rating for individual business processes
•Provided technical support to business process owners on SAP process and related mitigating controls and helped them build new risk free controls
•Developed GRC “Roadmap” to consider Sensitive Access, Segregation of Duties, Mitigating Controls, Process Controls and the process for ongoing control improvement and ongoing assurance.
CSL - SAP GRC Ruleset
•Reviewed the current GRC 'ruleset' and made recommendations for S/4 HANA and new user interface
•Conducted workshops with different business stakeholders to understand access entitlements based on job roles to help design the access ruleset.
•Assessed the technical design of all SAP GRC rules using PwCs tool ( validated relevant transaction codes and authorization objects)
•Validated the completeness of CSLs GRC 'ruleset' against the SOD and Sensitive Access risks
Energy Australia - ESCV compliance review
Nufarm - Change, Problem and Incident management review
Managed IT General controls reviews as part of external audit for the below clients:
•ConnectEast
•Yarra Trams
•Asaleo
•Bunzl
•Intrepid Travel
Focal point for ERP Risk Advisory Services for Qatar and Saudi Arabia. Well versed in designing controls and implementation of Business Applications. Also responsible for providing guidance and quality assurance for SAP Pre & Post implementation reviews.
In addition, acting as the subject matter expert in SAP GRC Implementations in the Middle East Region.
•Key Responsibilities
•Lead and manage IT risk related projects.
•SAP GRC Implementations
•Enterprise Resource Planning Controls (SAP & Oracle)
•ERP Post implementation reviews / Project assurance
•IT Security Reviews (IT Infrastructure and Business Applications)
•Business Development
•Operations Management
•Key Achievements
•Preparation of budgets, tasks and assignment of resources
•Managing multiple clients and a team of 3 IT Consultants
•Define the scope of the project based on the client/organization’s need to meet the client's expectations.
•Identify key stakeholders and perform analysis to gain buy-in and requirements for the success of the project
•Develop the project charter and review it with key stakeholders to confirm project scope, risks and issues
•Identify and document high-level risks, assumptions and constraints using historical data and expert judgment.
•Identify key project team members and define roles and responsibilities to create a project organization structure to develop a communication plan.
•Create the work breakdown structure with the team to develop the cost, schedule, resource, and quality plans.
•Obtain project plan approval from the client and conduct a kick off meeting with all key stakeholders.
•Ensure a common understanding and set expectations through communication to align the stakeholders and team members
•Improve team performance by building team cohesiveness, leading, mentoring, training, and motivating in order to facilitate cooperation, ensure project efficiency and boost morale.
•Measure project performance using appropriate tools and techniques.
•Verify and manage changes to the project scope, project schedule and project costs as defined in the change management plan.
•Ensure the project deliverables conform to quality standards as per PwC methodology
•Clients worked for:
•RasGas / QatarGas
•Qatar Aluminium (QATALUM)
•Qatar Petroleum (QP)
in the planning of audit engagements understanding the organization and its environment
•ERP Review - Oracle EBS R12 - P2P Cycles, O2C Cycles, Accounting Controls on CM, AP, AR, & GL
•Essential role in Oracle R12 upgrade in evaluating controls, and acted as a Quality control assurance.
•IT Security Management Review - Network & Information security
•IT Operations & Management Review- Strategic IT Management & IT Services Management
•Inventory & Warehousing Management - Benchmarking, Utilization, Turnover, Stock Management
•Information security assessments
•Key Achievements
•Key role in assessing and designing the company Oracle’s authority matrix for purchase and payable, sales and receivables and financial cycles.
•Analysing Oracle application business processes in order to identify inefficiencies and gaps within system functionality and recommend solutions based on that.
•Define the scope of the project based on the client/organization’s need to meet the client's expectations.
Worked in the position of associate within the IT department covering below responsibilities:
•Provided support to over 300 staff
•Installed and managed various operating systems
•Provided staff support with the Microsoft Office suite
•Managing user profiles via Active Directory
•Use of remote assistance to provide support
•Diagnosed and troubleshoot Windows processing problems and applied solutions
•Ensured network, system and data availability and integrity through preventative maintenance and upgrades.
•Consistently met deadlines and requirements for all help desk issues.
•Coordinated with systems partners to finalize designs and confirm requirements.
•Provided base level IT support to non-technical personnel within the firm.
•Troubleshooting Computer Hardware and Its peripherals and arranging for repairs and maintenance by outsourced Parties
–