Tajammal Riffat

•Manage, lead and support IT audit governance function which includes audit oversight of Sarbanes-Oxley Act (SOX) and SSAE 16 (SOC 1/2 requirements), pre-sale (RFPs) and post-sale IT privacy and compliance reports.
•Perform audit of ITGC and application controls related to network, operating systems, database, application security and IT processes for evaluating the design and operating effectiveness of IT controls and communicate the results of audit via written reports and presentations to management.
•Single point of contact (SPOC) to provide Subject Matter Expertise (SME) on all IT audit and compliance related issues and communicate the risk and impact of issues and findings to management and users.
•Manage and administer multiple audit projects actual progress against planned audit steps to ensure challenges are managed proactively and scope is completed within time and budget.
•Take initiative to maintain effective communication with internal stake holders, staff members and managers to promptly resolve concerns that may have an effect on successful completion of an audit.

•Independently planned, executed and performed Information System (IS) audits including testing, documentation, review and assessment of Information Technology General Controls (ITGCs) and application controls for SOX, CSOX and non-public clients.
•Prepared IT test plans, tested internal controls, identified, and documented audit issues and recommendations using independent judgment for logical and physical controls, back up, change management and data centre controls.
•Inquired appropriate personnel, observe entity's operations, and inspect relevant documentation to perform test of controls to conclude on the design and operating effectiveness of internal controls.
•Assisted clients by providing value-added IT consulting and advisory services in sustaining and managing information risk exposure and reducing IT risks in a sustainable manner by evaluating organization’s IT controls and environment.

•Performed IT General Controls (ITGC) and application controls testing for IT domains including applications, networks, databases and operating systems.
•Documented and evaluated controls for design and operating effectiveness for IT areas including access to program and data, program changes, program development and computer operations.
•Prepared testing procedures for key controls based on risk matrix, executed test plans, and documented results ensuring that findings and recommendations are properly supported.
•Reviewed, analyzed and tested internal control systems to ensure compliance with reporting regulations (Sarbanes Oxley legislation (SOX)) and communicated audit results to appropriate levels of management.

•Independently and under the guidance of senior managers, performed audit planning, execution and reporting.
•Assisted audit team in risk assessment, with the mission to reduce overall risk by reviewing process and controls.
•Coordinated audit engagements, including the client communications, work allocation, prepared presentation, work-paper documentation and report write-up.
•Prepare detailed audit programs to effectively test key controls that are in line with audit objectives.