● Audit internal controls over financial reporting (ICOFR) for management assessment under Section 404 of the Sarbanes-Oxley Act ("SOX"); includes meeting with various departments to understand key business and IT processes, testing of key automated and IT general controls (ITGC), and making recommendations for improvements in internal controls.
● Identity and access management (IAM) covers the policies, processes, and tools for ensuring users have appropriate access to information technology (IT) resources.
Identifying and evaluating the risks during review and analysis of system development life cycle
(SDLC), including Design, Testing/QA, and Implementation of systems and upgrades.
Evaluating controls including Change Management, Access Controls, Segregation of Duties, System development methodologies, Incident management controls regarding SDLC.
● Work with the Internal Audit team Managers and the Director to address any observed concerns or gaps, provide recommendations, and monitor the resolution of prior period issues.
● Performed compliance, operational, IT and financial internal audits to determine adherence to guidelines and regulations and evaluate the effectiveness of internal controls.
● Reassessing the controls and deficiencies and retesting all the identified key controls within SOX guidelines.
● Evaluating IT control elements to reduce IT risks related to the confidentiality, integrity, and availability of business information.
● Reviewing and testing for segregation of duties (SOD) and accessing control in application to ensure compliance with SOX.
● Risk control metrics (RCM) listing for tool optimization and automation to reduce manual work.
● Conducted walkthrough, formulated test plans, documented gaps, tested the results and exceptions.
● Create precise, logical, and detailed work documents that clearly describe the control, testing results, and conclusions made.
● Sending the WSR (weekly status report) to the management which includes all the control findings.
● Delivering timely and concise communication, including developing and producing management reports, illustrating status, trends, and action plans.