Internal Auditing and Assurance
As a strategic and critical thinker, I am continually assessing the environment in which internal audit operates to align it with the organization’s strategic objectives and business goals; delivering informative and insightful audit and assurance reports with practical solutions to mitigate risks while maintaining independence and objectivity. Introduced innovative audit technology, tools and techniques including adopting data analytics and digitizing internal audit artifacts to further the mature of the Internal Audit Department.
As the Chief Audit Executive for a global asset manager, I have conducted comprehensive risk assessments with particular insights into investment and pension asset management and operational risks; developed and executed risk-based and flexible internal audit plans and other assurance activities to cover all areas of asset management activities.
Areas of expertise and knowledge
- assessing investment due diligence processes; portfolio controls for real estate, infrastructure and timber, private debt and mortgage assets; and portfolio companies control environments.
- assessing private investment operations, investment administration functions, economics and fund strategy operations, responsible Investing (ESG), legal services, IT infrastructure and data architecture, payment systems (e.g. SWIFT CSP) and other investment support functions.
- assessing liquidity and leverage risks, cybersecurity risks, third-party risks, insider threats, fraud risks, model risk and other operational risks.
- assessing the resilience of core investment and business applications under market stresses.
- performing forward-looking assurance to assess the execution and delivery of major projects (e.g. multi-asset class risk system), design and adequacy of application controls including security and protection of data in cloud-based SaaS and IaaS platforms.
- leading, conducting and reporting on an internal investigation into a major investment loss and following-up on mitigation plans and corrective actions including an assessment of investment risk management practices.
- assessing investment management culture.
Energy, Construction and Industrial
As the Chief Audit Executive of medium and large companies, I have conducted comprehensive operational risk assessments that align with the organization’s risk management programs (e.g. ERM); developed and executed risk-based and flexible internal audit plans and other assurance activities to cover all areas of operational risks and business activities.
Areas of expertise and knowledge
- auditing production processes, revenue recognition, management reporting, human resources and payroll, procurement, inventory, maintenance, safety and quality programs, etc.
- assessing IT and data risks, cybersecurity risks, fraud risks and other operational risks.
- conducting internal controls assessments for SOX 302/404 and NI 52-109 (Canadian SOX) assessments.
- applying forward-looking assurance to ERP implementations (SAP and Oracle) to ensure the adequacy of design of application and security controls.
Over my career, as a Chief Audit Executive, I have honed my risk management skills to conduct comprehensive and organization-wide operational risk assessments to identify significant risks in all major divisions, groups, frameworks, processes, systems, projects, etc. and mapping them to company objectives and where possible, quantifying the risks for greater understanding of risk prioritization. Assessing managements mitigation strategies and providing detailed analysis to management and the Audit Committee.
Areas of expertise and knowledge:
- applying the principles of the ISO 31000 Risk Management Standard, COSO ERM Framework other risk management standard (ISO, NIST, etc.) and industry best practices for assessing operational risks to cybersecurity risk, model risk, third-party risk, insider threats, fraud risks, and other operational risk areas.
- implementing a full-enterprise risk management program facilitated by management and co-sourced by industry leading expertise and conducting on-going maturity assessments of enterprise risk management and business continuity programs.
- providing assurance activities to evaluate risks dependent on the nature of the risks identified including full-scale audit projects, specific-procedures audits, forward-looking assurance projects
- writing briefing notes to management and the Audit Committee explaining and assessing new and emerging risks.
- developing mechanisms for on-going testing of the sensitivity, pervasiveness, velocity and cross-functional impact of identified operational risks and triggers to activate assurance assessments including applying FAIR principles to operational risks.
- consulting with management on risk mitigation strategies to address significant operational and financial risks including liquidity and leverage risks, investment due diligence risks, regulatory risks, fraud risks, third-party risks, project execution/management risks, cybersecurity risks, etc.
- providing insightful and informative reports to executive management, risk committees and the board of directors on risk assessment results, audit and assurance plans, and progress on management action plans on addressing operational risks.
- developing and applying innovative approaches and practices to monitoring risk mitigation plans, incorporating the use of data analytics, digitized of artifacts, visualizations, concise and to-the-point communications, following-up on mitigation plans and reporting.
- advising organizations on developing operational risk frameworks for fraud risk (based on the COSO fraud risk management guidance), third-party risks, insider threats, and ERM and business continuity frameworks, etc.
As a trusted compliance specialist, I have the capability to ensure compliance management programs are up to industry and regulatory standards. I also provide quality assessment services to ensure internal audit departments meet their IIA standards obligations and developing and maintaining Quality Assurance and Improvement Programs (QAIP).
Areas of expertise and knowledge
- performing full external quality assessments of internal audit activity or providing an independent validation of a self-assessment (SAIV) to meet obligations under the IIA standards.
- developing and implementing QAIP for strengthening internal audit conformance and effectiveness.
- identifying opportunities for improving the value, effectiveness and efficiency of investment compliance management programs, compliance practices and operations, fraud risk management frameworks, regulatory risk frameworks, etc.
- assessing ESG processes, practices and programs to ensure they align with company disclosures of environmental commitments and align with risk management practices.
- establishing ethics and integrity programs (whistleblower/complaint reporting) with complementary training.
- meeting regulatory requirements by performing internal controls assessments SOX 302/404, NI52-109 (Canadian SOX), SOC (System and Organization Controls), etc.
- assessing control frameworks for alignment with the principles of the COSO Internal Control Integrated Framework;
- auditing compliance with company policies, procedures, guidelines, etc.