Summary -
A Certified SAP and Information System Auditor with nineteen years of experience in the IT industry which includes 10 years of SAP Security, Basis, ABAP/4 and IT Internal Audit, experienceon different versions of SAP from 3.1H to ECC 6.0 working with Microsoft SQL server and Oracle databases on Windows NT, Windows 2000 and Unix systems. Certified from SAP Partner Academy as a technical consultant in Basis-NT/Oracle in 3.X, and has subsequently received Delta training in 4.6B, Workload Analysis, APO, live cache administration and BW Confidential, ASAP Methodology (Accelerated SAP) from SAP. Managed various projects and has consistently demonstrated strong planning, coordinating, problem solving, monthly reporting, project performance metrics, analytical skills and ability to lead teams. Have trained and managed staff/consultant by assigning and reviewing work to support project requirements. Responsibilities as designated by the Finance department CFO and management related to internal initiatives focused on department development along with a responsibility to identify recommendations for continuous improvement in global processes and controls.

06 –2006 to Present

IT Internal Audit Manager

Duties and responsibilities:

• Plan assigned audits, including proposing audit objectives, scope, specific risk assessment, and detailed audit work plan(s) to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
• Coordinate the timing and logistics of assigned audits between company management and the audit team.
• Maintain awareness of current issues and significant changes within the IT and business environments, and related processes.
• Demonstrate effective interaction with all levels of management and external professionals.
• Perform, supervise, and lead the activities related to the Company’s efforts to maintain compliance with the Sarbanes-Oxley Act, specifically through the performance of risk assessments, revisions of documentation, performance and review of testing, and documentation and communication of results to company management. Assigned areas would include, but not be limited to IT general and application controls, and business application controls.
• Review specific audit risk assessments and detailed audit work plans to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.
• Develop and regularly update the scheduling for all audits in the audit plan. Monitor the progress of audits open, started and completed to ensure that any issues regarding the completion of the audit plan are identified and addressed on a proactive basis...
• Anticipate problems and obstacles to the timely and efficient completion of audits, and keep the Sr. Director of Internal Audit generally informed of their status. Recommend solutions to anticipated and incurred problems and obstacles impeding the timely completion of audit work.
• Ensure adequate consideration and efficient and effective coordination of financial, operational, and systems audit procedures in every department audit, as applicable.
• Through an in-depth understanding of applicable policies, procedures, systems, and state and federal regulations, perform and review audit work to ensure the assessment of the effectiveness and efficiency of internal controls is adequate and, along with conclusions, is sufficiently supported and documented, and the departmental and professional standards, including but not limited to IIA and CobiT Standards as well as the COSO Internal Control – Integrated Framework, are adequately upheld.
• Perform and review audit work to review, verify and evaluate the adequacy, effectiveness and efficiency of internal controls supporting operational, financial, and system processes, functions and procedures. Ensure proper utilization of appropriate records, files, manuals, data processing reports, interviews, and personal observations in the performance of such audit activities. Perform and review audit work to analyze and evaluate the Company’s intra- and inter-departmental flows of transactions and information.
• Perform audit work as needed, particularly in highly complex areas and where department resources may otherwise be insufficient.
• Ensure issues and exceptions are fully identified and properly defined, and recommendations are adequately formulated to address the root cause of identified issues in a cost/beneficial manner.
• Ensure issues and recommendations are adequately and effectively communicated to management on a proactive basis during the course of each audit, particularly to verify the accuracy of findings and secure preliminary commitment to recommended actions.
• Lead or manage opening and closing meetings for assigned audits, and present IT topics and issues in meetings for all audits containing an IT scope.
• Draft clear and concise audit reports with proper utilization of the staff, including executive summaries, issues, and recommendations.
• Review audit reports, ensuring clarity, conciseness, and overall quality prior to Sr. Director review.
• In collaboration with the Sr. Director of Internal Audit, review final management responses for adequacy and completeness.
• Perform and delegate/supervise appropriate follow-up audit work to continuously and timely follow-up on audit issues and properly update the status of outstanding reported issues. Ensure that adequate communication is provided to management on a proactive basis regarding the status of issues and results of such follow-up work to both the Sr. Director of Internal Audit and company management, properly identifying and handling any concerns over company management’s attention to the issues. Monitor the progress of management’s activities to determine if issues receive proper attention, and communicate and elevate concerns.
• Perform and delegate/supervise audit procedures for assigned areas to assist external auditors with quarterly and year-end audit testing.
• Provide periodic communication to external auditors regarding summary of work performed and results of audits and projects.

SAP GRC Integration

• Rule design, configuration and testing
• Firefighter access setup
• User provisioning workflow design and configuration
• Access violation remediation
• SAP security redesign
• SAP general computing controls configuration
• SAP application process controls assessments, design and configuration

SAP environment
Determine access to ADP payroll processing to ensure user appropriateness in terms of access 
Determining that access to create and process online checks, the banking process and the appropriate security around the Electronics fund transfer (EFT) file 

Confidential 
Schaumburg, ILL

12-2002 – 06-2006

Senior Security and Basis Administrator

Led the SAP security development effort for the implementation. Designed comprehensive security strategy and established guideline to design security controls for the SAP systems. Tested role basedactivity groups per APP requirements for different functional areas. Responsible for all aspects of security namely User authentication, Authorization protection, Integrity Protection, Private protection and Auditing and Logging services. Implemented user, system and network security per APP company policy. Performed analysis using SU53 and SU56 as well as setting up and analyzing user traces. Monitored and made appropriate changes to the functional security roles and production parameters as part of post go-live support. Identified OSS notes to enhance security of SAP system. Performed daily, weekly and monthly monitoring of SAP security based on agreed guidelines. Focused on key SAP security and control risks, including techniques for modeling new user accounts or changes to user accounts, RSPARAM settings, ensuring that production client is locked down for configuration to compley with Sarbanes Oxley Act 302 and 404. Helped APP client to identify SOD (segregation of duty) conflicts. Initiate the security plan for function-based roles per requirement from team leads. Complete the initial baseline for roles vs. transactions for modules in SAP. Assist the security consultant to build function related roles in SAP. Define and configure security auditing logs, Electronic records (CFR Part 11) as per FDA requirements and Good Manufacturing Practices. Assist security consultant to build security and basis parameters for the production environment as per best practices from SAP and KPMG. Support and change current Basis activities in co-ordination with the APP basis administrator as well as SAP hosting. Develop and maintain Basis project plan. Maintained TMS configuration, administered basis activities namely, user creation, spool configuration , client maintenance (client copies / client exports-imports / client deletion), profile configuration (Start / Default / Instance profile management), monitor CCMS alerts, system logs, update and lock errors. Create configuration documentation and SOP’s for Basis and security transactions. Configure and test faxing and emailing capabilities from SAP using Right fax and Exchange connector. Install SAP gateway services on servers for better communication between third party interfaces and SAP. Develop and document the strategy to build the production environment that included installation of PCC (Pre-Configured Client), CFR part 11, LSMW, SAP scripts, add-ons and user configuration and development.

Confidential Consulting/ICS
(09/1998 to 12/2002)

CONSULTING EXPERIENCE
CONSULTING – SAP Security and Basis Consultant
As a security and basis consultant provide technical services for security and basis task in an ERP (SAP) environment. Client services provided to:

Confidential (Milwaukee)

Designed the security, transport management system and system administration model for their SAP R/3, and new dimension products such as BW and EBP systems. Designed the hardware migration strategy from a system as well as security perspective. Review and modify the project plan for the 46C implementation for Security and Basis tasks. Implemented Central User administration (CUA) for the complete SAP system landscape taking in account global operations in North America. Defined and configured the CUA, linked clients with logical systems. Configured and maintained the ALE distribution model and the partner agreements in the main and child system. Defined the fields that have to be maintained locally and centrally. Maintaing and copying the user master records from new SAP systems that are connected to the main system, monitoring and trouble shooting in the event of distribution problems.
Helped client implement Sap’s APO/Live cache and BW on Windows Advance server with 3 Compaq Servers with 4.0 dual Pentium 850 MHZ processor with 1.5 gig of RAM with SQL 7.0 database Defined system landscape, client strategy. Used Visio and other tools to illustrate system configuration and transport/client copies path. 
Identified scope of implementation for client and helped develop project plan for clients APO/Live cache and BW system implementation. Documented Best practices and created procedural guidelines on system installation.
Set up profile generators on R/3 version 4.6D APO/Live cache 3.0 and BW 1.2 version with SQL database. Loaded customer tables for setting up the profile generator.

Confidential

As part of basis role installed and maintained the complete SAP system landscape. In addition also applied SAP patches, maintained OSS using SNC internet option, system administration, configured and maintained transport management system(STMS), transport routes, co-ordinate with SAP on GA, GO and GV sessions, interacted with upper management with regard to the both security and basis task pertaining to the implementation.Setup OSS connection using the SNC internet option. This involved the installing SAPcrypto library, getting relevant encryption certificate and maintaining the saprouttab table for security.Coordinated activities with the problem management team, interacted with client team leads and Basis team in Pittsburgh US Provided Basis consulting services to support development and QA/Integration systems. Documented system and database administration processes.

Confidential (Oakland, California)

Designed the security infrastructure on five levels namely application, users, database, operating system and desktops. Responsible for all aspects of security namely, User Authentication, Authorization protection, Integrity Protection, Privacy Protection and Auditing and Logging. User authentication included creation of R/3 password rules; retributing unauthorized logon attempts and using the information system provided by SAP to monitor users. Performed analysis using SU53 and SU56 as well as setting up and analyzing user traces. Performed daily, weekly and monthly monitoring of SAP security based on agreed guidelines. Under authorization protection created roles based on “Transactions vs. Roles” matrices, developed and tested authorizations using profile generator (PFCG), in the areas of FI, CO, MM, SD, PP, WM and QM. Developed “best practice” models for SAP security, including naming convention and general role development. Also modified standard SAP roles to meet requirements for the client as per their organization structure. Created new authorization objects and fields for new transactions for specific groups. Developed security test plans and procedures. Developed CATT scripts to create and update user profiles. Identified OSS notes to enhance security of the SAP system including assessment of impact on current security design. Monitored the transportation management system for export and import logs for requests released by developers and team leaders. Created special procedures to release and import transports into the production system. Maintained data integrity at the OS and database level using file permissions and database tools. Created special folders with limited authorizations for communication of data to and from third party interfaces to SAP. Trained and created documentation for the security administrator with respect to authorization concepts, role creation and auditing tools (SUIM, SM19,SM20). In addition to security performed basis tasks. These included installation and maintenance of the SAP system landscape, performance monitoring, system administration, TMS, spool administration, developing a DR plan for 3 locations, database administration, co-ordination with third party for faxing, email and RF solutions, alert monitoring, background processing and dump analysis.

Confidential (Racine, Milwaukee)

The ERP division of the company was implementing SAP for one of its key clients - Production Products Company, using ASAP methodology and SAP R/3 version 4.6B. My role
User Administrator: setting up and maintaining user accounts (SU01, SU10)
Security Administrator: creating, maintaining and monitoring SAP security profiles using Profile generator (PFCG, SM19, SU53, SM20).
System Administrator: maintaining system performance and logs (SM21, ST22, ST04, ST03)
Transport Administrator: managing change request and transport changes between systems (STMS, SE01, SE09, SE10) 
Disaster recovery technical manager: creating, testing and executing the SAP disaster recovery plan.
Database Administrator: managing and maintaining database health and integrity
Server Administrator: managing all the systems in the landscape (Four system Landscape i.e. Development, Quality Assurance, Technical Sandbox and Production). Also responsible for loading the PCC (Pre-Configured Client) on existing Sap version on all 4 servers. This included installing SAP 46B, maintaining the TMS (Transport Management System) and importing transports for PCC. 
Training the system and database administrators for maintaining the system after the Go-live phase. Prepared written documentation, oral presentations, classroom instructions (including development of lesson plans) and general knowledge transfer.
Team Leader: Responsible for business needs analysis, object oriented analysis, design and development, database design in a client/server environment. Consulted with the CIO to ascertain and define needs from problems by technically determining the scope of the tasks. Conducted technical and problematic research and analyzed data to determining solutions associated with the design and implementation of the software with system testing, maintenance, production support and performance tuning.

SYSTEM EXPERIENCE

Software / Products: SAP R/3, SAP BW, SAP APO, Mercury Interactive tools, LoadRunner/WinRunner, Active Watch 

Development Tools / Languages: COBOL, JCL, C, Visual Basic, PS SQL plus 

Hardware / Operating Systems: UNIX, Windows NT, Windows 2000, Windows XP 

Databases: Oracle, MS SQL

Education and Professional Affiliations

Bachelors in Computer Science 
ABAP/4 Certified Confidential
ADM940 SAP Security Administration
ADM950 SAP Security Advance System Administration
SAP workload Analysis Confidential
SAP Technical Administration in BW21C Confidential
SAP-Live Cache Administration (BC555) Confidential: Live Cache concepts, Architecture, Administration, Monitoring, Backup and Restore
SAP-APO 3.0 system Administration (BC355): Overview, Core Interface, CIF Monitoring, Optimizers, Authorizations, Disaster Recovery
Delta 46 Basis 3.x to 4.6 from SAP-America
ASAP methodology course
Oracle 7.3 and Developer 2000 covering Sql and Sql “Plus V 3.1”, “Pl/sql V 2.1, Oracle Reports V 2.5”