- Extremely experienced in the genre of Auditing and Compliance, having Big 10 Public, Non - Profit, Fortune 500, manufacturing, banking, service, governmental, Oil & Gas Production (Upstream and Midstream)/Natural Gas Physical and Financial Trading, construction & engineering experience.
- Tenured in the skillfulness of auditing (financial, operational, forensic, construction, IT System, contracts and Sarbanes-Oxley 302 and 404 Compliance, Japanese SOX (J-SOX), Italian “Model 231” SOX, financial analysis, and management, problem-solving and strategic planning.
- More than 10 years Managerial experience including simultaneously totaling more than 60 employees of multi-departments.
- Identified IT Controls Matrixes (Change Controls, Entity Level, MISC Infrastructure & EDI Controls, Physical Computer Room Controls, Governance and other General IT Controls) Objectives, Assess Risk, Policies and Procedures Development, Access Rights to IT Applications, Emergency/Disaster/Backup Recovery Procedures, Operational Controls, Miscellaneous Security Infrastructure, CobiT, and Segregation of Duties Controls, per IT Governance Institute Guidelines.
- General Computing Controls (GCC), which addressed the following domains:
- Plans, Organization, and Intellectual Properties;
- Information, Network, and Cybersecurity Policies and Practices, Internal Security Violations;
- Performed System Development Life Cycle for IT Risk Analysis, Efficiency, Controls, Evaluations;
- Examined and Appraised Change Management, Upgrades, and Ongoing Changing Environment;
- Reviewed Computer Operations, IT Staff, and Role Definition & Responsibilities;
- Application Controls, Reviews included:
- In-house developed applications (Software and Hardware);
- Purchases of new applications (Products);
- Reviewed Outsourced applications ( Confidential Utilized and Agreements).
- End User Computing Control (EUC):
- Reviewed Spreadsheets Applications for Security and Consistency;
- Databases and Analysis processing activities at offsite locations in case of emergency.
- Reviewed Risk Assessment Controls, Responsibilities, Compliance, Summary of Aggregated Deficiencies (SAD), SSAE16, and SOC Reports and Procedures.
- Coordinated the investigation of any potential unlawful or fraudulent activities related to IT Compliance.
SAP, SAP MIC (SOX Software), Oracle, Lawson, FOCUS, Visio, TeamMate (Audit Software), Risk Control Tracking System, Microsoft Office Suite, Internal Control Workbench (ICW), Risk Navigator, Advanced Purchasing and Inventory Computer System (ADPICS), and Advance Commercial Banking System.
Project Manager & Senior Forensic/Internal Auditor
Confidential, City of Houston, Texas
- Provided SOX testing of internal controls for International Oil & Gas Drilling and Exploration Confidential Company. Testing areas included daily business operations, financial and SEC Filings for completeness review;
- Conducted performance audits of building maintenance service contracts of several City of Houston locations and various departments. Reviewed contracts requirements and guidelines by conducting visuals observations and evaluation of Contractor and subcontractors work performances. Identified monitoring controls advantageous to the fulfillment of the contract specifications and developed audit plan of those control requirements. Prepared Internal Audit Reports identifying audit issues as exceptions for management comments and feedback;
- Conducted project construction audits for The Port of Houston Authority. Reviewed contract procedures from requisition through final contract closure walkthroughs, payment authorization, and financial records. Provided assurance on the construction costs and fees billed and compliance with the contracts executed, including the submittal processes, design project management, change order process and Percentage-of-Completion;
- Examined the bidding process, contract approvals, compliance requirements, purchase orders/change order procedures, work percentage completed records, payments, and other miscellaneous construction procedures;
- Reviewed the Houston Airport System (HAS) Office of Business Opportunity (OBO)”Pay or Play” Program (POP):
- Reconstructed through observation and research, the financial database, to account for checks received, contract compliance, and evaluated the effectiveness of the system and internal controls;
- Identified weaknesses in the internal control system structure, detected fraud and made recommendations to strengthen internal controls to reduce future fraud;
- Findings identified nearly $50,000 abused that led to the allegation of larceny charges filed and documentation used in legal proceedings.
- Conducted in-depth research on the labor and equipment billing for pipeline construction project:
- Assembled paperwork for billing, timesheet information, and project site cost work logs, confirming coordinated statistical and financial data from various sources;
- Researched, analyzed and evaluated various documents to verify cost data and billings to client;
- Enforced contract compliance for use of personnel and equipment by reviewing the quantity and quality of both labor and materials.
- Provided SOX Compliance, General IT Controls Review, and financial/operational type audits as a consultant in the areas of LNG Upstream and Midstream Operations for Oil & Gas Company and International Chemical Manufacturing Company. Coordinated, scheduled and attended internal and external audit walkthroughs with senior personnel:
- Including development of the scope, approach, and work programs as well as the execution of audit procedures and risk assessment, documented audit findings, deviations, adjustments and improvements of controls and internal operations, validated IT controls (CobiT) to ensure compliance requirements are maintained;
- Executed and documented test plans and test results reported to control owners, including details regarding exceptions, overall conclusions, and control effectiveness;
- Discovered overstated employee’s bonus that exceeded the amount management’s approved.
- Discovered massive billing errors by a supplying contractor resulted in the recovery of more than $670K. Findings identified nearly $50K abused that led to the allegation of larceny charges filed and documentation used in legal proceedings.
- Uncovered erroneous entries of more than $1M accrued based on invoices, Purchase Order and Bill of Lading.
- Discovered overstated employee’s bonus that exceeded the amount management’s approved.
- Discovered shrinkage of inventory items versus inventory purchase/distribution records, resulting in exposing inter-departmental corruption and employee terminations.
Accounting & SOX Administrator Manager
- Organized and facilitated key SOX and internal control design and operational assessment processes with Process Owners, Control Owners, and SOX leaders for testing and monitoring of controls and procedures;
- Coordinated and facilitated the implementation fo Italian SOX requirements for assigned areas, including IT Systems;
- Management responsibilities for the sites’ adherence to corporate SOX internal controls and, Business Advisor to functional leaders on Crude, Products and Natural Gas compliance and audit matters. Managed and trained seniors and staff personnel on Italy’s SOX compliance. Managed the SOX data quality and reporting in the Internal Corporate Control System, and ensured appropriate segregation of duties across department functions and IT Systems Controls;
- Evaluated Control Design and Operating Effectiveness of Entity - level, Company-level, and IT Due Diligence Guidelines. Reviewed and Updated Company and Operational Policy and Procedures for Trading Floor, Middle Office, Accounting Operations, IT Control Guidance and Application Control Objectives/Assertions;
- Performed internal risk assessments. Developing and executing audit plans and performing duties necessary to achieve the internal audit objectives, IT processes of CobiT Objectives mapped to the appropriate COSO Components;
- Managed the General IT System Controls and Security, IT Policies Management, Internal and External Audit relationship functions to ensure appropriate segregation of duties across department functions and IT Systems Controls.
- Established the start-up of US SOX 302/404 and Italian SOX (Legislative Decree No.231/2001) program requirements for USA Site Operations.
- Documented and Assessed General IT Internal Controls Management (Manual and Application Controls audits) over financial reporting as part of ongoing SOX compliance efforts. Development of various IT Matrices, Segregation of Duties, and Change Management. Created programs for IT and operational audits.
SOX Project Consultant & External Senior Auditor
- SOX 302/404 & J-SOX Compliance domestic and overseas testing and improvements for major oilfield clients:
- Conducted walkthrough process by interviewing multi-levels process owners, planning (COSO), execute testing, assess results and reporting; reviewed the full cycle process, identifying internal operational/financial controls, Risk Assessments from initiation through reporting process as required by SEC, PCAOB, IT Governance Institute, AICPA and IFRS Guidelines, to record and report as applicable within the overall cycle, Matrix development, narratives development, Segregation of Duties, approvals and lines of authorizations, system access controls, security, monitoring, Policies and Procedures Documentation review;
- Gathered process information (financial and operational) on policies and procedures; conducted multi-level interviews and observation of operating practices for internal controls (or lack of); Internal Control Framework Development (COSO - including risk management process assessment, analysis, resources, documenting, testing and evaluating of internal operating control systems; examining and testing financial transactions using statistical sampling techniques, audit programs preparation, data gathering, work paper documentation, audit deficiencies and remediation, deploy and validate IT controls (CobiT).
- SAS 70 requirements.
- Financial external audit of service and manufacturing agreement contracts.
- Examined massive international and Internal accounting irregularities and sale acquisitions;
- Performed analytical, contract, financial, construction, inventory, system and operational type audit:
- Revised and/or prepared audit programs, conduct interviews and performed background investigations, identified the cause(s) or contributing factors related to issues, risk assessments, work papers preparation.
- Discovered fraudulent procedures on the executive level involving more than $30 million of a major international service Company, involving management overrides of internal employee loans, not recorded on company’s financials and individual’s tax statements, which held up in legal proceeds.
- Discovered internal larceny by a major executive in an oil-related manufacturing company of non-approved company money wire transactions to individual employee’s accounts totaling more than $25K.