- IS Auditor
2009 - 2011
Participated to Group 3-month-audit planning assignments
(Risk based IT audits performed in BPCE lead to strengths and weaknesses report on the IT processes).
Recommendations are established and communicated to C-level management
- Asset management, Boston, MA, USA - full audit
· All IT areas: Analysis of risk areas in IT governance, information systems, IT projects and developments, IT operations, business continuity plan, IT security, IT internal control.
- Retail banking, Paris, France - Basel II certification
· Warranty: assessment of the warranty management regarding the Basel II accords requirements and standards, Warranty management tool project audit
· Data archiving: assessment of data conservation and archiving regarding the Basel II accords requirements
- IT department of an investment bank, Paris, France - full audit
· IT projects and developments: Analysis of risk areas in organization and costs follow-up of IT projects department, used IT projects methodology, IT projects reviews, IT maintenance process.
- Experienced Senior IT auditor
2005 - 2009
Participated to legal audit and advisory assignments and managed teams of 2-3 IT junior auditors
- Assisted KPMG financial auditors to review financial processes (Purchasing, Payroll, Sales, etc.) by:
o identifying all automatic controls required,
o assessing the design of the controls to ensure they cover financial and operational risks,
o testing the effectiveness of the controls through independent tests, data extractions, etc.
o establishing recommendation to management when needed.
- Led attestations for Sarbanes-Oxley compliance and controlled the following IT processes:
o Access to programs and data (logical security, infrastructure security review, physical access),
o Change management (approval, user testing, segregation of duties, etc.),
o Program development (approval, user testing, etc.),
o Computer operations (jobs processing, backup and recovery, incident management),
o End-user computing,
- Completed IT audits based on COSO framework, COBIT guidelines, and PCAOB audit objectives and documentation,
- Assisted internal audit teams to implement internal control frameworks regarding Sarbanes-Oxley and Basel II regulations,
- Assisted internal audit teams to perform design and operating effectiveness testing for IT internal audits,
- Analysed IT and operational risks linked to accounting applications migration to SAP,
- Led certifications of French health and personal social insurance organizations regarding French national health and pensions organization’s regulation.
Main Financial Services (Banking and insurance) clients: Lazard, Société Générale (SGCIB, SGAM), AGF – Allianz Group, AVIVA
Main Industrial clients : Air France-KLM, Nissan
Main applications business audited: PeopleSoft, HR Access, CCMX, SAP, Magnitude, Graphtalk AIA, and specific home developed applications.
Main platforms and databases: Unix, Windows, OS/400 - Mainframe, SQL, DB2, Adabas