Nathalie TRAN


En résumé

Mes compétences :
Audit informatique
Système d'information
Réglementation bancaire


  • Banque Populaire de l'Ouest - Auditrice interne

    Saint-Grégoire 2015 - maintenant Réalisation de missions d'audit sur les macro-processus ISO 9001 du siège et dans le réseau (agences)
  • BNP PARIBAS - Credit risk analyst

    Paris 2011 - 2015
  • BPCE - IS Auditor

    PARIS 2009 - 2011 Participated to Group 3-month-audit planning assignments
    (Risk based IT audits performed in BPCE lead to strengths and weaknesses report on the IT processes).
    Recommendations are established and communicated to C-level management
    - Asset management, Boston, MA, USA - full audit
    · All IT areas: Analysis of risk areas in IT governance, information systems, IT projects and developments, IT operations, business continuity plan, IT security, IT internal control.
    - Retail banking, Paris, France - Basel II certification
    · Warranty: assessment of the warranty management regarding the Basel II accords requirements and standards, Warranty management tool project audit
    · Data archiving: assessment of data conservation and archiving regarding the Basel II accords requirements
    - IT department of an investment bank, Paris, France - full audit
    · IT projects and developments: Analysis of risk areas in organization and costs follow-up of IT projects department, used IT projects methodology, IT projects reviews, IT maintenance process.
  • KPMG - Experienced Senior IT auditor

    Courbevoie 2005 - 2009 Participated to legal audit and advisory assignments and managed teams of 2-3 IT junior auditors
    - Assisted KPMG financial auditors to review financial processes (Purchasing, Payroll, Sales, etc.) by:
    o identifying all automatic controls required,
    o assessing the design of the controls to ensure they cover financial and operational risks,
    o testing the effectiveness of the controls through independent tests, data extractions, etc.
    o establishing recommendation to management when needed.
    - Led attestations for Sarbanes-Oxley compliance and controlled the following IT processes:
    o Access to programs and data (logical security, infrastructure security review, physical access),
    o Change management (approval, user testing, segregation of duties, etc.),
    o Program development (approval, user testing, etc.),
    o Computer operations (jobs processing, backup and recovery, incident management),
    o End-user computing,
    - Completed IT audits based on COSO framework, COBIT guidelines, and PCAOB audit objectives and documentation,
    - Assisted internal audit teams to implement internal control frameworks regarding Sarbanes-Oxley and Basel II regulations,
    - Assisted internal audit teams to perform design and operating effectiveness testing for IT internal audits,
    - Analysed IT and operational risks linked to accounting applications migration to SAP,
    - Led certifications of French health and personal social insurance organizations regarding French national health and pensions organization’s regulation.

    Main Financial Services (Banking and insurance) clients: Lazard, Société Générale (SGCIB, SGAM), AGF – Allianz Group, AVIVA
    Main Industrial clients : Air France-KLM, Nissan
    Main applications business audited: PeopleSoft, HR Access, CCMX, SAP, Magnitude, Graphtalk AIA, and specific home developed applications.
    Main platforms and databases: Unix, Windows, OS/400 - Mainframe, SQL, DB2, Adabas
  • AXA France - Six Sigma project leader assistant

    Nanterre 2005 - 2005 Participated to 4 Six Sigma projects (AXA Way – business improvement and cost killing) on business support processes which enable AXA to save up nearly 1 M€
    * Defined of improvement needs,
    *Analysed statistics,
    * Modelled existent processes by using MEGA tool,
    * Created new business support processes by using MEGA tool,
    * Defined key indicators to follow the improvement.
  • Agence française de développement - IT programmer

    Paris 2003 - 2003 Developed an application which enables to list the business applications (around 200), the interfaces between them and the users
    * Defined business needs,
    * Wrote general and details specifications,
    * Develop the application by using Visual Basic and PL/SQL - Oracle 9i databases,
    * Tested the application,
    * Prepared the user’s manual and users’ training.


  • Certified IS Auditor (CISA), Certified Risk And IS Controls (CRISC) Auditor (Paris)

    Paris 2009 - 2009

    Paris 2000 - 2005 Ingénieur ESIEA

    Spécialisation : Management et conduite d'entreprise
    Sujet de mémoire de fin d’études : L’application de Six Sigma au sein des entreprises de services
  • Lycée Raspail

    Paris 1999 - 2000 Scientific preparatory classes to top French engineering schools
  • Lycée Guillaume Apollinaire

    Thiais 1996 - 1999 Scientific

    Majors: Mathematics


Annuaire des membres :