Information Systems Audit

IT Systems Audit
by digiGeek

Information Systems Audit

Advisory, consulting, evaluation and risk assessment of business relevant IT risk in the IT environment, the IT strategy and/or the IT organization.

IT General Controls - Understand, walkthrough, test & evaluate IT general controls.
- Define scope
- Determine testing strategy
- Select controls to test
- Eval of effectiveness
- Chose controls to test
- Design controls tests
- Execute controls tests
- Eval results
- Respond to test results

IT Application Controls are controls over the input, processing, and output functions. Use both,
- Automated controls and
- Manual procedures to ensure proper coverage. These controls help
- ensure data accuracy, completeness, validity, verifiability, and consistency, and thus ensure the confidentiality, integrity and availability of the application and its associated data.
- Ensure the input data is complete, accurate and valid.
- Ensure the internal processing produces the expected results.
- Ensure the processing accomplishes the desired tasks.
- Ensure output reports are protected from disclosure.
- Control totals/batch balancing.
- Reconciliation of accounts.
- Exception handling.
- etc.

IT Audit Tasks
- IT audits for banks, insurance companies, pension funds and industry
- Teacher/Course Leader: specialist lectures on auditing & auditing standard 240/Journal Entry Testing Audit Procedure for the Swiss Chamber of Trustees (annually @ SIX Swiss Stock Exchange Zurich) 2011-2014
- Conducting IT audits and data analyses as part of the regulatory audit including assessment of compliance with the requirements of the EU Financial Commission (for the European Union) and FINMA requirements (for Switzerland)
- Conducting data analyses, data governance, data migration, data modeling, data quality, data profiling, data visualization
- Auditing of SOX controls as part of the consulting mandate to assess the internal control system at a global IT service provider
- Consulting financial service providers in the areas of data analytics (EY Helix/Audit Transformation), data quality, data profiling, among others
- IT audit, major Swiss banks, annual financial statements 2012-2017, IT application controls and general IT controls.
- Controls in the areas of change management, access protection, IT operations for customer portfolios of banks, insurance companies and pension funds
- Libor scandal investigation 2013 for EU EFC RFI, uncovering fraud patterns of the top 100 banks as senior data analyst. Creating a basis for new rules to protect against manipulation of financial market indices (Brussels, April 28, 2016)
- Uncovering untaxed taxable US assets, withholding tax agreements, data analytics, EU and US tax laws as a senior data analyst.
- Mass data analysis (no sampling) of mortgages, JET audit of balance sheet general ledgers and subsidiary ledgers, plus data profiling, data quality, data mining for business analytics.
- Assistant multi-national team leader EY HELIX Switzerland-Netherlands-EU
- Automated SWIFT data analyses (Society for Worldwide Interbank Financial Telecom)
- Fraud investigation/dispute services, FATCA, US tax laws (US Foreign Account Tax Compliance Act). Determination of assets of possible US tax evaders at Swiss insurance companies
- Recalculation/verification of total customer assets at health insurance and pension funds as an IT auditor
- Accompanying data migration projects of core applications of pension funds and insurance companies
- Management and supervision of consultants including knowledge transfer
- Trainer for data analytics as part of global audit transformation, topic based/risk based GAM (Global Audit Methodology), data cleansing, transforming, mining, querying, classifying, clustering, visualizing, statistics, models and predictive forecasting (SAS, Visual Analytics, Spotfire, Qlikview, Tableau, Advizor, Alteryx Software
- Successful completion of CISA Examination at the end of 2014 and Certification in 2020 after six years of active IT Audit work

Special Tasks & Investigations

- Data Protection (DSG 235.11)
- IT Applications
- IT Infrastructure
- Disaster Recovery
- IT Outsourcing (ISAE 3402)
- IT Quality Reviews
- , etc..

In case of questions, don't hesitate to contact us from www.digiGeek.ch !

John

Matthias Seiler

digiGeek.ch