Uploaded File
Prince
prince2washaya@yahoo.com
919-760-7841
116 Belve Drive
Garner, NC 27529
Senior IT Auditor / Risks / IT Controls
31 years experience W2
0
Recommendations
Average rating
100
Profile views
Summary

Experienced IT Auditor in Financial, Compliance, Operational, and Information Technology fields covering multiple industries including Banking, Government, Healthcare, Retail, and Insurance. Experience includes risk management, developing, implementing, and ensuring compliance with security policies, standards, procedures, and best business practices.

MAJOR STRENGTHS

  • Knowledge of SOX, NIST; COSO; and COBIT frameworks
  • Experience working with major IT Application Systems/Databases, e.g. Lawson HR; PeopleSoft, All-Scripts PM, SQL, & Windows
  • Strong regulatory& compliance background
  • Uniquely skilled to perform IT audits as well as financial audits

SKILLS AND COMPETENCIES:

Soft Skills

  • Strong relationship management, listening, written and oral communication skills; exhibits sound judgment amid convergent views.
  • Ability to interact and communicate with all levels of management from clerical staff to senior executives.
  • Ability to balance the need to help the business make a change yet remain objective and independent.
  • Demonstrated ability to effectively lead, supervise, mentor, and motivate staff/ team members.

Technical Skills

  • Microsoft Suite (Office, Excel, Word, PowerPoint, Outlook, etc.)
  • Workday – Financial & HR Functions
  • Auditing Management Systems – Teammate & Archer
  • Envision – Process Flow Charting

Experience
Risk Management & IT Controls Auditor
Banking/Financial
May 2020 - present
Raleigh, NC
  • Developing Test Scripts for Business Application Controls.
  • Testing Business Application Controls.
  • Reviewing Policies and Procedures and validating them against Industry Standards and Regulations.
Auditing Risk Management Test Scripts IT controls
Remove Skill
Senior IT Risk Audit/Advisory
Banking/Financial
Jan 2019 - May 2020
Raleigh, NC

Senior in the IT Risk Advisory Services practice of Ernst & Young LLP involved in auditing multiple industries, including Banking, Government, Healthcare, Retail, and Insurance.

  • Assisted with the channel one engagements for BioCryst and Chimmerix.
  • Assisted Syneos Perform IT SOX Controls on behalf of Deloitte and Touche.
  • Performed IT SOX Controls testing for AAP on behalf of Deloitte and Touche.
  • Assisted with SAP Post Implementation Review at one of EY Engagement Clients.
  • Managed Audit Engagements to ensure delivery of quality audit reports within the budget.
  • Executed testing of internal controls over financial reporting (SOX) including ITGC testing for a major International Public Company.
  • Led audits of Information Technology, Compliance, Financial, and Operational key activities.
  • Team lead in the Post SAP Implementation Process review engagement.
  • Assisted a major public company to determine and document mission-critical processes including flowcharting those processes.
  • Worked with Senior Managers in audit planning and project management.
  • Prepared audit draft reports articulating findings and related recommendations.
Auditing Banking Compliance Project Management Regulatory Reporting SOX ITGC IT controls
Remove Skill
Senior Enterprise Risk Auditor / Advisor
Insurance
Aug 2016 - Dec 2018
Durham, NC
  • Developed Enterprise Risk Management Framework that included systematic and structured enterprise-wide risk identification, risk evaluation, mitigation strategies, and monitoring mechanisms.
  • Supported business in the establishment of standardized documentation of IT Processes after performing live walkthroughs of existing processes to include documentation of risks and well-designed controls to mitigate those risks.
  • Designed self-testing control strategies for use by the process owners.
  • Revised processes included Change Management, IT Security Systems, Manage Major Incidents and Problems, IT Solution Delivery, and IT Systems Development process. All new processes and procedures were compliant with the organization’s vision, goals, and best practices and new processes addressed all the process documentation deficiencies which were identified by external auditors.
  • Worked with business process owners to identify and manage financial reporting risks.
  • Worked with Internal and external auditors during IT security audits including networks and other IT infrastructure to evaluate if security issues are properly identified and mitigated.
Auditing CIA Compliance Risk Assessment IIA Project Management Risk Management Information Security Change Management Regulatory Reporting Mitigation
Remove Skill
Senior Corporate Internal Auditor
Retail
Sep 2015 - Aug 2016
Salisbury, NC
  • Partnered with the business leadership to identify mission-critical processes and designed controls testing scripts as well as performed substantive controls testing.
  • Performed Sarbanes-Oxley (SOX) testing and liaised with management, external auditors, and outsourced internal audit support on audit findings and proposed solutions.
  • Performed detailed review of tests and work papers performed by junior staff members.
  • Evaluated information technology general controls by testing compliance with controls and coordinated with business owners.
  • Conducted comprehensive financial, operational, and ITGC audits.
  • Drafted audit report and presented the audit report results to senior management.
Auditing CIA Risk Assessment SOX Information Security Compliance Sarbanes-Oxley
Remove Skill
IT Auditor lll
Healthcare
Sep 2014 - Sep 2015
Winston Salem, NC
  • Performed major IT audits that included Business Continuity and Disaster Recovery preparedness, Change Management, User Access Controls, Change Management.
  • Performed Compliance Audits and Risk Assessments for the hospital-owned physician practices and pharmacies (PCI; HIPAA; Information Security; Data Privacy; Physicians and Pharmacy compliance with regulatory codes).
  • Reviewed and evaluated access management including superuser /administrative access accounts.
  • Performed security certification and accreditations for Lawson & Workday applications.
  • Performed security risk assessments (internal and external vendor assessments).
  • Performed pre- and post-implementation reviews of system implementations such as SAP Post-implementation reviews to identify opportunities for improvements.
Auditing Compliance Change Management Risk Assessment
Remove Skill
Senior Operational & IT Auditor
Healthcare
Sep 2013 - Aug 2014
Asheville, NC
  • Participated in annual risk analysis of technology and operations segments to help develop the annual audit plan.
  • Reviewed management programs for data recovery, continuity, and vulnerability assessments.
  • Analyzed, evaluated, and audited information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy, and security.
  • Performed security certification and accreditations for Lawson & Workday applications.
  • Led business impact assessments (BIA) & security plans.
  • Consulted on business continuity plans development.
  • Performed Vulnerability Assessments & Data Classifications.
  • Performed Compliance Risk Assessments to ensure that the hospital complied with all federal & state regulations as well as leading industry guidelines and company policies.
  • Provided consultations to business leaders as they implement various IT Security and Compliance initiatives.
  • Worked with external auditors to resolve their audit issues and issues related to SOC 2 reports.
Auditing Risk Assessment Compliance Risk Analysis
Remove Skill
Auditor
Government
Jan 2013 - Sep 2013
Washington, DC
  • Obtained user access matrix from Systems Administrator and performed an analysis to determine access appropriateness per job titles as well as determining that access was terminated timely per company policy.
  • Worked with the business/application owners to establish quarterly access reviews and certifications.
  • Performed reviews of different systems (e.g., PEOPLESOFT) to ensure proper design and appropriateness of application controls.
  • Followed up on any discrepancies discovered such as unauthorized access, inappropriate job title or function, and incomplete data. Facilitated remediation efforts for issues identified by external auditors.
  • Assisted management in developing change management policies and procedures utilizing the recommended industry guidelines.
  • Obtained samples of system changes from the ServiceNow tool and verified that all the changes made were authorized and followed the established and approved change management procedures. Obtained evidence for all exceptions noted and communicated the results to the management team.
  • Performed ITGC testing.
Auditing Change Management PeopleSoft ITGC
Remove Skill
Senior Examiner (NC Commissioner of Banks & NC Dept. of Insurance)
Government
Feb 2006 - Jan 2013
Raleigh, NC
  • As a Bank/Insurance Company Examiner-in-Charge, led teams for all examinations assigned to me.
  • Planned and executed all audit/examination engagements taking a supervisory role to complete the audit timely and efficiently. Provided on-site training to staff as well as reviewed all their work product to ensure quality and those findings were properly documented and supported by work paper documentation.
  • Applied the risk-focused approach to assess and evaluate the financial performance of banks and insurance companies regarding compliance, regulations, and bank/insurance company policies.
  • Used the established guidelines as well as professional judgment to assess capital adequacy, liquidity, credit practices, cash management as well as solvency position of banks and insurance companies. Presented graphs to bank/insurance companies management demonstrating minimum capital necessary based on the worst-case scenario and comparison graphs in regards to banks with similar size assets.
  • Documented all audit work in a teammate audit tool. Led exit conference discussions with management and provided evidence to substantiate the findings.
  • Drafted examination reports including recommendations and corrective actions.
Auditing CIA Compliance ICAAP
Remove Skill
Senior Bank Examiner
Banking/Financial
Jan 1991 - Nov 2005
  • Monitored, assessed, and evaluated the financial performance of national banks regarding compliance, regulations, and bank policies.
  • Analyzed potential risks, assessed sustainability to those risks, and provided guidelines for a liquidity contingency plan.
  • Prepared written conclusion reports for review and recommended corrective action to management.
  • Presented graphs to bank management demonstrating minimum capital necessary based on the worst-case scenario and comparison graphs in regards to banks with similar size assets.
  • Discussed results to senior bank management and provided evidence to substantiate the findings.
Compliance Auditing Regulations
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Bachelor's in Accounting and Management
University of Zimbabwe
Certifications
Certified Information Systems Auditor (CISA) - # 12105687
ISACA, 2012
Certified Internal Auditor (CIA) - # 146181
Institute for Internal Auditors, 2016
Certified Fraud Examiner (CFE) - # 610871
ACFE
Certified Risk and Information Systems Control (CRISC) - # 1823937
ISACA, 2018
Certified Sarbanes Oxley Expert (SOX Controls Expert) - Credential ID 14940
SOX Institute
Skills
Auditing
2021
29
Compliance
2020
28
Regulations
2005
14
CIA
2018
10
ICAAP
2013
6
Risk Assessment
2018
5
Change Management
2018
4
Information Security
2018
3
Project Management
2020
3
Regulatory Reporting
2020
3
IIA
2018
2
Mitigation
2018
2
Risk Management
2021
2
SOX
2020
2
Banking
2020
1
IT controls
2021
1
ITGC
2020
1
COBIT
0
1
Microsoft Excel
0
1
PeopleSoft
2013
1
Regulatory Compliance
0
1
Risk Analysis
2014
1
Sarbanes-Oxley
2016
1
Test Scripts
2021
1