2004 - 2008 IT Control and Risk Management GmbH | Zurich
(and 2014)
Provided Risk Consulting Services to blue-chip clients such as DepuySynthes (2014), Credit-Suisse, Winterthur Group, Axa Tech AG, ABN-Amro Bank, Altana Pharma to support business integration or internal control framework implementation. Duration of Projects was typically from 6 to 18 months.
Examples of project
Senior Consultant for Credit Suisse Financial Services | 18 months
Managed the local implementation of the SOX IT compliance program across CSFS's operations in Italy, Germany, Monaco, Luxembourg, Gibraltar and Brazil.
- Led project planning meetings, defining objectives and formulating implementation strategy relating to General Computer Controls for stand-alone applications and end-user computing systems
- Created standards and templates using COBIT and COSO Control Objectives
- Supervised General Computer Controls documentation processes, including design and test of operational effectiveness, exception reporting, mitigation planning and scope management
- Consulted with colleagues to develop operational processes and practices and encouraged all managerial and operational levels to take ownership of change and deliver quality solutions
- Identified risk, inefficient operational procedures, and recommended changes to eliminate loopholes
- Supervised multi-national project teams and personnel throughout program delivery
- Achieved all project deliverables in terms of quality, timescale and budget
- Performance resulted in becoming a key member of the SOX IT implementation team
- Restored project management confidence in critical Business units / environment
Senior Consultant for Winterthur Group | 10 months
Advised local management throughout the re-engineering project of the IT compliance framework in Belgium, Spain, UK, Germany, Hungary and US operation.
- Designed and implemented a standardized set of controls based on best practice and Group policies
- Identified inefficient or missing controls, and assisted Business Units eliminate loopholes
- Supported local management and supervised project teams during production of SOX deliverables
- Co-ordinated discussions between local IT and Business units, SOX project leader and auditors
- Oversaw quality assurance regarding production of process documentation, implementation of controls framework and execution of associate test plans to ensure effective controls framework
- Simplified General Computer Controls documentation, reducing remaining weaknesses
- Improved the quality of internal controls framework to the satisfaction of external auditors
SOX IT Manager for Cablecom AG, Subsidiary of Liberty Global Inc. | 6 months
Provided program delivery support to the Swiss entity during the implementation of the company-wide compliance program with a focus on the design and implementation of automated business controls for the critical business processes:
- Identified and adapted the automated SOX business controls based on the Corporate Risk Framework and best practices in the telecom industry
- Covered all critical business processes and product lines: Digital and Cable TV, Digital Phone and Professional Business Network Services - including production of documentation and the operational effectiveness test plans, and validation of the test procedure and baseline of SOX applications
- Created internal control framework for End User application including User Guideline and internal audit test plan; supervised implementations of the control framework and operational testing
- Liaised with external auditor and Corporate Compliance Management to resolve problems
- Implemented a full set of automated controls in a very short period and under management high pressure due to the high criticality of the automated controls for a telecom company
- Zero critical deficiency was reported by external/internal auditors in all domains
- Successfully supported the client to succeed the first year of SOX compliance certification
Senior Consultant for Altana Pharma AG | 5 months
Designed an Internal Control Framework implementation guide for a centralized IT environment
- Customized General Computer Controls to comply with SOX Act and Pharmaceutical regulations
- Designed processes to ensure continuous effectiveness of the General Computer Controls Framework, including the maintenance of documentation and testing of the controls effectiveness
- Standardised the End User Computing Controls to ensure compliant and homogenous controls
- Facilitated deployment of the Sarbanes Oxley Compliance program across all Departments
Senior Consultant for ABN-AMRO Private Banking | 3 months
Reviewed the General Computer Controls and Project Management phases for a key swiss banking application based on Oracle and Unix.
- Achieved recognition as a high calibrate resource for internal IT audit