IT Risk and Control Assessments

Completed approximately 100 IT risk and control assessments over a 20+ year period.

Financial Services - major tier banks, smaller tier banks, insurance, funds management, pension admin, FX
Manufacturing - international and Canadian wide food processors, steel, mining, brewing, wine, jewelry, autos, CD/DVD
Retail - Canadian wide grocery, department store, international fast food, photography, pharmaceutical, toys, books
Services - hospitals, government, electric and water utilities, printing, courier, property management, payroll/HR, lottery and gaming, schools and universities
Information Technology - global network systems provider, software providers, hosting providers, global personal device provider
Communications - national telecommunications and media provider

Mortgage, retail banking, capital markets, trust accounting, defined benefit/defined contribution, health and welfare administration, FX administration
End to end supply chain distribution, manufacturing, inventory management, procurement, sales, receivables, payables, asset management, payroll, revenue assurance

COBIT - full and partial
ISO 27001/27002
Customized approach using various IT risk and control methodologies as necessary for the client situation
NIST cybersecurity framework
PMBOK
ITIL, Agile, DevOps, CI/CD

Large - team lead for significant size engagements - example 7,000 hours using up to 15 personnel over multi-locations and multi-environments and processes
Small to Medium - team leader or solo on extensive range of assignments

Support for the external audit
Internal audit
Special purpose advisory engagements
Special purpose compliance related for regulator, contractual compliance, accounting standard based
SOC1, SOC2 service provider assessments
ISO 27001 preparation and implementation
IT due diligence
SOX/ICFR assessments - management advisory and as auditor
ERM
Revenue assurance