Jon Drury Email and Phone Number

Assisted in performing two complex IT architecture refresh project reviews. Responsibilities included helping write risk and controls matrix and audit program, conducting discovery meetings, performing assigned audit steps, and writing issues and recommendations for the audit report. Performed a review of Halliburton IT Audit procedures for gaps and areas of improvement. Discussed findings with management and created a tracking sheet for completing changes that management accepted.Assisted in developing a comprehensive list of merger related IT infrastructure risks and controls to be used by the IT team during upcoming merger.Updated Halliburton IT Audit standard audit program for Change Management.Performed SOX testing of Hyperion and Oracle Database controls.

Supervised and mentored five to seven senior and junior level auditors.Planned and managed financial and compliance audits of various county functions as well as application implementation reviews. Managing audits included writing and getting approval for audit scope and program, facilitating meetings with management, reviewing workpapers, drafting audit reports, and obtaining management’s agreement and responses to audit recommendations.Reviewed documentation and discussed upcoming IT projects with County IT leadership and used information for completing the IT audit portion of the County’s annual audit plan.Coordinated the upgrade of electronic workpapers software and became responsible for administration of the software after the upgrade. Was also responsible for determining annual order for computers, and other IT equipment needs and distribution of equipment for audit department.

Planned and performed review of application change control process.Helped plan and perform a review of outpatient pharmacy operations to determine if recommendations from a prior external consultant’s review had been properly implemented. Planned and performed a review of outpatient pharmacy application. Verified billing calculations using data analytics and found issues resulting in changes having to be made to the application. Also discovered dates that external data warehouse prices, used to update the application for billing purposes, did not load properly, which resulted in procedures being added to verify that nightly batch jobs ran correctly.Performed application security reviews of application as part of operational audits.Worked as staff on operational audits lead by other senior auditors.

Planned and performed audits of computer operations, platforms and infrastructure for assurance of security, availability and reliability as well as compliance with government and industry regulations.Planned and performed application audits both in conjunction with business operation reviews and independently. Planned and performed application implementation reviews as well as performing on going consulting. Educated management and developers on importance of change control procedures and security testing.Evaluated controls and performed test work in support of Sarbanes Oxley initiative and compliance with HIPAA and PCI DSS.Drafted audit reports detailing issues and recommendations. Obtained management’s action plans for re-mediating control issues to include in audit reports.Followed-up and pressed for resolution on prior audit recommendations.Assisted in the performance of Audit Services’ annual risk assessment and creation of the audit plan. Assisted in initiative to implement an Enterprise Risk Management framework for the organization.

Lead and participated in audits of various platforms (MVS, Windows NT, Unix, and database systems) and operational support areas. Responsible for communicating with client, planning and scoping the audit work, performing test work, and writing the audit report. Worked with clients to develop action plans to address control weaknesses.Developed and implemented automated auditing tools to increase population of test samples and reduce hours during audits.Responsible for Continuous Auditing of infrastructure change activities. Reviewed control procedures and assessed project management’s performance. Escalated issues to business and audit management when necessary.Participated in integrated audits with financial auditors as well as standalone technology audits. Responsible for identifying and testing automated controls and technology related risks. Used data mining tools to extract data from systems for analysis and sample selections for testing. Reviewed controls for various systems including Oracle, MVS, Windows, Unix, Novell, Cisco routers, and various banking applications.Monitored change activities to ensure that risks were addressed. Advised groups about risk and controls, communicated potential problems to project management, and communicated problems that could impact other parts of the Bank accordingly.Monitored disaster recovery tests for multiple lines of business. Ensured that critical applications and systems are included in tests. Reviewed test scenarios for reasonableness of assumptions. Work with financial auditors to determine most critical functions and risks that each LOB maybe susceptible to. Opined on results of overall tests.Advised clients regarding the proper solution for self-identified (Control Self Assessments) and audit issues.

Responsible for creating the yearly IT audit coverage for Sonat Exploration, Sonat Power Trading, Corporate, and Technology Support.Planned and conducted individual audits of business units and applications. Advised financial/operational auditors regarding controls and testing.

Performed test work of key applications and infrastructure in support of yearly audits of corporate financial statements for financial services, oil and gas, manufacturing, and retail businesses.Documented procedures and controls in support of the legal defense of a large health care organization.