Planned, designed, and advised on ICFR controls for CFO accounting and IT processes, collaborating with teams and business stakeholders on control design, remediation of weaknesses, and risk assessments.Leading large cross-functional teams as part of this role; Banking, Property & Casualty, Life, IT etc.Developed controls for the Oracle Cloud ERP, Oracle Integration Cloud (OIC), and Oracle Analytics Cloud (OAC) as part of the Accounting Reporting Modernization (ARM) program.Led discussions with Deloitte and PwC on designing IT and financial controls for 18 business processes, creating analyses and controls to mitigate risks.Reviewed post-implementation risks of the ARM program, suggesting corrective measures and re-evaluating risks based on new challenges.Partnered with Oracle America on contract requirements and responsibilities for the Oracle Cloud Infrastructure administrator.Advised on an annual risk and controls assessment, preparing a risk control matrix using RCSA tools to document inherent risks, control strengths, and gaps; submitted the assessment to management for sign-off.Evaluated risks of run-to-run jobs between upstream and downstream applications, designing controls to ensure the completeness and accuracy of data transfers between systems.

● Consulted with the CFO-Business Control Management of USAA on risk and controls, and made recommendations for improvements to the existing control environment● Led workshop sessions with business stakeholders and IT teams regarding the future state of the advanced control environment● Worked on the design of ITGC for 25+ large applications prior to performing an IT risk evaluation and completing quality reviews of the documentation● Produced SOC assessments for third-party audit reports and evaluated the impact of audit comments on USAA control environments

Advise clients on restructuring of chart of accounts for mid size companies in USA, Canada region.

Worked and advised on a Business Controls design and implementation project of SAP's Industry Specific Solution for Utilities Industry (SAP IS U) at Southern California Edison. As part of the engagement worked on the following: • Participated in over twenty-five Business Process workshops covering Usage and Billing, Financial Close, Credit & Collections and Payments. Gained a thorough understanding of the business processes including the technical design of CLICK, IEE and SAP. Identified requirements related to Internal Controls required to support the processes• Steered the discussion during workshops on ITGC and business process controls and helped identify the risks and controls for the proposed future state. Conducted several engagement sessions with business leaders and stakeholders to explain the risks, controls and their alignment to the SCE’s SOX requirements. • Explained the features of SAP ISU capabilities from a security and controls perspective to the stakeholders and business partners and ways to optimize the reporting features through use of transaction codes (T- Codes)• Worked with the HCL consultants and the business leads to provide clarity on the interface controls between SAP ISU and SAP ECC. Conducted several formal and informal sessions for HCL consultants on the relevance of SOX and its importance to financial audit and SEC reporting requirements. • Participated in weekly meetings with the internal audit advisors, Ernst & Young, and supported the SCE Project CSRP Controls Lead by preparing materials for Internal Controls workshops. Managed and maintained the Risk and Controls Ledger (RACL) by updating the risks and controls finalized in the Business Process Design documents. Responded to questions and clarifications raised by PwC (SCE external auditors)

Provided advisory services to PwC clients in Ottawa/Toronto on SOX (IT and Business Process) readiness and ICFR certification. Helped management test of SOX controls for design and operative effectiveness. Redesigned controls for ineffective controls by analyzing the root cause, performed risk assessments, test of design ● Consulted on SOX preparation for IT, ICFR certification, and business process readiness advisory services to PwC clients in Ottawa, Toronto, and Calgary, Canada● Assisted in the design and operative testing of SOX controls, analyzed the root cause of ineffective measures, performed risk assessments, and tested controls for clients● Assessed and evaluated SOX and reporting requirements for a merger between Digital Globe USA and MDA Canada and recommended optimum IT SOX measurements● Advised oil and gas industry clients on IT SOX compliance, reviewed the controls related to operating systems, SAP, non-SAP applications, databases, and interfaces

Managed Upstream Americas’ compliance to Shell’s control framework by performing annual risk assessments for ICFR. Worked to implement and maintain internal control (SOX) related policies by conducting periodic SOX refresher trainingResponsible for running the North America (Canada, USA, Latin Americas) SOX program for the various lines of business to comply with Shell Control Framework by working closely with the process and control ownersPartnered with businesses to monitor risks through use of risk scorecards, prioritization of mitigation plans, periodic risk assessments and analysis of gapsCollaborated with process owners and control owners to build knowledge and understanding of risks and controlsWorked with Shell external auditors across North America and acted as a lead representative for Shell North America. Represented Shell North America in the Shell global control and SOX forums to standardize controls across Royal Dutch Shell. Achieved readiness for a Department of Interior (US Government) audit of Upstream Arctic line of business by developing a detailed governance management framework Worked with PwC and stakeholders on US GAAP compliance and PCAOB audit compliance requirements. Developed an operating & governance management system for the new global Upstream Decommissioning and Restoration (D&R) organization Realized financial savings and process improvements while leading a financial process advisory team to identify and recommend solutions for Argentina Upstream operationsAchieved finance controls compliance and process improvements by working on several line of defense 2 (LOD 2) engagements and governance risk and controls projectsManaged Upstream Americas’ compliance to Shell’s control framework by performing annual risk assessments for financial reporting

Provided assurance on Operational and Information risk management, application system audits and ITGC by managing and leading several client engagements Identified opportunities using risk based approach to improve financial and IT controls by efficient planning, execution, review of field work and reports for several clientsAssisted in the annual certification of SOX for internal controls over financial reporting for several clients such as Novatel Inc.Directed the review and implementation of IT control frameworks based on COBIT and ISO 27001 for several clients. Led engagements reviewing various aspects of information technology such as VPN applications, Payment Card Industry (PCI) system requirements. Provided assurance on data security, integrity and IT processes by directing several third party assurance audits (SSAE 16, SOC 1 & 2, CICA 5970, SAS 70) for clients such as Alberta Health & Wellness, Municipal Affairs Alberta, Pason Systems Inc. and more

Performed several engagements to assist in system selection or conversion, such as providing a system strategy advice and system selection for Kuwait National Petroleum Company, and developing RFP and working through system selection for Gulf Investment HouseCompleted numerous reviews of SAP and other ERP applications using PwC and E&Y best practicesDirected the development and review of IT strategy, IT plans, and Information Security Policy engagementsOversaw engagements reviewing business continuity and disaster recovery plans, including assistance in the development of incident monitoring and response procedures for such clients as Burgan Bank, and more, based on global best practicesLed engagements reviewing various aspects of information technology such as VPN applications, Payment Card Industry (PCI) system requirements, internet banking applications, system conversion projects, data and billing applications, process re-engineering, reviews of UNIX, Windows NT, Oracle, etc., LAN and WAN reviews and more.Banking & Financial Services projectsAssisted in system selection, system strategy advice, developing request for proposal (RFP) and working through the selection process for Gulf Investment HouseProject managed a business process re Engineering (BPR) of the Finance Control Department of a large financial services company. The scope included designing future state and map the future state to the Phoenix & Oracle modulesProject managed a post Implementation review of Midas Kapiti [ BEAM – EQUATION] AS/400 for a large bank. A follow up review was carried out to confirm the implementation of recommendations. Completed an Internet Banking application review (Reviewing Intrusion reports of Baltimore USA) for a large bank ; Prepared IT security plan and procedures for the bank and Business Continuity plans for Internet Banking Operations. Developed Incident Monitoring Procedures and Incident Response Procedures for the Bank.

Responsible for establishing the IT controls, security practice, recruit staff, train and guide them on IT audits. Marketed PwC services and executed several assignments on IT Controls, IT audits for manufacturing, automobile and banking industries. The engagements focused on performing application audits for in house developed audits and confirm the business process design. Banking & Financial Services projects Identified opportunities using risk based approach to improve financial and IT controls by efficient planning, execution, review of field work and reports for several clientsAssisted in the annual certification of ICFR SOX for internal controls over financial reporting for several clients Directed the review and implementation of IT control frameworks based on COBIT and ISO 27001 for several clients. Participated in the evaluation of information technology policies, standards, procedures, and guidelines for different platformsProvided assurance on data security, Project managed a full scope review of UNIX, Windows NT, Oracle, Ingress and non-banking financial application package for a large financial institutionProject managed several functionality reviews of banking application packages developed in MF COBOL for banking institutionsDeveloped an Information Technology plan, Information Systems Security Policy and review of security systems of the currency printing presses of the Reserve Bank of India’s subsidiary bankConducted a training course to the Internal auditors of nationalized bank on the basics of systems audit, which included audit of application packages, Novell, UNIX and Disaster Recovery, plans using CBT (computer based training) methods. Supervised the practical training of the internal auditors at several branches. Provided assurance on Operational and Information risk management, application system audits and ITGC by managing and leading several bank engagements for large banks.

Perform several financial and IT audits from planning, preparation of audit test scripts, scheduling, executing and preparation of management letters.