Sasfin Bank Ltd
- Senior IT Auditor
Oct 2013 - Present
Senior IT AuditorConduct top down risk based auditing throughout SASFIN based on SASFIN GIA methodology and utilising COBIT COSO and ITIL.
Document the findings and make recommendations on the controls that need to be implemented in order to minimise the risk factor within the business. In addition adherence to BASEL III, FAIS and FICA is compulsory.
Create business partnerships with SASFIN clients in order to enhance the auditing process. Meet the client’s needs and thereby add value and contribute meaningfully to the entities’ business.
Planning the audit to ensure that focus is placed on important areas as identified in the risk assessment. Implement by complying with the audit methodology. Managing, leading, controlling and organising all activities relating to the audit performed. This included delivering the audit on time and within the budget hours.
Reviews performed on Application Controls, Project Risk, General Controls, Information Security and IT Governance.
Implement continuous auditing within GIA as well as continuous monitoring within the business.
Use of Computer Assisted Audit Techniques (CAATS):
Although CAATS is mainly linked to data analysis it can also be utilised for the following
Use of software/utilities when performing Network perimeter security and penetration testing
Use of software/utilities when performing OS and DBMS security evaluation
Use of software/utilities when performing Software and code testing
- Manager: IT Audit - Application and Data Intelligence
Aug 2009 - Oct 2013
Manager: IT Audit - Application and Data IntelligenceManaging the Application and Data Intelligence audit team of 4, effectively by providing appropriate leadership and guidance. Recruit and retain quality staff through effective motivation, training and development, on-the-job coaching, reward and recognition and performance management. Deliver risk-based auditing throughout the Nedbank Group in line with methodology and also utilising COBIT, COSO and ITIL.
Liaising and meeting with Nedbank’s key stakeholders, Nedbank ORCO's, Steering Committee's, SIMCO & MANCO, risk officers, compliance officers, Imperial Bank executive management, external Auditors and Board Audit Committees to establish business needs, key risks and ad-hoc work to be performed by my team.
Monitor team achievements of standards of service and quality that comply with the highest expectations of my clients by making clients and their needs a primary focus of my team’s actions and developing and sustaining productive client relationships. Deliver client satisfaction and loyalty by effectively meeting specific client needs and developing and maintaining productive client relationships.
Document the data lifecycle management security policy and Data Analysis standards for Group Internal Audit.
Other duties include annual audit planning, review of Teammate files, quality assurance and adherence to methodology on work performed by staff, monitoring progress against annual audit plan, weekly review of timesheets, review of audit scorecards, monthly MIS to GIA executive management, planning and approval of leave, planning, approval and monitoring of training in conjunction with staff members career development plans and assisting staff with all aspects of work performed in audit.
IT Auditor / Senior IT AuditorConduct risk based auditing throughout Nedcor based on methodology and utilising COBIT and ITIL. Document the findings and advise on the controls that need to be implemented in order to minimise the risk factor within the business. In addition adherence to BASEL III, FAIS, FICA, NCA and POPI is compulsory.
Create business partnerships with clients in order to enhance the auditing process. Meet the client’s needs and thereby add value and contribute meaningfully to the entities’ business.
Planning the audit to ensure that focus is placed on important areas as identified in the risk assessment. Implement by complying with the audit methodology.
Implement the audit by complying with the audit methodology. Review risks, vulnerabilities, existing processes and procedures, access control, main file changes, archiving, standards, security, documentation, change control, testing, DRP, performance and capacity management, incident management, SLA’s, etc.
Managing, leading, controlling and organising all activities relating to the audit performed. This included delivering the audit on time and within the budget hours. In addition I was responsible for all aspects of conformance to methodology.
Other duties included design of audit programs for Teammate, annual audit planning and stand in for ERCO meetings.
Audit programs for the above audits include data input, data processing, output processing, master file maintenance, logical access control and general controls and information security
Project Risk AuditorSystem lifecycle is managed and benefits realised. The deliverables are aligned with business needs and adheres to the requirements of all interested parties.
Ensure that risks relating to projects are managed to acceptable levels. Ensure that project deliverables meet the planned timelines, cost and quality. Ensure that the scope and milestones for go/no-go are managed. Ensure that the organisation has the capacity and capability to utilise the delivered outcomes. Ensure that the appropriate methodologies are used for planning, design, installation and implementation and benefit harvesting.
Project governance on software development projects also includes RUP software development lifecycle (SDLC) processes, quality assurance, configuration management, project management methods, conversions, compliance and security. Risk analysis also includes risk identification, risk assessment, risk prioritisation, risk management strategies, risk resolution, and risk monitoring. Other duties include ensuring adherence to defined standards and required methodologies (COBIT, CMMI) for analysis, design, development, testing, and implementation on system. Provide assistance and guidance to governance and project team members and business stakeholders where appropriate. Review of all project documentation (BCP, Business case, SDLC SOW, CRS, Change Management, Test plans, etc.). Communicate governance issues, risks, reports and other documents to senior management and stakeholders as appropriate. Projects included ITD, merger and restructure, BOE conversion and all compliance projects in Nedcor. ITD projects ranged from 1 Mil to 100 Mil and Merger and restructure projects ranged from 1 Mil to 180 Mil
- Senior Systems Analyst
Jan 2003 - May 2003
Senior Systems AnalystResearch and develop the possibility of an integration bus for all ESKOM distribution systems. As Senior Systems Analyst I was responsible for the analysis and design of the security components for the integration bus for the Distribution systems in ESKOM through meetings with clients, vendors and management. This included the analysis and interpretation of the business specification into related security components as well as the writing of security requirement specifications for the system and interfaces to the system and designing and drafting use cases and processes. The integration bus had to integrate with See Beyond, K2, SAP, Payroll system on NATURAL / ADABAS, WEB and any other distribution application that needed to communicate with each other. Provide ASP and ADO methodologies on WEB Services in .NET Studio.
Planning, managing, researching and identifying the security components to apply in the design of the system.
Design and development of a secure DCOM component that can retrieve user certificates from Novell directory services and then uploads the certificates to K2 in order to prove SSL security from .NET. The security in this component used Novell SSL and PKI.
Snr Systems Analyst / Project LeaderDesign and development of any required treasury systems and components for ESKOM Treasury. Meeting with clients and management, analysis of client requirements, writing requirement specifications, drafting of system use cases, User security, communicate specifications to programmers, assist in design and development problems for the Treasury department of Eskom as they were converting all there Natural legacy applications to client server applications. This included design and development of systems on settlements, cash management, dealers / traders, risk assessment, capital, money markets and design of Oracle databases including triggers, constraints, indexes etc. As project leader I was responsible for planning and adhering to budget and time constraints. Other duties include training and assisting other staff in the department with any VB6 design, development, and standards issues on Treasury applications, attending JAD sessions etc.
- Application Data Analyst
May 2001 - Jan 2002
Application Data AnalystEskom made a decision to convert their mainframe billing (Natural Adabas) system to a client server based billing system. The new system Cordaptix is a web-based system developed in Micro-Focus COBOL by SPL. As ADA I was responsible for data conversion, data integrity, data purification, decision aids and job aids on all data migrated from Adabas to Cordaptix. Decision and job aids included technical and functional specifications on Microfocus COBOL. Other duties included mapping of as-is to to-be processes and documenting exceptions and workarounds/solutions.
Design an interface between MV90 and Cordaptix. The interface was responsible for the collection of all meter readings from regions in order for the billing process to take place
Coach / Snr. Systems Analyst / Project ManagerProvide technical training, coaching and mentoring of staff to ensure delivery of client requirements. Monitor and advise on adherence to SDLC methodology, implementing and adherence to coding standards and naming conventions, evaluate skill levels and make recommendations for relevant training as well as the design, building and maintenance of a technical library and VB Knowledge base.
As project leader on various projects I was responsible for planning, dead lines and budgets to be met, researching of new technologies, making design recommendations, interviewing new staff etc.
As systems analyst I was responsible for meeting with management and clients, conducting feasibility studies and preparing reports on time estimates personnel requirements etc, analysis of user requirements writing and communicating of requirement specifications, application security, design and development of Oracle databases, test and implement systems. As manager I was responsible for planning, budgeting, assisting with development of user training, leave scheduling, interviewing new staff etc.
Eskom Pension Fund
- Systems Analyst / Project Leader
Oct 1997 - Oct 1998
Systems Analyst / Project LeaderI was responsible for maintenance to the properties system. This system was used for all information relating to Properties Management Information, unit information per property, monthly income and expenditure, performance of units within various properties and monthly maintenance. This system was developed in MS Access 2.0 with attached tables to MS SQL 6.0. Reporting is done in Access
There were 25 users on the system and performance was very slow at first due to the system being 16 bit and taking 16 bit ODBC to MS SQL.
The system had approximately: 240 Tables, 590 Queries, 270 Forms, 140 Reports and 39 Modules his task was to convert the current system to Access ‘97 and SQL 6.0 to SQL 6.5. The analysis of the system took 2.5 months and the conversion 1 month.
Major issues were the size of the system, 16 bit calls, naming conventions and systems changes from Access 2.0, to ‘97.
Other responsibilities included the evaluation of various pension fund systems as the fund was in the process of changing the current system to cater for Defined Contribution Funds. Other projects I worked on were BPR, DRP, Internet, MIS and Integration. Project budgets ranged from R50000.00 – R2 mil.
Fund Mator Systems
- Analyst Programmer / Project Manager
May 1997 - Oct 1997
Analyst Programmer / Project ManagerAs project manager on this project, my main responsibilities was the conversion of the current DOS based pension fund system to a Windows 95 based system, using Visual Basic as the programming language, MS SQL 6.5 as the database and Crystal Reports as the reporting tool. Duties included design and development of system and database, installation of network and operating systems
From the onset, I found that it would be a better option to develop this system from scratch and not to rely on the old System Specifications.
The prototype system for demonstration and evaluation purposes was developed using Visual Basic 4.0 and MS Access ’95 and later converted to VB5 and SQL 6.5 running on NT 4.
The demonstration system was about 80% complete and the progress was slow due to insufficient resources. I was also waiting to install and configure the new network running Windows NT 4.0 server with MS SQL 6.5 as the database. Project budget was R600 000.00
Dexel Voice development
- Software Engineer / Project Leader
Nov 1994 - May 1997
Software Engineer / Project LeaderMy main responsibilities were the analysis design, development, testing and implementation of voice-integrated systems for clients using VB4 and MS C. This included meeting with and understanding client requirements, evaluating and assessing client architecture, writing of requirement specifications, writing DLL’s in MS C, developing system, writing test cases and test plans, design and development of databases on MS SQL, installation of NT server and network, installation and configuration of voice cards, design and supply user training, connection of system to PABX’s (phone lines PABX codes). Other duties included meeting of project budgets and deadlines. Adhering to maintenance SLA’s for clients.
Projects I worked on:
Predictive dialler. This system retrieves debtor’s information from a SQL database and dials the debtor’s phone number, using a dialogic voice board. When positive voice is detected, the call and the debtor’s information are transferred to an available operator. This was a 12-line system and served all 12 operators at the same time. Cost R2.5 mil
Unified Voice Messaging This system was the development of a front-end for the current voice system. The front-end consisted of Voice Mail, Electronic Mail, Fax Mail and a short message service. The system was developed using Visual Basic 3.0, and was later ported to Visual Basic 4.0. All reports were done in Crystal Reports. The system was developed to run on Workgroup for Windows, Windows 95 and Windows NT. Cost R125000.00
Other systems. Voice Logger, interactive Voice Response. I also wrote various DLL’s for some Voice Systems using MS C.
During my employment with DEXEL, I gained experience on PABX’s, Voice technology, in dept knowledge of Windows Operating Systems, Networking, SQL Server, as well as a thorough knowledge of systems design, development and integration. I also gained experience with vendors and SLA’s
- Database Administrator / Programmer
Mar 1994 - Oct 1994
Database Administrator / ProgrammerMy main responsibility was that of DBA on a Paradox 3.5 database, which kept information on all corporate loans granted by the bank. This included daily updates on new loans issued, calculating rate changes, new payments and interest rates and writing of new scripts required for day-to-day operation. At month end I was responsible for monthly MIS reports for management.
I was also responsible for the conversion of the current system to MS Access 2.0, as well as writing a MIS system In MS Access 2.0 and Visual Basic 3.0. Total value of loans was approximately R400 mil.
MIS AnalystThe main objective of this department was to keep track of approximately 5700 repossessed properties of Nedbank/Perm in the R.S.A. My main responsibility was to design, develop and maintain databases, spreadsheets and supply MIS to management, which conformed to the department’s requirements.
I designed and developed various spreadsheets, databases, which were used to keep track of 5700 properties, and supplied the necessary M.I.S. to the AGM and senior management. These databases also supplied information for the registration of properties at the deeds office, tracking, insurance claims and tracking of security charges.
Most of the information was extracted from the Mainframe and UNIX system in ASCII format and then imported into the relevant database for more user friendliness. These ASCII files were extracted from a Burroughs V-series Mainframe. Other information was received from the branches and by searching through relevant files.
Databases used in this department were Q & A 4.0. Software packages used were Quattro Pro, Lotus 123 v 3.1, Pro Write, DOS 5.0, DOS 6.0, Windows and First Choice.
Nissan Truck rental
- Manager Information Technology
May 1992 - Sep 1992
Manager Information TechnologyMy main responsibilities were setting up project plans, planning developing and implementing a budget, design and implement DRP, researching of new systems, ensuring smooth running of all IT systems, including email, printing and anti-virus, ensuring that software licensing are adhered to, ensuring secure access to the network, providing users with appropriate support and advice, mentoring and training IT support staff, ensuring that IT facilities met the needs of company, managing and solving setting up and meeting objectives, set up training schedules etc.
Other duties included managing and successfully complete a 2-month project, which involved the conversion of data and programs for the Fleet Maintenance Leasing system from a Burroughs A-Series to an IBM Persetel 780 Model 4. This involved downloading of the data to spreadsheets, calculating Interest, Repairs, Maintenance, Residuals and Book values. Comparing Rentals charged and received and calculating administration and license fees. Supervising the code conversion. A contract was then activated for each vehicle on the new system and the data loaded into the new system. This was done for 1300 vehicles. I also provided problem solving in other areas where data transfer was involved and training required. This included Debtors, Creditors, Assets and Casual Hire.
The training and support included Lotus, Quattro Pro, Professional Write, Harvard Graphics, Flow 3 and DOS, as well as Mainframe support.
- MIS Analyst / MIS Manager
Sep 1991 - May 1992
MIS Analyst / MIS ManagerMy main responsibility was to provide statistics for ATMS’s, Self Service Terminals, Teller terminals, Home Banking and Beltel, to the IT Executive and Senior Managers. This was done at month- ends in the form of reports and graphs. During the month, most of my time was spent accumulating statistics and information for the month-end report. All this was done manually every month.
Other responsibilities, was to evaluate various databases and front ends in order to computerise the manual system.
The database that was decided on was Oracle, with Oracle card for Windows, as the front end. A system was then developed with the help of Oracle staff. I was responsible for the project management, system design and implementation. Other responsibilities involved training staff, setting goals, attending meetings with different managers to acquire their M.I.S. requirements, analysing user requirements and development of a Stores Project, using Paradox.
ProgrammerI worked on a project named ‘Salary Linked Home Finance’ that was a new home loan system for the Perm and reported to the Project Leader. My main responsibilities were to create menus, screens and fields and wrote validation routines for the systems, also to ensure that the data was correctly transferred to and from the Mainframe. This was done using Microsoft Pascal, Microsoft C and Doddle, which is a screen and menu designer package and was written for Nedbank in Ms Pascal. The Mainframe used, was an IBM V-Series.
Coordinator Specilaised SupportMy main responsibility was to ensure solutions to problems, give support and training to my staff, the course administrator and the other consultants in the department. The training and support also involved all the LAN’s (Microsoft LAN Manager), installing LAN Software, setting up users and solving LAN problems, Analysis of user Software requirements and presenting them with the appropriate software solutions.
Responsible for the evaluation of software, hardware and report writing for the I.T. department, executive and senior management.
As a trainer I gave courses in Lotus 123 basic and advanced, and a special macro course.
I also wrote courses in Harvard Graphics and Quattro Pro and started writing a Professional Write course, which was completed by the new course administrator.
TrainerI was responsible for starting a training and support department, setting goals and objectives, writing and scheduling courses, giving courses to Nedbank staff.
My other responsibility was to supply support and training to Nedbank users up to Executive level, analysing Software requirements and giving the appropriate software solutions, Software support involved all aspects of software queries, analysis, installation and problem solving.
Software packages included the following: Lotus 123, Harvard Graphics, Lotus Manuscript, Quattro Pro, Lotus Freelance, Professional File, Professional Write, Windows 2 and 3, Corel Draw, Flow 3, Paradox, Paint Brush, Ventura, PC Tools, Symphony, Norton Utilities and Dr.Solomon (Virus Protection).
Other duties. Support on Electronic communication (Burroughs A-Series). Provide training to tellers at branches on using and understanding the new teller terminal software. Writing a Lotus 123 courses and training the trainer’s macros in order for them to present the courses themselves. PC and printer set-ups, support and installations. Printers included all Olivetti printers (dot matrix and laser), as well as Hewlett Packard lasers, Cannon lasers and Bubblejet printers (various models) and also Brother and Mannesmann Tallys.
- Programmer / Support
Jan 1987 - Aug 1989
Programmer / SupportI was responsible for the training, support and the writing of applications for the end users in Central Transvaal Region.
On-site training and support to end users and writing applications for their specific requirements.
Programming was done using dBase III and Clipper (Summer‘87). Some of the applications written were Security, Fault control and Medical Accruals. I was also responsible for the assembly, testing and installation of PC’s.
On-site training and support was given in Harvard Graphics, Lotus 123, MS Word 4, Ventura desktop Publishing, Paint Brush, dBase III, Freelance and also the use of different Printers, Plotters and PC’s. Other software packages used were Sidekick, Norton utilities and Norton Commander. I also used MacDraw and MacWrite that ran on the Apple Macintosh.