SOX 404 FINANCIAL/IT AUDITING AND MORE Dennis L. Batdorf Email: dbatdorf@bat-moon-communications.com SOX TRAINING Deloitte & Touche 2005 Risk Assessment Internal Controls Internal Controls Evaluation EDUCATION: Rochville University 1996 Bachelor of Science Business Administration Orange County Community College 2000 Web Page Design: Dreamweaver, Fireworks, Flash University Of Toledo 1973/75 Business Administration / Marketing EXPERIENCE BRITISH PETROLEUM 4/2005 TO PRESENT Contract Consultant SOX 404 IT Risk Assessment/Remediatiom/Implementation Project Coordinator/ Compliance Management Specialist/ Business Analyst/Business Lead assisting the U.S. Retail Team of British Petroleum in their SOX 404 IT projects compliance with the auditors of Deloitte & Touche, KPMG, Corven UK , and Ernst and Young. Performing SOX 404 Risk Assessment and Gap Remediation Analysis, Planning and Status Reporting of activities related to Application General Controls, Application Security Review, and IT General Controls per COSO, COBIT and ITIL. Project Coordinator for application security enhancements and the segregation of duties to comply with SOX 404 remediation control gap matrix. In support of SOX compliance initiatives, gathering of data, analysis, process development, and training needed to support process control improvements. Major responsibility for the development audit test scripts and configuration management processes, including the identification, recording, and reporting of IT components, including their versions, constituent components and relationships. These components include hardware, software and associated documentation for compliance to SOX. Develop and track project plan, milestones, critical path tracking, assigning project tasks, and negotiation of project tasks between departments. Working closely with SDM’s (Service Delivery Managers) and service providers to coordinate remediation efforts that must be performed by them for compliance to SOX and relate Findings/Changes due to SOX 404 remediation and implementation. Main responsibilities include: Working with the SDM’s on remaining SOX 404 Gap Identification/Assessments. Coordinating the writing of IT documentation with the SDM’s to support remediation procedures for applications and the implementation of the new policies and procedures for compliance to SOX 404. Writing of test scripts and testing of new controls for implementation of SOX 404. IMPAC MORTGAGE HOLDINGS AND REIT 1/2005 To 3/2005 Contract Consultant Sarbanes-Oxley Senior Internal IT Auditor per COBIT, COSO for IMPAC. SOX readiness and Auditing of IT internal controls of system and applications, and general computer controls over financial reporting (as required by Section 404). Responsible for mapping of existing IMPAC documents to KPMG methodology, gap analysis of general IT internal controls including: infrastructure, IT applications, policy and procedure documentation, logical security, physical security, and change control/change management and risk assessment within those controls. Review of service level agreements ( SLA ) and processes with the support and input from all applicable IT department resources. Review performance against internal and external SLA ’s reporting deficiencies and recommendations for remediation and or improvement. Review network, systems administration and security administration processes and procedures with the support and input from all applicable IT departments resources. Review Incident, Problem and Change Management processes and procedures with the support and input from all applicable IT department resources. Conducting interviews to update narratives by the internal auditors of Grant Thornton and testing of controls to SOX 404 requirements. Provide recommendations for improvement to appropriate IT, QA and Internal Audit Management personnel. Writing of IT controls and general computer control audit test programs to test compliance of internal controls to narratives and procedures for compliance to Sarbanes Oxley. DELOITTE & TOUCHE 10/2004 To 12/2004 Contract Consultant Sarbanes-Oxley Senior External IT Auditor per COBIT, COSO and PCAOB Audit Standards #2 for Union Bank of California, and review of Year End Financial. Auditing of internal controls over financial reporting of system and infrastructure, IT applications on Mainframe, Wintel, Unix and AS400 (as required by Section 404). Responsible for mapping, evaluating, and risk assessment of existing Union Bank documents to Deloitte & Touche methodology, gap analysis of general IT internal controls including: FIDICIA documentation, logical security, physical security, data operations, and change control/change management. Review of service level agreements ( SLA ) and processes with the support and input from all applicable IT department resources. Review performance against internal and external SLA ’s reporting deficiencies and recommendations for remediation and or improvement. Review network, systems administration and security administration processes and procedures with the support and input from all applicable IT departments resources. Review Incident, Help Desk, Problem and Change Management processes and procedures with the support and input from all applicable IT department resources. Conducting interviews to update narratives by the internal auditors of Price Waterhouse Coopers and testing of controls to SOX 404 requirements. Writing of IT controls audit test programs to test compliance of internal controls to narratives and procedures and Coordinator of walk through audit testing of IT processes for compliance. Provide recommendations for improvement to appropriate IT, QA and Internal Audit Management personnel. CENTER BANK 7/2004 10/2004 Contract Consultant Internal Financial Controls Manager for readiness compliance to Sarbanes-Oxley 404 Financial and IT regulations per COBIT and COSO utilizing a paperless audit system to be audited by external auditors of Deloitte & Touche . Responsible identifying system and business process related control exposures and opportunities while developing and implementing solutions for them. Responsible for conducting SOX business unit compliance readiness interviews, writing of narratives, risk assessment, updating flow charts, and gap analysis of general financial internal controls including: FIDICIA documentation, SAS 70, mapping of existing documents, flow diagrams, logical security, physical security, data operations, and change control/change management. Manage and track the writing of policies, processes, procedures, guidelines and work instructions and risk assessment of internal controls and communicate analysis findings and recommendations, remediation and mitigation to Steering Committee for internal audits and testing. Helped process owners in the design, performance, and evaluation of internal control testing. Coordinating of “walk through” audit testing and writing of final audit test programs for compliance of internal controls to SOX narratives and procedures and of 46 processes. MSC SOFTWARE CORPORATION 5/2004 – 7/2004 Contract Consultant Sarbanes-Oxley Internal Control IT Compliance Coordinator Business Analyst Technical Readiness Documentation to ISO 9001-2000 per COBIT, COSO, and NIST for internal auditors of Protiviti to be audited by external auditors of KPMG. IT Department consisting of Windows 2000 servers, Oracle, Scopus, Legato, Streamserve, Cisco, Nortel, Unix, HP Net Server, and Siebel. Responsible for conducting audits, interviews, and risk assessment of general computer controls: Including mapping of existing infrastructure, IT applications documents, flow charts, logical security, physical security, configuration management, data operations, and change control/change management. Identify system and business process related control exposures and opportunities. Develop and implement solutions, write policies, processes, procedures, guidelines and work instructions to address gaps that are found in the controls and communicate analysis findings, remediation, mitigation and recommendations to management. Review of service level agreements ( SLA ) and processes with the support and input from all applicable IT department resources. Review performance against internal and external SLA ’s reporting deficiencies and recommendations for remediation and or improvement. Review of Incident, Problem and Change Management processes and procedures with the support and input from all applicable IT department resources. Provide recommendations for improvement to appropriate IT, QA and Internal Audit Management personnel. Work with the internal team to document and audit controls and perform tests to determine the effectiveness of the internal controls. Developed library system for documents to be accessed and used by management and employees for compliance to policies, procedures, work instructions, and guidelines. B. BRAUN 6/2003 – 12/2003 Manufacturer of Pharmaceuticals and Medical Devices Contract Consultant Documentum System Administrator Assistant/Business Analyst for $5 million implementation start-up project. Technical Support testing installation qualification of all desktop installations of Documentum 4i software (Document Management and Publishing system) for use by employees on Windows 2000 Professional Network using the support applications of MS Office, Acrobat, Lotus Notes and AutoCad per FDA compliant requirements of 21 CFR 11 and GMP/GXP regulations. KEY RESPONSIBILITIES: Accept, track, troubleshoot, and close Documentum user trouble-tickets and change requests within the services levels of DMS. Ensure that production background processing tasks (i.e. task servers, AutoRender Aqua Client, etc.) are executing reliably. Establish and maintain Documentum user accounts, change system administration and test passwords. Develop and maintain Documentum Administration SOPs and IQ/OQs. Provide Documentum Help Desk and technical support in specialized areas of information management, project management, process development / improvement, and technical requirements management. Analyze progress to Business Plans, recommend corrective action, and provide reports to management. Interface with Coordinators, Project Managers, Senior Managers and Engineers. Performed Database management of 400 authors/approvers/ viewers Documentum 4i software users. Responsible for Training Coordination and tracking of trained Documentum users. Testing of web based Documentum 5 software. C & D AEROSPACE 5/2001 – 5/2003 Project Coordinator Senior Technical Writer per ATA 100/200/2000 of Component Maintenance Manuals for multiple commercial aircraft interiors projects. Responsible for 8 technical writers, 4 illustrators, and training of department personnel to produce and publish technical manuals. Assisted Project Manager with tracking and managing project, with Work Plan tracking and reporting. Attended project meetings, document decisions, issues, and action items assigned. Project Coordination to ensure on time delivery of multiple manufacturing projects. Major task included $20 million Transportation Safety Bullet proof Cockpit Door Program. Accomplished on time delivery of Component Maintenance Manuals, and Out Of Scope Electrical Manuals for passenger aircraft fitted with new bulletproof Cockpit Door within a 9 month time frame. Researched and reviewed the engineering drawings to develop manuals for publication to customer standards. Analyze various design engineering and supplier source data to develop and/or revise Component Maintenance Manual data. Interface with Engineering, Quality, Manufacturing, Assembly to ensure on time delivery of products and Technical Publications. Create and maintain manuals for airline customers that are customized to reflect their airplane configuration(s). Approve, publish, administer electronic files, and release of manuals to customers utilizing FrameMaker, Adobe Acrobat and Microsoft Office. DISNEY CALIFORNIA ADVENTURE PARK ANAHEIM 9/2000 – 12/2000 Contract Consultant Project Coordinator Senior Engineer Technical Writer for construction of $3 billion Disney California Adventure Park . Assisted Project Manager with tracking and managing project, Work Plan tracking, reporting per matrix and risk assessment. Tracked project plan, milestones, critical path tracking, and updating progress of project, milestones, and completion of daily group tasks. Attended project meetings, development and distribution of agendas, materials for meetings, document decisions, attendees, issues, action items assigned and any other pertinent details of project. Presided at review meetings with senior management, and engineering. Interface with senior management, engineering and construction teams. Completed project two months ahead of schedule. Project consisted of online documentation, Manufacturer Requirements, Preventive Maintenance, Quality Procedures, and validation for new constructed amusement rides per ASTM F-24 CAL/OSHA standards. Other responsibilities included: research, and preparation of documents, review, edit, and set technical publications styles. BOEING AIRCRAFT LONG BEACH 5/2000 – 9/2000 Manufacturer of the C-17 Contract Consultant Senior Engineer Analytical Technical Writer of airframe and electrical TCTOs (Time Compliance Technical Orders) to support retrofit/modifications/repairs and validation of delivered C-17 aircraft. Responsibilities included analysis of production failures and engineering data with close coordination with Project Management, Design Engineering, Suppliers/Vendors, Technical Orders, RAMS, Planning Release Groups and the U.S Air Force. Provided technical and TCTO verification support for various modification sites. Completed Time Compliance project 3 months ahead of schedule. Major task was responsible for the removal of the horizontal stabilizer on the C-17 aircraft for retrofit. Accomplished the task in less than 4 weeks that had been in a stalled process for 18 months prior. Interfaced with Engineering, Quality, Manufacturing and Production to solve production assembly problem. Through failure analysis of the assembly, was able to determine problem and implement corrective action procedure for the manufacture of parts and production assembly. Coordinated the production stoppage of the defective manufacturing process. Arranged and coordinated the tooling to be used by Air Force to accomplish the removal of the subsequence assembly. GENERAL ELECTRIC ENGINE SERVICES ONTARIO 1/2000 – 5/2000 Overhaul/Repair Warranty Station for Jet Engines Aircraft Programs: C-130 Hercules, Boeing 737, 747, 757, 777, and Air Force One Contract Consultant Engineering Customer Service Support and Senior Engineer Technical Writer of $10 million a month jet engine overhaul/repair program. Assisted Project Manager with tracking and managing project, work plan tracking and reporting. Assisted in development and distribution of agendas and materials for meetings. Presided at review meetings with senior management and engineering. Tracking and reporting of engine building, engineering performance and customer service. Developed Process Improvement that enabled Technical Publication department that was running at a thirty-day late schedule to a performance level of minus three days early. Researched and collected all data from Engineering, Shop Manuals, Overhaul /Repair Failure Analysis, Scrap Reports, Test Reports, and interface with all departments to form a complete engine finding report publication. Published engine data findings publications for preliminary and final shipment of jet engines to UPS, Emery, Federal Express, Alitalia, United Airlines and Boeing customers. Received recognition from UPS for publications of data findings and reports. SURFSIDE INTERNET 9/1999 – 12/1999 Internet Service Provider Department Manager of Help Desk / Customer Care Operations. Responsible for 2 supervisors and 20 Help Desk Technicians. Department Managed all telephone and e-mail support for the ISP users tracked and issued resolutions related to customer inquiries. Quality Assurance to ensure proper operation of site features and functions, especially as they related to usability of the subscriber. Managing end-to-end customer care processes, including outlining key service metrics and matrix managing through multiple departments to achieve objectives. Responsible for the hiring, training and termination of employees within the Help Desk Departmernt. B/E AEROSPACE ANAHEIM 6/1998 –12/1998 Manufacturer of Commercial Aircraft Refrigerators Contract Consultant Project Manager / Business Analyst / Senior Quality Engineer for Boeing ISO-9000 Quality Standards, FAR and FAA ACSEP matrixes for the manufacture of aircraft refrigeration units. Received FAA letter for best ACSEP manual submitted. Completed project 2 months ahead of schedule. Developed and tracked project plan, milestones, critical path tracking, assigning project tasks, completion of daily group tasks, and negotiation of project tasks between departments. Created and distributed agendas, and materials for review meetings with senior management and engineering to develop, prepare, produce, and maintain manuals. Business Analyst and Business Impact Analysis to determine department procedure requirements, contingency plan and priorities in the event of a disruption to the system. Business Recovery Plan / Disaster Recovery Plan procedures for the recovery of business after a disruption event. Continuity of Operations Planning procedures to sustain business after a disaster before returning to normal operations. Provided Managers with weekly updates regarding status of manuals, procedures, and progress of project. Was instrumental in Process Improvement Development derived through audits of departments to identify inconsistent areas of nonconformance of new standards per D1-9000, and FAA ACSEP. Responsibilities included: liaison between Engineering, Quality Assurance, Maintenance, Manufacturing, Production Control, Document Control, Sales, Information Technologies, Human Resources and Marketing. Coordinated all training of personnel on new procedures and policies of D1-9000 and FAA ASCEP for departments. Database management and qualification of vendors. B/E AEROSPACE ORANGE 1/1998 – 6/1998 Manufacturer of Commercial Aircraft Seats Contract Consultant Project Manager / Business Analyst for Boeing ISO-9000 Quality Standards and matrix for the overhaul of passenger aircraft seats. Received Boeing certification of D-19000 in unprecedented time of six weeks. Developed and tracked project plan, milestones, critical path tracking, assigning project tasks, completion of daily group tasks, and negotiation of project tasks between departments. Created and distributed agendas, and materials for review meetings with senior management and engineering to develop, prepare, produce, and maintain manuals. Business Analyst and Business Impact Analysis to develop and determine department procedure requirements, contingency plan and priorities in the event of a disruption to the system. Business Recovery Plan / Disaster Recovery Plan procedures for the recovery of business after a disruption event. Continuity of Operations Planning procedures to sustain business after a disaster before returning to normal operations. Provided Managers with weekly updates regarding status of manuals, procedures, and progress of project. Was instrumental in Process Improvement Development derived through audits of departments to identify inconsistent areas of nonconformance of new standards per D1-9000. Responsibilities included: liaison between Engineering, Quality Assurance, Maintenance, Manufacturing, Production Control, Document Control, Sales, Information Technologies, Human Resources and Marketing. Coordinated all training of personnel on new procedures and policies of D1-9000 for departments. Stress Test Engineer of required FAA stress tests for passenger aircraft seats. Submission of test reports to the FAA for review and approval. Process Improvement Development, tool development and design. Research and review of engineering drawings to develop Engineering Change Orders, BOM, design of component modifications and PMA/TSO label design for aircraft seats. Developed and distributed Service Bulletins and Temporary Revisions, as required for inclusion in CMM based upon ECO review. LOCKHEED ADVANCED DEVELOPMENT PROJECTS-SKUNK WORKS 5/1980 – 5/1988 Manufacturer of Military and Commercial Aircraft Aircraft Programs: YF-22 Advanced Tactical Fighter, F-117A Stealth Fighter, C-5 Galaxy, P-3 Orion, SR-71 Black Bird, TR-1, U-2, S-3A, Space Shuttle, L-1011 Project Manager Quality Engineer, development and implementation of Root Cause Analysis, Corrective Action/Follow-Up and Failure Analysis Department for Skunk Works Programs. Department consisted of highly technical representatives from Engineering, Manufacturing, Tooling and Production Control. Project Manager responsible for developing and tracking of project plan, assigning project tasks, work plans tracking, reporting, and negotiation of project tasks between departments. Identify inefficiencies within the project and provide recommendations for resolution. Updating progress of project, and completion of daily group tasks. Created and distributed agendas for the project meetings, documentation of decisions, attendees, issues, action items assigned to project. Presided at review meetings with senior management, and engineering. Conducted Quality audits of departments to identify inconsistent areas of nonconformance. The actions instituted by this department resulted in an earned value of overall 30 percent reduction in the rejection rate and an efficient MRB, Quality Assurance, Tooling, Document Control and Manufacturing system. BAT MOON COMMUNICATIONS Copyright © 2005