Our Work

SOX 404 IT—$1B U.S. Manufacturer

Context

First-year SOX 404 implementation (following acquisition) for a $1B U.S. manufacturer.  Led the IT portion of the work through all phases, overseeing a team of 4.

Challenge

The client needed a senior, hands-on resource to lead the IT component of SOX 404.  The control environment was immature and untested, having never been subject to external regulation or reporting requirements.  Numerous control issues were identified, increasing workload under already expedited timelines.  At project onset, the external auditor anticipated reporting a material weakness over IT.

What We Did

Led team of 4 through all phases of lifecycle, including risk assessment of key systems and controls, IT control walkthroughs and testing (ITGCs and ITACs), deficiency identification and reporting, and remediation oversight. 

Managed the project under accelerated timelines to preserve sufficient remediation and retesting time prior to year-end reporting, while keeping the team focused on the highest-risk areas.

Served as a trusted advisor to the CFO and CIO and partnered closely with the external audit partner to align on management’s year-one IT risk posture and remediation approach.

Result

Identified a series of significant deficiencies and numerous additional IT control issues, then worked closely with management to drive remediation efforts with a strong focus on root causes. 

By year-end, the IT control environment had improved materially and the external auditor’s reporting position changed. No material weakness was ultimately reported publicly.

Why It Matters

Demonstrates the ability to step into a high-pressure first-year SOX environment, lead the IT workstream under external audit scrutiny, and drive material improvement in the control environment under accelerated timelines.

Enterprise Transformation & IT Audit—$120B Public Pension Fund 

Context

Enterprise-wide transformation program for a large public pension fund responsible for managing approximately $120B in assets under management. Supported Internal Audit over a three-year period as investment operations, financial reporting processes, and supporting technologies underwent significant change.

Challenge

Internal Audit required experienced IT audit support to help assess technology and business process risk during a large-scale transformation program occurring under constant change. New systems, processes, third-party providers, and risks were continuously being introduced, while the internal audit function had limited dedicated IT audit capability.

What We Did

Worked closely with the Internal Audit Director to help develop and continuously adapt the IT audit plan in line with evolving transformation risks and priorities. 

Led all phases of numerous IT and business process control reviews, including scoping, planning, walkthroughs, testing, reporting, and remediation follow-up across upgraded investment operations, financial reporting processes, and supporting technologies.

Executed reviews spanning ITGCs, ITACs, system implementation risk, SDLC/change management, data management, third-party assurance (SOC reporting), cybersecurity, and pre-/post-implementation assessments.

Applied leading frameworks and practices including COSO, COBIT, ITIL, NIST CSF, and ISO 27000 throughout the engagement.

Served as a trusted advisor to the Internal Audit Director and key stakeholders, helping communicate technology risk and control considerations to executive leadership and the Board of Trustees.

Result

Instrumental in identifying and helping mitigate key technology and process risks introduced through the transformation program. 

Delivered approximately 12 audit reports and presented numerous recommendations to the Board of Trustees, with strong implementation and adoption by management. 

The engagement was extended from an initial one-year term to three years, reflecting sustained value delivered throughout the transformation.

Why It Matters

Demonstrates the ability to operate effectively in highly dynamic environments undergoing significant transformation—aligning audit coverage to evolving risks while providing practical, technology-focused audit support to leadership and stakeholders.

NI 52-109 & IT ICFR Support—Global Asset Manager

Context

Supported the NI 52-109 internal controls compliance program for a large global asset manager during two separate engagements spanning 2020–2021 and 2024–2025. Led the IT portion of the work, supporting all phases of the IT ICFR lifecycle across financial reporting, investment operations, and supporting technologies.

Challenge

The engagement required an experienced, hands-on resource capable of quickly stepping into a complex asset management environment and leading the IT compliance workstream under tight regulatory timelines. During the second engagement, turnover within the function had left the project behind schedule and created delivery pressure ahead of filing deadlines.

In parallel, opportunities existed to improve how the function leveraged technology and managed control and deficiency data across the compliance program.

What We Did

Led all phases of the IT ICFR workstream, including risk assessment, walkthroughs, testing, deficiency management, remediation follow-up, and stakeholder coordination across ITGCs, ITACs, business process controls, IT security, and third-party assurance (SOC 1).

Quickly established working relationships across the organization, partnered closely with business and technology stakeholders, and helped stabilize delivery under accelerated timelines while maintaining focus on key regulatory and reporting objectives.

Leveraged technical data and analytics capabilities to improve data integrity and usability across the function’s control and deficiency repositories, including standardization and normalization efforts within Resolver.

Redesigned the quarterly sub-certification process to improve accuracy, reduce manual effort, and create a more efficient experience for business stakeholders.

Served as a trusted advisor to the function’s leadership team, helping solve operational and delivery challenges beyond the core compliance work itself.

Result

Instrumental in identifying and helping mitigate key technology and process risks introduced through the transformation program.

Improved the integrity and usability of the function’s compliance data while streamlining quarterly certification activities across the organization.

Built strong relationships across the business and became a trusted resource relied upon to help solve broader operational and delivery challenges.

Why It Matters

Demonstrates the ability to quickly step into complex, deadline-driven compliance environments, stabilize delivery under pressure, and identify practical opportunities to improve audit and compliance execution through technology and process improvement.

Where we typically plug in