gaelle kuipou

Gaelle  is an analytical, proactive, and results-oriented professional IT Auditor with broad in Access Management, Performing Risk Assessments over Internal Controls, Monitoring Service Providers, Identifying Entity-Level Controls, and Supporting Business Process Standardization Initiatives. she's focused on improving business compliance, workflow and processes through detailed audits, financial processes and optimization recommendations with 5years experience of fully evaluating information, structures procedures and initiating corrective actions. Experienced in policy and procedure reviews, Operational and Compliance audit, with the capacity to advise internal teams on optimizing the efficiency of audit controls and lowering risks, with hands-on auditor with IT general controls (ITGCs) and IT application controls Risk-Based audit testing.

T-MOBILE

IT Auditor/ Risk Compliance Analyst - Contract                                                                                                                               April  2023- August 2023                                                                                            

● Performed SOX ITGC testing (Computer Operations, Logical Security and Change management) across various applications in scope within the organization and document any identified deficiencies.

● Ability to recognize any gaps, identify risks as necessary, and provide opinions and explanations from the start to the end.

● Work with business process owners to ensure timely review and updates to process documentation and controls for new and existing processes.

● Gather pertinent evidence by conducting internal/external research, pulling transaction records, and reviewing reports.

● Maintain IS controls and policies to assure compliance with applicable regulatory and legal requirements and good business practices.

● Reviews, documents, evaluates, and tests manual and automated computer controls throughout the corporate IT environment.

● Support control owners through the entire management of the IT SOX audit cycle, including assisting control owners through continuous improvement of controls, maintaining the IT SOX control framework, facilitating prep sessions, and helping to validate that audit evidence is complete and accurate before providing it to the auditors.

● Evaluate control evidence for sufficiency, completeness and accuracy.

● Reviewing and analyzing policies, standards, and procedures in addition to presenting a view regarding whether or not they apply to the organization.

● Performed recommendation follow-up with management verifying remediation/action plans to address identified control weaknesses are adequate.

● Collaborate with internal stakeholders to identify and manage IT and cyber risks.

● Provides assistance with and ensures that the annual privacy policy is updated and distributed enterprise-wide.

● Prior audit, compliance, and risk management experience especially in the third- and extended-party relationship management space.

● Maintains a high level of awareness and knowledge of regulatory compliance requirements.

MoneyGram Financial                                                                                                        

IT Auditor/Sox Compliance; Operational Risk - Contract

Feb 2020– Feb 2023

● Met with control owners to document the respective IT and business processes to

understand and document the process for SOX 404 compliance.

• Assit with regulatory and internal Audits

• Risk Management and reporting including events, key risk indicators ,key control testing, entreprises risk management and action tracking.

• Build and utilize working relationships with internal business partnessacross the organizations and external business contacts.

● Evaluate and monitored control processes for SOX compliance and company requirements.

● Performed Audit Readiness for SOC 1, 2, 3, SOC 1 type I and SOC I type II and SSAE 18 report

review.

● Execute SOX control testing procedures in accordance with corporate standard Perform population sampling using ACL

● Identify and manage anticipated resistance, and prepared risk mitigation procedures.

● Perform audits in accordance with the Standards for the Professional Practice of Internal Auditing (Standards) as promulgated by the Institute of Internal Auditors.

● Performed audit tests, compliance tests, substantive tests and identified key controls and weak points

and mapped them against the COBIT framework.

● Perform walk throughs of business processes.

● Reviewed organization external regulatory reports and compliance audits including SOC 1 & 2, PCI-

DSS, ISO 27001 and other compliance framework aligned to the IT infrastructure in scope.

● Prepare workpapers in accordance with Internal Audit standards.

● Survey business activities to determine nature of operations and the adequacy of the system of internal controls.

● Evaluate system effectiveness using knowledge of business processes and generally accepted auditing techniques.

● Migration projects (migration from onprem/legacy systems to cloud or SAP)

● Performed reviews of IT policies and procedures such as change management, business

continuity planning, disaster recovery and information security.

● Prepare formal written reports, expressing opinions on the adequacy and effectiveness of the system and the efficiency with which activities are carried out.

● Analyze the adequacy of the corrective action taken or planned to improve deficient conditions.

● Worked closely with the IT Audit Manager on ensuring that adequate documentation exists to support

audit work performed. Completing audit procedures including conducting interviews, reviewing and

● analyzing evidence, identifying and defining issues, and preparing audit workpapers.

● Identify emerging issues and recommended solutions to IT Audit & Compliance

● IT risk assessment and document the system security keys controls

● Assist in communicating and facilitating the requirements for security risk   assessments for both customs developed and third-party applications.  

● Conduct I.T controls risk assessments, including reviewing organizational policies, standards and procedures and assist in communicating and facilitating the requirements for security risk   assessments for both customs developed and third-party applications.  

● Provide advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard

● Perform walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively.

Toyota Financial Services                                                                                                

Internal IT Auditor / Risk Operation & Control Analyst - Contract

Feb 2018 – Jan 2020

● Evaluated IT general controls (ITGC) including information security, change management, data center, third-party risk, identify and access management, physical security, IT security operations and program and project management audit. .

● Performed audit readiness for SOC 1 Type 2, SSAE 18 reports.

● Drafted audit reports, present audit outcomes to senior management and issue value adding recommendations to management to ensure effective control environment and an improved business process.

● Involved in pre and post SDLC review, Business Continuity, Disaster Recovery and systems control testing.

● Conducted information security audit, testing preventive, corrective, detective and compensating controls for design adequacy and operating effectiveness

● Conducted risk assessment and management, control identification, design of audit program, procedures, testing, evaluation and analysis of audit outcome.

● Conducted IT risk assessment; document related risks and note key control issues; develop appropriate audit programs to test the control risks identified and subsequently evaluate control designs, optimization, and assurance over operational and compliance processes.

● Performed IT operations SOX controls (TOD and TOE) with a focus on controls mitigating high and medium risks.  

● Involved in conducting ITGCs testing, and IT application Control testing, audit readiness, attestation engagements, Infrastructure audit, compliance, and risk assessment.

● Verified that control deficiencies are adequately cascaded to appropriate stakeholders and ensure that remediation plans are adequately implemented timely.

● Executed SOX and PCI compliance audit projects using a risk-based method to determine design and operating effectiveness of controls.

● Conducted systems controls testing of various enterprise resource planning systems – Oracle financials and SAP.

Bachelor Degree in Computer Science 2015

PSM – Certified Professional Scrum Master

Certified, Information Systems Auditor® (CISA)