SUMIT VERMA
Christchurch,New Zealand
Summary
A reliable and versatile IT Audit Manager with 8+ years of experience and a diverse background in coordinating teams and managing complex projects, and has led teams on multiple complex engagements involving DevOps/CICD. Has extensive experience in handling difficult clients, building an impeccable rapport with the client, and assisting them in assessing the business risks and the internal controls framework, along with the validation of preventive and detective controls, identifying gaps, and suggesting recommendations for remediation. Demonstrated ability to enhance efficiency and productivity while maintaining high standards of quality.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Manager
Deloitte
Christchurch, Christchurch Central
06.2024 - Current
- We are a national practice, and we work out of Auckland and Christchurch offices. I am the only manager in Christchurch, and the Directors work out of the Auckland office. For the Christchurch team, I planned the resourcing and staffing for the entire year, and we are now reaping the benefits, as the team utilization has increased from 56% to 68%.
- I worked on a proposal for a client in the fresh produce industry with an annual turnover of 500 million New Zealand dollars, and presented it to the client, along with the Partner, and we ended up winning the client.
- Working closely with the Audit Partners and planning for any team events to increase collaboration and integration between IT Specialists and the Audit team.
- I have managed 28 ITGC engagements since June 2024 alone. This includes attending business process walkthroughs, planning with the Audit team to discuss the timing, scope, and relevance of automated controls and system-generated report testing, staffing, planning with clients, managing fieldwork and staff, responding to client escalations, reviewing the audit documentation, observation discussions, mitigation strategy, and issuance of the final management letter.
- Managing the overall team in Christchurch, allocating coaches for staff, recruiting and interviewing new staff, working with personal assistants to ensure seamless onboarding of new hires, conducting university visits for hiring, moving resources across different engagements to ensure timely closure, and providing guidance to counselees assigned to me.
- In addition to the above, I performed an internal IT General Controls (ITGC) audit for Deloitte for over 18 local applications. Identified observations and presented them to the board after the remediation of the identified observations.
Senior Consultant
Deloitte
Christchurch, Christchurch Central
03.2023 - 05.2023
- Collaborated with the Audit Partners to identify the pain points, while working with IT Specialists, and implemented solutions to tackle the issues.
- Worked on Internal Audit engagements in the energy (gap assessment for ITGCs) and construction sector (Data Migration). This included conducting proposal discussions with the client, along with the partner, managing staff, communications with the CIO and CFO, leading walkthrough meetings, performing reviews, and creating the final report.
- Managed the learnings for all the IT specialists; this included conducting bi-weekly ITGC office hour sessions, focused on clarifying the doubts of the junior members within the team, and also ensuring that everyone completes their e-learnings prior to the due dates. I have also conducted training for guidance around ITGC audits.
- Worked on 15 ITGC Audits directly with Directors and Partners to manage the staff, liaison with Financial Audit team members, perform documentation and review of the work done by Junior staff members, observation and mitigation discussions discussion with the client and preparation and communication of the final management letter.
MANAGER
ERNST & YOUNG LLP
04.2022 - 02.2023
- Lead the IT SOx external audit, specifically General IT Controls (GTIC), for clients in the e-commerce (31% market share) and FinTech (46% market share) sectors. The group engagement is the largest ITGC engagement for EY, India.
- Reporting to the Partner and Director, I am responsible for the entire portfolio, with onus starting from planning (scoping and budgeting), managing and coaching multiple team members, reviewing, delivering, and reporting on a variety of client portfolios, and leading a team of 10, consisting of three seniors and seven resources, for the management of fieldwork.
- On the clients in charge (Fintech, e-commerce), I demonstrated a good understanding of the processes and IT environment, liaised with senior stakeholders, and delivered quality work.
- Performed end-to-end engagements involving design assessment walkthroughs, evaluation of risk and controls, the testing of operating effectiveness, gap identification, and gap remediation.
- Prepared audit reports detailing the results of audits, provided recommendations for remediation, and assisted the client in outlining the future roadmap.
- Performed internal audits for IT disaster recovery and vendor risk management.
- Performed audits for clients that are planning to go for an IPO, and faced the Capital Market reviewer to answer and address the risks in the processes.
SENIOR CONSULTANT 2
ERNST & YOUNG LLP
09.2020 - 04.2022
- As a Senior Consultant, I was an acting Manager on all the engagements, and my day-to-day job functions were the same as what I have added above for my Manager position.
CONSULTANT
ERNST & YOUNG LLP
09.2018 - 09.2020
- Assist audit managers in the performance of audit assignments and investigations, often undertaking specific elements of the assignment with minimal supervision.
- Completed the allocated work within the required time, budget, and to the required quality standard.
- Responsible for conducting walkthrough meetings to identify gaps and areas with a lack of controls.
- Focused on General IT Controls (GITC) and Application Controls for clients in various industries, including Fintech, E-commerce, Energy, and the public sector, in support of their external financial audits.
- Tested feed/interfaces for complex real-time data flow, and looking for alternate downstream reconciliations to mitigate the risk.
- Participated in integrated audits, carrying out ITGC testing in support of financial statement audits.
- Performed an end-to-end audit and prepared a SOC 2 report for one of the services offered by the client around Application Maintenance and Support Services (AMS).
Analyst
ERNST & YOUNG LLP
09.2016 - 09.2018
- Assist audit managers in the performance of audit assignments and investigations, often undertaking specific elements of the assignment with minimal supervision.
- Completed the allocated work within the required time, budget, and to the required quality standard.
- Worked on internal audit engagements and reported directly to stakeholders on the results of the gap assessments, and helped in drawing future roadmaps on corrective actions.
- Conducted process walkthroughs and performed testing to determine the gaps, and documented the same.
- Reported to the offshore team, and in most cases directly to the client, and maintained excellent rapport, and delivered high-quality deliverables.
- I conducted an audit on the ISO 27001 standard with minimal supervision and high-quality deliverables.
- Analyzed and mapped the essence of the client's risks and controls to create the Risk and Controls Matrices (RACMs), and implemented action plans to identify risks associated with the controls.
- Performed a review of security configurations for the following operating systems and databases: Unix, Windows, Oracle, and SQL.
Education
Bachelor of Technology -
Ms Ramaiah Institute Of Technology
Masters of Business Administration -
Indian School of Business
Skills
- Internal Audit
- Data Migration
- SOx Audit
- Training development
- Team leadership
- Audit reporting
- FinTech ITGC
- CICD/DevOps ITGC
- Emerging technology
- Tactical and strategic remediation
- SOC1 & SOC2
- Vendor Risk Management
- IT Disaster Recovery
Certification
- Certified ISO 27001 auditor
- Pursuing CISA certification in 2025
Timeline
Manager
Deloitte
06.2024 - Current
Senior Consultant
Deloitte
03.2023 - 05.2023
MANAGER
ERNST & YOUNG LLP
04.2022 - 02.2023
SENIOR CONSULTANT 2
ERNST & YOUNG LLP
09.2020 - 04.2022
CONSULTANT
ERNST & YOUNG LLP
09.2018 - 09.2020
Analyst
ERNST & YOUNG LLP
09.2016 - 09.2018
Bachelor of Technology -
Ms Ramaiah Institute Of Technology
Masters of Business Administration -
Indian School of Business