Andrew Michael FORSTER

Dynamic leader in Data Analytics, IT Risk Management, and Assurance services, currently spearheading initiatives at Hawk Information Technology Services. Over 25 years of extensive experience in data analytics, IT audit, and risk management, with expertise in delivering strategic insights and support to external and internal auditors, as well as consulting for executive and IT management. Successfully operated an independent consultancy for 23 years after five years of international experience in Abu Dhabi, providing tailored IT Data Analytics, Reporting, and risk management solutions across diverse industries in both public and private sectors. Committed to driving organizational success through innovative data-driven strategies and comprehensive risk assessments.

• Certified Information Systems Auditor (CISA)
• Member of the Information Systems Audit and Control Association

• Andrew specialises in providing IT data analytics reporting, business intelligence, auditing, risk management and security services advice to the private and public sectors. His principal areas of practice have included:
• Developing and implementing CAAT (computer assisted audit techniques) and data analytic routines. These are independent external analysis programs that can be utilised by management and audit to assess the integrity of their systems, to augment the reporting facilities from their current computer systems and to support investigations. These assignments have also included the development of a multitude of business information reporting systems.
• Development of Fraud Detection methodologies and frameworks as well as eDiscovery investigation tools and continuous control monitoring systems.
• Assessment of risks associated with an organisation’s IT infrastructure, facilities, resources, systems and data.
• Independent review and improvement of business requirements and solutions specifications (completeness, detail)
• Implementation of organisation wide specific IT control frameworks such as COBIT (the International Information Systems Association of Certified Auditors product), ITIL and Val-IT.
• Risk assessment of the IT function and infrastructure with respect to the business.
• Critical evaluation of IT governance and guidance with respect to the implementation of effective governance.
• Assessment of IT applications and access security controls (various including SAP, Mincom Ellipse, TechnologyOne’s StudentOne and FinanceOne); pre-implementation and post implementation; accuracy/ completeness of entry and processing, recoverability, audit/management trail, data/processing integrity for specific applications.
• Assessment of controls operating in an organisation’s IT environment (various operating systems, network managers and RDBMS, such as access security, IT operations, systems backup and recoverability, IT management strategic planning, data and software integrity, data and software change control.
• Independent assessment of commercial contracts from a technical (not legal) perspective focusing on services, service level performance metrics, performance measurement, controls, quality assurance, governance and risk management.
• Assisting in the establishment and implementation of organisation-wide specific IT control frameworks such as COBIT (the International Information Systems Association of Certified Auditors product), ITIL.
• Benefit realisation review (assessing the extent to which an organisation has achieved the benefits previously agreed as the basis for a system development/implementation project).
• Specialist access security reviews (hardware, operating systems, applications and networks).
• Business impact assessment and development/implementation of business continuity plans.
• IT project quality assurance for large scale developments/implementations, independent assessment of major IT projects (eg systems development/implementation, IT outsourcing, with respect to approach, methodology, compliance controls, development of service level agreements.
• Analysis of business processes and systems for the purpose of rationalising processes and improving systems solutions. Analysis and improvement of information management.

• Andrew has provided data analysis, reporting, IT audit, fraud detection, governance, and risk management services to a number of private and public sector clients, including the various NSW rail entities and universities. These have included:
• NSW Transport Shared Service - HR Group, (and the former SRA/ RailCorp) HR Groups - 1999 till current- Data Analysis, HR Data & system configuration, IT Reporting Projects, requirements development and project quality control.
• Satori Group Australia - providing consulting, requirements, and development services for data analytic, continuous control monitoring reporting and other business tools to a number of Satori’s clients (2013 till current) Some of these clients have included:
• Lendlease - continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems;
• Avan Insurance development of a complex reconciliation facility between multiple systems;
• JB HiFi and The Good Guys - continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems;
• Flight Centre - anti-money laundering continuous control monitoring facility;
• Allianz Group Australia - continuous control monitoring facility- claims management;
• APG & Co - data reporting analysis facility for legislative reporting;
• CBH Group (Grain Growers Cooperative) continuous control monitoring facility- HR, payroll, accounts payable, grower management and purchasing card systems;
• Coates Hire - continuous control monitoring facility- HR, payroll, accounts payable and receivables systems;
• NSW Family and Community Services- continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems;
• Melbourne City Council- continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems;
• Plus500 - development of currency trading reconciliation and exception reporting system;
• Queensland Department of Communities continuous control monitoring facility HR, payroll, accounts payable and purchasing card systems;
• Queensland Department of Education development of multiple system consolidation and exception reporting facility supporting corporate dashboard and BI system.
• Ruralco - continuous control monitoring facility- HR, payroll, accounts payable and receivables systems;
• Suez - continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems;
• University of Queensland continuous control monitoring facility- HR, payroll, accounts payable and purchasing card systems.
• Westfund Health – Data Analytic Framework for Claims and Benefit control monitoring and Membership improvement reporting system (2012 till 2023)
• NSW Department of Education IT Internal Audit reviews (2016 – 2017)
• Department of Primary Industry (Late DITRISI) IT internal audit (2009 – 2012)
• Macquarie University IT internal audit and IT risk management (6 years)
• FreightCorp IT internal audit - 3 years
• Rail Services Australia IT internal audit including project governance and QA – 2 years
• Rail Infrastructure Corporation IT internal audit, IT project governance and QA – 2 years
• RailCorp IT internal audit including fraud detection and data analysis - 7 years
• State Rail Authority IT internal Audit (IT Audit and data analysis - 6 years)
• Panther Entertainment Group IT internal audit & data analysis - 3 year
• University of New South Wales IT internal audit & data analysis 1 year.
• Sydney University (Financial Operations and Systems Data Analysis & Fraud Detection)
• NSW State Lotteries (IT Security policies)
• NSW Police Integrity Commission (IT Security consulting services)