Anne Vuong

Responsibilities:

• Conduct risk assessments for the annual audit plan.
• Planning and executing risk-based audits across various areas: project governance/framework assurance review, ITGC audits (access management, change management and BCP/DR), and business operations audits.
• Lead engagement with external consultants on specialized reviews, such as cybersecurity.
• Supervise and collaborate with external auditors to coordinate joint activities to minimize internal business efforts.
• Effectively communicate audit results and recommendations to improve risk management processes and controls.
• Prepare audit reports summarizing audit findings, and recommending corrective actions.
• Monitor progress on the implementation of corrective action plans arising from audit results.
• Assist the General Manager, Internal Audit, with the preparation of quarterly reporting (including audit metrics) to the ARC, the Board, and regulators.
• Lead the Internal Audit team initiative to continuously improve the audit process and documentation to deliver quality audit outcomes.

Specialization areas:

• Advanced technical knowledge and experience in SWIFT Customer Security Controls Framework review, and Project Governance Review
• Working knowledge of the exchange operations, products, and systems.

Key achievements:

• Successfully supported the business in improving the assessment ratings for the SWIFT Customer Security Controls Framework, and successfully delivered value-added improvements to the Project Governance Framework.
• successfully delivered value-added improvements to the Project Governance Framework.

Responsibilities:

• Perform second-line technology assurance reviews over technology operational processes, compliance obligations, and project key delivery.
• Oversee and manage technology assurance resources in delivering SOX compliance reviews.
• Influence technology and business teams to embed risk monitoring and control practices.
• Prepare draft review reports and socialize with stakeholders to ensure alignment with Risk and Compliance Assurance Manual requirements, and delivery of appropriate insight and conclusions.

Specialisation areas:

• Advanced technical knowledge and experience in IT application, automated and manual processes, risks, and controls.
• Deliver quality written work papers, issue reports, and be able to articulate key risk and compliance insights.
• Key achievements:
• Successfully completed and delivered SOX control reviews on time
• Successfully delivered value-add & quality work acknowledged for credit card project

• Responsibilities:
• Manage a portfolio of IT Audit engagements on Financial Statement audits
• Manage resources, schedule and budget for owned portfolio
• Build and strengthen internal relationships with Financial Directors and external relationships with clients’ management
• Provide on the job coaching to staff, identify areas of improvement and provide relevant opportunities
• Oversee overall team resource allocation in scheduling tool, by working closely with other Audit Leaders.
• Specialisation areas:
• Sound technical knowledges & experiences in both Financial Statements audit & IT audit in government sector
• Good understanding of auditing standards, accounting standards, government legislations and IT better practices.
• Key achievements:
• Developed and implemented effective team productivity reports and regularly update management team on performance.
• Developed the first annual forecast budget for IS Audit branch as part of the annual Financial Audit resources allocation
• Successfully improved team collaboration and relationship with team methodology workshops and team building events.

• Responsibilities:
• Second in charge to Audit Leader in the IS Audit branch.
• Led, managed and executed all aspects of IT external audits annually. This included:
• Planned and implemented risk based Audit Strategy and Audit Plan including scope & budget
• Scheduled & executed delivery of audits
• Managed & coached audit team in the field
• Senior stakeholder management within the Audit Office and the clients, including annual IS scope discussion and periodic updates on current audit.
• Specialisation areas:
• Project governance & implementation assurance and Attestation of Service Organisation Controls.
• Key achievements:
• Contributed ideas and drafted content for Auditor General Reports to Parliament by each government cluster
• Lead branch initiative to build the new SAP Security Audit Program.

• Responsibilities:
• Performed IT Application Controls and Complex Business Process Controls Audit
• Performed Financial Statement Audits
• Performed SAP security, segregation of duties access and configuration testing and report testing
• Subject matter expert for SAP and general system audit queries from Financial Audit Team
• Specialisation areas:
• IT General Controls including user security access to data and programs change management, batch monitoring, back up processes and disaster recovery plans.
• Infrastructure assurance (UNIX, Windows, Oracle, MS SQL and general network)
• SAP Security Review and configuration testing
• ERP system assurances for:
• SAP; ELLIPSE; PeopleSoft; Banner Finance; Oracle and Complex in-house developed applications.
• Key achievements:
• Selected as part of the pilot team to roll out the new audit methodology
• Successfully delivered value-add & quality work acknowledged by internal and external clients
• Extensively contributed to the assessment of new computer audited tools.