Taimur Ghazi

Experience

• 

  British Petroleum

  May 2008 - Jul 2008

  Intern
• 

  UHY Advisors

  Nov 2010 - Nov 2014

  Manager - IT Audit & Consulting

  Effective December 1, 2014 the partners, managers and staff of UHY Advisors Texas have joined BDO USA, one of the nation’s leading professional service organizations.

• 

  BDO USA, LLP

  Dec 2014 - Feb 2016

  IS Assurance Manager

  Develops IT Audit methodology and work programs to ensure audit efficiencies are achieved through test of IT General Controls and IT Application Controls for the SOX 404 and financial statement audits.Specializes in audit of various ERP’s including SAP, ORACLE EBS, PEOPLESOFT FSCM, JD EDWARDS E1, and Microsoft Dynamics Suite.Works in the IS Assurance practice at BDO to perform appropriate testing for the integrated audits. Test and provide SOC 1, 2 and 3 attestations.Performs business process assessments and deploys technology solutions and tools to increase IT efficiency, remove redundancy and improve working capital.Performs Risk Assessments, Segregation of Duties reviews, IT Security Assessments, and IT Due Diligence procedures for various organizations. Conducts SAS99 journal entry testing using ACL and IDEA around GL data completeness, math accuracy and fraud.Reviews and tests SAP's GRC Access Control (access risk analysis, firefighter). Show less

• 

  RSM US LLP

  Mar 2016 - now

  • Performs end-to-end activities on SOX 404 audits including planning, budgeting, billing, preparing audit work programs, testing, reviewing, reporting, explaining control deficiencies and audit risk to financial auditors and client stakeholders, obtaining management response, identifying compensating / mitigating controls, developing remediation plans and coordinating resolutions.• Assists clients in SOX 404 compliance and readiness initiatives around key financial applications. Identified SOX controls, prepared risk and controls matrices using a various frameworks (COSO, COBIT, ITIL), developed SOD frameworks and configured GRC toolsets.• Performs SOC 1 (SSAE 16), SOC 2 and 3 attestation services.• Performs IT risk assessments and deployed technology solutions and tools to increase IT efficiency, reduce operational risk, remove redundancy and improve working capital.• Works on IT due diligence projects for mergers and acquisitions to determine application integration procedures, fit gap analysis, compatibility, resource planning, and cost analysis.• Performs ERP pre and post-implementation reviews which included controls around project management, sensitive access (e.g. data privacy touch-points), segregation of duties, key business process configurations, key financial reports and interfaces, data conversion, program/configuration change management, back up and disaster recovery, business continuity, user authentication and passwords, security administration, system administration and user provisioning.• Experience with several PCAOB inspections, internal and independent peer reviews with no observations. Show less

  • Principal, Risk Consulting

    Jan 2023 - now

  • Director, Technology Risk Consulting

    Jul 2018 - Jan 2023

  • IT Risk Manager

    Mar 2016 - Jul 2018