Summary
Overview
Work History
Education
Skills
Timeline
Generic

Oscar Brown III, CIA CISA CRMA CDPSE ACDA

Oakland

Summary

Experienced professional with 25 years in financial operational compliance and IT audits. Specializes in data analysis, continuous monitoring, and fraud investigations. Led internal audit functions, including charter creation and reporting to boards. Focused on IT audit, compliance, and security, knowledgeable in SOX, SOC, CCPA, GDPR, and MAR (NAIC) compliance; trained in SAFE 5 and Agile.

Overview

31
31
years of professional experience

Work History

Principal Internal Auditor

BART
06.2023 - 05.2025
  • Conducts complex financial-related, performance, compliance, contract, and investigative audits to evaluate District systems and controls; prepares and presents audit findings and recommendations; provides assistance to District departments in implementing audit recommendations.
  • Applied data analytics techniques to streamline audit processes and improve overall audit effectiveness.
  • Developed and recommended enhancements to computerized systems, improving operational effectiveness.
  • Participated in development of District and departmental policies and procedures; monitored compliance with established standards and recommended improvements to enhance effectiveness.
  • Developed Conflict of Interest reporting procedures and conducted investigations to ensure compliance.

Senior IT Internal Audit Consultant

BANNER HEALTH
02.2022 - 05.2023
  • Planned and executed IT audits encompassing ITGCs, application controls, system configuration, and IT security risk assessments to ensure compliance and security.
  • Conducted comprehensive assessments across access management, security policies, architecture, threat and vulnerability management, incident management, data protection, vendor management, security operations, business continuity, cloud security, and cybersecurity.
  • Conducted internal audits to assess compliance with health regulations.
  • Reviewed financial statements for accuracy and adherence to standards.
  • Collaborated with departments to identify areas for process improvement.

Compliance Audit Services, Consultant

BLUE SHIELD OF CALIFORNIA
08.2020 - 09.2021
  • Identified opportunities for continuous improvement in IT governance, risk, compliance and security practices based on expert knowledge and prior experience in domain areas, industry best practices, business objectives and risk tolerances.
  • Collaborated with IT teams to clarify identified control gaps and recommended mitigation activities to resolve weaknesses and reduce organizational risk.
  • Tracked open audit findings and coordinated with IT to ensure timely completion of follow-up actions and adherence to deadlines.

Consultant (Audit Supervisor)

UCSF
09.2019 - 11.2019
  • Led audits ensuring compliance with regulatory standards, enhancing trust in financial reporting.
  • Oversaw 2-3 auditors, coordinating specific projects to strengthen audit outcomes.
  • Performed data analysis using ACL, developing scripts for departmental efficiency.

Consultant (Risk Assessment Coordinator)

PAYPAL
03.2019 - 06.2019
  • Identified obligations and risks, mapping them to relevant controls, training, and policies to enhance compliance and operational effectiveness.
  • Assessed fifteen business units for control compliance with national and international frameworks, ensuring alignment with regulatory requirements.
  • Assisted in implementing in-house GRC application, conducting user acceptance testing to validate functionality and user needs.

Consultant (Audit Supervisor – IT)

SCIF (State of Californian Insurance Fund)
10.2018 - 01.2019
  • Perform audit of ITGC and Operational Controls to ensure State Fund compliance with NAIC MAR (Model Audit Rule) for financial reporting and to protect State Fund’s applications, data, network and IT environment.
  • Plan, coordinate, execute and complete audit project activities.
  • Conduct risk assessment and develop comprehensive audit scope aligned with compliance objectives.
  • Document remediation plans for identified control weaknesses and provide updates to executives and audit committee.
  • Delegated MAR audit tasks to State Fund MAR Compliance team to facilitate training and knowledge transfer.
  • Train MAR compliance staff in audit methodology to enhance team capability and effectiveness.

Consultant (Senior IT Compliance Analyst)

NETSUITE
10.2017 - 03.2018
  • Evaluated end-to-end risk and controls, assessing existing processes to identify gaps and areas for improvement.
  • Provide recommendations for improving processes, controls, and management of risk.
  • Monitored compliance and ensured completion of remediation and process improvements agreed with management.
  • Perform ongoing periodic walkthrough and controls testing for compliance projects.
  • Assist in project managing all compliance projects that are externally audited (act as a single point of contact).
  • Enforced compliance with policies alongside internal audit, developing and managing security and privacy processes.
  • Perform readiness assessment for ongoing compliance obligations, including GDPR, ISO27018, Standard Contracts Clauses and Privacy policies.

Senior IT Internal Audit

TRINET
04.2015 - 04.2016
  • Plan, coordinate and execute IT compliance monitoring and auditing, including but not limited to, Sarbanes Oxley (SOX), SOC 1 and SOC 2.
  • Identified IT internal control weaknesses in compliance environment, enhancing support for systems operations and key processes.
  • Collaborated with external auditors, facilitating compliance, financial, and operational audits.
  • Perform data analytics with ACL.
  • Implemented ACL GRC to assist with SOX, SOC’s and other compliance reviews/testing.
  • Conducted IT audits analyzing business data and systems, assessing adequacy and effectiveness of IT controls.
  • Review and evaluate adequacy of internal controls and compliance with IT Security.

Senior Auditor – IT Compliance

COMMUNITY MEDICAL CENTER (CMC)
11.2013 - 03.2015
  • Plan, coordinate and execute IT compliance monitoring and auditing for hospital system.
  • Conduct IT audits analyzing business data and systems reviewing the adequacy and effectiveness of IT related controls.
  • Reviewed and evaluated internal controls and compliance with IT security standards, ensuring robustness of security measures.
  • Identified IT internal control weaknesses in compliance environment, enhancing support for systems operations and key processes.
  • Communicated identified control weaknesses from IT compliance monitoring to management, providing actionable recommendations.
  • Develop HIPAA compliant IT policies and procedures to address IT Security issues to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI).

Internal Audit Director

AIDS HEALTHCARE FOUNDATION (AHF)
03.2013 - 10.2013
  • Implemented an Internal Audit function for a ~$1 billion international healthcare organization with retail, pharmacy and managed care including insurance coverage.
  • Developed audit charter defining objectives and processes for internal audit function.
  • Conduct risk-based audits according to annual audit plan and special requests.
  • Prepare audit reports of findings and recommendations for each audit.
  • Fostered relationships with all levels of management to facilitate acceptance and implementation of audit function while maintaining independence and objectivity.
  • Develop work papers to support all work performed.
  • Perform follow up reviews to determine the status corrective actions.
  • Identified areas and strategies for cost control and revenue enhancement.
  • Conducted special investigations to address specific issues.

Internal Audit Director

OWENSBORO MEDICAL HEALTH SYSTEM (OMHS)
01.2010 - 09.2012
  • Establish an effective Internal Audit Plan in accordance with the Opportunity and Risk Assessment Methodology.
  • Conduct risk-based audits according to the Internal Audit Plan and develop appropriate work-papers to support audit work performed.
  • Prepare audit reports of findings and recommendations for each audit.
  • Perform follow-up reviews to determine the status of implementation of accepted recommendations.
  • Directed staff of four Clinical Review Auditors and one Operational Auditor, overseeing review of audit work-papers and reports to ensure compliance and quality.
  • Developed relationships with management and governance to foster understanding of audit function while maintaining independence and objectivity.
  • Executed special projects for the Board of Directors and senior management.
  • Presented audit issues to Board of Directors and management, facilitating informed decision-making and transparency.

Internal Audit Manager

CATHOLIC HEALTHCARE AUDIT NETWORK (CHAN)
04.2004 - 11.2009
  • Prepare an effective Annual Audit Plan in accordance with the CHAN Opportunity and Risk Assessment Methodology.
  • Conduct independent audits according to the Annual Audit Plan and develop appropriate work papers to support audit work performed.
  • Prepared reports detailing findings and recommendations for local management following each audit.
  • Advised management and stakeholders on establishing and maintaining a robust system of internal controls.
  • Perform follow-up reviews to determine the status of implementation of accepted recommendations.
  • Executed special projects for the Board of Directors and executive leadership.
  • Prepare interim and annual reports of the results of CHAN activities.
  • Assist in the annual external audit upon request.

Internal Auditor II

HEALTH NET, INC
07.2001 - 04.2004
  • Ensure proper regulatory compliance and documentation of internal controls to comply with Sarbanes-Oxley Act.
  • Plan, coordinate and conduct operational audits and ensure compliance with current laws and regulations.
  • Conduct operational assessments of procedures to identify and implement cost-effective efficiencies.
  • Perform IT audits to identify, document, validate, and test all detailed IT requirements and controls.
  • Prepare comprehensive audit reports.
  • Develop and recommend innovative audit techniques and procedures to enhance audit effectiveness.
  • Review reports and work-papers of auditors to ensure accurate preparation, timely completion, and compliance with internal and external audit standards.
  • Perform special projects and data analysis.
  • Proficiently use ACL.

Internal Audit Project Supervisor

UNION SAFE DEPOSIT BANK
02.2000 - 05.2001
  • Supervised, planned, coordinated, and conducted independent audits and examinations of bank records, policies, and practices to ensure compliance with all laws and regulations.
  • Conducted IT audits to enhance overall audit plan effectiveness.
  • Analyzed reports and work papers of auditors to ensure accurate preparation and timely completion in line with internal audit requirements.
  • Prepare comprehensive audit reports, with appropriate recommendations for improvement of processes.
  • Recommend new audit techniques and procedures.

Senior Accountant – Mergers & Acquisitions

WESTAFF
09.1998 - 09.1999
  • Conduct financial due diligence for acquisition candidates through analytical review of operating reports, balance sheets, and projections to inform strategic decision-making.
  • Develop written policies for evaluating, booking, and tracking mergers and acquisitions to standardize processes and enhance transparency.
  • Monitored acquisition intangibles to maintain accurate financial reporting.
  • Facilitated the preparation of internal and external financial reports, including SEC filings.
  • Prepare and evaluate the Company’s owned and any affiliate’s monthly financial results.
  • Assist in the preparation of Board of Directors’ packages.

Senior Accountant

VIVRA SPECIALTY PARTNERS, INC
12.1997 - 09.1998
  • Managed twenty-six cost centers, delivering financial reports and analysis that informed decision-making for Vivra Heart Services (VHS).
  • Conducted thorough audits of financial information for Vivra Heart Services to ensure accuracy and compliance.
  • Prepared comprehensive Board of Directors' packages, consolidating financial and operational data to enhance strategic discussions.
  • Streamlined reporting processes by automating the reporting system, resulting in timely and accurate financial insights for Vivra Specialty Partners, Inc.

Senior Accountant

ANERGEN
03.1997 - 12.1997
  • Executed the preparation of financial statements, SEC filings, and provided support to the controller during the budgeting process.
  • Maintained general ledger, payroll, fixed assets, and option accounting operations to support comprehensive financial reporting.
  • Implemented new accounting and payroll system, enhancing data accuracy and streamlining financial processes.
  • Supervised and audited accounts payable department, ensuring accurate processing of invoices and compliance with financial policies.

Business Assurance Associate (Auditor)

COOPERS AND LYBRAND
09.1994 - 09.1996
  • Plan, supervise, and complete financial audits and reviews of varying size and complexity.
  • Assessed and documented client internal control processes and procedures, recommending improvements to strengthen financial data integrity.
  • Drafted and reviewed consolidating financial statements to ensure compliance and accuracy.
  • Research and analyze technical accounting issues to determine proper treatment.
  • Supervised, coached, motivated, and evaluated professional staff to enhance team capabilities.
  • Submitted compliance documents to regulatory agencies to ensure adherence to legal requirements.

Education

B.S. - Business Administration, Accounting

California State University, Hayward
Hayward, CA

Skills

  • Internal auditing and IT auditing
  • Compliance and risk assessment
  • Governance, risk, and compliance (GRC)
  • Control design and testing
  • Audit leadership
  • Fraud investigation
  • Cybersecurity audits
  • Cybersecurity review
  • NIST standards
  • SOX compliance
  • SOC 1/2 audits
  • MAR (NAIC) compliance
  • GDPR and CCPA regulations
  • HIPAA
  • IT General Controls (ITGCs)
  • Data analytics and monitoring
  • Privacy and security controls
  • Vendor and third-party risk management
  • Policy development
  • Board reporting
  • ACL and CAATs
  • Cloud security solutions
  • Advanced Excel skills
  • SQL expertise
  • Microsoft Office Suite proficiency

Timeline

Principal Internal Auditor

BART
06.2023 - 05.2025

Senior IT Internal Audit Consultant

BANNER HEALTH
02.2022 - 05.2023

Compliance Audit Services, Consultant

BLUE SHIELD OF CALIFORNIA
08.2020 - 09.2021

Consultant (Audit Supervisor)

UCSF
09.2019 - 11.2019

Consultant (Risk Assessment Coordinator)

PAYPAL
03.2019 - 06.2019

Consultant (Audit Supervisor – IT)

SCIF (State of Californian Insurance Fund)
10.2018 - 01.2019

Consultant (Senior IT Compliance Analyst)

NETSUITE
10.2017 - 03.2018

Senior IT Internal Audit

TRINET
04.2015 - 04.2016

Senior Auditor – IT Compliance

COMMUNITY MEDICAL CENTER (CMC)
11.2013 - 03.2015

Internal Audit Director

AIDS HEALTHCARE FOUNDATION (AHF)
03.2013 - 10.2013

Internal Audit Director

OWENSBORO MEDICAL HEALTH SYSTEM (OMHS)
01.2010 - 09.2012

Internal Audit Manager

CATHOLIC HEALTHCARE AUDIT NETWORK (CHAN)
04.2004 - 11.2009

Internal Auditor II

HEALTH NET, INC
07.2001 - 04.2004

Internal Audit Project Supervisor

UNION SAFE DEPOSIT BANK
02.2000 - 05.2001

Senior Accountant – Mergers & Acquisitions

WESTAFF
09.1998 - 09.1999

Senior Accountant

VIVRA SPECIALTY PARTNERS, INC
12.1997 - 09.1998

Senior Accountant

ANERGEN
03.1997 - 12.1997

Business Assurance Associate (Auditor)

COOPERS AND LYBRAND
09.1994 - 09.1996

B.S. - Business Administration, Accounting

California State University, Hayward
Oscar Brown III, CIA CISA CRMA CDPSE ACDA