Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Poto Sawi

Summary

As a Senior IT Auditor at UHY LLP, I perform audits using COSO, SOX, SSAE18 and FISCAM frameworks, ensuring compliance and security of information systems for various clients. I also conduct IT risk assessments, evaluate controls, and provide recommendations for improvement.


I have a Bachelor's degree in Computer Science from the University of Sierra Leone and a CISA certification from ISACA. I have over five years of experience in IT auditing and security, having worked as a Risk Consultant at PwC and an IT Auditor at 11th Hour Service. I have developed and applied my skills in IT auditing, IT security assessments, information security, and risk management, delivering high-quality results and value to my employers and clients.


I am passionate about IT auditing and security, and I enjoy learning new technologies and best practices. I am motivated by the challenge and opportunity to help organizations protect their information assets and improve their performance. I am also a team player, who collaborates and communicates effectively with my colleagues, managers, and clients.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Senior IT Auditor

UHY LLP
09.2023 - Current
  • Participates in value added business processes and assurance audits; identifies opportunities to improve operational process and control efficiency and effectiveness, as well as evaluate accounting, compliance, and governance practices where relevant
  • Supports Audit Director in facilitating various aspects of the Sarbanes Oxley certification program, including process documentation, testing, and other evaluations as necessary
  • Assists in and reviews work performed by other internal audit personnel and provides appropriate feedback and comments, including resources from the co-sourcing staff (internal Company personnel and / or external personnel)
  • Maintains organized audit evidence to support conclusions; adhering to department standards
  • Contributes to annual Internal Audit risk assessments and audit plan development
  • Develops good relationships with key stakeholders
  • Works effectively with the company's external auditors regarding Sarbanes Oxley results and work performed on behalf of external auditors, such as process walkthroughs and substantive testing procedures
  • Executes special corporate or department projects as needed and/or directed
  • Understands and stay abreast of accounting, audit, business, economic, and industry developments and their impact on the company
  • Uses technology to continually improve team work flow and testing approaches
  • Performs other duties as assigned.
  • Followed established auditing processes to meet internal and regulatory requirements.
  • Performed observations and evaluated supporting documents to supplement audit findings.
  • Prepared working papers, reports and supporting documentation for audit findings.
  • Interviewed business owners to understand needs and explain audit scope.

IT Auditor

PricewaterhouseCoopers
08.2021 - 09.2022
  • Reviewed operational, financial, and technological processes to assess business risk, internal control and the overall effectiveness and efficiency of the process
  • In addition, assessed the risks associated with Sarbanes Oxley and internal controls over financial reporting
  • Managed internal audit outsourcing and co-sourcing engagements for clients
  • Managed the risk identification process and evaluation and testing of business processes and related controls
  • Maintained a good working relationship with clients and works effectively with client management and staff at all levels to gather information and perform services
  • Worked collaboratively with other lines of service and practice areas to deliver other services
  • Worked closely with clients and staff to develop client and project risk assessments, implement opportunities, and recommendations regarding business and IT process optimization, profit improvement, cost reduction, fraud prevention, internal control, and compliance
  • Communicated externally with clients and internally with all levels of the organization to successfully accomplish objectives
  • Performed engagement management responsibilities, including performance reviews, task delegation, project scheduling, project financials, quality review and client management
  • Understood and managed firm risk on audits and proposals
  • Met or exceeded targeted billing hours
  • Maintained strong client relations and cross-sell services within the assigned group of clients.

IT Auditor

11th Hour Service
02.2021 - 08.2021
  • Performed FISCAM audit readiness through testing of ITGC (IT general controls) and ITAC (IT application controls) in various business processes related to financial statement audit readiness
  • Worked with client personnel to understand and analyze known IT control weaknesses, identify root causes, and develop detailed robust remediation plans
  • Applied FISCAM approaches and assessed information system controls in areas of information assurance, access control, change control, disaster recovery, and segregation of duties
  • Developed and created corrective action plans to provide practical recommendations to the client
  • Identified where audit readiness requirements can be incorporated into the organization's policies, processes and procedures that support all FISCAM controls
  • Ensured that controls performed by service providers are included within the testing scope; unless covered under the service provider's SSAE No
  • 18 examination
  • Responded to system and IT Provide by Client (PBC) audit requests
  • Supported the development and implementation of IT related and system specific CAPs
  • Conducted risk assessments of IT systems and internal controls including Complementary User Entity Controls (CUECs) to identify key controls
  • Ensured the system of internal controls surrounding the compilation of financial statements are complete.

IT Auditor

Cotton & Co.
01.2018 - 02.2021
  • Performed and tested the IT General Controls (ITGC) and Application Control testing using FISCAM and NIST guidelines
  • Participated in team kick-off and walkthrough meetings
  • Performed IT infrastructure audits
  • Identified and communicated IT audit findings to senior management and clients
  • Review of ITGC and various applications, databases, operating systems and network devices
  • Assisted in preparing an IT audit program to include access control, change management controls and application controls
  • Also, identifying deficiencies in the design and operating effectiveness of control and provide recommendations
  • Performed FISMA Audits and tested access controls and configuration management using NIST 800 53 and other NIST guidelines
  • Conducted testing of Sarbanes-Oxley (SOX), PCI DSS, HIPAA, COBIT, and OMBA123
  • Maintained a good working relationship with clients in order to enhance the customers' satisfaction and worked with client management and staff at all levels to perform audit services
  • Performed and documented audit activities in accordance with professional standards such as: COBIT, COSO and SOX internal control frameworks audit project
  • Tested and documented key SOX and IT general controls leveraging a defined and compliant monitoring process
  • Worked with audit teams, assurance teams, and the client to plan an engagement strategy, define objectives and address technology related controls, risks and issues
  • Participated in IT and compliance assessments, audits, gap analyses and remediation
  • Actively contributed to projects in the areas of the System and Organizational Controls 1 & 2, and compliance tests and audits (SOC 1/SOC 2)
  • Communicated with project stakeholders to effectively convey requirements of technical and process improvements
  • Assisted in the development of customized policies, procedures, controls, disaster recovery plans and other documentation for applications, systems and infrastructure
  • Managed policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.

Education

BSc. Computer Science -

The University of Sierra Leone

High School Diploma -

Friendship Public Charter School-Collegiate Academy

Skills

  • Microsoft Office Suite
  • Unix
  • Windows
  • SOX
  • FISCAM
  • FISMA
  • COSO
  • SOC Type 1 and 2
  • Project Management
  • Internal controls
  • Financial statement audit
  • Quality Assurance
  • Google Workspace
  • Team Management
  • Decision-Making

Certification

Certified Information Systems Auditor (CISA)

Timeline

Senior IT Auditor

UHY LLP
09.2023 - Current

IT Auditor

PricewaterhouseCoopers
08.2021 - 09.2022

IT Auditor

11th Hour Service
02.2021 - 08.2021

IT Auditor

Cotton & Co.
01.2018 - 02.2021

BSc. Computer Science -

The University of Sierra Leone

High School Diploma -

Friendship Public Charter School-Collegiate Academy

Similar Profiles

CREATE PROFILE
Poto Sawi