Summary
Overview
Work History
Education
Skills
External Certifications
Core Competencies
Timeline
Generic

Harika Koppisetti

Summary

Seasoned IT professional with 13+ years of proven expertise, encompassing 5+ years in specialized SOX audit engagements and 8+ years leading quality assurance and agile delivery as a Scrum Master and QA Specialist. Excels in evaluating IT General Controls (ITGC) encompassing access, change, and IT operations management, consistently delivering comprehensive Test of Design (TOD) and Test of Effectiveness (TOE) assessments. Applies extensive knowledge of SOX 404, COSO, and COBIT standards to detect control weaknesses, maintain exemplary audit documentation, and facilitate productive collaboration with development teams and product owners to accelerate remediation efforts and strengthen operational processes.

Overview

14
14
years of professional experience

Work History

Lead Auditor

CBRE South Asia private Limited
09.2021 - 03.2023
  • Conducted walkthroughs to assess control design and identify risk areas.
  • Performed TOD and TOE for access provisioning, role-based access, and password policies.
  • Reviewed change management processes including ticket approvals, testing evidence, and production deployment.
  • Documented workpapers in alignment with SOX and audit methodology requirements.
  • Prepared findings, remediation recommendations, and closure validation.
  • Validated password settings controls including complexity requirements, expiration policies, lockout mechanisms, and password history enforcement.
  • Conducted User Access Reviews (UAR) to ensure user access was appropriate, authorized, and aligned with job roles and business requirements.
  • Reviewed active user listings to verify access for employees, contractors, and third parties.
  • Assessed role-based access controls (RBAC) to ensure segregation of duties (SoD) and least-privilege principles were followed.
  • Tested privileged and administrative access to confirm proper approval, justification, and periodic review.
  • Verified timely removal of access for terminated or transferred users.
  • Reviewed password configuration settings to ensure compliance with company policies and SOX requirements.
  • Tested password parameters including minimum length, complexity, expiration, reuse, and lockout settings.
  • Evaluated password policy enforcement across in-scope systems and applications.
  • Participated in SOC1, SOC2, and SOC3 assessments by reviewing service provider controls and complementary user entity controls (CUECs).
  • Supported senior auditors in conducting SOX 404 walkthroughs and documenting process flows.
  • Tools: SOX 404, SAP, JIRA, Excel

Internal Auditor

Persistent System Limited
11.2012 - 09.2021
  • Conducted comprehensive walkthroughs of user provisioning and de-provisioning processes.
  • Tested access control procedures for new hires, transfers, and terminations.
  • Performed TOD and TOE for role-based access, privileged accounts, and password policies.
  • Documented findings and provided recommendations to strengthen access controls.
  • Evaluated change management policies and procedures for IT systems.
  • Reviewed change requests, approval workflows, testing evidence, and deployment logs.
  • Tested the effectiveness of controls over unauthorized or emergency changes.
  • Prepared detailed audit reports highlighting control gaps and remediation steps.
  • Helped perform data validation, sampling, and basic analytics to support audit findings.
  • Communicated findings to senior auditors and contributed to draft audit reports.
  • Collaborated with IT and business teams to gather information and clarify issues related to audit requirements.
  • Tools: Excel, JIRA, Audit Board

QA Analyst

Verizon Data Services India
06.2009 - 11.2012
  • Manual execution and review of test cases (Maintenance, CORE).
  • Authoring/Updating the test cases for the new functionalities.
  • Involved in Functional, GUI, System Integration, Regression, Smoke and Maintenance testing Path/circuits modules.
  • Worked on executing xml’s using SOAP UI testing Tool.
  • Checking the product interoperability with different building blocks.
  • Worked as POC for a group of 8 members from offshore.
  • Record and track issues logged into the defect-tracking system, CMIS.

IT Audit & Compliance Professional

Persistent System Limited
  • Assisted in reviewing IT operations controls including system monitoring, job scheduling, backup processes, and log review procedures.
  • Verified that scheduled jobs and critical system processes executed successfully and exceptions were properly documented.
  • Supported review of backup logs to ensure backups were completed on time and any failures were addressed by IT teams.
  • Helped test controls around system availability, uptime monitoring, and automated alerts.
  • Conducted sample testing to ensure IT operational tasks were completed in accordance with policy and within expected timeframes.
  • Documented test procedures, results, and exceptions in audit workpapers for senior review.
  • Ensured audit evidence was complete, accurate, and properly maintained in workpaper tools.
  • Identified simple control deviations and escalated them to supervisors for further evaluation.
  • Assisted with periodic reporting on audit progress and issue tracking.
  • Tools: Excel, Audit Board

TeamLead/Scrum Master

Persistent System Limited
  • Delivered Empower the team to make system and process improvements captured in sprint retrospective meetings.
  • Use key Scrum metrics (burndown, velocity) to help deliver committed work.
  • Managed sprint backlog items and tasks and all Scrum boards (physical or virtual).
  • Adherence to the overarching Test team strategy, process & test methodologies.
  • Requirements Review and Analysis, Effort Estimation, Test Planning, Random Testing, Testing Coordination, Defect Management, preparing executive level presentations(ppts) and report.
  • Record issues into a management tool system Jira and Agile Accelerator.
  • Tools: Jira and Agile Accelerator, Confluence, GitHub

Education

Board of Secondary Education
1999

Skills

  • Audit Methodology
  • Test of Design
  • Test of Effectiveness
  • Workpaper Preparation
  • Controls Testing
  • Access Management
  • Change Management
  • Incident Management
  • IT Operations Management
  • SOX 404
  • SOX
  • ITGC
  • IT General Controls
  • SOC1
  • SOC2
  • SOC3
  • User Provisioning Control
  • User De-provisioning Control
  • User Access Review
  • Password Settings
  • Background Job Management
  • Work paper Documentation
  • JIRA
  • Confluence
  • Excel

External Certifications

  • Certified in PSM 1 Professional Scrum Master I (PSMI), Scrum Org
  • ISQTB certified Professional QA
  • Certified Internal Auditor (CIA), In progress

Core Competencies

Test of Design, Test of Effectiveness, Workpaper Preparation, Controls Testing, Access Management, Change Management, Incident Management, IT Operations Management, SOX 404, SOX, ITGC, IT General Controls, SOC1, SOC2, SOC3, User Provisioning Control, User De-provisioning Control, User Access Review, Password Settings, Background Job Management, Work paper Documentation, JIRA, Confluence, Excel

Timeline

Lead Auditor

CBRE South Asia private Limited
09.2021 - 03.2023

Internal Auditor

Persistent System Limited
11.2012 - 09.2021

QA Analyst

Verizon Data Services India
06.2009 - 11.2012

IT Audit & Compliance Professional

Persistent System Limited

TeamLead/Scrum Master

Persistent System Limited

Board of Secondary Education

Similar Profiles

CREATE PROFILE
Harika Koppisetti