KARTIK PANDEY
GURGAON
Summary
Kartik is a Consultant at KPMG Assurance and Consulting with over 4.5 years of experience in delivering diverse engagements across various industries. Expertise includes IT general controls, ICOFR assessments, and comprehensive audits of IT/OT systems, utilizing frameworks such as NIST-800 82R3 and ISO27001.
He demonstrates strong communication skills and a commitment to producing high-quality work while effectively collaborating with global teams. He aims to leverage extensive auditing experience to drive improvements in risk management and operational efficiency.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Consultant
KPMG Assurance & Consulting
Gurgaon
10.2023 - Current
- ITGC / IT Audits/ IcoFR Assessment/ SAP ITGC:
- Conducted reviews in the IT General Controls (ITGC) domain, focusing on access management, change management, incident management, backup and restoration, and physical/environmental security across various industries.
- Independently performed multiple process walkthroughs and meetings with control owners to understand and test the Internal Control framework and overall IT environment.
- Executed comprehensive internal ITGC audits for systems like SAP and custom applications, including walkthroughs with application owners, circulating Information Data Requests (IDRs), formulating Risk Control Matrices (RCMs), control testing, and reporting.
- Actively engaged in client discussions, providing solutions for various issues within the client's IT control environment.
- Led cross-functional teams in conducting regular security assessments and implementing corrective measures to enhance the SAP landscape.
- Experienced in validating IT application controls for SAP S4 HANA, specifically in procure-to-pay and supply chain management processes.
- Hands-on experience with various applications, including SAP Business One, SAP ECC, and SAP S/4 HANA.
- Reviewed user access for critical SAP T-codes (e.g., SE01, PFCG, SM31, SM01) and sensitive profiles (e.g., SAP_ALL, SAP_NEW, S_SYSTEM, S_DEVELOP).
- Conducted testing of IT General Controls and application controls, focusing on design and operating effectiveness.
- Conducted a comprehensive risk assessment, identifying key operational, financial, and compliance risks.
- Developed and implemented customized risk mitigation strategies, achieving a reduction in identified risks, and enhancing organizational resilience.
- Conducted ITGC assessments for Internal Controls over Financial Reporting (ICOFR), ensuring the reliability and integrity of financial reporting processes.
- Ensured continuous monitoring and compliance with ITGC standards and best practices, contributing to the overall security and efficiency of IT operations.
- Operation Technology (OT) Audits:
- Independently conducted an Operational Technology (OT) audit for a manufacturing client, with adherence to NIST SP-800 82R3 and ISA99/IEC62443 standards at four on-site factory locations, i.e. Brazil, Poland, Sweden and France .
- Identified gaps on the basis of NIST domains, i.e. Governance, Identify, Protect, Detect, Respond, and Recover, focusing on OT Governance, Network Security, Firewall management, Servers, Backup and Restoration, BCP/DR, PLC (Programmable Logic Controllers), SCADA server reviews, Physical security reviews, etc.
- Prepared test of design (ToD) and test of effectiveness (ToE) workpapers for the OT audit, respectively, and prepared the audit report for the audit committee and senior management.
- Lead the exit meeting, discussing the potential gaps within the OT framework with the senior management.
- Felicitated by the client as well as the KPMG team for the successful completion of the OT audits.
- Business Process Reviews (P2P):
- Performed detailed audits of the Procure-to-Pay cycle to ensure compliance with internal controls and regulatory requirements.
- Assessed the efficiency and effectiveness of procurement and payment processes, identifying areas for improvement and optimization.
- Executed tests of controls to verify their effectiveness in mitigating risks associated with the P2P process, including purchase orders, goods receipts, and invoice processing.
- Identified and documented control gaps and weaknesses, providing actionable recommendations to enhance the control environment.
- Prepared comprehensive audit reports detailing findings, risks, and recommendations, and communicated results to management and stakeholders.
- Worked closely with procurement, finance, and IT teams to understand business processes, address control deficiencies, and implement corrective actions.
- Ensured ongoing compliance with internal policies and external regulations, contributing to the overall integrity and reliability of the P2P process.
Assistant Manager
Deloitte Touche Tohmatsu India LLP
Gurgaon
08.2021 - 10.2023
- IT Audit & Reviews:
- Conducted reviews for ITGC domain including access management reviews, change management reviews, incident management reviews, backup and restoration, physical and environment security for organizations across various industries.
- Knowledge of design and operational effectiveness testing and formulate observations / key findings
- Performed monthly review for user access management domain of
- 5 SOX applications to validate user access provisioning and deprovisioning is being carried out as per the SOPs defined by the organization.
- Identified high- and low-risk observations, and accordingly prepared testing workpapers for various SOX applications to discuss compliance status with the CISO in the monthly compliance review calls.
- Performed change management review by validating the normal and emergency change requests raised monthly and validated testing signoff dates and evidence, design and build documented evidence, SOD conflicts and prepared workpaper thereof for status discussion with the CM process owner.
- Performed infra controls review i.e., patch management and RTP and VA scans, validate their compliance and prepared reports.
- Performed eight annual SOX application process document reviews, and updated the processes and procedures with proper approvals and documentation.
- Performed information security policies review as per NIST-800- 171 framework for around 110 NIST controls and prepared the compliance position for the existing information security policies and report discussion with CISO.
- Performed information security policies review as per US foreign ITAR policies and validated the compliance position as per ITAR compliance.
- Conducted end to end internal ITGC Audit for various system like SAP and various custom applications for various clients which includes walkthroughs with application owners for understanding As-is process, circulate IDR, formulate RCMs, control testing and the reporting activities.
- Prepared RCMs (including applicable risk, impact, and controls) for IT general controls based on process walkthroughs, defined IT controls, leading industry practices.
- Tested the accuracy for the evidence/snapshots shared as per IDR/ADR and responsible for drafting audit report followed by taking management response for each gaps/observation.
- Reviewed the user accesses provided for critical SAP T-codes such as SE01, PFCG, SM31, SM01, RZ10 and critical/sensitive profiles related like SAP_ALL, SAP_NEW, S_A. SYSTEM, S_A. DEVELOP etc.
- Conducted and facilitated end to end ISO 27001 internal audits for various clients and prepared SOA for client specific requirements.
- Prepared Audit Checklist specific to ISO27001:2022 framework after discussing with the clients.
- Prepared risk register, risk assessment and RTP for the risks identified.
Deputy Manager
HDFC Bank Ltd.
Gurgaon
08.2020 - 08.2021
- Internal Audit PMO:
- Assisted as a SPOC and was responsible for conducting walkthrough sessions, documenting minutes of the meeting, and sharing the evidence with the audit team as per the initial data requests.
- Responsible for collecting management responses from audit leads and sharing them with internal audit partners. • Assisted in the user access review performed bi-yearly for applications like Oracle Flexcube, SAP HRMS, etc.
- Assisted in user access review performed bi-yearly for the
applications like Oracle Flex cube, SAP HRMS etc.
Education
MBA - Information Technology
ICFAI Business School Mumbai
Mumbai03-2020
B.Com (Hons.) - Accounts & Finance
University of Lucknow
Lucknow06-2018
Skills
- SAP ITGC
- ITGC
- IT Audit
- Operational Technology (OT) Audit
- IT SoP Documentation and Review
- NIST SP-800 82R3
- ISA99/IEC62443
- SOX Reviews
Certification
- Certified Information Systems Auditor (CISA)
- ISO27001:2022 Lead Auditor
Accomplishments
- KPMG Above and Beyond Award
- KPMG Spot Award
Country-Wise Client Experience (On-Site):
- Brazil
- Sweden
- Poland
- France
Languages
Hindi
First Language
English
Proficient (C2)
C2
Timeline
Consultant
KPMG Assurance & Consulting
10.2023 - Current
Assistant Manager
Deloitte Touche Tohmatsu India LLP
08.2021 - 10.2023
Deputy Manager
HDFC Bank Ltd.
08.2020 - 08.2021
MBA - Information Technology
ICFAI Business School Mumbai
B.Com (Hons.) - Accounts & Finance
University of Lucknow
Similar Profiles
Hariharan RHariharan R
Associate Consultant at KPMG Assurance & Consulting Services LLPAssociate Consultant at KPMG Assurance & Consulting Services LLP
Meenaz AnsariMeenaz Ansari
Assistant Manager at KPMG Assurance & Consulting Global India Pvt LtdAssistant Manager at KPMG Assurance & Consulting Global India Pvt Ltd
Sourav Kumar PattnaikSourav Kumar Pattnaik
Project Management Consultant at KPMG Assurance & Consulting Services LLPProject Management Consultant at KPMG Assurance & Consulting Services LLP