Kartikey Tiwari
IT Audit
New Delhi
Summary
Senior IT SOX and IT Audit professional with extensive experience in Big 4 environments, specializing in the support and enhancement of IT SOX 404 compliance programs. Proven ability to lead comprehensive IT control walk throughs, conduct rigorous design and operating effectiveness testing, and identify critical issues while ensuring effective remediation and validation processes. Expertise includes a strong command of IT General Controls (ITGCs), IT Application Controls (ITACs), and audit documentation, with a focus on quality assurance aligned with COSO, COBIT, NIST, and ISO 27001 frameworks. Committed to delivering insightful executive reporting that drives strategic decision-making and compliance excellence.
Overview
4
4
years of professional experience
2023
2023
years of post-secondary education
1
1
Certification
Work History
Consultant
EY Assurance LLP
Gurugram
08.2024 - Current
- Lead and schedule IT SOX control walk throughs for global banks, investment banking, and financial services clients, gaining an end-to-end understanding of business processes, IT applications, and underlying infrastructure. Executed and reviewed role and access reviews across critical applications as part of ITGC for global and regulated entities.
- Conducted ITGC remediation testing, validating design adequacy and operating effectiveness, performed substantive testing where control gaps existed, and executed IT infrastructure testing (servers, databases, operating systems, and interface controls) across complex enterprise environments to support audit reliance and formal deficiency closure. Assessed controls across the Software Development Life Cycle (SDLC), covering change management, approvals, testing, and deployment.
- Performed and reviewed migration testing for system upgrades and implementations, ensuring data completeness, accuracy, and integrity for cloud migration.
- Performed IT Application Controls (ITAC) and Information Produced by the Entity (IPE) testing for global clients, including detailed application-level testing of reconciliations, automated calculations, data validations, and upstream/downstream feed transfers, supported by code review and configuration analysis.
- Owned the quality, accuracy, and completeness of SOX documentation, ensuring alignment with audit methodology, regulatory expectations, and a defensible audit trail. Awarded the EY Client Extraordinaire Award for delivering high-quality IT SOX audit outcomes on a global engagement.
Associate Consultant
EY Assurance LLP
Gurugram
08.2023 - 07.2024
- Executed IT SOX audits for Registrar & Transfer Agent (R&TA), and mutual fund clients, covering ITGCs, ITACs, and SOX 404 requirements.
- Performed SOC 1 Type I and Type II analyses for leading R&TA and financial services organizations, evaluating control design, operating effectiveness, and complementary user entity controls (CUECs).
- Tested IT application controls and IPE for mutual funds from the R&TA perspective.
- Conducted Information Produced by the Entity (IPE) validation to ensure the completeness and accuracy of SOX reliance reports.
Senior Analyst
EY India LLP
Gurugram
07.2022 - 07.2023
- Performed IT audits and statutory audits, covering access management, change management, and IT operations controls.
- Supported information security audits aligned with ISO 27001, contributing to risk assessments, and control evaluations.
Education
Bachelor of Technology - Electronics & Communication
Jaypee Institute of Information Technology
Noida Sector 62 Uttar Pradesh08.2022
Skills
Skills
IT SOX Compliance
IT General Controls (ITGCs)
IT Automated Controls (ITACs)
SOC 1 Type I & II Reviews
IPE Validation
Time management
Problem-solving
Client relationships
MS office
Accomplishments
- Supervised team of five staff members.
- Achieved by completing with accuracy and efficiency.
Certification
ISO/IEC 27001:2022
Timeline
Consultant
EY Assurance LLP
08.2024 - Current
Associate Consultant
EY Assurance LLP
08.2023 - 07.2024
Senior Analyst
EY India LLP
07.2022 - 07.2023
Bachelor of Technology - Electronics & Communication
Jaypee Institute of Information Technology