IT Audit: Complex Challenges and Strategic Solutions

During my career, I have had the privilege of working in some of the most complex and challenging audit environments, where technology intersects with financial reporting, security, and compliance. At KPMG, LLP, I led IT financial audits for global financial institutions, where I performed deep dives into IT infrastructure and applications that directly impacted financial reporting. One significant challenge we encountered was with legacy financial systems that had not evolved with industry standards for data security and integrity. These systems presented significant risks in terms of data leakage and potential regulatory non-compliance. My team and I identified over $100 million in inefficiencies tied to outdated access control mechanisms and data segregation flaws in transaction reporting.

​

We addressed these issues by recommending the implementation of more secure and compliant systems, such as enforcing tighter role-based access controls (RBAC) and segregating duties within financial applications. This not only fortified the security infrastructure but also streamlined reporting accuracy, saving the organization millions in potential regulatory fines by improving compliance with SOX, PCI DSS, and internal governance frameworks.

​

In my role at Safra Bank, I was responsible for auditing a rapidly growing digital asset portfolio that posed significant risks related to cybersecurity, data integrity, and regulatory oversight. The cryptocurrency market is notoriously volatile and prone to security breaches, so ensuring secure transaction handling and safeguarding customer data were top priorities. During one of my audits, I identified significant vulnerabilities in the custody of digital assets, where key management systems lacked end-to-end encryption, leaving sensitive transactional data exposed during transfer and storage.

​

By leveraging my technical expertise, I recommended deploying a multi-signature wallet approach to mitigate security risks, along with encryption protocols that adhered to industry best practices. Additionally, I identified $30 million in inefficiencies related to transaction verification processes. This inefficiency stemmed from slow and error-prone reconciliation processes between crypto custodians and internal accounting systems. By automating the reconciliation process and integrating advanced cryptographic algorithms, I helped streamline operations, reduce manual errors, and increase the overall efficiency of the internal control environment.

​

At Highbridge Capital Management, I focused on auditing IT systems used for asset management, a sector requiring extremely high levels of data integrity and security. One of the complex issues we uncovered was related to trade execution platforms that were not fully integrated with the risk management system, failing to immediately detect discrepancies between trades executed and the corresponding risk exposure calculations. This gap not only exposed the firm to trading errors but also left them vulnerable to market fluctuations that were not accurately reflected in their risk models.

​

To address this, I worked closely with the IT department to implement an integrated real-time risk exposure monitoring tool. This tool was designed to instantly sync trade execution data with the risk management system, ensuring that discrepancies could be flagged and addressed before they resulted in significant financial impacts. This solution, which directly contributed to the firm’s ability to mitigate exposure, saved the company $75 million in potential losses and regulatory risk. Additionally, by automating the risk review process, we enhanced the speed and accuracy of reporting, making it easier for management to make timely decisions based on accurate data.

​

Through these experiences, I’ve seen firsthand the critical role of IT audit in today’s complex and high-stakes business environment. From addressing cybersecurity vulnerabilities in digital asset management to enhancing the accuracy of trade execution systems, my work has focused on identifying gaps in control frameworks and recommending targeted, technical solutions that drive measurable financial and operational improvements. IT audit is no longer just about ensuring compliance—it's about helping organizations stay ahead of emerging risks, optimize their technology stacks, and safeguard valuable financial data.