[var] => content
[type] => preview
[var] => cut_url
|PERSONAL DETAILS |
|Full Name: |Khairudin P. |
|IC number: | |
|Age: | years old |
|Date of birth: |th July |
|Gender: |Male |
|Marital status: |Married son |
|Nationality: |Malaysian |
|Height/Weight: |cm / kg |
|Correspondence Address: |No , Jalan BPP / |
| |Bandar Putra Permai, |
| |Seri Kembangan, Selangor Malaysia |
|Home No: |+ |
|Mobile No: |+ / + |
|Work email address: | |
|Personal email address: | |
A Certified Information System Auditor CISA with years of experience in Big
accounting firm and years of experience in Internal IT Auditing for global energy
company and financial institution. Skills and experience in the following areas:
• IT General Controls ITGC Review
• Business Process Controls Review
• Sarbane Oxley SOX audit testing and Application Embedded Controls in SAP R/, SUN
and Oracle Applications.
• SAP R/ Security and Controls Review Basis, SD, MM, FI, PS modules
• Infrastructure Review Operating Systems, Databases, Network, etc
• IT Governance and Outsourcing Review
• IT Disaster Recovery Plan and Business Continuity Plan Review
• Information Security Policies and Standards ISO / BS
An experienced consultant in the areas of SAP implementation security/basis, Oracle
Application implementation security and network security consulting system
penetration testing, vulnerability assessments, x security surveillance and IT
infrastructure security. Relevant consulting experiences include:
• Implemented SAP security/basis modules for Jaya Tiasa Holding based in East Malaysia
• Oracle Application security design and implementation for Netcel business process
outsourcing – now known as VSource Inc.
• System penetration testing of IT infrastructure and internet banking for RHB
Securities, Maybank, Malaysia Airlines System Berhad, SBB Mutual Berhad, RHB
Bank Berhad, Affin Bank Berhad, Manulife, Bank Negara, Maxis Internet Service
Provider, Pharmaniaga, MISC Berhad and Sime Darby Berhad.
|WORK EXPERIENCE |
. Senior IT Auditor Lead Auditor
Shell Internal Audit – IAT
As a Senior IT Auditor, I am responsible for leading IT audit engagements and
managing a team of internal auditors and external consultants e.g. Deloitte to deliver
the audit scopes defined in the Terms of Reference. I have been involved in a number
of IT audits, financial audits and business specific IT audits e.g. Exploration &
Productions, Gas & Power and Downstream.
Selected engagements for the various types of audits include the following:
a. IT audits
. Lead Auditor for SAP upgrade project audit for Exploration & Productions
business, i.e. upgrading from version .c to ECC SAP Netweaver. The audit
reviewed the project delivery framework and controls that ensure successful
project delivery that meets business objectives.
. Lead Auditor for Qatar Shell GasToLiquid QSGTL IT Operational Readiness
audit, i.e. review of readiness of IT operations to support QSGTL business/GTL
operations. The audit reviewed the IT service management processes e.g.
incident, change, configuration, service level, error handling, etc, IT resourcing,
application portfolio management, IT governance, IT security and IT operations to
support IT infrastructure.
. Lead Auditor for IT Infrastructure Sourcing Program ISP Governance audit. The
audit reviewed how Shell IT managing the multisourcing arrangements where
significant of IT infrastructure and services have been outsourced to third party
Suppliers, such as AT&T Managed Network Services, EDS End User
Computing – Desktop, Email and TSystems Application and Database Hosting.
. Lead Auditor for ISP Transformation Audit. As part of the multisourcing
arrangements, Suppliers are obligated to transform internal processes for better
efficiency and future enhancement. The audit reviewed the controls over project
management, governance and interdependencies to existing projects and other
. Lead Auditor for Exploration & Production EndtoEnd IT General Control’s audit.
The audit reviewed the controls over change management, user account
management, backup & recovery and problem & incident management. The
scope includes a number of global SAP systems, Oracle Applications, SUN,
SIGMA, ATLAS and Hydrocarbon & Well management systems.
. Lead Auditor for EP SUN Yellowprint Post Implementation Review and IT General
Controls audit. The audit reviewed the project management controls and ITGC
processes. SUN Yellowprint is a global application system use by large number of
small EP entities in Europe, Middle East and Russia for financial
. Lead Auditor for Gas & Power Process Control Domain PCD Security audit. The
audit reviewed the information security protections for PCD systems, Office
Domain systems, antivirus management, patch management, firewall and routers
configurations, etc. The G&P entities audited include Hazira LNG India, Qatar
Shell GastoLiquid QSGTL and SMDS Bintulu, Malaysia.
. Auditor for Application System Review Global Icebox – Distribution system,
Payment Card Industry PCI standard audit, Downstream IT General Controls
audit, EP IT General Controls audit, IT Service Delivery to Projects, EndtoEnd
Offer to Cash Process Design, Touchless Customer Interface Application and
Energy Components – ITGC, Embedding and Support functions.
. Auditor for SAP Embedding in Capital Project Audits in EPA. The audit reviewed
the embedding of SAP R/ PS module and processes in the existing capital
projects in Upstream business.
b. Financial audits
. Performed IT audit support role in the financial audits. IT scopes include testing
Application Embedded Controls AEC for Financial Close process, Purchase &
Payables, Requisition to Pay, Inventory Management, Segregation of Duties,
User Access Review and specific IT General Controls such as change
management, IT DRP and user account management.
. Shell entities audited include DS Philippines, DS China, DS Australia, DS
Malaysia, DS Singapore, DS New Zealand, DS Germany, EP Malaysia, EP China,
EP Philippines, EP Middle East and GP Germany.
c. Business audits
. Performed IT audit support role in the business audits such as Lubricant Malaysia
Country Review and Lubricants UK Country Review. The audit reviewed the
controls for Streamline processes Lubricant Supply Chain, systems and IT
dependent controls for GSAP system.
Acting Regional IT Audit Coordinator – , I was also responsible for
managing the interface between Global IT Audit based in The Hague with Regional
Business Audit Managers in the East region based in Kuala Lumpur. I was
responsible for managing a team of IT auditors based in KL, conducted regular
engagements with Head of Audit East, coordinated external IT resources from
Deloitte for IT audit supports in the East region and ensured quality of IT audit
deliverables by the Deloitte auditors.
. Senior Manager, System and Process Assurance SPA
Jan – March
As a Senior Manager specialising in IT audit review, system and process assurance
and technical/network security review, I was responsible for leading the SPAEUMI
Energy, Utilities, Mining & Information group within SPA and managing a number of
IT audit portfolios and security & controls consulting. The group consisted of other
senior manager, managers, senior associates and associates.
Selected audit assignments and consulting projects include:
. Audit Manager for IT audit engagements for a number of leading companies in
Malaysia including Telekom Group Celcom, TM and TM Net, Maxis, Astro, DHL
IT Shared Service Centre, Diethelm Holdings, Star Cruises Plc, Proton Group,
Malaysia Mining Corporation MMC, Sime Darby Group Tractors, Sime UEP,
Consplant, Motor Group, Sime Engineering Group, Shell, Mesiniaga, SAJH,
Manulife, Affin Group Affin Bank, Affin Merchant, Affin Securities, RHB Group
RHB Bank, RHB Insurance, RHB Securities, Barcode Sato, JVC Electronics,