Services

Please find below a short recap of the subjects that I can help your company with. Below the table you will find more elaboration per topic.

Risk Management Services

When it comes to the three lines of defense model, I have experience in every layer of this model

1. Risk Management - first-line of defense

Key topics that I can cover are risk identification and assessment process for all types of risk, the design of a control framework, the testing of the control framework and the actual implementation of the control framework. Also after implementation I can facilitate proper periodical testing to ensure that the implemented controls are effectively mitigating the risks. Another topic that I think is often overlooked is the proper documentation and tracking method to document and track risks and controls. I have experience with different tool sets for this to be implemented (e.g., JIRA, Confluence, OneTrust).

2. Risk Management - second-line of defense

Key topics that I can cover are the design and implementation of risk related policies, procedures and governance. I can develop and implement the processes related to the risk management life cycle including the set-up of risk reporting. In addition to the set-up I can facilitate the review of the content (e.g., risk assessments, control designs, test evidence) to ensure an independent opinion on the current risk profile. Lastly, I can develop implement training & awareness processes and tool kits.

3. Internal Audit

Key topics that I can cover are the development of an Internal Audit planning in collaboration with leadership priorities and on a risk-based approach. I can plan audits, prepare and execute audits and report concise and clear audit findings to the leadership team. In addition, I can track audit findings up to completion and I can support any ad hoc events/incidents.

Business Process Management

In my role as auditor and risk manager within global transformation projects, I have learned an extensive amount on business process management. Every audit starts with identifying and discussing the business process and for every transformation project, you first identify the current processes before you define the desired state business processes to determine the gap that needs to be bridged.

The approach for the documentation and development of business processes that I like to take is organize workshops with all sorts of subject matter experts to ensure that in the end the business processes cover the end-to-end business scenarios. I have worked with several tools to document processes (e.g., MIRO, MAVIM, ARIS). I have knowledge of the Six Sigma and LEAN methodologies.

External Audits & Certifications

In my career I have facilitated and developed custom made internal control frameworks with the business to prepare for external certifications like ISAE 3402, SOC and ISO 9001/14001/27001. I prepared the planning, design, testing and documentation for both the type I and the type II certifications. I maintained regular contact with the certifying external accountant. Another example of a certification that I prepared was Carbon Footprint Reporting.

A big part of my job as internal auditor was to ensure that when we received an audit from our Group Auditor, the External Financial Auditor or a client audit, all documentation was properly prepared and all the right people were available for interviews. I facilitated the process of these audits from planning to the closing meetings.

Compliance Management

Compliance management is for a big part a component that is covered by the standard risk management process if the requirements from external regulations are included in the risk management cycle. However the big difference is that when it comes to formal regulations, like the GDPR, NIS2/DORA and DNB/ECB regulations, the approved risk appetite is normally lower and thus less risk can be accepted.

What I can facilitate, in addition to what is described in the risk management services section, is a gathering of specific regulatory requirements and ensure that these requirements are recognized and implemented by the business.

Project Management

I have led projects in the risk management area from the requirements gathering phase, to the selection of the technology, design of the tooling and the implementation of tooling.

In addition to this, I have integrated the risk governance with the project governance for global digital transformation programs. This means that I have knowledge of every step in the project management cycle, like the project roles, decision making committees, reporting, resource planning, and day-to-day project team steering. I am very familiar with Agile working and with the PRINCE2 methodology.

Accounting & Controlling

I started my career as an Accountant and from there I became an external auditor for the year end financial statements. This in combination with my master degree in Accounting & Control makes that I have extensive knowledge of accounting principles, processes and procedures.

In addition, I also developed a Financial Control Framework for a digital finance transformation in SAP. This means that also on the control side of Finance I have a very good understanding of the risks & controls.

Data Analysis

As Internal Auditor I have always promoted the usage of finding deviations via big data analysis then to just use a non-statistical sample. With data analysis you can identify irregularities (process mining) that you would never have found when taking a simple sample (black swan). For the analysis for data I am familiar with tool kits like MS Excel and Caseware IDEA.