1. Bayo Omisore CISA, CRISC.
773-310-2645
Bayo.omisore@gmail.com PROFILE:
IT Auditor with over 13 years of technology audit, risk, security, assurance, compliance, governance and
project execution that aligns IT with business objectives.
Experience in business process documentation, risks and technology aligned reviews and assessment that
provides efficiency and effectiveness.
Project implementation experience including risk identification and pre/post implementation reviews.
Several implementations and reviews of SOX 404.
Industry experience includes Manufacturing, Insurance, Information Services, Moving and Relocation
Services, Utility services, Consumer Goods, High Tech and Pharmaceutical industries.
EDUCATION:
NIGERIAN LAW SCHOOL, Lagos, Nigeria. Barrister and Solicitor of The Supreme Court of Nigeria, October 1995.
OBAFEMI AWOLOWO UNIVERSITY, Ile-Ife, Nigeria. Bachelor at Law, April 1994.
EXPERIENCE
2009-February 2017 - Methode Electronics Inc., Harwood Heights IL. (Sr. IT Auditor)
Audit Lead responsible for managing the information system audit and advisory resource.
Execution and supervision all technology audits (applications and infrastructure), and the related
business processes. Identifying and evaluating risks within the risk management system covering
all the organization’s global business units in Europe, Asia, and North America.
Continuously Identify and evaluate IT and business risks and make recommendations
that support business objectives.
Plan and execute audit of operations and infrastructure
Plan and execute SOX 404 audits consistent with standards to achieve audit
objectives
Perform control and security reviews on the applications (CMS, Sage 100, Abra,
Cognos Shireburn) running business processes.
Review and test infrastructure controls and security on the AS400 and Windows
platforms
Document IT and business processes, application and general computer controls and
security.
Identify risks around access security, Change Management, and Business continuity
operations for both compliance and business objectives.
Test process and control designs and operating effectiveness, document results and
findings and monitor remediation of identified issues.
Conduct customer interviews; facilitate customer presentations and data gathering
sessions.
Provide guidance and mentoring to the internal audit team members on IT related
business issues.
Assess the organization’s adequacy of IT policies, strategies and controls
Promote innovative practices for conducting integrated audits and document IT risks
through the implementation and use of automated analytics.
Provide assurance relative to system development projects.
2. Identify and research significant auditing and internal control issues, provide clear
documentation and analysis of conclusions reached and make recommendations for
fixes and improvements
Evaluate complex business and technology risks, and related opportunities for
improving automated controls.
Manage the IT SOX 404 efforts with external auditors to maximize audit efficiency and
minimize regulatory compliance expenditure.
2004 – 2009 IT Audit Consultant:
CNA Insurance, Chicago IL
Lansing Board of Water and Light, Lansing, MI
SIRVA Inc. – Westmont, IL.
Sara Lee corp. – Chicago IL.
Ceridian Corp, - Atlanta GA
Diebold, Canton, Ohio
Memphis Light, Gas and Water, Memphis, TN
Worked with senior client management to determine the scope of engagements, develop
audit programs, and execute audit.
Documentand review IT and business processes,thealigned application and infrastructure,
to identify risks, controls and security in place, and identify gaps needing recommendations.
Review and evaluate infrastructure security compliance that safeguards organizational
critical assets.
Perform testing of the infrastructure environment controls that assures safeguard of
information processing, storage, and transmission.
Review IT security policies and standards that addresses system currency, servicedelivery,
business continuity and system development.
Document, evaluate, and test business process controls that assures data integrity,
business efficiency and safeguards against fraud.
Determine the risk profile and assess acceptable risk levels within the organizational
objectives in scope.
Test application controls and security (SAP, Oracle, JD Edwards, PeopleSoft, CMS, etc)
that addresses access security, programming, data transmission, input, output, and
processing objectives.
Utilize best practices in frameworks such as COBIT, ITIL, CMM, and ISO to defined
standards and requirements for the achievement of audit and key IT/business objectives.
Perform Walkthroughs of IT and business processes to evaluate process and controls
design, gaps and risks that impacts financial reporting for SOX 404 compliance.
Performed testing that determine the effectiveness of access security,segregation of duties,
configuration management, change management, disaster recovery, processing integrity,
etc.
Performed SAS70 audit that achieves the security and controls requirements for a service
organization.
As a key of system development project, evaluate adequacy of procedures, identify project
risks, review project process compliance and project deliverables that ensures overall
project success.
Liaise with IT and business management on issues remediation, process and control
improvements
Develop a scorecard based continuous assessment program for IT processes controls and
security that enables pro-active identification, tracking and evaluation of business related
IT issues to identify areas of deficiencies.
Utilize Bizright and Compliance Calibrator to perform segregation of duties review in Sales,
Purchasing, Inventory and Payroll processes to identify incompatible security permissions
that permits the potential for fraud
3. Using automated tools (Foundstone, Bindview, Qualysguard, etc.) identified infrastructure
security vulnerabilities and followed up on corrective actions that mitigates the risks.
Worked with management and process owners to improve processes, procedures, controls
and security.
Facilitated and led the implementation of the COBIT framework for the improvement of the
IT processes and audit procedures.