1. Sarbanes-Oxley Compliance and Internal Audit Write-up for David Wange, CPA
Experience:
1. At Goldman Sachs, an engagement in which I was working as the interim VP/Controller for a hospitality real estate
portfolio of 126 hotels (Grace Acquisition 1) valued at approximately $1.8 billion, I was tasked with re-working and
building-up the Sarbanes-Oxley (SOX) compliance requirements to meet compliance requirements in-line with the
updated 2013 COSO requirements (e.g. 17 principles of effective internal control), as well as providing the framework
for a second hospitality real estate portfolio of 224 hotels (CNL-Fargo) valued at approximately $3 billion. In addition, I
created the Risk and Controls Matrices (RACM) for both portfolios, developed the controls tests for each, led the
controls testing and mitigation for the Grace Acquisition 1 portfolio (there were 5 other CPA professionals that I
managed at various times on this project), and worked directly with the audit firm, EY, as the liaison. In addition to
successfully meeting the new 2013 compliance requirements, the reworking and streamlining the RACM and key 404
controls testing created effective and efficient functionality, as well as improved economics of roughly $100K for the
portfolio.
2. At Lo-jack SCI I was the Divisional CFO and Corporate Controller, where the parent company of Lo-jack SCI is a
publicly traded company. In this role, I worked with the Corporate Controller and Director of Internal Audit for Lo-jack
Inc. regarding SOX compliance for our division, identified and defined key controls, documented process controls and
related cycles, drafted process workflows and conducted 404 testing of process controls associated with the division.
3. At both Earthworks Entertainment and DealerAdvance, I was the CFO and Corporate Controller, where both
companies were publicly traded firms, each owned by separate hedge fund companies but each managed through the
same management company, and required to be SOX compliant. Each company was separate and distinct entities
with no common association, except that both were managed by the same team of individuals. As neither of the two
firms had ever previously met the requirements for SOX compliance, I created, built and managed all aspects of SOX
compliance, created the RACM for each, developed the 404 controls testing, conducted the controls testing and
mitigation for each company, and worked directly with the respective audit firms as the liaison. For both Earthworks
Entertainment and DealerAdvance, I also drafted and signed the 302 requirements, as CFO for each firm.
4. At Michaels I was the effective Director of Internal Audit and SOX Compliance for the firm during my tenure there, in
which the company was migrating away from Deloitte, to whom they had outsourced their Internal Audit and SOX
Compliance functions, and to bring these functions back internally to the firm. While in this role I was able to reduce
down the unworkable number of key and non-key controls matrix by 77% to manageable and compliant COSO Risk
Assessment Control Matrix. In addition, I documented all process controls and cycles, drafted process workflows, led
404 testing of process controls identified associated with the company, and managed all staff permanently or
temporarily assigned to this corporate department. Also, when the company reorganized itself from a public to a
private entity, I helped to rework the Internal Audit and Controls function to adjust to this entity change, and to account
for the fact that it still maintained certain public debt issues, and the intention of reverting back to a public entity
sometime in the relative, though undisclosed or otherwise unknown (at that time) future.
5. At First Southwest Company (now a part of Plains Capital Bank), I was engaged by Weaver, a regional public
accounting firm, to help create and initiate operation of an Internal Audit and Controls Department within the client
company, and to provide them with the direction and management, using the resources available through Weaver, to
become SOX compliant. In this regard, I was lead manager on a team of 2 to 10 CPAs, varying in size throughout the
engagement, of Weaver employees, to create and provide outsourced Internal Audit and SOX compliance functions
for First Southwest Company. In this role, I helped in the creation of the RACM, managed and contributed to the
documentation of all process controls and cycles, led and helped draft process workflows, led 404 testing of process
controls identified associated with the company, and managed all staff permanently or temporarily assigned to this
engagement. In addition, I was the liaison between almost all management and executive elements in the company
and my team, as well as with the audit firm, KPMG.