User:Stephen Scott

I am currently working as a Senior Information Risk & Compliance Consultant with Espion Group.

I previously worked as a Senior Auditor in IT Group Internal Audit team in AIB. I evaluated issues and advised the

appropriate response from precedence and practice. I have developed specialist expertise in supporting the

current and future control and direction of the business.

My role involved the following:

• Completion of Audit Definition Documents,

• Identification of key risks controls and development of audit test plans.

• Analysis/mapping of business processes through process flows to identify key controls and potential

design weaknesses.

• Document and provide relevant evidence to support audit findings

• Identify and communicate audit findings to senior management

• Discuss, challenge and gain agreement on identified issues

• Complete audit report documenting audit summary, identified issues with associated impacts and

management action plans for review by the Group Internal Auditor

• Develop and maintain positive relationships with clients

• Maintain knowledge of AIB policies, standards and organisational structure

• As part of the annual audit planning process complete risk assessments

• Maintain knowledge of Group Internal Audit’s audit methodology,

Prior to this I worked as a lead SOX auditor with Operational Risk & Assurance Services, 3 of which were as an

evaluator and as a Manage Data & Security process specialist. I incorporated many improvements to legacy

processes which made testing run smoother and avoid any deficiencies. I have had a large amount of experience

testing Windows, Oracle, SQL or UNIX environments. I am a qualified CISA since 2010. I am also a qualified ISO

20000 Auditor and Consultant and have led many internal audits within AIB's IT Service Management areas. One of my main roles in OR & AS was as

central Coordinator for Risk Management and Regulatory Compliance within the AIB IT Department. I

hosted/chaired the monthly Risk Management Committee and Regulatory Compliance meetings. My work