While traditional IT auditors verify that controls exist, I verify that controls actually work. With over a decade of experience including engagements at Big 4 firms like PwC and BDO, I combine audit expertise with advanced ethical hacking capabilities to deliver security-first IT risk assessments for both organizations and their auditors.
As a former ACCA-qualified professional with specialized IT security training, I develop custom Python exploitation tools to identify critical vulnerabilities in systems that documentation reviews miss. This approach quantifies actual exposure, not theoretical compliance gaps.
Whether you're facing regulatory scrutiny or want to proactively secure your IT environment, my methodology provides irrefutable validation—not just attestation. For organizations and audit firms that need more than checkbox compliance, I deliver technical certainty backed by real-world experience.
Beyond compliance - authorized security validation:
Verify controls with authorized testing:
Comprehensive evidence for auditors:
Extending beyond ISA 315/PCAOB AS 2110 requirements:
# Mapping financial systems for audit risk
$ python3 threat_mapping.py --client financecorp
[+] Documenting financial systems landscape
[+] Identifying control weaknesses in IT governance
[+] Mapping potential impact to financial reporting
Ethical validation of control effectiveness:
# Testing control implementation
$ python3 control_validation.py --system erp --safe
[!] Access restriction implementation gaps found
[!] Password policy not properly enforced
[!] Documenting financial statement impact...
Mapping security findings to financial risks:
# Assessing risks to financial reporting
$ python3 map_financial_impact.py --framework ISA
[!] Access weakness impacts revenue integrity
[!] Change control gaps enable potential errors
[!] Quantifying financial exposure by assertion...
Translating security findings into audit strategy:
# Security-Driven Risk Assessment
## Impact on Audit Strategy
* Verified vulnerabilities in: Access controls
* Estimated risk exposure: €2.4M in revenue
* Suggested procedures: Extended substantive testing
* ISA reference: 315.21, PCAOB AS 2110.18
One-time assessment with actionable insights:
Comprehensive control validation package:
Ongoing support for audit teams:
All engagements strictly adhere to legal and authorized security testing practices. Services are designed to demonstrate control effectiveness through advanced technical validation while respecting all legal boundaries. All testing is performed with proper client authorization and within defined scope parameters.
Authorized security testing for regional firm:
Authorized validation of ERP controls:
Technical validation for public company audit:
Custom Python-based assessment platform: