Continuous improvement for small businesses - software-as-a-service
JohanCVJuly2015
1. Johan van Zyl 1 08/04/15
CURRICULUM VITAE: Johan van Zyl
A. GENERAL INFORMATION
Physical address 15 Lightning Shot, Mooikloof 0059
Postal address P.O. Box 92154, Mooikloof,0059
Work tel. no (012) 671 8914
Work fax no. (012) 671 8180
Home no. (012) 996 0128
Cell phone no. 083 326 7767
B. PERSONAL DETAIL
Full name Johan
Surname van Zyl
Nationality South African Citizen
Home language Afrikaans
Other languages English
C. ACADEMIC QUALIFICATIONS
Pretoria Technicon 1987 – 1992
1987 – 1992: Nas. Dipl.
Computer Data Processing
Major subjects: Computer Business Programming, Information Systems
D. OTHER QUALIFICATIONS
Professional Qualifications
1996: ISACA
2004: ITIL Foundation
2005: ITIL Configuration, Release and Change Management
2005: Management
Development Program
GIBS
2009: Senior Leadership
Development Program
USB. Winner: Group project assignment
Other Qualifications/Courses
1994 to 1996 Various IT Audit courses at CBS Training: Auditing Networks, Auditing MVS and
Auditing AS400
1997 to 1998 Various IT courses at ABSA Training: Control Self Assessment, Auditing Y2K,
1998 to 2004 Auditing MVS; Introduction to MQ, Introduction to DB2
2006 ITIL: Service Deliver and Operations Manager course.
2. Johan van Zyl 2 08/04/15
E. PREVIOUS EXPERIENCE (most recent position first)
MMI Group
Physical address Momentum, 268 West Avenue, Centurion
MMI: IT Audit Specialist – 01 March 2013 to present.
Work force: 1 CAE, 1X Head of Audit: IT,1 X IT Audit Manager, 7 X IT Auditors.
Support: 7 Heads of Audit and 5 audit managers and 3 audit specialists
Customer base:
Momentum Retail,Momentum Employer Benefits,MMI Balance SheetManagement, Group Support
Services, Momentum Investments,MMSA Health,Metropolitan Retail,Metropolitan International and
I&O (Information Technology and Operations).
Duties
Main duties 1. Identify high risk areas, plan and scope audits – continuously
2. Apply sound IT audit methodology – including integrated audit approach
3. Ensure compliance with MMI GIA methodology and working papers, including audit execution
4. Develop and provide input in respectof new procedures or system
5. Customer relationship with IT Heads and Business Executives (C-level)
6. Research new trends in IT and emerging risks
7. Feedback to CAE and Heads ofAudit on strategic initiatives within customer base
Identify high risk areas,
plan and scope audits
Once a year a high level overall planning for the next financial year audits are planned. Input
provided for IT related audits to be executed.
The plan is continuouslymonitored for changes – risk and customer request. Updated quarterly.
Individual audits area assigned to the best potential resource available from team.
Confirm audit scope and timing with business management.
Manage deviations from the plan and scope of the audit.
Apply sound IT audit
methodology –
including integrated
audit approach
Requires understanding of business environment to determine best audit approach.
This may require that methodology/approach be adapted to the specific requirement of the
business.
The usage of integrated audits for the specific environment is investigated and identified.
Indentify and use of acceptable audit frameworks that support the audit methodology.
Develop and maintain audit methodology in alignment with best practices.
Ensure compliance
with MMI GIA
methodology and
working papers,
including audit
execution
Ensure that MMI GIA methodologies are used.
Use Teammate as audit tool for the planning and execution of planned audits.
Ensure that audit working papers are used.
Ensure that auditwork is done according to MMI GIA standards and thatwork performed can be
relied upon by external audit.
Perform audits at strategic level to ensure that overall functions can be relied on during the
execution of detailed audits – used as guidance for other audits.
Develop and provide
input in respect of new
procedures or system.
Provide Audit management team and auditors overview of the usage of different IT audit
disciplines on audits.
Identify new development methodologies used in Momentum and develop audit programs
accordingly.
Identify areas of improvement on audits and implement relevant improvement.
Provide support for integrated audits performed.
Customer relationship Manage relationship with the different IT managers within Customer base.
3. Johan van Zyl 3 08/04/15
with IT Heads and
business executives
Manage and maintain relationship with ITRisk manager for MMI.
Obtain and review strategic and operational plans to identify relevant information required for
the Audit universe used during the auditplanning process.
Attended the risk and auditforms to discuss ITrelated risks and/or concerns.
Research new trends
in IT
Perform research on new trends on IT and the impact on MMI I&O environment.
Provide support and training the technical audit teams for the identification of risk and audit
programs.
Provide feedback at IT Steercoms regarding risks and related matters on the new trends.
Attended the risk and audit forms to discuss IT related risks and/or concerns , including
emerging risks.
Assist the IT Risk Manager and IT Governance manager with risk identification and
management, including the drafting of relevant policies.
Attend related IT forums,seminars and workshops to stayinformed on topics of interestin the
current IT domain,including GRC.
Feedback to CAE and
Heads of Audit on
strategic initiatives
within customer base
Identify new strategy initiatives within the business units and provide feedback to CAE and
Heads ofAudit.
Identify potential impacts on the audit plan and make recommendations on changes.
Assistwith the alignmentofAudit departmentto the new strategy.
Identify risk areas that may require focus form audit.
Feedback on the various IT forums,seminars and workshops attended for better understanding
of the direction of the IT.
FirstRand/MMI
Group
01 September 2009 to 30 June 2013 (Momentum unbundled from FirstRand to form MMI
Group with Metropolitan)
Physical address Momentum, 268 West Avenue, Centurion
Manager: IT Audit .
Work force: 1 CAE, 2 X ACR Auditors, 1 X PM Auditors and 1 X CAATS auditors.
Support: 3 X Audit managers and 10 X auditors (Business/Financial auditors)
Customer base:
Momentum Retail,Momentum Employer Benefits,MMI Balance SheetManagement, Group Support
Services excluding HR, MMI IT North.
Duties
Main duties 8. Identify high risk areas, plan and scope audits – continuously
9. Apply sound IT audit methodology – including integrated audit approach
10. Ensure compliance with MMI GIA methodology and working papers
11. Develop and provide input in respectof new procedures or system
12. Customer relationship with IT managers
13. Research new trend in IT
4. Johan van Zyl 4 08/04/15
Identify high risk areas,
plan and scope audits
Once a year a high level overall planning for the next financial year audits are planned. Input
provided for IT related audits to be executed.
The plan is continuouslymonitored for changes – risk and customer request. Updated quarterly.
Individual audits area assigned to the best potential resource available from team.
Confirm audit scope and timing with business management.
Manage deviations from the plan and scope of the audit.
Apply sound IT audit
methodology –
including integrated
audit approach
Requires understanding of business environment to determine best audit approach.
This may require that methodology/approach be adapted to the specific requirement of the
business.
The usage of integrated audits for the specific environment is investigated and identified.
Indentify and use of acceptable audit frameworks that support the audit methodology.
Develop and maintain audit methodology in alignment with best practices.
Ensure compliance
with FRGIA
methodology and
working papers
Ensure that MMI GIA methodologies are used.
Use Teammate as audit tool for the planning and execution of planned audits.
Ensure that audit working papers are used.
Ensure that auditwork is done according to MMI GIA standards and thatwork performed can be
relied upon by external audit.
Develop and provide
input in respect of new
procedures or system.
Provide Audit management team and auditors overview of the usage of different IT audit
disciplines on audits.
Identify new development methodologies used in Momentum and develop audit programs
accordingly.
Identify areas of improvement on audits and implement relevant improvement.
Provide support for integrated audits performed.
Customer relationship
with IT managers
Manage relationship with the different IT managers within Customer base.
Manage and maintain relationship with ITRisk manager for MMI.
Obtain and review strategic and operational plans to identify relevant information required for
the Audit universe used during the auditplanning process.
Attended the risk and auditforms to discuss ITrelated risks and/or concerns.
FirstRand Internal
Audit: Momentum:
ACR Auditor – 01 October 2007 to 31 August 2009
Work force: 1 Senior Manager, 1 Manager, 14 ACR Auditors (GIA audit team)
Customer base: Momentum: Wealth, Sales, Retail, Group Benefits, Health, New Markets and
Financial and Actuarial Services.
Duties
Main duties 1. Plan and scope audits
2. Identify risks, management‘s objectives and controls
3. Execute planned audits
4. Supportother ACR auditor’s with Momentum systems
5. Customer relationship with IT managers
5. Johan van Zyl 5 08/04/15
Plan and scope audits Once a year the overall planning for the next financial year audits are planned.Inputprovided for
IT related audits to be executed.
Plan and scope individual audits as per audit plan.
Confirm audit scope and timing with business management.
Manage deviations from the plan and scope of the audit.
Identify risk,
management’s
objectives and controls
Risk based audit approached is used.
Management objectives are identified.
Risks are identified and rated.
Mitigating controls are identified.
Execute planned
audits.
Audit plans are created in accordance of the controls identified.
Audits are executed according to the agreed audit plans.
Write and complete audit reports.
Support other ACR
auditor’s with
Momentum systems.
Assist with identifying risks and controls in applications.
Assist with the execution of the audit when required.
Perform peer reviews of audits performed on Teammate.
Customer relationship
with IT managers
Manage relationship with the different IT managers within Momentum – Each Business Unit
have it’s own IT department with IT manager.
Manage relationship with IT Risk Manager
Provide the Audit universe used during the auditplanning process.
Attended the risk and auditforms to discuss ITrelated risks and/or concerns.
Momentum: Position 4 Snr IT Auditor – January 2007 till 01 October 2007
Work force: 1 Senior Manager, 1 Manager, 6 Internal Auditors
Customer base: Information Technology Support services (ITSS), Wealth, Sales, Retail, Health,
New Markets and Financial and Actuarial Services.
Duties
Main duties 1. Plan and scope ACR audits
2. Identify risks, management‘s objectives and controls
3. Execute planned ACR audits
4. Supportbusiness auditors with Integrated audits (ACR’S)
5. Performed SDLC reviews
6. Performed GCR reviews
7. Performed and assisted with CAATS (IDEA)
8. General IT supportand training for team members
9. Customer relationship with IT managers
6. Johan van Zyl 6 08/04/15
Plan and scope ACR
audits
Once a year the overall planning for the next financial year audits are planned. Input provided
for IT related audits to be executed.
Plan and scope individual audits as per audit plan.
Confirm audit scope and timing with business management.
Manage deviations from the plan and scope of the audit.
Identify risk,
management’s
objectives and controls
Risk based audit approached is used.
Management objectives are identified.
Risks are identified and rated.
Mitigating controls are identified.
Execute planned ACR
audits.
Audit plans are created in accordance of the controls identifies.
Audits are executed according to the agreed audit plans.
Write and complete audit reports.
Support business
auditors with
Integrated audits
Assist with the up-skill of business auditors to perform ACR reviews.
Assist with identifying risks and controls in applications.
Assist with the execution of the audit were technical information is required.
Assist with the obtaining data for the execution of CAATS.
Assist with the execution of CAATS.
Performed integrated audits within the Health environment.
Performed SLDC
reviews
Reviewed high risk projects within the Wealth environment
Plan and scoped the review
Identified high risk areas for the projects
Management objectives are identified.
Created audit plans according to the risks identified.
Executed the audit plan
Write and complete audit report.
Performed GCR
reviews
Plan and scoped the reviews
Identified high risk areas for the projects
Management objectives are identified.
Created audit plans according to the risks identified.
Executed the audit plan
Write and complete audit report.
Performed and
assisted with CAATS
Performed CAATS as and when required on ACR audits.
Assist with the obtaining data for the execution of CAATS.
Assist with the execution of CAATS.
Provided the information to the relevant Business/Financial auditors for follow-up
General IT support and
training for team
members.
Assist with the procurement of IT hardware for the department.
Assist with the evaluation and procurement of IT software for the department.
Assist with the training of staff members in IT skills and concepts.
Customer relationship
with IT managers
Manage relationship with the different IT managers within Momentum – Each Business Unithas
an IT department with IT manager.
Manage and maintain relationship with ITRisk Manager.
Create and maintain the Audit universe - used during the audit planning process.
Attended the daily ITSS incident/managementfeedback session.
Attended the risk and auditforms to discuss ITrelated risks and/or concerns.
Nedcor: Position 3 Manager: IT Change Management: Transaction Processing - January 2003 to December 2006
Work force: 4 Managers 2 Admin staff members
7. Johan van Zyl 7 08/04/15
Customer base: Various staff members requesting changes in Production
Duties
Main duties 1. Manage and approval of change requests.
2. Risk management of change request
3. Process management: Change and Risk process, general process consultation
4. Compliance representative (including FAIS & FICA)
5. Risk Management – Audits, Incident risks,legal incidents
Manage and Approval
of change requests
Number of changes: 50 per week.
Verify completeness of change request with regards to implementation, back-out and post-
implementation testing
Confirm change impact and risk to the organization.
Verify approvals and approve/decline request based on overview of request.
Communicate change status or requestadditional information/improvements to change request.
Attend meeting to discuss and provide input of major releases.
Risk management of
change request
Number of changes: Average 120 per week.
Provide baseline criteria for the quantification of risk and impact of change request.
Risk and Impact matrix for production system.
Review and advise on over all risk status for deployment period
Support unit with risk management of change requests.
Risk, Compliance and
Audit management and
administration
Ensure compliance to legislation and associated regulations for IT Change, Release and
Configuration Management in conjunction with Group IT Compliance
Audit administration for IT Change, Release and Configuration Management
Ensure Risk management for IT Change, Release and Configuration Management
Awards Internal Award for Dedication– 2004
Internal Award for Dedication – 2005
Reasons to end duties Contacted by Audit Manager from Momentum and offered a position to assist with IT audits and
create an integrated audit approach between business/financial and IT audits.
Contact person Line manager: Hayes Francis– 083 327 3244 – Senior Manager
Nedcor: Position 2 Risk Manager: IT Change Management - April 2002 to December 2002
Duties
Creation of Risk
Model for It Change
Management
Create policies and procedures for IT Change Management:
Due to impact as a resultof changes implemented,position was created for the management of risk
within the IT Change Management unit.
Responsible for the identification and management of High risk changes and ensure appropriate
levels of risk during change periods.
Create a classification system for changes. Categories: Critical, High, Medium and Low changes
Reasons to end
duties
Restructuring of function into current portfolio with additional responsibilities and the need to
broaden my exposure, scope of control and work experience.
Contact person Line manager: Clive Blaiklock – Retired
Nedcor: Position 1 IT Audit – February 1998 to March 2002
8. Johan van Zyl 8 08/04/15
General Controls Review of General Controls in the IT environment for Nedcor, Nedcor Investment bank and Old
Mutual Bank
Assist with Control Self Assessment process and workshops for IT
Implementation of Cobit Framework in Nedcor, Nedcor Investment Bank and Old Mutual Bank
Project Audits Project reviews against Funnel and Gates (SDLC) framework for Nedcor and Nedcor
Investment Bank
Ensure adequate controls is systems during design and development phases
Monitor and verify implementation of solutions
Awards Bronze, Silver and Gold awards in 2001 for excellent delivery on project objectives
Bronze awards in 1999 and 2000 for excellent work delivery and acceptance of responsibility
Contact person Line manager: Jacques Lourens – Senior Manager, IT Audit, Nedcor Bank
Head: IT Audit: Deon Pienaar – Group Internal Audit, Nedcor Bank
Reasons to change
job
The General Manager for IT Operations offered me the risk management position at IT Change
Management. I accepted the position to further my career and broaden my scope.
ABSA IT Audit – July 1996 to February 1998
Project Audits Project reviews of Front-end solutions – client interface systems (Internet Banking, ATM’s,
Banking Platforms)
Ensure adequate controls is systems during design and development phases
Monitor and verify implementation of solutions
Implementation of Control Self Assessment
Reasons to change
jobs
I was offered a similar position at Nedcor Bank. Nedbank was then regarded as on of the most IT
innovative banking environments in SA.
Contact person Line manager: Karen – Retired.
Office of the
Auditor-General
Manager: IT Audit – May 1995 – June 1996
Duties General Control Audits
Training of IT Audit Staff
Financial Audit of State Computer Operations (SITA)
Reasons to change
job
Offered a better position at ABSA that would broaden experience and scope of work.
Contact person Line manager: Mr. Kallie Pienaar
Office of the
Auditor-General
Financial Auditor – December 1984 – May 1995
Duties General Financial Audits at Department of Public Works and Department of Correctional
Services
General Systems Audits at Department of Public Works and Department of Correctional
Services
Reasons to change
job
Offered a promotion as manager in the IT Audit department.
9. Johan van Zyl 9 08/04/15
Contact person Line manager: Mr. Jaap Meyer