Professional repository for Integrated Audit & GRC (CISA, FCCA, MBA). Includes Risk Control Matrices (RCM), ICFR frameworks, and ITGC testing programs for Azure/ERP environments. Demonstrates the application of COSO, COBIT, and NIST standards to bridge the gap between financial integrity and IT governance.
"This repository serves as a professional 'Proof of Concept' for modernizing audit functions. It contains standardized templates and simulated audit programs designed for the Energy and Public sectors."
• Governance: COBIT 2019, COSO Internal Control. • Security & Risk: NIST Cybersecurity Framework, ISO 27001. • Cloud: Azure Security Benchmark.
- /ITGC-Programs: Standardized testing procedures for Change Management and IAM.
- /Risk-Control-Matrices: End-to-end process maps for Procure-to-Pay and Hire-to-Retire.
- /Data-Analytics: SQL scripts and Excel models for anomalous transaction detection.
Status of Audit Programs and Frameworks
| Project / Audit Program | Domain | Status |
|---|---|---|
| Azure Security Baseline | Cloud Governance | Live |
| ITGC: Change Management | IT Operations | Live |
| ERP Control Review | Application Audit | Live |
| User Access and SoD Matrix | Identity (IAM) | In Progress |
| BCP / DRP Assessment | Business Resilience | Target: Q3 2026 |
| ESG Reporting Framework | Governance (ESG) | Target: Q3 2026 |
Technical evidence of control testing and risk assessment for this engagement:
- WP101: Risk-Control Matrix (RCM)
- WP102: Segregation of Duties (SoD) Analysis
- WP103: Audit Memo (Financial Period Integrity)
- Integrated SOX 404 & ITGC Control Review (Company P)
- Focus: Risk & Control Gap Analysis, SDLC Governance Walkthrough, and Change Management Testing.
- Security Awareness & Phishing Simulation Program (Company M)
- Focus: Social Engineering Simulation Design and Remediation Strategy.
- Business Process Risk Mapping & Control Matrix (Company G)
- Focus: Inherent Risk Identification and Global Banking Control Gaps.
I am currently based in Calgary, Alberta, and am open to discussing Internal Audit, IT Audit, and GRC opportunities within the Financial Services, Energy, Public, and sectors. I have a strong interest in helping organizations navigate OSFI compliance and digital transformation risks.
- LinkedIn: [linkedin.com/in/henrietta-onaga/]
- Email: [[email protected]]
- Credentials: MBA | FCCA | CISA (Exam Passed)
Disclaimer The contents of this repository, including all workpapers, risk control matrices (RCMs), and audit programs, are for demonstration and educational purposes only. All data, company names, and scenarios presented are strictly simulated and do not represent any real-world organization, past or present. No confidential or proprietary information from previous employers or clients has been used in the creation of these materials.