Muhammad Bin Abbas

Highly accomplished IT Audit and Technology Risk professional with 12+ years of experience across FTSE 100 and Big Four environments, specialising in IT SOX compliance, IT General Controls (ITGC), application controls, automated controls testing, and technology risk assurance. Strong track record delivering complex audits across SAP and non-SAP environments in energy, financial services, telecom, manufacturing, retail, and critical national infrastructure. Recognised for leading end-to-end audit delivery, partnering effectively with senior stakeholders, managing teams and budgets, and translating technical risks into practical, business-focused recommendations.

Senior SOX Information Systems Analyst - National Grid plc - United Kingdom

(2022-02)

Lead IT SOX controls testing and technology assurance activities for a FTSE 100 / NYSE-listed energy utility operating within Critical National Infrastructure.

• Lead end-to-end design and operating effectiveness testing of ITGCs, infrastructure controls, and automated application controls across SAP and non-SAP environments.
• Perform walkthroughs with business and technology stakeholders to assess control design, operating effectiveness, and report completeness/accuracy.
• Support audit planning, scoping, timelines, resource allocation, and tracker management across SOX and non-SOX audits.
• Outside SOx, assist with other technology, business and operational audits as per the audit plan
• Present observations, challenge control gaps, and agree remediation actions with control owners and senior stakeholders.
• Contribute to continuous improvement of audit quality and testing efficiency.

Assistant Manager – Digital Audit - PricewaterhouseCoopers (PwC) - United Kingdom

(2020-10 - 2022-02)

Managed and delivered external IT audit and digital risk assurance engagements for a diverse portfolio of UK clients across energy, retail, manufacturing, tourism, and financial services, supporting integrated financial audits and technology risk assessments in complex system environments.

• Planned, coordinated, and executed IT audit workstreams aligned to financial audit milestones, ensuring timely delivery, clear status reporting, and effective issue escalation.
• Led ITGC, automated control, and application control testing across ERP and business-critical application environments, covering access management, change management, operations, interfaces, and report testing.
• Owned engagement delivery responsibilities including budgeting, resource forecasting, scope management, client coordination, and tracking of key deliverables through to completion.
• Supervised junior associates, reviewed working papers, provided technical coaching, and helped improve audit quality through clear guidance and on-the-job development.
• Prepared high-quality audit documentation and reporting, communicated control observations to client management, and supported the resolution of technology risk matters impacting audit conclusions.

Senior Associate – IT Risk Assurance - PricewaterhouseCoopers (PwC) - Oman

(2016-12 - 2020-06)

Led IT audit and advisory assignments across banking, insurance, oil & gas, manufacturing, automotive, and other sectors.

• Delivered internal and external IT audits focused on ITGCs, application controls, ERP environments, and technology governance.
• Performed ERP pre- and post-implementation reviews and cybersecurity / controls gap assessments.
• Assessed IT policies and procedures against ISO 27001 requirements and good practice standards.
• Drafted management letters and reports translating technical findings into clear business risks and actions for leadership teams.
• Supported proposal development and business development initiatives for IT advisory opportunities.
• Supervised junior staff, reviewed deliverables, and supported quality review requirements.
• Key project: Embedded with Treasury during an SAP Vendor Invoice Management (VIM) implementation; mapped workflows, developed SOPs, coordinated UAT, and supported issue resolution and business readiness.

Senior Consultant – IT Risk & Assurance - Ernst & Young (EY) - Pakistan

(2013-09 - 2016-12)

Delivered IT assurance and advisory services across financial services, manufacturing, chemicals, and public sector engagements.

• Executed ITGC reviews covering change management, logical access, computer operations, and IT governance.
• Managed audit fieldwork, report drafting, stakeholder discussions, and coordination with financial audit teams.
• Helped identify key systems, business process risks, and application control scope for integrated audits.
• Delivered technical guidance and training support for junior consultants.
• Key project: Led fieldwork and reporting for a SOC 1 / SSAE 16 engagement for a major payment card processor

Senior Internal Auditor - Gourmet Foods - Pakistan

(2014-10 - 2015-11)

Supported IT and operational internal audit activities for a major manufacturing and retail organisation.

• Performed risk assessments and controls reviews across ERP and point-of-sale environments.
• Worked with IT teams to improve access management, backup procedures, security controls, and data centre safeguards.
• Contributed to disaster recovery, business continuity, and information security policy enhancement.
• Managed a decentralised retail audit function with responsibility for 13 field audit staff.