Khwezi Bungane

IT Audit and Governance, Risk & Compliance (GRC) professional with 2 years of client-facing experience supporting IT assurance and compliance engagements across global enterprise environments. Currently an IT auditor at Moore Kingston Smith (ResourcePlus), where I help organisations strengthen their security posture by translating regulatory and framework requirements (SOC 2) into practical, business-aligned solutions. Skilled in risk assessment, control design and testing, gap analyses and remediation planning.

Experienced in delivering high-quality client deliverables remotely and collaborating with both technical and non-technical stakeholders. Committed to helping clients build mature, scalable compliance functions.

IT Auditor - Moore Kingston Smith (ResourcePlus)

(2026-05)

As an IT auditor at Moore Kingston Smith, I deliver technology, risk, and control assurance engagements remotely for UK-based clients, supporting SOC 1 and 2, ISAE 3402, ISA 315 and 402 readiness efforts.

• Conduct control testing and validation for user access management, change management, backups, and IT operations across technical environments.
• Support SOC 1 Type 2 and ISAE 3402 audits, validating control implementation and testing system-generated evidence supporting financial reporting processes.
• Supported SOC 2, ISA 300, 315 and 402 audits, validating control implementation and testing system-generated evidence supporting financial reporting processes.
• Assess and place reliance on SOC reports, providing clear recommendations to clients on residual risk and control reliance.
• Analyse system logs, access reports, and transactional database to identify segregation of duties risks and anomalies, translating findings into remediation plans.
• Use SQL queries to extract and validate audit evidence, improving testing accuracy and efficiency.
• Collaborate with client IT, finance, and risk teams to obtain documentation, clarify control processes, and align on corrective actions.

Junior Consultant – IT Audit - Africa Talent by Deloitte

(2025-02 - 2026-04)

As a Junior Consultant in IT Audit, I supported IT assurance engagements for Netherlands-based clients, focused on IT governance, compliance, and risk management across enterprise environments.

• Evaluated the design and operating effectiveness of IT General Controls (ITGCs) across SAP, Oracle, and Linux systems.
• Supported SOC 1 Type 2 and ISAE 3402 audits, validating control implementation and testing system-generated evidence supporting financial reporting processes.
• Performed control testing for user access management, change management, and system operations to assess compliance with internal policies and regulatory requirements.
• Analysed system logs, access reports, and transactional datasets to identify anomalies, segregation of duties risks, and control deficiencies.
• Used SQL queries to extract and validate audit evidence from enterprise databases, improving the efficiency and accuracy of audit testing.
• Documented audit procedures, findings, and control evaluations in accordance with professional audit standards and methodologies.
• Conducted root cause analysis of control failures, enabling stakeholders to implement corrective actions and improve control maturity.
• Collaborated with IT, finance, and risk management teams to obtain supporting documentation and clarify control processes during audit engagements.
• Identified process inefficiencies and control gaps, providing recommendations to strengthen governance and risk management practices.

Bachelor of Information Science (Honours) - Information Science - University of Pretoria

Bachelor of Information Science - Information Science - University of Pretoria