RALPH J. DUFF, JR.

Antioch, CA 94531 1ITAuditPro4U@comcast.net (925) 234-1122

IT Management Professional with solid accomplishments and extensive experience

SUMMARY OF QUALIFICATIONS
Extensive experience in information systems, project management, business process reengineering, IT audit and security consulting in a variety of industries including: energy, public service, banking, high technology manufacturing, retail, and insurance. Provided ERP implementation project consulting and audit monitoring resulting in systems that were delivered on time, on budget, while also meeting the objectives and requirements of the business. Recognized by PG&E senior management for contributing to the successful May 1, 1996 implementation of SAP R/3 ver. 2.2e. Specific contributions included: identification of quality control and operational readiness weaknesses, and risk mitigation recommendations. Experience with multiple ERP implementations including: SAP, PeopleSoft ver. 7.x 9.x, Oracle Financials and Oracle HRMS. Managed and directed development of security designs, and security testing across the following R/3 modules: FI/CO, AM, PCA, EC-CS, PP, PM, PS, SD, and SM. Proven ability to integrate people, processes, financial disciplines and information systems technology to achieve substantial business benefits. Expertise includes: mainframe, mid-range and client server security control testing, application control testing, network penetration testing, disaster recovery planning (DRP), business contingency planning (BCP), network operations, computer operations, manufacturing, and retail processes. Effectively able to communicate complicated concepts in an understandable manner, matching the message to the audience. Experienced in supervision, training, motivation and evaluation of personnel. Skilled in finding problems and performing necessary change through project management or other methods. Maximized resources to achieve customer satisfaction and increased productivity, meet deadlines and goals. Implement and coordinate both strategic and tactical plans to enhance performance. Adept and experienced in problem solving and providing solutions. Excellent qualifications in leadership and interpersonal communications.
AREAS OF EXPERIENCE
SAP R/3, SAP R/3 IMG People Soft Financials and HR Oracle HRMS Project Management Business Continuity Planning (BCP) Technology Selection & Implementation Sarbanes Oxley (SOX), Model Audit Rule ITIL, CoBiT, COSO, PCI DSS Team Leadership & Development Process Innovation (Distribution & Fin.) Business Case Development and Review Accounting System Design Business Impact Assessments (BIA) Data Modeling Proposal Design ISO 17799, FFIEC, NIST, GAO Risk and Control Assessments Supply Chain Improvement Enterprise Risk Management (ERM) Mergers and Acquisitions Value Based Management Client Relations Cooperate Restructuring SAP R/3 Profile Generator

Technical Skills/Tools: COBOL, CICS, DB2, CA-TSS, ACF2, PL/1, DOS/VS JCL, OS/MVS JCL, BAL, VSAM, IDMS REL 10.0, DBASE IV, CA-Examine, SMS, PARADOX, Oracle, SQL, UNIX, ACL, MS Office Suite, Niku, Prosight, INTERTEST, CEDF, DYL280, DYL-AUDIT, DATAEXPERT, LDRPS, DOC-TEXT, TSO, ISPF, MS-DOS, WINDOWS, NOVELL, NT, UNIX, SYBASE, NOMAD, SAP R/3 ABAP, VMware, Nessus, NMAP, SuperScan, NTIS, CIS, L0pht Crack, and John The Ripper. Key Companies/Clients: Countrywide Finance Corp., Nordstrom, Intel, KPMG LLP, PG&E, Southern Cal. Gas Co., Chiron, Wells Fargo, Golden 1 Credit Union, California Federal, Visa Corp., First Republic Bank, Solectron, HP, Hitachi America, Valley Commerce Bancorp, Valley Community Bank, etc.

PROFESSIONAL EXPERIENCE
Diversified Services Network, Inc. (DSN), Naperville, IL 2010 2011 IT Project Manager Client State of Illinois, Department of Employment Security (IDES) Managed the development, design and implementation of the Treasury Offset Program which will allow IDES to recover unemployment insurance benefits (UI) from the federal tax refunds of UI claimants who filed fraudulent UI claims. Developed an EPMO framework and project management methodology for our IDES client. Senior IT Audit Consultant Client State of Illinois, Department of Employment Security (IDES) Provided IT audit and security training to IDES Audit staff. Developed standardized Information Technology General Control (ITGC) programs. Project Manager responsible for directing multiple ITGC reviews of the IDES IT computing environment and the State of Illinois Central Management Services (CMS) and Bureau of Communication and Computer Services (BCCS). Identified and reported significant risks and control weaknesses to senior IT management. Also provided senior IT management with audit recommendations to mitigate risk exposures. Provided maintenance and support of the departments TeamMate application. Developed ACL analytics to assist in the detection of unemployment insurance fraud. Bank Vision, Inc., Milpitas, CA Senior Consultant (Independent Contractor) Oct. Nov. 2010

Conducted audits of IT policies, procedures and practices associated with the computer environments of multiple banking institutions. Communicated audit findings and audit recommendations to senior banking officials, and audit committee board members. Performed SOX 404 testing of signification automated banking systems, IT infrastructure and related financial controls for banking clients and provided recommendations for improvement where appropriate. Specific audit and SOX responsibilities included the following: Facilitating operational and process-level meetings with business owners within impacted departments or business lines to ensure: 1) that financial/operational and associated IT system risks and existing controls are clearly understood; 2) that controls are well written and communicated to senior management; and 3) that control gaps are identified and control improvement recommendations are provided to management. Developing clear and concise audit/SOX test scripts (e.g., audit steps) detailing the steps required to effectively test each control. Conducting or directing the testing of internal controls. Ensuring that all work is properly supported according to IIA standards. 2004 -2010

California State Automobile Association, Walnut Creek, CA Senior IT Auditor

Received multiple achievement awards for work performed in support of Internal Audits annual audit objectives. Performed Project Manager role; responsibilities included planning and directing general control, application and technical audits in the following areas: Telecommunications, Colorado Springs Regional Center; Club Data Exchange (CDX), Cisco routers and switches; Mainframe Disaster Recovery; iSeries (AS/400) Security; Wireless LAN/WAN Security; Network Penetration; Sales X; and Domain User Management; MS Exchange 2003; PCI DSS compliance audit; PeopleSoft Payroll; IBM Mainframe: z/OS, ACF2, DB2 and CICS; Member Point Application Suite: Client View, Membership, and Auto Insurance (e.g., Huon); Network Penetration testing; and Web Endorsements and netPositive (e.g., MultiCo).

Identified many significant control weaknesses associated with CSAAs computing infrastructure and operational practices.

Ralph J. Duff, Jr.

925 234-1122

Provided senior management with audit reports that clearly and concisely communicated the business impact, root cause, and audit recommendations for over fifty high-risk audit findings. Designed, and implemented a new risk assessment process and methodology to support IT Audits annual risk assessment and audit planning efforts, resulting in a comprehensive assessment of CSAAs IT application and infrastructure assets. Provided project management consulting and security application control design recommendations to CSAAs application developers, Agile/Scum teams, and IT change control boards. Acted as a liaison between CSAA IT Internal Audit and external Model Audit Rule (MAR) auditors. Shared IT Audit control exceptions, control recommendations and remediation status with the external MAR auditors. Specific audit and SOX responsibilities included the following: Facilitating operational and process-level meetings with business owners within impacted departments or business lines to ensure: 1) that financial/operational and associated IT system risks and existing controls are clearly understood; 2) that controls are well written and communicated to senior management; and 3) that control gaps are identified and control improvement recommendations are provided to management. Developing clear and concise audit/SOX test scripts (e.g., audit steps) detailing the steps required to effectively test each control. Conducting or directing the testing of internal controls. Ensuring that all work is properly supported according to IIA standards. 2003 2004

Countrywide Finance Corporation, Simi Valley, CA Senior IT Auditor

Performed Project Manager role; responsibilities included directing the audits of Countrywide Finance Corporations Enterprise Information Security (EIS) Department, and Countrywide Broker Channel (CWBC) website. 2002 - 2003

Nordstrom, Inc. Seattle, WA IT Audit Supervisor

Performed Project Manager role; responsibilities included managing a team of auditors tasked with reviewing the implementation of Nordstroms POS system. Performed Project Manager role; responsibilities included managing Internal Audits consulting effort that enabled the on time and on budget implementation of Oracle HRMS. Developed, designed and presented risk assessment training to Internal Audit staff and HRMS project management team. These efforts resulted in identification of significant project, business and system process risks and development of a risk mitigation plan. Developed, designed and presented program management training based on the Project Management Institutes Project Management Body of Knowledge (PMBOK), which resulted in increased effectiveness of our audit staff during consulting engagements. Consulted and advised C-level management during the implementation of Nordstroms new POS and inventory control systems. Developed a risk assessment model to assist with identifying significant risks and controls as part of our Sarbanes Oxley (SOX) work. 2000 - 2002

Intel Corp, Folsom, CA IT Audit Specialist

Received achievement award for work performed in support of Intels Intellectual Property Protection initiative. Consulted and assisted project management teams (e.g., SAP, People Soft HR projects) with many value added recommendations, which resulted in successful product rollouts. Performed Project Manager role; responsibilities included directing the audit of Intels enterprise SAP R/3 security configuration and infrastructure environment. These efforts resulted in many process improvements including: a Software Configuration Management (SCM) and Capability Maturity Model (CMM) initiatives. Performed Project Manager role; responsibilities included directing audits and reviews of Intels Global Disaster Recovery and Business Continuity readiness, which resulted in an enterprise wide initiative to improve Intels disaster recovery and business continuity planning. 1998 1999

KPMG LLP, San Francisco, CA Senior Consultant Information Risk Management (IRM) Practice

Collaborated with IRM practice partners in business development, proposal writing and client presentations, which resulted in many successful sales. Performed Project Manager role; responsibilities included directing process improvement project engagements of client IT operations. Results included increased effectiveness of operation processes, and improved client practices.

Ralph J. Duff, Jr.

925 234-1122

Performed Project Manager role; responsibilities included managing multiple SAP R/3 security configuration audits for major clients, which resulted in many value add recommendations to improve security controls. Performed Project Manager role; responsibilities included implementing SAP R/3 security controls and daily security management support for major clients. Consulted and advised IRM practice partners in development and review of KPMGs Year 2000 (Y2K) practice methodology Consulted and advised C-level management clients during Y2K readiness assessment engagements regarding Y2K best practices. 1995 1998

Pacific Gas and Electric San Francisco, CA IT AUDIT DIRECTOR (1997 - 1998), Senior IT AUDITOR (1995 - 1997)

Received achievement award for project management work associated with the identification of weaknesses in PG&Es SAP R/3 operational roll-out plans; recommended corrective actions to senior management, resulting in PG&Es successful May 1, 1996 implementation of SAP R/3 ver. 2.2e. Developed a project management review methodology based on the Project Management Institutes (PMI) handbook. Project Manager responsible for a cross-functional executive level steering committee tasked with identifying and managing all enterprise risks associated with Electric Industry Restructuring. Responsibilities also included reporting the status of risk mitigation efforts to senior management. Developed a risk assessment and risk mitigation strategy that enabled PG&E to manage risks associated with system development project efforts in support of Electric Industry Restructuring. Project Manager responsible for managing and coaching a team of five IT auditors tasked with reviewing IT security and process controls. Project Manager responsible for managing Internal Audits vendor contracts and relationships (e.g., PwC, D&T, E&Y and AA, etc.). Responsibilities included: contract negotiations and vendor management. 1983 1995

Southern California Gas Company, Los Angeles, CA Lead Internal Auditor - (1993 - 1995), Measurement Systems Analyst - (1992 - 1993) Measurement Inventory Manager - (1989 - 1992), Computer Programmer I & II - (1983 - 1989)

Provided senior management with control recommendations, which resulted in improved project management and application security controls. Project Manager responsible for managing the on time, on budget delivery of systems and business processes to support a $700,000 contract with Southwest Gas. Project Manager responsible for directing a cross-functional project team which successfully TQM (e.g., Six Sigma) practices and processes into Southern California Gas Companys meter repair facility. Project Manager responsible for the development and implemented of new inventory systems and business process controls, which resulted in a $3 million reduction in capital expenditures. Project Manager responsible for delivering the CARS - Division Consolidation Project on time, and on budget.

EDUCATION, PROFESSIONAL AFFILIATIONS, CERTIFICATIONS AND TRAINING

MBA BS CISA CRISC CBM CSM General Management Computer Science Certified Information Systems Auditor Certified in Risk and Information Systems Control Certified Business Manager Certified Scrum Master Keller Graduate School of Management Coleman College Information Systems Audit and Control Association Information Systems Audit and Control Association Association of Professionals in Business Management Scrum Alliance, Inc.

R/3 System Administration, ABAP/4 Reporting and Data Interfaces, Ernst & Young - SAP R/3 Controls, Plant Maintenance (PM), Production Planning (PP), Customer Order Management (SOM), Sales and distribution (SD), Service Management (SM) and Configuration and Organization in Logistics.

CONFERENCE PRESENTATIONS/PUBLICATONS
Audit and Control of EDI - San Jose IIA Chapter Auditing SAP R/3 Project Management - ASUG Internal Controls and Audit, Security Meeting February 2 - 3 1998 CFOs Guide to EDI: How Can You Control the New Paperless Environment? The Journal of Corporate Accounting and Finance/Summer 1998

Ralph J. Duff, Jr.

925 234-1122