About
Technology is changing at a rapid pace. Uncertainties and risks grow significantly. But where there are risks, there are opportunitities.
Alexander Graf is an experienced independent IT risk management consultant with a focus on implementing and auditing internal controls systems (ICS) in the areas of IT General Controls (identity & access management, change management, information security, IT operations) and business services as well as regulatory matters such as outsourcing and business continuity management (BCM) and will provide assurance to your company in dedicated areas of concern in order to help you make the right decisions looking forward.
Alexander has a Big 4 background and is holder of the Certified Information Systems Auditor (CISA).
Services
The range of advisory services can be divided in three main areas of activity.
IT Audit & Internal Control Systems
> Planning and execution of IT audits in the areas of access and change management, computer operations and program development (ITGC)
> Design and implementation of internal control systems (ICS): Risk assessment, identification of control objectives and key controls
> Assessment of design and operating effectiveness of controls
> Identification of improvement potentials
Risk & Compliance
> Regulatory compliance audits and consulting regarding minimum supervisory requirements such as BAIT, MaRisk
> Subject matter expert for business continuity management, outsourcing and operational risk management
> Audits in accordance with internationally acknowledged standards such as ISAE 3402 & ISAE 3000
> Review and creation of corporate policies and procedures
IT Transformation
> Transformation program reviews and project delivery
> Identification of key project risks
> Project quality, risk, stakeholder and go-live readiness assessments
> Deep dive audits throughout the entire software development lifecycle (SDLC)
> IT due diligence activities related to mergers and acquisitions
Projects
Convince yourself and read about some of Alexander’s successfully accomplished projects.
IT Audit
Banking, Compliance, IT Audit-
Internal Control System Implementation
Compliance, Insurance, Risk Management -
Key Controls Testing
Banking, Compliance, IT Audit -
IT Transformation Assurance
Banking, Compliance, IT Audit, IT Transformation -
Project Management Office (PMO)
Compliance, Insurance, IT Transformation
Clients
The following list is merely intended to give you an idea of credentials as evidence of the achievements Alexander can secure for you.
Experience
Extensive experience in a broad range of topics.
- IT Audit
- Internal Control Systems
- Risk Management
- Compliance
- Governance
- Information Security
- Operational Resilience
- Business Continuity Management
- Backup & Restore
- Identity & Access Management
- Computer Operations
- Incident & Problem Management
- Change Management
- Key Controls Testing
- Test of Design Effectiveness
- Test of Operating Effectiveness
- Outsourcing
- Anti-Money Laundering
- Business Processes
- Software Development Life Cycle (SDLC)
- Transformation Assurance
- Project Management
- Consulting
- ISAE 3402
- SSAE 16
- BAIT
- MaRisk
Contact Me
I welcome you to contact me for more information
about any of my services.