Partner Information Security Services
Nationality - South African
Current role and responsibilities
Graham is a partner in the Information Security Services(ISS) department in the
Johannesburg office of KPMG South Africa. Graham is jointly responsible for the
Information Security Services unit within Information Risk Management. Graham
is also the training manager for the IRM department and is also the overall
Product Champion for the Information Security Services and Secure Electronic
Services suite of products. Graham is the National leader for the Business
Continuity service and is also currently the service line leader for Public Key
Infrastructure (PKI) in South Africa. Graham is also manages a number of
clients at KPMG.Graham is the IRM liaison partner for KPMG's Energy and Natural
Resources division and has a number of clients in this sector. Graham also
assists with the tutoring final year Bachelor of Accounting students in
Information Risk Management at WITS university.
Prior KPMG roles and responsibilities
Graham Teare joined KPMG in January 1994 and moved to the Information Risk
Management department in 1996, after spending two years in general audit.
Graham qualified as a Charted Accountant in 1997 and was made an assistant
manager in that year. During his time at KPMG, Graham has managed a number of
client engagements both in an audit capacity and in the IRM capacity. Graham
was one of the auditors that tested various KPMG offices around the world with
regard to compliance to the KPMG security policies. He was also a security
coach to some countries to assist them in complying with the KPMG security
policies. Graham was involved in a large South African bank and assisted them
in setting up their information security office and governance structures. He
fulfilled the role of information security officer for the bank for a year. As
part of this involvement, he was involved on various PKI and trust initiatives.
Key areas of experience
IT Controls Review; Application System Reviews and Business Process Reviews on
SAP R/3 and BaaN Systems; Computer Assisted Audit Techniques (CAATs), including
knowledge on S/2190 and ACL; Unix Security Reviews; Information Security
Governance and Information Security Office implementation; Year 2000 Project
Management; Business Readiness Reviews; Information Security Policy Reviews;
Information Security Architecture implementations; Manufacturing, Chemical and
Mining Industry experience; Banking and Finance Industry experience; and
Insurance Industry experience.
Education
School/University: University of the WitwatersrandLocation: JohannesburgFinal
Degree: Bachelor of Accounting (Post-graduate)Subject: AccountingFinal Year:
1994
Professional qualifications
Member of the South African Institute of Chartered Accountants (SAICA); Member
of Information Security and Control Association (ISACA)
Language skills
English : Fluent
Afrikaans : Moderate
Country experience
South Africa, United Kingdom
Presentations
Botswana: Auditors involvement in Year 2000 (1998) Presentation to the Chamber
of Commerce about the auditor’s liability and involvement with respect to the
Year 2000.
Bahrain: Electronic Commerce Infrastructure and Security (1999) Presentation to
the Bahrain IT Society as part of an Electronic Commerce Seminar. Presentation
involved the risks and security issues to be concerned about when conducting
electronic commerce.
Market segment experience
Managing audits of a major chemical company. This involved understanding the
different processes involved and the industry in general. Involved in reviewing
bills of materials take-on in SAP R/3 at Chemical company. Was also involved in
the Chemicals industry workshop for Audit 2000 in an IRM capacity.
Running of Computer Assisted Auditing Techniques. Reviewing Payroll systems.
Managing IRM audit work on major banking client.
Review of Actuarial liability and profit determination process and assistance
on Year 2000 projects for a few insurance clients. Also Insurance Industry
Liason representative.
Due Diligence reviews and running of CAATs for furniture company
Various IT Controls reviews of mines and also project managing a Year 2000
project which involved obtaining a good understanding of the mining client and
the mining industry.
Professional service experience
Involved in numerous audit engagements over time from the IRM perspective.
Currently involved with managing the IRM involvement in a two crown jewel
clients.
Involved in a number of UNIX reviews. Also product champion for this area in
IRM and focusing on Security Policy development. Involvement in KWorld Security
reviews.
Involved in numerous health checks. Also project managed an 18 month project
and assisted with the inventory phase for 5 months on another. Lectured on Year
2000 at a number of locations.
Engagement experience
Year 2000 Project Management
Large multinational mining client with operations in Australia, South Africa,
United Kingdom, Canada and South America. Mainly involved in base metals,
aluminium and coal.
Market segment - Mining
Skills used - Leading, Project managing, conflict resolution, staff
counselling, report creation and preparation, production of relevant guidance
notes
Role - Project Manager and Knowledge resource
The engagement involved facilitating, co-ordinating and reporting to senior
management on the status of the various operation’s Year 2000 projects,
including the Head Office. This involved managing an overall project plan,
ensuring that operations bought into the strategic vision and resolving
conflict where this arose. Main activities involved developing creative
reporting for senior management to best represent activities at the operations
and developing guidance on Year 2000 and risk management for the operations.
IRM Audit Manager
Large banking client
Market segment - Banking
Skills used - Managing, reviewing and assessing impact of issues, conflict
resolution with other audit firm
Role - IRM manager
The engagement involved co-ordinating IRM resources and liasing with the IT
audit department and audit teams to ensure that relevant computer risk issues
are identified and addressed as part of the Statutory audit. The work included
review of IT internal Audit and Computer Assisted Auditing Techniques on
Advances.
Review of Actuarial Valuation process
Large Life insurer not listed on the London Stock Exchange
Market segment - Insurance
Skills used - Report writing and control assessments
Role - Reviewer
The engagement involved performing a business process review of the actuarial
valuation process. This involved obtaining an understanding of the process and
procedures followed by the actuaries in determining the actuarial liability. In
addition it included understanding how the various investments were
consolidated and applied to the liability to determine profit. Main involvement
was in documenting the processes followed, both manual and system based,
assessing the risks and recommending controls.