Amy Vuong is a Managing Director in CNM’s Los Angeles Office with over 17 years of experience in Sarbanes-Oxley, IT Security, internal and external audit, business process redesign, SOC 1 reporting, and ERP system implementation. Amy has substantial experience sourcing, planning and leading audit, compliance, and security engagements across several industries, including Real Estate, Entertainment, Retail, Life Science, and Technology.
Prior to joining CNM, Amy worked at KPMG as a Director in the Los Angeles Information Technology and Advisory practice. Amy brings over 13 years of management and leadership experience, including a demonstrated track record in leading cross-functional teams globally. She was responsible for the management of 15 staff members over more than a dozen engagements as well as coordination and collaboration between various KPMG practices and different internal departments at the clients.
- Internal and External Audit (Sarbanes-Oxley)
Reviewed and led preparation of Sarbanes-Oxley 404 documentation for large clients in the following areas: information technology organization and management, information security management, system development and maintenance, contingency and availability of systems, computer operations, and environmental and physical access controls.
- Conducted audits and comprehensive risk assessments of IT environmental, cyber security, application, and process risks and controls for large public and private clients. The audits focused on detailed business process analysis, key financial reports, critical configuration points, logical and physical access points, and monitoring controls related to critical business processes.
- Identified and evaluated application controls and security in various ERPs including PeopleSoft, SAP, Oracle, JD Edwards, as well as in-house developed legacy applications during financial statement audits.
- Consulted clients at the C-level on strategy development, disaster recovery/business continuity, data security and control frameworks, finance systems development, and change management.
- Planned and performed security awareness programs and information security and control reviews relating to financial statement audits.