• Review and analysis of the current Compliance Management activities, with focus on
  • GDPR (DSGVO),
  • Information Security, using ISO 27001 and “IT Grundschutz” requirements as defined by the German Bundesamt für Sicherheit in der Informationstechnik
  • Contractual requirements as a result of security obligations linked to the SaaS services provided
• Maturity evaluation, best practice recommendations and next steps
• Recommendations for the Compliance Organization, reporting lines and FTE

• Design, implementation, update, review & re-organization of Compliance Processes, Internal Controls and Risk Management Systems;
• Implementation and Review of adherence to the COSO Framework;
• Fraud-Risk Assessments;
• Risk Assessment of Financial Statement Closing and Reporting Processes;
• Definition and Implementation of the principles of Segregation of Duties across processes, procedures and IT applications;
• Design, Implementation and Review of monthly routine processes to monitor adherence to defined Internal Control requirements through the means of a “Self-Certification” Process including reporting requirements;
• Set up of Corporate Governance Basics consisting of e.g. drafting Code of Conduct, Whistleblowing Process and Policy;
• Design and implementation of Internal Controls over external financial reporting, including the supporting policies, processes and procedures, to facilitate and support the requirements as outlined under the Sarbanes-Oxley Act of 2002 or similar Corporate Governance Requirements to be applied for a potential IPO at a European Stock Exchange;
• Design, Implementation & Review of Internal Audit Services
• Support for centralization of accounting, controlling & finance activities (Offshoring & Outsourcing)
• Design, Implementation and Review of Enterprise Risk Management Systems
• Interim Management

• Avast (LSE: AVST), is one of the world largest security companies using next-gen cybersecurity products for businesses and consumers and protects people online. Avast offers products under the Avast and AVG brands that protect from threats on the internet and the evolving Internet of Things threat landscape. Avast creates top-ranked digital security products for Mobile, PC, and Mac. 435M+ users; HQ in Prague (CZ); 25 offices worldwide; 1700 Associates; USD 811M adjusted billings in 2017.

• Transition of Internal Control and Risk Management System Ownership into the business and decommissioning of own position. Contractual “cool-down” till end of April 2019.

Avast (LSE: AVST), is one of the world largest security companies using next-gen cybersecurity products for businesses and consumers and protects people online. Avast offers products under the Avast and AVG brands that protect from threats on the internet and the evolving Internet of Things threat landscape. Avast creates top-ranked digital security products for Mobile, PC, and Mac. 435M+ users; HQ in Prague (CZ); 25 offices worldwide; 1700 Associates; USD 811M adjusted billings in 2017.

Preparing the entity for a potential IPO at a European Stock Exchange with regards to Corporate Governance Requirements for a listed Company:

• Design and implementation of Avast's Internal Control and Risk Management Processes including but not limited to the Implementation of a recognized suitable framework to evaluate Avast's Internal Control and Risk Management processes and procedures (=> COSO 2013);
• Definition and Implementation of Entity Level Controls;
• Risk Assessment of Avast’s Financial Statement Closing and Reporting Processes (Identification of Key Risks in each Business Process and Significant Classes of Transactions);
• Definition, Design and Implementation of Key Controls for at least each Key Risk and interlinking of controls and risks across the business processes (Risk-Control-Matrix);
• Design and Implementation of IT General Controls for each application, databases and operating systems in scope (reasons and conclusion for the selection of applications and their supporting IT architecture being financially significant thus relevant for the internal control framework of Avast);
• Definition and Implementation of the principles of Segregation of Duties across processes, procedures and IT applications (incl. Access Management); Identification and Implementation of an IT solution (FastPath) to monitor access rights and appropriate segregation of duties to Avast’s its Key ERP Application NetSuite;
• Implementation of a monthly routine process to monitor adherence to Avast’s Internal Control requirements through the means of a “Self-Certification” Process including reporting to Top Management;
• Fraud-Risk-Assessment (considering potential scenarios to Avast that fraud and/or misconduct may occur by and against the company; Identification of processes, controls and other procedures that are needed to mitigate the identified fraud risks and implementation);
• Design and implementation of an automated manual journal entry approval process.

Design and Implementation of a Group Finance Manual, consisting of but not limited to Accounting Policies related to e.g. Accruals, Provisions, Fixed Assets, Payroll, Intangible Assets, Goodwill, Manual Journal Entries. Procurement, Third Party Service Provider Monitoring, Treasury, Tax etc.; Set up of Corporate Governance Basics consisting of e.g. drafting Code of Conduct, Whistleblowing Policy, Establishment of a Whistleblowing hotline, monitoring and processes.

Avast (LSE: AVST), is one of the world largest security companies using next-gen cybersecurity products for businesses and consumers and protects people online. Avast offers products under the Avast and AVG brands that protect from threats on the internet and the evolving Internet of Things threat landscape. Avast creates top-ranked digital security products for Mobile, PC, and Mac. 435M+ users; HQ in Prague (CZ); 25 offices worldwide; 1700 Associates; USD 811M adjusted billings in 2017.

Leading the Sarbanes-Oxley compliance program and processes for AVG prior to its acquisition by AVAST Software B.V. globally:

• Lead & manage the complete Sarbanes-Oxley planning, documentation and testing experience;
• Responsible for the leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor the company's operational and strategic risk;
• Responsible for designing and maintaining and the company’s business control framework, aligned with the company’s business objectives and related risks;
• Lead the integration of process and controls of newly acquired businesses;
• Support Group Process Owners on control design and process reviews; provide recommendations on control implementation and design, including remedial efforts;
• Maintain and execute programs for review including process documentation, walkthrough documentation, risk control matrices and evaluation of design effectiveness, testing work papers and evaluation of operating effectiveness;
• Coordinate control testing and liaison with auditors (internal and external both) on approaches, timelines, levels of reliance, quarterly assessments by units, reporting and deficiency evaluation/aggregation;
• Carry out the Risk Assessment and Scope Study on a quarterly basis to objectively identify key focus areas from the control perspective.

Coca-Cola Enterprises (CCE) was one the world’s largest independent Coca-Cola bottlers. CCE produced, sold and distributed non-alcoholic drinks in 8 European countries (Belgium, France, Great Britain, Luxemburg, Monaco, Netherlands, Norway, and Sweden). In May 2016, CCE was merged with Coca-Cola Iberian Partners SAU, and Coca-Cola Erfrischungsgetränke GmbH. CCE shares were listed on the New York stock exchange and Euronext London. In 2015, CCE employed 11,500 associates, and generated USD 7.011M net sales with an operating income of USD 866M.

Leading the Company's Compliance efforts with focus on Sarbanes-Oxley requirements (including finance, general computer controls (ITGC), application specific controls and entity level controls). This included but was not limited to:

• annual planning of the compliance efforts (e.g., risk assessment, materiality, significant accounts disclosures, location scoping, due dates, etc.);
• Steering & monitoring the testing of the effectiveness of internal controls and remediation efforts;
• Development and refining of the Company’s self-assessment approach, with specific responsibility for the compliance reporting and compliance system to enforce proper execution of defined controls;
• Coordination with the External Auditors for the audit of the Company's internal controls over financial reporting; Assessment of new accounting standards, technical guidance (AS5, IFRS, XBRL, FAS123 etc.) to ensure enhancement/reengineering of current accounting processes and controls;
• Lead the vision of leveraging controls to optimize operational benefits throughout the organization through the streamlining and automation of control activities within financial and IT processes;
• Proactively identify and monitor process and system changes that result from the Company’s growth in transaction volumes, international expansion, automation of processes, software application changes, finance transformation, accounting integration in connection with acquisitions and other areas of change that may have a direct impact on the Company's financial statements and related disclosures.

Note

Coca-Cola Enterprises, Inc. (CCE), separated from its US bottling rights and business in September 2010 and obtained on top the bottling rights for Belgium, GB, France, Monaco, the Netherlands and Luxembourg the bottling rights for Norway and Sweden. CCE’s Internal Control over External Financial Reporting processes and procedures were primarily designed for its US business. With the separation in Q3/2010, the entire Internal Control Framework implemented prior to the separation was considered redundant. As of January 2011, a full set of new controls was required to be designed and implemented within the first half of 2011 and to ensure a clean sign-off for 2011. I basically used the existing control framework and performed the necessary updates to fit for the new company. Additional efforts have been performed over the following periods to finally design a control framework covering the needs to the new entity. As of 2014, CCE implemented an in-house Shared Service Center in Sofia, Bulgaria, and transitioned all transaction related activities at this new entity. Prior to the split end of 2010, CCE Europe was never subject to control testing

Anheuser-Busch InBev is a publicly traded company (Euronext: ABI) based in Leuven, Belgium, with an American Depositary Receipt secondary listing on the New York Stock Exchange (NYSE: BUD). ABInBev manages a portfolio of well over 200 beer brands that includes global flagship brands Budweiser, Stella Artois and Beck’s, fast growing multi-country brands like Leffe and Hoegaarden. In addition, the company owns a 50 percent equity interest in the operating subsidiary of Grupo Modelo, Mexico’s leading brewer and owner of the global Corona brand. In 2010, ABI generated a revenue of USD 36.297M with an EBITDA of USD 13.685M and counted about 114.000 employees.

Design and implementation of AB InBev’s (ABI) Internal Control Environment by defining and roll-out of the Company’s “Minimum Internal Controls (MIC’s)” to be applied across the Company worldwide including the design, implementation and roll-out of ABI’s the Global Internal Control policies and guidelines (OTC, ATR, P2P, Returnable Packaging, etc.). This included, but was not limited to the

• initial definition of such MIC’s, roll-out and implementation, including a periodic self-assessment process to facilitate monitoring, adherence and issues related to such controls in order to evaluate the maturity of ABI’s Internal Control Environment;
• advising and assisting zone management with the implementation of the policies including the standardization of processes;
• supervising SOX compliance for SEC registered businesses (AMBEV in Brazil and Anheuser Busch in US); monitoring issue remediation processes and progress as reported by Internal or External Audit;
• Steering Committee Member European ERP implementation for Supply Chain Management, Procurement & Finance

Sappi is a global company focused on providing dissolving wood pulp, paper pulp, paper based and biorefinery solutions to its direct and indirect customer base. In 2008, Sappi had almost 15,200 employees in over 20 countries and manufacturing operations on three continents (seven mills in Western Europe, three mills in the United States of America and four mills in South Africa). Sappi generated about USD 5.9 billion revenues with an operating profit of USD 366M

The scope of my position was Europe, Asia Pacific (Sappi Trading) as well as the Corporate Head office of Sappi Ltd in South Africa.

Design and implementation of Internal Controls over external financial reporting, including the supporting policies, processes and procedures, to facilitate and support the requirements as outlined under the Sarbanes-Oxley Act of 2002. This included, but was not limited to:

• the monitoring and evaluation of all issues reported by management or Sappi’s Internal or External Auditors;
• to assist the business in agreeing action plans with Internal and External Audit as well as prioritisation of remediation activities across locations;
• liaise with European Internal and External Auditors in order to coordinate the timing of their activities;
• periodic reporting to management and the regional Audit Committee in Europe as well as at Corporate level; monitoring of Legal Compliance as well as Risk Management issues;
• standardization of business processes and procedures across the group (including Shared Service Centres); monitoring and evaluation of IT access rights of both, finance and IT staff;
• participating at Sappi Europe’s quarterly Enterprise Risk Management process.

Achievements: Design, implementation and roll-out of a periodic, IT facilitated, control self-assessment process in 2004 (Microsoft Accelerator) and 2005 (SAP MIC); Identification, implementation and roll-out of an IT supported process to manage and monitor IT system access rights (SAP VIRSA), to identify, evaluate, mitigate and/or monitor conflicting user roles (“segregation of duties”).

DMG MORI AKTIENGESELLSCHAFT is a worldwide leading manufacturer of machine tools with sales revenues of more than € 2.3 billion and more than 7,000 employees. As “Global One Company” − together with DMG MORI COMPANY LIMITED – DMG reach sales revenues of more than € 3.3 billion. The range of products includes turning and milling machines as well as Advanced Technologies, such as ULTRASONIC, LASERTEC and ADDITIVE MANUFACTURING, plus automation and integrated technology solutions. Our technology excellence is bundled within the main sectors of “Aerospace”, “Automotive”, “Die & Mold”, and “Medical”.

• Direct and coordinate financial planning, controlling & budgeting and business support for DMG Holding and Export markets;
• Managing and coordination of month & year-end closing and reporting; oversight of day-to-day accounting processes;
• Management of accounts payables & receivables, cash, banking and all issues related to working capital;
• Preparing financial budget including cash flow, revenues & costs;
• Identifying and reporting upon monthly variance analysis to plan/budget;
• Providing management information to help support & drive the management decision process;
• Assisting financial quarterly reviews & year-end audits;
• Coaching and development of a team of staff (12);
• Strategic and financial planning for Export markets.

Achievements: Design and implementation of a cost center controlling; design and implementation of a group wide marketing cost controlling and management; IFRS implementation at DMG Holding; Accounts receivable processes centralized in three regional service entities (Europe, North America and Asia Pacific); closing and consolidation process speed up by four days.

• Responsible for monthly reporting of 4 entities on US GAAP basis to the German Parent company;
• Preparing financial budgets and forecasts, including cash flow, revenues & costs;
• Identifying and reporting upon monthly variance analysis to plan/budget;
• Providing management information to help support & drive the management decision process;
• Preparing month and quarter-end financial reports to local and regional management.

Achievements:

Automation of closing process with regards to US GAAP and HBII evaluation; cost and profit center monitoring; project manager for roll-out of Chrysler Jeep Financial Services as a new profit center for the company in Belgium.

• Audit junior manager on Belgium statutory clients – mainly trade and industrial clients with German Parent company;
• Audit planning and preparation and drafting of management letters
• Supervising and coaching of staff accountants during audit assignments.

Note:

Short stay at KPMG was motivated by a job offer from the Managing Director of DaimlerChrysler Financial Services (please refer to above).

BDO is the leading entrepreneurial driven provider for audit and audit-related services, tax and business law consulting as well as advisory services. At 27 locations in Germany with more than 1900 employees, BDO is the first choice for medium-sized as well as family owned businesses and ambitious listed businesses.

• Senior auditor on financial audits of major industrial clients such as AEG (High Voltage Systems), Shipping companies (Deutsche Seereederei, Rostock) and Forwarders (Kersten Hunik).