David Flett

Senior Manager, Advisory

KPMG in Bermuda

David has recently relocated to work for KPMG in Bermuda after spending the last 12 years working in London in the Digital Controls Team of a ‘Big Four’ practice. In London, he gained extensive experience in technology (non-financial) and operational risk, security and controls, with experience in US and UK SOX advisory, remediation, external audit (PCOAB), internal audit and regulatory risk and control projects at clients across a range of sectors. As part of his role he is required to keep on the front foot with changes in regulation and hot topics around IT risk so that he can guide and advise clients effectively through their challenges.

Recent engagement experience

  • Part of his previous team’s UK SOX/BEIS response leadership team which included forming our response, methodology, published thought pieces, opportunity and account management, event speaking, team management.
  • SOX and UK SOX advisory: Led non-financial risk (technology) workstream of control transformation programmes at US listed and FTSE100 organizations with multiple global locations and disaggregated technology environments.
    • Working with clients to perform risk assessments, scoping exercises, end to end business process walkthroughs and mapping, identification of technology’s role in business processes, develop and document risk and control matrices, evaluate design, implementation, and operating effectiveness of key technology controls across change management, access security, network, business process automated controls, and interfaces, at application and infrastructure layers.
    • Identify opportunities to automate and improve business processes and controls, oversee successful deployment of technology-based solutions such as GRC tooling and analytical dashboarding. This includes remediation, re-design and implementation of current controls. Review and challenge areas of weakness or areas where issues are identified.
    • Review client's preparation of framework and control documentation, critique and advise on areas of improvement, perform and oversee root cause analysis to enable successful improvement. Prepare and present results in reports to senior stakeholders.
  • IT Internal Audit co-source with online fashion retailer, tv broadcaster, and oil & gas producer. Work closely with CIO, CISO, Risk and operational personnel (including first, second and third lines of defense) to understand the organizations operational & technology risks (including monitoring of local regulatory developments) and prioritize an annual plan of technology reviews which covered a wide range of areas including Cyber Strategy and maturity assessment / Website & third-party risk and resilience / Adoption (functional and security) of new technologies /  infrastructure security / Data breach & incident response / Key application controls. Detailed root cause analysis of issues identified to tailor specific, realistic and achievable improvement plans that are tracked and managed to completion. Management of multiple stakeholders across the business was key for successful delivery and deployment of opportunity for improvements raised in reviews.
  • Led regulatory driven technology controls review for online ride hailing applications in order for client to adhere with regulator conditions to grant London operating license. Requires obtaining a deep understanding of the configuration and automation of in house developed systems to ensure driver and rider safety. Lead relationship with head of compliance and head of IT compliance. 

  • BSc Hons Economics & Finance – University of Bristol

  • ACA Chartered Accountant – ICAEW – CPA converted

  • CISA/CISM/PRINCE2/COBIT 5 – exam certified