Andrew Sujan

Senior Manager, Internal Audit, Risk & Compliance Services

KPMG in Kuwait

Andrew is a seasoned IT Audit professional with over 12 years of experience in KPMG Risk Consulting Services having managed several engagements in Internal Audit, Systems Audit, RPA, Forensic, System Design & Development and Data Analysis.

Andrew Sujan

Position : Senior Manager


Andrew Sujan is a Senior Manager specializing in IT Risk Consulting with over 12 years of dedicated experience in assisting organizations in the identification, assessment and management of technology risks and opportunities. His key areas of work encompass IT internal audit, cybersecurity, risk management, digital forensic, and data analytics, enabling businesses to navigate the digital landscape securely and efficiently.

He effectively manages IT internal audit departments, ensuring adherence to budgets, timelines and quality benchmarks.

He has also managed regulatory compliance engagements, maintaining awareness of technology trends, risks and controls   and knowledge of regulatory requirements, particularly in IT governance and compliance.

With his experience he has identified critical IT control weaknesses, providing actionable recommendations to safeguard and enhance IT control environments.

Experience :

Andrew has led numerous engagements in IT Internal Audit, ensuring compliance with recommended practices and regulations while optimizing audit processes for increased efficiency and accuracy.

He has managed several cybersecurity audits for Financial Institutes and assisted in identifying vulnerabilities, proposing robust strategies to implement digital defenses, and advising on recommended practices to safeguard against potential threats.

Andrew managed several Application Audits, evaluating functionality and security measures, offering recommendations to enhance both performance and security protocols.

He developed RCSAs (Risk Control Self-Assessments) for Clients facilitating the identification and mitigation of risks across operational areas, strengthening overall risk management practices.

He conducted several policy reviews for Clients to assess the alignment with recommended standards and regulatory guidelines, offering insightful recommendations to enhance compliance measures and risk mitigation strategies.

Sector Experience:

Andrew's extensive experience spans across various sectors, including IT, banking, automotive, hospitality, FMCG, investment management, insurance, manufacturing, and trading.