Ed Nicholls smiles at the camera

Ed Nicholls

Partner, Risk Advisory Services

Risk Advisory Services

Automotive | Financial Services | Government & Public Sector | Healthcare | Natural Resources | Technology, Media & Telecommunications | Tourism, Hospitality & Leisure

Executive Summary

Executive summary

Ed is a Partner in BDO’s Risk Advisory Services team in Melbourne. He has over 17 years’ technology risk advisory and assurance experience, working with several global organisations and ASX 100 clients. Ed has considerable knowledge of identifying practical and cost-effective IT improvements for key industries including natural resources; retail; financial services; technology and telecommunications; government; gaming and wagering; and healthcare.

He is passionate about helping his clients develop their understanding of better practice risk and controls. Ed frequently facilitates knowledge sharing sessions and customised training with clients to help them improve their IT control maturity, capability, and resilience.

Expertise

  • IT third party assurance (GS007, ASAE 3150 and 3402, ISAE 3000, SOC 1/2/3)
  • Financial IT audit
  • System implementation and data migration assurance
  • JSOX and SOX controls review
  • Cyber security assessments (applying NIST 2.0)
  • CPS 234 assessment, including tripartite testing
  • IT internal audit
  • ISO 27001 internal audit
  • IT resilience
  • IT and business process review
  • Payroll controls assurance

Experience

Natural resources

  • Directed a mining company’s IT financial audit for over six years to support the annual financial audit opinion
  • Led the IT financial audit during a large utility company’s attempted demerger.

Retail

  • Directed a supermarket, convenience, and liquor group’s IT financial audit for over ten years; led multiple IT projects; investigated IT outages; and performed cybersecurity control assessments with senior stakeholders
  • Managed a sportswear retailer’s IT risk assessment across their entire organisation and global operations, including tailored recommendations and process improvements, and a roadmap for implementing them.

Technology, media, and telecommunications

  • Directed annual positive assurance audits for an IT service provider for over five years. Performed design and controls testing over the services and activities they provided to their larger customers
  • Performed ISAE 3402 SOC positive assurance reporting for a global payroll service provider for over six years.

Healthcare

  • Conducted positive assurance audits of an emergency care provider’s third party service providers
  • Performed a risk assessment over a hospital’s cyber security landscape. This included a current and future state maturity view, strategic roadmap, and sector, national, and global benchmarking to help board members better understand the hospital’s comparative cyber maturity.

Qualifications and affiliations

  • Bachelor of Science
  • Bachelor of Information Systems
  • Executive Master of Business Administration
  • Graduate Certificate of Chartered Accounting
  • Certified Information Systems Auditor (CISA)
  • COBIT5 Foundations Certified
  • ITIL V3 Foundations Certified
  • Affiliate Member, CA ANZ