A Wealth of Experience & Leadership
INTERNAL AUDIT LEADERSHIP
Stephen Shelton has experience leading and building internal audit functions aligned to the needs of stakeholders. Experience includes establishing a start up internal audit function for a newly public spinoff company, overseeing a fully outsourced function to a Big Four professional services firm, bringing an outsourced function in-house, and utilizing co-source staffing models. He has also built and led multi-site (including off-shore) internal teams ranging from 8 to 40+ individuals. Stephen has implemented formal risk assessment models, standardized audit methodologies, best practice IA operating procedures, streamlined audit reporting including "high impact" audit reports and Audit Committee presentations. He has also strengthened audit follow-up, monitoring and reporting for previously identified issues. Shelton was an early adopter of the COSO control framework and helped facilitate implementation of the COSO 2013 enhanced control model.
Risk Assessment
Risk assessment skills are fundamental to providing effective internal audit services and value to stakeholders. Shelton has implemented structured risk assessment models to guide development of an internal audit plan and required resources, proportionate to company "risk appetites". He has also developed processes to ensure risk assessment is embedded in the planning for individual audits and used to develop specific risk-based audit procedures. He has further assisted companies in developing metrics and reporting on risk and mitigation for the C-suite and Audit Committees. Finally, he has led internal audit evaluations of company ERM processes, facilitated ERM for companies and Audit Committees, and provided training and education on ERM best practices. Shelton has led initiatives to ensure risk assessment is embedded in company SOX compliance processes and testing strategies in line with Auditing Standard No. 5 and PCAOB guidance for external auditors; led implementation in conjunction with the COSO 2013 control framework; and facilitated Audit Committee risk oversight responsibility and assessment of the maturity of risk governance processes. As a sub-set of risk assessment, he has also developed and implemented fraud risk assessments which have also received regulatory focus.
Information Technology Audits
Since 1982, Shelton has maintained proficiency as an IT auditor and professional designation as a Certified Information Systems Auditor (CISA). His experience enabled him to significantly enhance IT Audit services and capabilities within several IA Departments. Utilizing internal as well as co-sourced resources, Shelton has led audits of data privacy, IT governance, disaster recovery and contingency planning, attack and penetration testing, information security, social media, phishing and social engineering, data classification policies, data loss prevention, digital commerce, system and application development, and other IT security and control activities. Stephen has enhanced data analytics capabilities, audit automation and continuous auditing within IT audit functions. He is also knowledgeable of key IT control models including COBIT, IIA GTAG 11and the NIST Cybersecurity Framework.
QUALITY ASSURANCE REVIEWS
Shelton has leveraged his consulting and experienced internal audit leadership with multiple best-practice organizations, and knowledge of the IIA International Standards for the Professional Practice of Internal Auditing to prepare for external quality assurance assessments. Functions led by Shelton have consistently received the highest IIA-established QAR rating of "generally conforms for external quality assurance reviews. He has implemented effective internal "self-assessment" programs to regularly assess compliance with IIA and company standards and solicit feedback from stakeholders regarding the value provided by Internal Audit.
Mentoring & Development
As a Chief Audit Executive and SOX leader, Stephen served as a trusted business advisor to senior management and Audit Committees. He has utilized this extensive "executive experience" to mentor and develop high potential individuals into business leaders and executives. Stephen is also a warm, inspirational and mentoring leader regarded for being collaborative, progressive, highly professional, and "cool and calm under pressure". Coupled with a "servant leader" management philosophy, transparency, and promotion of best practices for internal audit functions, Stephen has helped groom more than 7 current Chief Audit Executives and several corporate officers including a business president and several CFOs. He continues to serve as an advisor when needed to Chief Audit Executives and other business leaders confronting challenging business, personnel or ethical situations.
Diverse Industries
Mr. Shelton's early experience in manufacturing at the Ford automotive assembly plant in Lorain, Ohio and retail management experience in Toledo, Ohio provided "hands on" business operations experience prior to his formal audit training. During the course of his professional career, Shelton performed financial, operational and IT audits for two Fortune 500 diversified manufacturers in the automotive, school bus, office products, glass and packaging industries; led and performed IT audits for two major international airlines; led a consulting practice for a major professional services firm with clients in the retail, telecommunications, insurance, manufacturing, mass transportation and radio broadcast industries; led the IA function for a Fortune 1000 telecom company; served as VP Internal Audit for one of the nation's largest publishing and TV broadcasting companies; started up a new internal audit function from scratch for a well-known global entertainment and retailer; rebuilt the internal audit function as VP Audit for a global engineering, construction and government services company, led the global SOX program, corporate audits and investigations for a Fortune 100 technology company, and the SOX function for a large public financial services company.
Sarbanes Oxley (SOX) ComplianCE
Since SOX compliance was effective for most US Public Companies with their December 31, 2004 filings, Stephen has been directly involved as a critical SOX thought leader. He co-led implementation in Year 1 with the CIO at a large media company and also led installation of RCTS software for efficient SOX administration, documentation, tracking and reporting. Over the subsequent 14 years to the present, he has served as the SOX Project Management Office (PMO) leader for several public companies and had direct responsibility for leading independent testing to support management's assessment of the effectiveness of internal control over financial reporting. Shelton has also established strong internal standards and engaged competent and proficient personnel to maximize reliance on independent testing by company external auditors. As a recognized SOX leader, he has reengineered SOX Compliance processes to increase efficiency and effectiveness, reduce the cost of compliance, and streamline compliance efforts among internal auditors, business process owners & stakeholders, and external auditors. He has also improved coordination and communication of results and led introduction of best practices such as peer review testing and control self assessment, in line with the risk-based approach to compliance outlined by AS-5 and PCAOB guidance. He has also led successful control rationalization exercises and enhanced 302 sub-certification and Disclosure Committee processes.