About Us

Magsys is a consulting firm with extensive experience developing solutions for a diverse number of organisations including Government Entities, Universities and Businesses.
Specialising in supporting Internal Audit departments in the areas of IT Audit, IT Risk Management, IT Business Analysis, CAATs development and IT Security.
For other business clients, Magsys provides Enhanced Analysis and Reporting solutions, Niche Applications and Advanced Controls Monitoring applications.

Magsys aims to work closely with the Auditor or Business client to design and implement solutions to best address the specific requirements of the organisation.

Magsys has recently relocated to Hobart from Sydney and is looking forward providing ACL™ development services to new clients in the Apple Isle.

Principal Consultant - John Hughes

For the past 20 years John has provided specialist services in developing ( design and programming ) CAATs, Data Analytics and Continuous Controls Monitoring for IT Audit and Business units.
A profile of John's services to IT Audit departments includes:

  • liaising directly, or assisting IT Audit staff in ( their ) interactions with ICT Departments.
  • using a toolbox of many languages and databases to extract data from diverse applications platforms for initial analysis, prototyping and final CAATs design.
  • working with the IT Auditor to mine the data and correlate with business processes to evaluate risks.
  • design and programming of effective CAATs or Control Monitoring applications combining the skills of the IT Auditor with John's specialist design and ACL programming skills.
  • using a variety of languages and utilities Eg. VB scripting, Excel VBA, SQL and Unix shell scripting to build robust automation for the CAATs and Controls Monitoring.
  • using ACL to assist in data cleansing and migration. The data can be checked for logical consistency as well as simple errors.
  • Special interest in both system and application level access profile integrity. Has developed a number of ACL applications to check users, user role profiles and transaction access for control breakdowns.

Some of the companies John has provided IT Audit CAATs and Controls Monitoring development services to in the last decade are:

  • Sydney Water Internal Audit and Risk, developed a framework for automated data extraction from their PeopleSoft ERP system, Aurion HR / Payroll and legacy "ACCESS" DB2 based customer management systems, along with other systems Eg. Identity Management. The data extracted was maintained as ACL master or transaction tables and used by the automated ACL audit test scripts. Results were presented as information rich Excel spreadsheets which the auditor could use for potential control breach identification or more generalised investigation. Having "cross platform" data available to the ACL tests extended their functionality and reach.
  • StateRail NSW, over the years John has worked for Internal Audit, HR / Payroll and Accounts Payable departments. An interesting use of ACL was developing a Payroll Disaster Recovery application whereby using the ( ACL format backups of the ) previous 3 month's payroll transactions and various master tables and the ACL disaster recovery project on a laptop, a predicted pay ( with safeguards ) could be derived for each employee and tax and net pay calculated. The final output was an EFT file which could be transmitted to the bank. After recovery, the real payrun was performed, excepting sending the EFT payments, an ACL script then compared the real pay with the emergency pay and generated correcting payroll transactions which could be batch inputted.
  • RailCorp NSW , a significant project was developed for the Accounts Payable department which detected duplicate invoice payments. The ACL application detects potential duplicate payments within the Ellipse ERP AP system and within the iCMS Purchase Card system. Duplicate payment detection between the AP and P Card systems was also implemented and proved invaluable. Ariba procurement invoices are being added to this framework so that a 3 way match between Ariba / Ellipse AP / iCMS P Card can be performed. The intention is to catch duplicate, but unpaid, invoices in Ariba and stop them, thus preventing a duplicate payment.

John has enjoyed a long and interesting career in the field of computing. After starting work for Shell Research UK in the Aviation Fuels division, John was invited to join the Maths Division and programmed various scientific experiments and simulations using Fortran. A transfer to Shell UK followed where, after time spent in linear programming and tanker design modelling, a move to commercial computing was made. John was then recruited by Sperry Univac Australia where he had the opportunity to gain in depth experience in design and programming operating system software and applications development and support for customers.

Working for the Australian subsidiary of an American computer manufacturer with many clients across diverse industries has provided John with a very wide breadth of experience. This experience, combined with good communication skills enables John to be very effective in evaluating business applications and processes in terms of potential risks or deficiencies and developing CAATs or controls which address them.

Employment History
Self-employed 1991 to 2014
Providing application systems design and programming services and ACL development services to a number of clients around Australia.
Qantek 1989 - 1991 ( Qantas IT subsidiary ) As a Technical Consultant to the Freight Systems programming team on UNISYS 2200 systems platforms ( HVTIP COBOL, FORTRAN and MAPPER ). Major activities were applications programming on the USAS*CGO upgrade from 10R4 to 11R1 followed by a number of special projects involving original design and programming.
Seft-employed 1986 to 1989
RTA NSW, supporting General Ledger systems in OS1100 COBOL but with some MAPPER application development also.
Eden Technology developing a large online MIS system for Civil & Civic using DEC's RALLY and Relational database (RDb).
UNISYS Education teaching MAPPER User Workshop, MAPPER Run Design and COBOL/TIP/DPS Programming courses.
Sperry Australia 1973 to 1986
At client QANTAS in 1986, programming an interface from their USAS Cargo system to The Australian Customs 1100 mainframe in Canberra. The language used was FORTRAN and DMS1100. This interface allows Customs to get details of inbound cargo on Qantas flights before it has landed and possibly preclear it.
At client SRA, providing design and programming support for their MAPPER Locomotive Maintenance and inspection scheduling system (LMIS).
In earlier years at Sperry, John was engaged in:

  • Support of Unisys Airlines package software
  • Marketing Support ( including proposal writing ).
  • Training in SUM (Sperry Universal Methodology) and the promotion and support of SUM in Australia.
  • Systems Analysis, Design and Programming on a range of Applications.
  • Design and programming of a Real-Time messaging system for QLD Police using structured techniques for both design and programming.
  • Operating Systems support and programming.
  • Application System conversions and upgrades.
  • Benchmarking.
  • System Sizing and Modelling.

Shell International & Shell Research UK

  • Applications design and programming, COBOL on IBM and Univac
  • Scientific programming, Fortran on Univac