Professional Experience

Enterprise Resource Planning Segment

Consulting for Industries, SMEs and NGOs to implement end-to-end ERP systems, design SOP-aligned process flows, and improve productivity through automation and analytics.

ERP Consultant, MRDI (Management and Resources Development Initiative)

🧩 ERP Transformation Consultant at MRDI

Client: Media Resources Development Initiative (MRDI), Bangladesh
Engagement Duration: May 2023 – October 2024
Platform: Microsoft Dynamics 365 Business Central
Scope: Full-System ERP Modernization & Strategic Advisory

As part of MRDI’s strategic effort to modernize its internal operations and ensure transparency, compliance, and automation across its functional units, I was contracted in May 2023 as the ERP Consultant to lead the organization-wide transition from legacy systems to Microsoft Dynamics 365 Business Central (D365 BC).

My role encompassed end-to-end ERP transformation planning, stakeholder coordination, technical documentation, and capacity building, supporting MRDI’s shift from hybrid and Tally-based systems to a unified enterprise-grade ERP environment.

Core Contributions & Achievements

1. System Requirement Specification (SRS) Development

• Led the development of a comprehensive SRS aligned with MRDI’s structural and operational goals.
• Mapped functional requirements across departments including Finance, HR, Procurement, Asset Management, and Projects.

2. System Transition & Policy Reengineering

• Facilitated the transition from hybrid manual and Tally-based accounting systems to D365 BC.
• Rewrote and restructured organizational SOPs, process manuals, and internal control policies to match ERP logic and best practices in digital governance

3. Stakeholder Engagement & Donor Coordination

• Acted as the liaison between MRDI leadership, Microsoft Bangladesh, and donor/partner organizations including:
  • Fojo Media Institute (Sweden)
  • Linnaeus University (Sweden)
  • Local implementation partners of Microsoft D365 products

4. ERP Training & Change Management

• Delivered regular user training and orientation workshops using a trial version of Microsoft D365 BC.
• Ensured administrative staff, managers, and project personnel understood functional modules, process flows, and inter-module dependencies.
• Provided change management advisory to support cultural and technical readiness for ERP deployment.

⚙️ Modules Covered in the ERP Scope

• Finance & Accounts
• HR & Payroll
• Procurement Management
• Asset Management
• Inventory Control
• Project & Grant Management
• Reporting Dashboards & Workflow Automation

his engagement reflects my capability in cross-functional ERP implementation strategy, public-private collaboration, and capacity development, particularly in nonprofit, donor-driven institutional environments. The work at MRDI is a significant contribution to strengthening digital accountability and operational resilience in Bangladesh’s media and development sectors.

ERP Development – Popular Pharmaceuticals Ltd.

Role: Head of IT, Project Manager & System Analyst [2004-2010]. Oversaw enterprise-level IT infrastructure.
Year: 2006 (for ERP Development)
Platform: Microsoft .NET Framework (using Visual C#, ASP.NET, SQL Server 2005)

As part of a core five-member in-house development team, I led the end-to-end design and implementation of a fully customized Pharmaceutical ERP system for Popular Pharmaceuticals Ltd., one of the largest pharmaceutical manufacturers in Bangladesh. The system was built entirely from scratch using Microsoft technologies, forming a robust 3-tier architecture hosted on an IBM server in our on-premise data center.

I served as both Project Manager and System Analyst, overseeing requirements gathering, process analysis, architectural planning, development coordination, and deployment. The ERP was developed to support the complete pharmaceutical business lifecycle — from procurement to production to nationwide distribution and export oversight.

⚙️ Modules Developed:

• HR & Payroll – Employee records, salary structure, attendance tracking, compliance reporting
• Invoice & Purchase – Procurement, vendor management, purchase requisition, PO lifecycle
• Sales & Distribution – Regional sales coordination, retail dispatches, order processing
• Marketing & Field Services – Territory management, field force activity tracking, performance analytics
• Warehouse & Inventory – Real-time stock levels, batch/expiry tracking, multi-location inventory control
• Production – Bill of Materials (BoM), production planning, formulation tracking, QA flags
• Executive Dashboard – Centralized view for top management with live KPIs on sales, production, and inventory

This initiative marked a critical shift in Popular’s digital transformation, replacing fragmented legacy tools with a unified enterprise platform tailored for the pharmaceutical domain. It enhanced traceability, regulatory compliance, and operational agility — laying the groundwork for future scalability and integration with global standards.

Compliance and Audit Segment

🏛️ IT Security Audit of Nepal Rastra Bank (Central Bank of Nepal)

Duration: October 18 – November 16, 2022
Client: Nepal Rastra Bank (NRB)
Oversight Authority: Auditor General’s Office of Nepal
International Collaboration: Hawladar Younus & Co. (Bangladesh) and S.R. Pandey & Co. (Nepal)

In late 2022, I was engaged as an IT auditor for a critical national-level assignment at Nepal Rastra Bank (NRB) — the central regulatory and monetary authority of Nepal. This engagement was part of a high-level, cross-functional financial audit initiative supervised by the Office of the Auditor General of Nepal and involved two parallel audit teams: The Financial and Banking audit was conducted jointly by Hawladar Yunus & Company (Bangladesh) and SR Pande CA Firm (Nepal). Shared memorable moments with Auditor General (Auditor General office) and Governor, other top management of Nepal Central Bank, advisors, financial audit specialists and chartered accountant team of Hawladar Yunus & Company (Bangladesh) and SR Pande CA Firm (Nepal).

🔍 Scope of Audit

My audit covered a comprehensive review of NRB’s enterprise-wide IT infrastructure, information security posture, and mission-critical banking systems, including:

• Core Banking System – Olympic GL, its server infrastructure, security controls, and operational policies
• Payment Systems – RTGS, Cheque Clearing System (hosted and managed by Nepal Clearing House Ltd – NCHL)
• Supervisory Information System (SIS) – Linked to all commercial banks of Nepal
• Foreign Exchange & SWIFT Operations
• Financial Management System (FMS) – And its integration with CBS
• HR and Payroll Management System
• Asset Management System
• Banking Intelligence Platform (GoAML) – For anti-money laundering oversight
• Custom and Outsourced Financial Applications – Including 96 in-house financial systems
• Core IT Infrastructure – Data center, networking, cybersecurity framework
• Disaster Recovery Site – At Biratnagar
• Regional CBS & IT Security – Offices in Biratnagar and Pokhara

🛡️ Audit Standards & Methodology

• Primary Standards:
  • ISO/IEC 27001:2013 Information Security Management
  • Grant Thornton ITGS (Information Technology General Standards)
• Deliverables Included:
  • A comprehensive audit report mapped to ISO 27001 controls
  • Identification of non-conformities (NCs), risks, and mitigation gaps
  • System-specific risk assessment, including access control, logging, DR, and endpoint security
  • Customized reporting format in alignment with the Nepal Auditor General’s documentation structure

🧾 Reporting & Executive Presentation

At the conclusion of the fieldwork, I presented audit findings, risk matrices, and formal recommendations in a high-level review session attended by:

• Governor and Deputy Governors of Nepal Rastra Bank
• Audit Committee members
• Directors of Core and IT Departments
• Representatives from the Auditor General’s Office
• One delegate from the International Monetary Fund (IMF)

The audit was recognized for its depth, transparency, and actionable insights, contributing directly to improvements in regulatory compliance, data governance, and cybersecurity readiness within NRB’s IT operations.
This engagement reflects my capability to lead independent, multi-standard, and regulator-facing IT audits at the highest institutional levels, combining global best practices with localized risk contexts.

🏦 IT Security Audit Across Bangladesh Bank and Five Commercial Banks

Project Type: IT Security Audit
Industry: Banking & Financial Services
Client Institutions: Bangladesh Bank, Janata Bank, Pubali Bank, IFIC Bank, Woori Bank (Korea), CBC – Commercial Bank of Ceylon (Sri Lanka)
Project Duration: 2020–2021
Standards Applied: ISO/IEC 27001 (ISMS), Grant Thornton ITGC Controls

Between 2020 and 2021, I had the privilege of conducting in-depth IT security audits across the central bank and five leading commercial banks in Bangladesh, focusing on system integrity, infrastructure maturity, and compliance with global information security standards. The banking and financial audit for Bangladesh bank and 5 other commercial banks was conducted by Haqwladar Yunus & Company (Bangladesh). I was assigned for the audit and reporting of Information Security Management System and Information system (ISO 27001 Standards) and IT General Control (ITGC – Grant Thornton Standards).

My engagement at Bangladesh Bank (the central bank) was conducted in two distinct phases:

1. Phase 1 – ITGC Audit
   Reviewed foundational IT General Controls across infrastructure, access, backup, data integrity, and governance frameworks.
2. Phase 2 – IT Security Audit
   A more granular evaluation of:
   • Bangladesh Bank’s Core Banking System (CBS)
   • SAP Financial Modules, including the administrative suite
   • Payment Systems, including SWIFT and local transfer mechanisms
   • Internet & Intranet Systems
   • Custom-Built Financial Applications
   • Data Center Operations
   • Network Security, Infrastructure Hardening
   • National Data Center (NDC) Integration
   • Job Role Segregation and IT Staff Responsibilities

🏛️ Commercial Bank Audits (Head Offices in Dhaka):

• Janata Bank
• Pubali Bank
• IFIC Bank
• Woori Bank (Korean Operation)
• CBC – Commercial Bank of Ceylon (Sri Lankan Operation)

For these banks, I conducted IT General Controls (ITGC) audits, benchmarking against ISO 27001 controls and Grant Thornton’s established ITGC standards. Key audit areas included:

• System Administration and Security Governance
• Application Lifecycle Management (ALM) and Execution Protocols
• Software Maintenance, Updates & Source Code Control
• Database Management, Backup Strategy, and Disaster Recovery Readiness

🌐 Key Observations & Industry Maturity Insights:

• Local commercial banks (e.g., Janata, IFIC, Pubali) maintain in-house hosting of CBS, data centers, and network operations.
• Foreign banks (Woori, CBC) primarily maintain infrastructure at their global headquarters in Korea and Sri Lanka, respectively.
• Most institutions show consistent progress toward infrastructure resilience, regulatory alignment, and operational security.
• Boards and top management of these institutions demonstrate strong commitment to modernizing IT infrastructure and empowering internal teams with advanced tools, platforms, and training.

While no system is entirely full-proof, it is evident that the banking IT landscape in Bangladesh is maturing rapidly. Investments in cryptographic controls, CBS modernization, payment system resilience, and core infrastructure indicate a forward-looking approach to safeguarding critical banking operations.

>>>

📌 ISO Lead Auditor – Multi-Standard Compliance (2018–Present)

Domains Covered: Healthcare, Municipal Governance, Leather Manufacturing, Software/IT (Banking ERP)

Over the past several years, I have served as a Lead Auditor for internationally recognized standards, including ISO 9001:2015 (QMS), ISO 27001:2022 (ISMS), ISO 45001:2018 (OHSMS), and ISO 14001:2015 (EMS). My auditing engagements spanned diverse sectors, demonstrating a robust capability to assess, guide, and elevate organizational compliance across complex operational environments.

🏥 Healthcare Sector – ISO 9001:2015 (QMS)

Conducted full-cycle certification and surveillance audits for the Ibn Sina Trust & Hospital Group, including:

• Ibn Sina Hospital, Dhanmondi (Shankar) – Initial certification and follow-up surveillance audits
• Ibn Sina Jessore Hospital
• Diagnostic branches at Dhanmondi D-Lab, Jigarola, Doyaganj, Keraniganj, Malibagh, Mirpur, Lalbagh, Cumilla, Chittagong, Bogura, Jatrabari, and Jessore

My audits covered quality planning, service delivery, clinical support, risk-based thinking, and continual improvement practices, enabling process enhancements and sustained QMS maturity.

🏛️ Municipal Sector – FSM Project

Led QMS audit for Jhinaidaha Municipality Office, focused on Faecal Sludge Management (FSM) as part of a Norwegian-led environmental initiative. The audit evaluated service quality, hygiene safety protocols, community engagement processes, and operational sustainability.

🥾 Leather Manufacturing – IMS Implementation (ISO 9001 + 45001 + 14001)

Performed Integrated Management System (IMS) audits at Express Leather Products Ltd (Loto Shoe Brand) and three additional export-focused enterprises. Audits addressed:

• Product quality and traceability
• Environmental compliance and waste management
• Occupational health and safety practices (OH&S)
• Supplier audits and legal register evaluations

These audits strengthened triple compliance readiness and minimized cross-standard non-conformities through harmonized corrective actions.

💻 Information Security – ISO 27001:2022 (ISMS)

Conducted lead audit for Ira Infotech Ltd., a pioneering software company providing core banking systems and custom ERP solutions for Bangladeshi banks. The audit scope included:

• Information asset management
• Risk assessment and treatment planning
• Access control and cryptographic controls
• Secure software development life cycle (SSDLC)
• Business continuity and incident response

My findings contributed to their readiness for third-party audit, aligning their ISMS with ISO 27001:2022 and industry best practices.

Training and Workshop Segment

● Training Consultant, ActionAid Bangladesh (2020–2023)

Link from ActionAid Bangladesh Website :
https://www.actionaidbd.org/post/blog/being-trained-leadership-children-kurigram-are-already-planning-work-climate-change-and-justice

• Conducted nationwide capacity-building sessions for Child Forum Leaders. The training and workshop sessions, I was contracted for bu ActionAid Bangladesh, were held in 9 multiple locations, including Chittagong, Adarshagram (beside the Jadukata River) in Sunamganj, Ghorar Ghat in Dinajpur, two separate villages in Patuakhali, two batches in Rupganj, Narayanganj (in 2020 and 2023), and two distinct locations within Dhaka city.
• Used creative cultural movements and tools to drive awareness of child rights, climate change advocacy, and social justice.

🎓 IT Training & Academic Leadership (1999–2003)

Roles: Faculty Trainer, Academic Head
Sectors: Technical Education, Corporate Training, Development-Funded Capacity Building
Key Clients & Programs: Axiom (Aptech), IDB-BISEW (UNISON), US Embassy, USAID, Shell, CARE Bangladesh

Between 1999 and 2003, I served in full-time academic and instructional roles in Bangladesh’s evolving IT education landscape — delivering structured training in globally recognized certification programs and managing education projects targeting both corporate professionals and underprivileged youth.

🧩 Phase 1: Technical Faculty at Axiom Limited / Aptech Bangladesh (1999–2002)

At Axiom Limited, the Master Franchisee of Aptech Computer Education (India) in Bangladesh, I worked as a faculty trainer delivering certification-oriented IT education to both general students and professional participants. My instruction spanned:

• Microsoft Certified Systems Engineer (MCSE)
• Microsoft Certified Database Administrator (MCDBA)
• A+ Hardware Certification
• Linux (RedHat) Server Administration
• Web Application Development (ASP, HTML, JavaScript)
• Microsoft Office Suite & Enterprise IT Essentials

I also delivered corporate training sessions for prominent institutions, including the US Embassy, USAID, Shell Bangladesh, and CARE Bangladesh, tailoring technical education to organizational needs.

📚 Phase 2: Academic Head, IDB-BISEW UNISON IT Training Program (2002–2003)

In 2002, I was appointed Academic Head for the UNISON Project — a scholarship-based IT diploma program under IDB-BISEW (a development initiative funded by the Islamic Development Bank). The project aimed to provide career-grade IT education to financially underprivileged students across Bangladesh.

My responsibilities included:

• Oversight of curriculum delivery and academic coordination
• Instruction in MCSE, MCDBA, Linux Administration, and MCA (Microsoft Certified Associate)
• Mentoring students for professional certification and workforce readiness

This role exemplified my commitment to technology-led social inclusion and the strategic use of IT education to uplift underserved populations.

Process Optimization Segment

🔧 Process Optimization & IT Risk Management Consultancy

With a focus on aligning enterprise IT operations with international standards such as ISO 27001 and CMMI, I have led process optimization initiatives in both healthcare and financial technology sectors, delivering measurable improvements in risk posture, IT governance, and operational efficiency.

🏥 IT Process Optimization at KPJ Specialized Hospital & Nursing College (Malaysia, 2017)

Client: KPJ Healthcare Berhad
Engagement Duration: February 2017
Scope: IT Risk Management, Network Security, Data Center Optimization
Standard Applied: ISO/IEC 27001:2013

In February 2017, I was engaged as an external consultant to deliver IT process optimization and risk management advisory at the KPJ Specialized Hospital & Nursing College, a 250-bed medical facility operated by Malaysia’s renowned KPJ Healthcare Berhad, which manages a network of 29 private hospitals.

My work focused on:

• Data Center operational review and risk identification
• Secured network infrastructure analysis
• Back-office hospital ERP (Malaysia-developed) process flow optimization
• Gap assessment against ISO 27001 IT risk management framework

The engagement concluded with a comprehensive audit-style report, highlighting IT operational risks, and offering recommendations that directly informed the hospital’s IT infrastructure and workflow redesign. The outcome led to significant process optimization and increased resilience across IT-dependent services.

💻 Enterprise Process Optimization for Ira Infotech Ltd. (Bangladesh, 2023)

Client: Ira Infotech Limited
Engagement Year: August 2023
Scope: IT Risk Management, Security Policy Development, Process Review
Standards Applied: ISO/IEC 27001, CMMI

In 2023, I served as a consultant to Ira Infotech Limited, a prominent software company in Bangladesh, specializing in Core Banking Systems (CBS) and Business ERP development. My engagement involved a full-spectrum review and upgrade of the company’s IT governance and process efficiency framework.

Key contributions included:

• Process optimization mapping for internal development workflows and product lifecycle
• IT risk identification and mitigation planning based on ISO 27001 guidelines
• Drafting and upgrading of key policies:
  • Cybersecurity Policy
  • Quality Objectives
  • Information Security Policy
  • IT & Risk Management Guidelines

This consultancy ensured Ira Infotech’s IT operations and software development lifecycle were brought into closer alignment with international best practices in software quality, security, and maturity, enhancing their readiness for enterprise and financial-sector engagements.

🌍 IT Leadership in UNIDO-BQSP & BEST Projects (2010–2016)

Role: IT Expert (Contracted by UNIDO)
Duration: March 2010 – December 2016
Funding Partners: European Union, GIZ (Germany), Norad (Norway)
Implementing Agency: UNIDO (Vienna)
Stakeholders: Ministry of Industries, Ministry of Fisheries, Ministry of Textiles (Bangladesh)
Beneficiaries: BSTI (Bangladesh Standards and Testing Institute), BAB (Bangladesh Accreditation Board), Khulna Laboratory (Fisheries), Fashion Design Institute (under Ministries of Textile)

As part of the EU- and UNIDO-supported Bangladesh Quality Support Programme (BQSP) and its successor project BEST, I served as the lead IT expert for national digital infrastructure enhancement initiatives across key regulatory and standards bodies under the Ministry of Industries, Government of Bangladesh. These projects aimed at modernizing quality infrastructure through strategic ICT interventions in BSTI, BAB, and sector-specific technical institutions.

🧩 Key Contributions & Project Highlights

1. Automation of BSTI’s National Metrology Laboratory (NML)

• Established a robust data center and client-server IT infrastructure using Windows Server 2012 and CISCO-based network security.
• Designed and implemented a document management system (DMS) for traceable recordkeeping and secure access.
• Deployed network intrusion monitoring and centralized time server synchronized with Bangladesh Computer Council (BCC).
• Delivered structured administrative and end-user training for NML technical and management staff.

2. Digitization of BSTI’s Standards and Certification Wings

• Developed client-server architecture with Windows Server 2008 and secure network configurations.
• Integrated a workflow automation system, a Bangladesh Standards (BDS) document repository, and internal DMS.
• Built and maintained the official BSTI website during the project period.
• Provided staff training on Microsoft Office 2007 and Outlook-based email communication.

3. ICT Infrastructure for BAB (Bangladesh Accreditation Board)

• Designed and supported client-server-based data center architecture.
• Conducted system analysis and customization of accreditation management software adapted from a Norwegian platform.
• Provided technical implementation guidance and process mapping for accreditation workflows.

4. Sectoral Digital Support – Fisheries & Textiles

• Supported the setup of a LIMS-based laboratory system in Khulna under the Ministry of Fisheries.
• Developed and implemented an intranet and network environment for the Fashion Design Institute, under the Ministry of Textiles

This multi-year engagement demonstrated my ability to lead, establish and manage complex, donor-funded ICT transformation projects involving international coordination, system design, vendor management, infrastructure implementation, and multi-level training across government institutions.

🌍 Key Projects

ICT Journalism Platform: Tech Dispatch – Built a category-based publication system under Industry Briefings.

Dynamic365 Implementation Advisory – Supported enterprise-level applications integration strategy at Business Enterprises.

ClickUp-Odoo Integration – Developed workflow pipelines between project management and ERP.

Data & Analytics Portfolio

• Created HR-Payroll dashboards in Power BI/Tableau integrated with Odoo and other ERP
• Used Python scripts to automate lead scoring and churn analysis in CRM

✨ Social Impact Work

• Designed and delivered leadership programs for youth through ActionAid Bangladesh.
• Advocated for child digital rights and inclusive education through ICT-based interventions.

⭐ Certifications & Recognition

• ISO 27001:2022 Internal Auditor
• ISO 9001:2015 Lead Auditor
• Microsoft Certified ERP Consultant (Freelance Track)

✏️ Publications & Media

• “Is the term IT Audit correct?” – Industry Briefings
• Tech Dispatch: ICT Journalism on ERP in Pharmaceuticals
• LinkedIn Thought Pieces on ERP Change Management and Digital Literacy

🔗 Connect With M

• Email: info@mujahidul-haque.pro