Karishma Velisetty

Karishma Velisetty has built a career of more than 10 years around a demanding and increasingly important discipline: the use of data engineering, advanced analytics, automation, and quantitative modeling to strengthen enterprise audit, fraud detection, and risk governance. Her work sits at the intersection of computer science and financial oversight, where the challenge is not only to review controls after the fact, but to design systems that continuously detect anomalies, quantify risk, and improve assurance at enterprise scale.

That specialization is especially relevant in the public-company environment. Sarbanes-Oxley Sections 302 and 404 place strong emphasis on internal control over financial reporting and the identification of fraud risks, and SEC guidance explicitly notes that management should consider fraud risks such as improper override of controls in the financial reporting process.  Within that broader regulatory context, Karishma Velisetty’s work stands out because it appears to move internal audit away from static, sample-based testing and toward continuous, analytics-driven oversight.

At Spotify, where she serves in Internal Audit and Risk analytics leadership, her work is framed around building enterprise analytics capabilities that expand audit coverage, reduce manual testing, and allow earlier detection of high-risk conditions. That is an architecturally meaningful contribution because internal audit functions often struggle with fragmented data, slow reporting cycles, and reactive testing methods. Her profile suggests that she has addressed those limits by building end-to-end analytics solutions with Python, SQL, and Tableau, while also incorporating AI-assisted anomaly detection and full-population testing. In practice, that means shifting audit from a retrospective control exercise into a more dynamic and scalable technical capability.

Her enterprise-wide Fraud Risk Assessment work is particularly notable. The SEC’s interpretive material on internal control and Section 404 underscores that fraud-risk identification is a central part of control evaluation, especially around management override and related financial reporting risks.  In that context, Karishma Velisetty’s described work on building fraud scenarios across millions of records, testing conflict-of-interest patterns, revenue anomalies, payroll irregularities, and IT-access risks represents more than routine audit execution. It reflects a systems-oriented attempt to operationalize fraud-risk oversight through continuous dashboards, key indicators, and quantified exposure analysis.

Her SOX work over advertising revenue and automated controls also reflects important technical depth. In large digital businesses, revenue processes are heavily system-driven, and assurance over billing, configuration, segmentation logic, and automated control execution often requires code-aware, analytics-backed testing rather than conventional manual review. Her profile suggests that she has operated in exactly that space, combining transaction-scale analysis with technical control validation and external-auditor support. That kind of work is valuable because it helps audit functions understand not only whether a control exists, but whether the software and configuration logic behind it is operating correctly at scale.

A distinctive feature of her profile is the introduction of quantitative simulation into enterprise risk governance. Monte Carlo simulation is widely used to estimate a range of possible outcomes by modeling uncertainty through repeated trials, and Value at Risk is a standard financial metric for estimating potential loss at a chosen confidence level.  Her Risk Quantifier work appears to apply those ideas to enterprise-risk prioritization by converting qualitative risk judgments into probabilistic loss distributions, expected-loss measures, and percentile-based downside metrics. That is a meaningful contribution because it reduces reliance on subjective scoring and introduces more disciplined, model-driven risk discussion into management decision-making.

Her payroll-audit work shows another recurring strength: the use of automation and anomaly detection in high-volume operational domains. Payroll is a classic area where fraud, segregation-of-duty issues, duplicate accounts, abnormal compensation patterns, and access-control failures can have financial and governance consequences. Her full-population analytics and monitoring-bot approach suggests a move toward continuous payroll oversight rather than episodic review, which is exactly the kind of technical shift that modern audit and risk functions increasingly need.

Earlier in her career at Amgen, she appears to have built the underlying data and automation foundations that later made this kind of work possible. Public Amgen filings confirm the company’s audited internal control over financial reporting environment as a material governance context.  Her profile describes enterprise ETL pipelines across SAP, Workday, Salesforce, and Concur, along with reusable automations and centralized analytics models. That kind of architectural work matters because audit analytics is only as strong as the quality, standardization, and accessibility of the underlying data.

Taken together, Karishma Velisetty’s career reflects a coherent and technically mature specialization in data-driven assurance. Her work appears to combine data engineering, AI-assisted anomaly detection, fraud analytics, simulation-based risk modeling, and continuous monitoring into practical systems that strengthen financial governance. In a field where many audit functions still depend heavily on manual review and static testing, that pattern of contribution is both substantial and professionally distinctive