Sarbanes-Oxley: How to Assess IT Controls
Bhavesh Vadhani, CISA, CGEIT, CRISC
Director, Risk Services
Watkins Meegan LLC
Mr. Vadhani is a Director in Watkins Meegan’s risk services group with over 11 years of IT governance, risk and compliance experience. He has led and managed several engagements such as Information Technology (IT) controls assessments, SSAE 16 (previously known as SAS 70) Attestations, Project Management and Quality Assurance reviews, IT Risk Assessments, Information Security consulting, IT Strategy and Portfolio management. He has in-depth knowledge of IT and business processes and valuable experience in auditing and integrating highly complex systems. He is intimately familiar with regulatory requirements and standards, including, but not limited to, Sarbanes-Oxley 404 (SOX), OMB A-123, PCI-DSS, 201-CMR 17, Red Flags, FISMA and FISCAM. Mr. Vadhani currently holds a Public Trust 6c clearance.
At Watkins Meegan, Mr. Vadhani works with organizations to adopt industry best practices and frameworks to improve efficiencies in day-to-day processes and identifies IT governance initiatives to help corporations and organizations enhance their existing IT environment.
Heather B. Bearfield is a Principal in the Firm’s Boston office and
serves as the National Technology Assurance Services Leader. She has
extensive experience with SAS 70 audits/SSAE 16/AT 101, internal and
external audits, and specialized projects for application reviews, internal
and external vulnerability assessments, wireless assessments and penetration
Ms. Bearfield conducts in-depth analyses of entire business systems including application software, databases, operating systems, hardware, client/server networks and communicates with technical staff and managers to improve internal controls. She conducts IT Risk Assessments and evaluates information security strategies.
Working with Fortune 500 companies, Ms. Bearfield manages Sarbanes-Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness. Ms. Bearfield has in depth experience assisting companies to strengthen internal controls/ processes for business process flows including payroll, inventory, purchasing, sales, loans, ATMs, personal banking for areas including logical security, interfacing of applications, completeness and accuracy of information, and backup and recovery procedures. She creates standards, policies and procedures for compliance with Sarbanes-Oxley Act 404 and manages SAS 70/ SSAE 16/ AT 101, Pre-Assessments, Type I and Type II audits and draft reports for review.
BDO USA LLP
Mr. Robison has worked in the IT industry for the last 17 years in various capacities. He has experience in reviewing a broad range of systems, applications, security, and network infrastructures that support the financial reporting operations at both privately and publicly held companies. While working for IBM and Deloitte & Touche LLC from 1994 through 1997, Mr. Robison earned his MBA at Georgia State University with a focus in Computer Information Systems (CIS). Since 1997, he has worked as an IT Auditor and obtained his Certified Information Systems Audit (CISA) certification in 2002. Mr. Robison's specialties include assessing systems and processes to regulatory compliance standards and increasing the efficiency of validating Sox IT controls in various industries for small to large cap (Fortune 500) companies.
Sarbanes-Oxley: How to Assess IT Controls
Watkins Meegan has been helping its clients develop, pursue, and achieve their business objectives since the firm was established in 1975. With an earned reputation for both quality and reliability, Watkins Meegan has become one of the largest CPA firms in the Metropolitan DC area, ranking in the top 70 accounting firms in the United States and the top 10 in Washington, DC.
Watkins Meegan’s professionals are more than tax specialists – they work to improve business performance, minimize costs, lower risks, and increase cash flow. Watkins Meegan takes pride in understanding its clients’ business needs – from tax planning and compliance to information technology and outsourced accounting.
Marcum LLP is one of the largest independent public accounting and advisory services firms in the nation. Ranked among the top 15 firms in the nation, Marcum offers the resources of more than 1,100 professionals, including more than 150 partners, in 23 offices throughout New York, New Jersey, Massachusetts, Connecticut, Pennsylvania, California, Florida, Grand Cayman, China and Hong Kong. The Firm’s presence runs deep with full service offices strategically located in major business markets.
Marcum offers an extensive range of professional services and a high degree of specialization. In addition to traditional accounting, assurance and tax, including domestic and international tax planning and preparation, the Firm’s professional services include mergers and acquisition planning, family office services, forensic accounting and litigation support. The Firm has developed several niche practice areas including private equity partnerships; hedge funds; SEC registrants; services for the government, public and not-for-profit sectors; construction; business insurance valuation; healthcare; bankruptcies and receiverships; and a China specialty practice.
For more than 100 years, BDO USA has been recognized as a premier accounting, tax, financial advisory and consulting organization. Providing services to a wide range of publicly traded and privately held companies, BDO offers a sophisticated array of services and global capabilities, combined with the personal attention of experienced and committed professionals. BDO serves clients through more than 41 offices and over 400 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multinational clients through a global network of 1,118 offices in 135 countries. BDO USA, LLP, a Delaware limited liability partnership, is the US member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.