Andrew is a Senior Manager of the IT Risk and Assurance Practice and is responsible for planning, executing and managing IT and attestation audit examination process for the following: Statement on Standards for Attestation Engagements (SSAE 18) including System and Organization Controls (SOC 1 and SOC 2), agreed upon procedures, Sarbanes Oxley (SOX 404), meaningful use assessments, HIPAA assessments, HITRUST assessments, ISO 27001, FFIEC assessments, DMF assessments, and general IT controls reviews and application control reviews. Additionally, Andrew is responsible for managing risk assessments to evaluate confidentiality, processing integrity, availability, security, and privacy concerns.
Prior to joining CBIZ & MHM, Andrew was a Managing Consultant and Supervisor at two top firms within the technology risk and assurance services practice.
During the span of his experience, Andrew’s portfolio of clients represented Fortune 500 companies nationally, and internationally. His roles involved leading and executing engagements, including SOC 1 and SOC 2, SOX 404, improvements to IT policies and procedures, IT general control, IS assessments, IT risk assessments, GBLA, meaningful use, and HIPPA assessments.