Professional Bio


Tom Andreesen
Managing Director
Business Card (vCard)
Professional Experience
Tom is a managing director with over 23 years experience in managing the evaluation, implementation, and support of information technology (IT) solutions. He has also helped companies establish their internal audit functions and corporate governance programs as well as implement frameworks to assist with regulatory compliance analysis and implementation. He is the financial services industry lead for Protiviti’s Central Region and a member of Protiviti’s global IT consulting leadership council. Additionally, he leads Protiviti’s Chicago office.
Representative Engagements Include
  1. National Broker Dealer: Engaged by the client to assist with various internal audit activities (business and IT) including annual risk assessment work. Have also helped the IT function directly with design and testing of controls and rationalizing the key control environment. Have also assisted with vendor information security assessments and forensic analysis
  2. National Broker Dealer: Engaged by the client to assist with major integration efforts including establishing project management functions, adoption of required security standards and processes, creating roadmaps for major technical infrastructure changes, and helping redesign data architecture for ongoing data warehouse needs
  3. National Bank: Engaged by the client to provide internal audit co-sourcing services, including IT scope coverage. Have also provided training to internal audit personnel and evaluated tools to help automate the daily internal audit processes
  4. National Financial: Assisted the IT organization with implementing a project management office (PMO) to assess, plan, implement, and track regulatory compliance requirements. The PMO process covered multiple lines of business and including coordinating with multiple IT organizations and operational risk groups
  5. Regional Bank: Engaged by the client to provide ongoing IT services. Work has included business/disaster recovery planning, information security attack and penetration testing, application reviews, and IT organization assessments. Work has also included assessing maturity of key IT processes and helping develop a roadmap for improvement
  6. Regional Bank: Engaged by the company to provide various information security assessment services, including attack and penetration, social engineering, and wireless evaluations. Also have provided incident response training and helped evaluate procedures used in actual situations
  7. National Bank: Engaged by the organization to perform annual security assessments of external and internal networks, evaluation of IT general control processes, and assessment of spreadsheet controls. Work also included evaluating an automated tool for managing spreadsheets
  8. National Insurance Company: Engaged by client to perform IT control assessment work and to establish an IT audit plan. Also assisted the IT organization with the redesign of IT general control processes including implementing key controls for regulatory compliance requirements
  1. BS, Computer Engineering, Iowa State University
Professional Memberships & Certifications
  1. Certified Information Systems Auditor (CISA)
  2. Certified, Governance of Enterprise IT (CGEIT)
  3. Certified in Risk and Information Systems Controls (CRISC)
  4. Member, Institute of Internal Auditors (IIA)
  5. Member, Information Systems Audit and Control Association (ISACA)
  6. Member, Project Management Institute (PMI)