Garran is the Country Market Lead for Protiviti Australia. In this role, Garran’s focus is on driving the Australian practice forward and building a firm that helps our clients face the future with confidence.
He has over 25 years of internal audit and risk management experience in the mining, corporate and government sectors. Garran is a key member of the firm’s Global Mining, Energy and Utilities group providing extensive experience on large global projects.
As a founding director of Protiviti Australia at its formation in 2004, Garran has held various leadership roles in the firm prior to his current responsibilities. Previously, he was with Arthur Andersen and Ernst & Young.
Department of Education and Training (DET): Garran leads our Internal Audit services for the DET, including reviews of audit frameworks, schools, grants and financial controls.
Department of Education and Early Childhood Development (DEECD): Garran leads our Internal Audit services for the DEECD, including the 2010 and 2012 Quality Assurance Framework Model Review for the DEECD’s International Education Division
Department of Health and Human Services (DHHS): Garran leads the Protiviti team that has for five years played the key role in reviewing data integrity models within the Victorian public health system. This has involved leading audits of over 40 health service providers, meetings with the Minister and advice on future direction particularly around elective surgery, outpatients and emergency departments
Higher Education and Skills Group (HESG): Garran leads the Protiviti team as an established partner with the HESG at DET and provides policy advice on how to mitigate emerging risks through amendments to the funding model and how VET market activity affects student learning outcomes and pathways to further education
Eastern Health: Garran leads our Internal Audit services for Eastern Health, including reviews of data integrity, IT infrastructure, workforce development, management of capital projects, performance counselling and discipline and other financial controls
Ewen is a Managing Director and the Office Lead of Protiviti Sydney, working with clients in the UK, Australia, and USA. Ewen is highly experienced across multiple IT platforms as well as business engagement of IT systems. Having worked across a full spectrum of IT related issues, Ewen’s business knowledge and experience across a number of industries has exposed him to a diverse range of IT related issues. Specialising in programme/project management roles that have focused on process and technology change, Ewen has worked on a number of software development projects utilising both new and traditional development methodologies. Ewen is a Certified Information Systems Auditor and a PRINCE2 Practitioner.
Advised projects on technology and security risks at a large Australian financial services institution. Ewen’s work included performing technology risk assessments and advising on appropriate controls. A number of the projects involve outsourcing and offshoring, requiring consideration of the risks inherent in these types of arrangements, as well as potential APRA notification/consultation.
Led the pre-implementation review of an ERP system for a global client, identifying key considerations for remediation prior to completion of the project.
Led Protiviti’s IT audit work at an Australian medical insurer including performance of an IT assessment to identify audit themes. Audits included application development, reinsurance, IT operations and information security.
Reviewed the Project Management and Agile development practices in place at an outsourced developer of digital TV equipment software for a major UK broadcaster, presented findings and recommendations for improvement to the broadcaster’s steering committee and programme management.
Led the programme management of a troubled IT controls remediation programme at a major global insurance company and successfully implemented changes.
Defined the organisational structure and governance model to support the delivery of the Commercial Development & IT Programme for a global hospitality company, including defining the structure and functions of the PMO, and the communication and governance processes.
Assisted a team that delivered an End User Application Controls project at a major global investment and retail bank, providing subject matter expertise to the client’s senior level personnel and steering groups.
Steve is a Managing Director and the Office Lead of Protiviti Canberra, and has almost 30 years’ experience, providing assurance services to a significant number of organisations, including major national companies and to major government agencies. Steve has performed and been responsible for many internal audits, IT audits and other consultancy assignments for a wide range of public sector agencies.
Assurance and audit service delivery: Steve led the co-source internal audit service provision to the Department of Defence Audit and Fraud Control Division (AFCD) from October 2008 to December 2017. Steve was the Lead Partner of this service and was involved in conducting a range of audit projects that were assigned from the Audit Work Program linked to Defence’s Strategic Risk Assessment, and several Senior Management directed tasks.
Assurance and audit service delivery: Steve led assurance and audit service delivery to IP Australia from October 2013 – December 2017 and was responsible for key assurance projects including reviews of operational, financial, ICT, cyber and program areas across the entire organisation as well as the completion of a range of management initiated tasks.
Assurance and audit service delivery: Steve led assurance and audit service delivery to the Department of Environment and Energy as well as agencies within the portfolio including Director of National Parks from January 2015 – December 2017. He was responsible for various assurance assignments such as Performance Reporting and Evaluation Framework Review, Induction and Training Review, Detailed review of the Grant Management of NESP, Product Stewardship Review, Payroll Data Analytic Review, Regulatory Decision Making Review as well as a Review of the Consultation Process for the Commonwealth Marine Reserve.
Compliance management framework review: Steve was lead partner on a major assignment for DIBP to assess the Compliance Management Framework. The assignment was a complex review of the existing Framework in place with a deliverable of implementing and integrating a contemporary Compliance Management Framework.
Areas of Expertise
Enterprise Wide Risk Management
Governance, risk and control
Bachelor of Commerce (Accounting)
Professional Memberships and Certifications
Charted Accountant, Institute of Charted Accountants in Australia
Registered Company Auditor
Member, Institute of Internal Auditors in Australia
Mike is a Managing Director and Protiviti’s National Financial Services Lead, and has over 24 years’ experience in governance, risk management and assurance, both in practice and industry.
Mike’s experience has included the design of risk management approaches, the integration of risk into the day-to-day planning and decision making activities of the business and the transformation and operation of risk and internal audit functions to increase their impact and deliver to the demanding expectations of their stakeholders.
Mike’s extensive experience in practice and industry in both Australia and the UK brings unparalleled insights, resulting in the delivery of high quality outcomes for clients.
Assisted in designing and implementing a framework to support the specific needs of a private equity business and the companies operating within their fund structure. The framework mirrored the business cycle (and the specific aspects of the private equity value chain) and ensured risks were managed at a portfolio and investment level and risk expectations were defined for the operating companies to support the achievement of the investment thesis.
Advised a major insurance company regarding their approach to operational risk management and the introduction of a technology solution to facilitate and support the process globally. This included supporting development of their strategy for operational risk, the design of the supporting framework (including risk and control assessments, internal/ external losses, key risk indicators and scenarios), the specification and selection of the technology solution and the change management activities required to support its introduction.
Evaluated risk and assurance frameworks, including assessment, benchmarking and gap analysis activities, for two major Australian banks, to determine their position relative to peers and identify opportunities to improve their maturity. The reviews considered operating structures, roles and responsibilities, frameworks, methods and tools and culture and identified positive opportunities for the risk and internal audit functions to add more value at a reduced cost.
Led the team in supporting the design and implementation of the operational risk framework of a major Australian Bank to support compliance with the Basel II requirements, including policies and procedures supporting internal loss data, external loss data, risk and control assessments, key risk indicators, self-assessment questionnaires, scenario analysis and capital modelling.
Led the outsourced internal audit function for a major power generator, establishing and delivering a progressive internal audit plan that focused on key risks.
Lead relationship manager for the co-source arrangement with a major UK bank responsible for the development of their internal audit activities, including strategy and methodology; audit planning and delivery; negotiation of contractual arrangements; performance management and knowledge sharing/exchange.
Led the identification and prioritisation of the high risk areas within the retail bank network of an Australian bank including identification of the key controls for the high risk processes and areas of pervasive risk resulting in the development of a web-based self-assessment system, supported by an Oracle database, to support data collection and reporting across the network.
Assisted in the evaluation, design and implementation of a new operating model for a division of a major Australian Bank to support the growth strategy of the custody business which had $70bn of funds under administration and over 300 staff.
Bachelor of Science (Physics and Electronics), Reading, UK
Professional Memberships & Certifications
Member, Institute of Chartered Accountants in England and Wales
Member, Institute of Chartered Accountants in Australia
Lauren is a Managing Director in the Melbourne office and Protiviti’s Internal Audit and Financial Advisory Solution Lead with over 14 years' experience in governance, risk, and internal controls. Lauren specialises in enhancing organisational capabilities by reducing red tape, successfully delivering solutions across multiple industries including health, higher education, government, consumer products and energy. Lauren has a diverse background having worked across multiple markets and geographies including Australia, the United States and the Middle East.
Lauren has extensive experience working with various stakeholder groups including boards, audit committees, executive management teams and line management staff and has acted as an active member and contributor to the Institute of Internal Auditors since 2014.
Internal Audit: Lauren works closely with Garran Duncan to manage and execute delivery of the reviews of the data integrity models within the Victorian public health system through the Department of Health and Human Services.
Internal Audit: Lauren led the Internal Audit, data analytics and controls transformation program at Melbourne Health, including the Royal Melbourne Hospital, North Western Mental Health, Royal District Nursing Services (RDNS) and Rural NorthWest Health.
Compliance: Lauren was a key contributor on a compliance project for a large disability services provider which examined the duty of care and incident management requirements from a legislative, regulatory and internal process compliance perspective.
Risk Management: Lauren supported a VAGO review of the Victorian Government Risk Management Framework (VGRMF) which resulted in the 2015 updated version. She also provided assistance to VMIA to update its Risk Management Practice Guide and supporting processes.
Risk Management: Lauren led the development of risk management fact sheets, tools and templates as well as guidance materials to support the Commonwealth Risk Management Policy for the Department of Finance (Comcover). Additionally, Lauren has provided technical risk management assistance to Comcover’s risk management education programs, including the development and review of content.
Leslie is a Managing Director and Protiviti’s Technology Consulting Solution Lead, specialising in digital and technology strategy as well as transformational change. She has over 25 years experience as a senior executive across consulting, industry and government. She has extensive experience designing and delivering large-scale change initiatives across organisations in Australia, New Zealand, Asia and North America. Leslie has experience across industries including financial services, transport & aviation, utilities & energy, consumer products & retailing and telecommunications, while also being a champion for diversity and inclusion.
Before joining Protiviti, Leslie was a Partner at EY, the CIO for APRA and held senior technology management roles with ANZ Banking Group, Babcock & Brown Limited, Macquarie Group, Mars Inc. and EnergyAustralia. Prior to these, Leslie worked with Accenture in both Sydney and Toronto.
Australian Energy Distributor: Leslie supported this organisation in developing its Future of Finance roadmap as well as its overall transformation program design in response to the evolving energy market disruption.
Australian Telecommunications Network Services Provider: Leslie led a process improvement review of its order to activation process.
Major Australian Airport: Leslie led its managed services business case development, technology cost review and application migration planning, while supporting its data strategy development. Prior to that, Leslie led its technology service management ServiceNow implementation, as well as its cloud services review, technology strategy development and operating model design to underpin Technology’s transformation of its capabilities and underlying infrastructure.
Regional Food Manufacturer: Leslie facilitated a series of workshops to refine its technology operating model as the organisation prepares for digital transformation.
Australian Medical Device Manufacturer: Leslie led a team that developed the manufacturing technology strategy and roadmap for its China market entry into medical device manufacturing. She has also supported this organisation with its technology planning workshops.
State Transport Agency: Leslie supported this organisation in developing its Group IT strategy.
Major Australian Airport: Leslie conducted a strategic sourcing review of key technology vendors.
Major Australian Water Utility: Leslie co-led organisation change and training design for this utility’s customer and business experience platform transformation using SAP ISU and S/4 Hana to replace its aging customer / billing platform while helping it become more customer-centric.
Areas of Expertise
Technology strategy & operations
Retail and consumer products
Transport and aviation
Utilities and energy
Bachelor of Science in Electrical Engineering (Honours), Queen’s University at Kingston Ontario Canada
Advanced Business Management Program from the Kellogg School of Management, Northwestern University
Mark is a Managing Director and Protiviti’s Risk & Compliance Solution Lead, with over 17 years of risk and regulatory compliance experience in financial services industry. Mark commenced his career as a regulatory supervisor at APRA where he gained invaluable experience in overseeing the ongoing prudential compliance with relevant Prudential Standards and conducting onsite risk management supervisory inspections at APRA regulated institutions.
Mark has spent a significant time in professional services consulting to leading financial services organisations both locally and internationally. Mark has a proven track record delivering deep insights to his clients through leading the design and delivery of contemporary risk management, regulatory compliance and capital management framework solutions.
Compliance remediation programs: Mark has led many large-scale compliance remediation projects with major and leading Australian banks including the design and delivery of the target state solution and supporting transformation plans.
Risk and Compliance operating model transformation program management: Mark has led multiple client engagements to assist design and develop transformation programs that aim to uplift the risk management framework including implementing an effective three lines of defence operating models to support effective risk and compliance management outcomes.
Chief Risk Officer: Mark has on several occasions been seconded as Chief Risk Officer/Head of Risk to clients for the purpose of leading the day-to-day oversight and execution of risk management and regulatory compliance frameworks. Responsibilities included leading the delivery of board and executive engagement and reporting, line 1 stakeholder engagement and leading management and implementation effort that pertains to a line 2 risk management function.
CPS 220 Risk Management solutions: Mark has led over 35 client engagements assisting in the design, implementation, or independent review of client’s Risk Management Frameworks in accordance with APRA CPS 220 Risk Management requirements (including annual and comprehensive review requirements).
Enterprise Risk Management (ERM) system implementation: Mark has led programme delivery of a regional enterprise risk management solution to a leading global bank. The Programme scope covered the design, piloting and implementation of Risk Control Framework operating model and ERM technology solution across the Australian and New Zealand region. The project delivered an integrated risk and compliance management way of working across the 3 lines of defence including the testing and implementation of technology solution to enable effective implementation.
Areas of Expertise
Bachelor of Business Degree (Banking & Finance), Monash University
Honours Degree in the Bachelor of Business (Banking & Finance), Monash University
Craig is a Managing Director and Protiviti’s Business Performance Improvement Solution Lead. He has 31 years’ specialised experience in Public Sector Business Advisory and Strategy, Strategic Procurement, Outsourcing and Probity, Organisational Reform and Business Improvement, Portfolio, Program & Project Management, Assurance and Audit and Risk Management.
Department of Defence: ADF Health Services Contract (2017-18). A $6Bn procurement of General Practice and Specialised Health Services, and business-critical ICT systems, including; Invoicing, Billing and Supplier Payment, Rostering and Appointment Management, as well as Health activity record and Report Management. Craig conducted regular quality reviews and audits throughout the life of the project, with particular focus on; procurement performance, ICT requirements and interoperability alignment, risk and governance, and progressive benefits realisation.
Department of Defence: eHealth System (2015-16): Post Implementation Review (PIR) and Remediation. As Review and Remediation Lead, Craig led the PIR of the Defence eHealth System (DeHS) and the follow-on suite of business improvement remediation initiatives. DeHS was procured as the single-source health record for all permanent and reserve members of the Australian Defence Force (ADF).
CASG (DMO) Company ScoreCard (2001-2). Design, development and implementation of Company Scorecard system. An ICT-based Contractor Performance Assessment and Reporting system aimed at enhancing contractor performance monitoring, reporting and feedback to generate improvement and awareness of contractor capability across Defence.
Department of Defence: Health Service Delivery Improvement Program (HSDIP) (2014-15). As Program Manager, Craig was responsible for providing strategic business advice as well as the planning and delivery of an interrelated suite of six dynamic projects designed to improve the efficiency and effectiveness of Defence's health capability.
ACT Health System Innovation Program Management Office. Consulting to the Director General ACT Health and the Deputy Director General Innovation, Craig was responsible for the effective design, implementation and on-going management of the ACT Health reform agenda and System Innovation Program.
Risk Capability Improvement Project (AIR9000 Programme). As Project Manager, Craig was responsible for the development and implementation of the AIR9000 Programme’s risk and opportunity management framework, including; contractor procurement, contract management and administration; establishment and management of the Programme’s integrated Risk Coordination Group (RCG) and maintenance of the risk Program.
Advanced Dip Project Management University New England
Grad Cert Risk Management Griffith University
Australian Institute of Project Management – Master Project Director
David is a Managing Director within the Technology Consulting business, specialising in Technology Transformation, Infrastructure & Cloud Advisory, Technology Governance and Operating Model.
David’s primary focus is to lead the Cloud and Infrastructure Advisory business in Australia, assisting clients with the transformation of their technology environments, defining the future of their technology functions and ensuring the right capabilities are in place to operate efficiently and safely.
David has over 22 years’ experience across a variety of industries and senior IT transformation roles, including: Partner at Deloitte Technology Consulting, Group Infrastructure and Operations Director at Westpac Group, Global CTO of Reckitt Benckiser, Global Director of Architecture and Services at Reckitt Benckiser, APAC Director of Cloud Services at PwC.
David has a proven track record of implementing major transformational improvements, global infrastructure programs and strategies which have delivered a step change in each of the organisations he has been involved with.
Technology Operating Model – David has led global teams and multiple client organisations through technology enabled transformation, incorporating new and advanced operating models for which to leverage the latest technology available and to achieve an improvement in delivery capability, risk position and ultimately business value through operating model design and implementation.
Technology Governance – David has represented a global FTSE 25 organisation in FDA reviews and has also represented the second largest banking group in APRA and Austrac related reviews, primarily focused on Infrastructure Services & Operations. David has also led multiple client engagements to assist and guide them through regulation and ensuring they achieve the right outcomes and enable change where necessary.
Technology Strategy & Architecture – David has designed, implemented and advised on Technology Strategy at multiple organisations, in multiple industries across multiple geographies. David has also designed and led the transformation to enable the strategic outcomes through developing the right foundational structure and measures to ensure the transformation is a success and achieves business value whilst reducing operational risk for the organisation and/or clients.
Sean is a Managing Director in Protiviti’s Technology Consulting practice and has over 15 years of experience in financial services risk management. Sean has worked closely with the banks, Government agencies and insurance companies over the last 13 years in varying external audit, internal audit and other risk and compliance management support capacities. Sean’s recent work includes developing operational risk profiles across banking and insurance product lifecycles.
Supported the Managing Directors of both Consumer Cards, Unsecured Lending as well as Corporate and Commercial banking for one of Australia’s Big 4 banks in uplifting their operational risk profile across all wholesale and retail products. This involved defining the risk appetite across managed products, identifying key risks and controls across the end-to-end product lifecycle processes, and recommending sustainable control uplift activities.
Supported the Data and Analytics function of a big 4 bank in uplifting their operational risk profile as well as key controls across their legacy and cloud-based data warehousing environment. This included identifying end-to-end data flows from where the data landed, transformed via ETL (Extract, Transform, Load) processes and consumed via various reporting dashboards (e.g. Tableau, PowerBI, MicroStrategy).
Supported the remediation of significant control deficiencies within a core banking platform in relation to user access management and reporting governance.
Led the first line Technology Risk function for one of Australia’s big 4 banks supporting 300+ projects in understanding their internal / external compliance obligations to enable effective and efficient delivery.
Lead the delivery of a large Australian banks managed service to deliver IT Risk Assessments services across all technology projects, including:
Designed, implemented and managed offshore delivery processes; and
Managed and oversaw overall service delivery under a managed service.
Supported the Asian regulatory requirements definition and understanding of a global private bank’s single customer view solution.
Supported a large financial service organisation in developing and executing their strategy to comply with local Customer Data Protection regulatory obligations.
Recently led a software company as their CEO which was recognized by Gartner as a global leader in Metadata Management.
Areas of Expertise
Large Project management
IT Project Assurance
Data Analytics and Data Management
Operational Risk (including information and technology risk)
Compliance (BCBS 239, CPS 231, CPS 234, CPG 235, GDPR, Royal Commission, Open Banking)
Cloud Technology (AWS, Azure, GCP, Cloudera)
Financial Services (Banking, Insurance, Superannuation and Asset Management)
Education, Professional Memberships and Certifications
Adam is a Managing Director in Protiviti's Melbourne practice and has significant experience in delivering internal audit, investigations and risk related services to a range of multinational organisations. He has also acted a Chief Audit Executive for a range of Australian Stock Exchange listed companies.
He currently serves as Protiviti’s Australian leader of Internal Audit services and is a member of the organisation’s global Internal Audit Leadership. Furthermore, Adam acts as Protiviti’s leader of services to Mining clients where he is a key member of the global Energy and Resources leadership team.
Adam has led a range of large-scale projects for Australian and multinational organisations across multiple jurisdictions working closely with our global teams across a variety of continents, languages and cultures. He also brings extensive executive management and board level interaction.
State Government of Victoria: Adam lead forensic investigations on behalf of a Victorian Department with respect to funding provided to third parties. These investigations had multiple parties and includes liaison with Victoria Police and VGSO.
Global Diversified Minerals Company: Adam has led a number of highly involved reviews at Rio Tinto including operations spanning China, Singapore, Hong Kong, Australia, USA, Canada, UK and Belgium following the incarceration of four employees for corrupt practices.
Global Gold Miner: Adam has conducted multiple investigations with respect to procurement, contracting and conflict of interest at multiple remote site locations.
Newcrest Mining: Adam led a global assessment of Community Relations activities at locations in Australia, Asia and Africa. As part of this project, Protiviti reviewed a number of community projects to consider fit for purpose, business case analysis, monitoring of spend and achievement of business case outcomes.
Areas of Expertise
Fraud and Corruption
Bachelor of Commerce / Business Information Systems
Chris has over 25 years professional experience assisting organisations improve their business and manage risk associated with major project/ change initiatives. He has held leadership positions in professional associations and was a partner at EY & KPMG.
Business Change Programs: Chris has provided advice and assurance to Boards and executive management over complex business change programs. He has undertaken such work at Commonwealth Bank, Qantas, Mirvac, Stockland & other corporates.
He has undertaken numerous IT due diligence reviews across a wide range of industries to inform potential buyers/sellers of the IT capability within the organisation involved.
IT Risk: Chris has deep expertise in all aspects of IT Risk including risk assessment, security, business continuity, project risk, etc.
Internal Audit:Has led the risk assessment, internal audit planning and delivery of internal audit assignments. He has extensive experience in relation to the audit of both financial processes and human resource/payroll processes including a detailed understanding of better practices, benchmarks, etc. He recently led assignments of this nature for a major Australian listed corporate entity.
External Audit: Has external audit experience at large Australian corporate organisations e.g. Fairfax and for SOX filers.
Government:Chris has led Independent Advisor roles for a number of major procurements within NSW Government involving the selection, procurement and implementation of new business systems and shared services. He has also undertaken Gateway reviews for the NSW Education, Health and Transport agencies. He is an accredited NSW Government Gateway project reviewer.
He has led work for many large internal audit clients including AUSTRAC, NSW Department of Family and Community Services and previously for NSW Department of Ageing, Disability & Home Care. He also has previous experience working for the federal government.
Financial Services: Chris has extensive experience in financial services. He was seconded to the NAB on three separate occasions to lead their global IT Audit function. He led the IT component of a peer review of Westpac’s internal audit function and was subsequently seconded to Westpac to manage the back office (incl. IT) audit team for a period of 4 months. He is currently working at the CBA.
Education:Chris has considerable experience in the education sector having undertaken assignments in both the public and private school sectors, and for TAFE and Universities.
Areas of Expertise
Member, Institute of Internal Auditors
Past Member, Institute of Chartered Accountants in Australia
Past Member of the Australian Computer Society
Past Member of the Information Systems and Control Association
Bachelor of Commerce (Accounting & Information Systems), UNSW