Protiviti Contact

Protiviti Contact

Michael Kostanecki

Associate Director

Professional Experience

Michael Kostanecki is an Associate Director in the Protiviti Toronto Office, who has over 12 years of consulting experience with a focus in IT Audit specializing in Data Analytics. This includes experience with various Data Analytics and reporting tools such as Tableau, IDEA, ACL Analytics, MS Access, Cognos and Crystal Reports with a background in SQL scripting and report design.

As an Associate Director in the Protiviti Toronto office, he plays a hands-on leadership role in the IT Audit practice with a unique blend of an accounting and business background coupled with a deep understanding of key technical IT and Cybersecurity risk areas delivering meaningful value add recommendations to clients.

Major Projects

Data Governance, Analysis and Reporting

  • Led a Data Governance program review for a financial institution. This included reviewing and providing strategic recommendations to improve the Data Governance strategy, roadmap, BCBS 239 risk data aggregation and reporting processes, along with Data Quality Management practices including data profiling and cleansing;
  • Led a Duplicate Payment Analysis project and designed a Microsoft Access / SQL database, which allowed the client to continuously identify and analyze duplicate payment anomalies resulting in significant A/P recoveries;
  • Leveraged tools, such as Microsoft Access, SQL, Tableau and ACL Analytics using various data analytics and data visualization techniques to identify data anomalies;
  • Designed and tested a tool in Microsoft Access to analyze Segregation of Duties (SOD) conflicts in a complex multiple application environment including SAP for a manufacturing client;
  • Wrote complex SQL backend queries to analyze data from a IBM DB2 data warehouse used for generating key reporting tables in the design of a performance reporting system; and
  • Designed decision-making reports in Cognos and Crystal Reports which used multiple complex data structures.

IT Audit

  • Led multiple IT Audit engagements with responsibility for project planning, risk identification, design and operating effectiveness testing, identification and communication of control gaps and remediation solutions;
  • Executed Cyber Security reviews against the National Institute of Standards and Technology (NIST) standard and also conducted vendor assessments against ISO 27001/28000 standards;
  • Executed technical reviews on operating systems and databases, including Microsoft Windows Server, Active Directory, Linux/Unix, SQL server and Oracle; and
  • Performed detailed security reviews of firewall rules, routers, intrusion detection/prevention systems, wireless security and complex network architectures.

Areas of Expertise

  • Data Analytics
  • IT Audit
  • Data Governance
  • Data Visualization & Reporting
  • Business Intelligence
  • Information Security

Industry Experience

  • Financial Services
  • Manufacturing
  • Technology, Media & Communication
  • Healthcare & Life Sciences
  • Energy
  • Travel & Hospitality


  • Bachelor of Business Administration
  • Chartered Professional Accountant (CPA, CMA) designation 
  • Certified Information Systems Auditor (CISA) designation
  • Payment Card Industry Qualified Security Assessor (QSA)

Professional Memberships and Certifications

  • Information Systems Audit and Control Association (ISACA)
  • Chartered Professional Accountants of Ontario (CPA Ontario)
  • The Institute of Internal Auditors (IIA)