Andrew Struthers-Kennedy is a Managing Director leading Protiviti’s global IT Audit practice. Based in the metro Washington D.C. area, Andrew works with clients to help drive efficiency, effectiveness, and enhanced risk mitigation in their IT and business operations.
Andrew works with clients across a cross section of industries to deliver outsourced and co-sourced internal audit services, as well as technology, and risk managementconsulting services. Andrew is actively working with a number of organizations to establish the platform for delivery of “next generation” internal audit services, through the use of analytics, automation, and other emerging tools. He is on the Board for his local IIA chapter and is a frequent speaker at IIA and other professional association events.
Andrew is on the Board of the Baltimore Chapter of the IIA and has spoken numerous times at IIA and other professional association events. Andrew also serves on the Board of a Baltimore-based non-profit focused on providing financial literacy courses for middle-school students in under-served communities. During its inaugural year, Andrew also served on the advisory committee of American University’s Kogod School of Business Cyber Governance Center.
- Leads internal audit outsource, co-source, and Sarbanes-Oxley services for several organizations in the metro-DC market. In this capacity Andrew frequently interacts with executive management (CEO / President, CFO and CIO), Board and Audit Committee members.
- Led projects with a number of organizations across various industries in all aspects of financial controls compliance: newly public / year 1 activities; risk assessment; process and controls scoping; design, implementation and operational effectiveness testing; remediation oversight; deficiency assessment and reporting; project management ; JOBS Act exemptions; assisting management to interpret SEC guidance, AS5 and assess the impact of PCAOB Inspection Report findings; COSO 2013; and all aspects of external auditor coordination.
- Significant experience in various aspects of Information Technology – Strategy, Risk Management, Governance, Security, Controls having led and been involved in numerous audit and consulting projects in these areas.
- Project Executive overseeing a team working with an organization to design and implement a control environment to support SOC2 reporting, with a focus on: security; confidentiality; availability and processing integrity.
- Overseen various security & privacy reviews across a broad portfolio of clients, including vulnerability assessments, penetration tests, “breack kill chain” assessments, framework assessments (e.g., NIST CSF, FFIEC CAT), and social engineering.
- Led IT Risk Management design & implementation projects focused on linking granular technology risks and controls to business outcomes.
Areas of Expertise
- Internal Audit & IT Audit
- Sarbanes-Oxley / Financial Controls
- IPO Readiness
- Information Security
- Governance & Risk Management
- Data Analytics
- Project Risk Management
- Financial Services
- Professional Services
- BSc Physics, University of Bristol, UK
- MSc Information Security, University of Westminster, UK
Professional Memberships & Certifications
- Board of Governors, Baltimore Chapter, Institute of Internal Auditors (IIA)
- QAR Accredited by the IIA
- Certified Information Systems Auditor
- Certification in Risk Management Assurance
- ITIL Practitioner
Read Protiviti Blog Posts from Andrew