Protiviti Contact

Protiviti Contact

Carl J. Hatfield

Managing Director


Carl is a Managing Director in the Internal Audit and Financial Controls (IAFC) solution with a focus on providing Information Technology (IT) audit services to clients in the financial services and insurance industry. Within the IAFC practice Carl has led engagement teams in performing IT risk assessments, project risk management reviews, general computer control audits, disaster recovery audits, pre and post implementation reviews, application audits, policy and procedure reviews and various other IT audit projects.  Carl also assists our clients by assessing compliance and technology risks related to U.S. Treasury and Anti-Money Laundering (AML) regulations.  He has experience with auditing AML technologies, identifying gaps in transaction monitoring rules and reviewing data integrity controls for AML technologies.  In addition, he has led projects to assess the current state of compliance technology solutions and develop prioritized roadmaps to improve technology environments.


  • Managed several IT SOX engagements for companies in the financial services industry.  Worked with the clients to determine required IT scope and applicable IT risks. Documented and assessed the design of the controls and provided actionable recommendations to address control gaps.  Tested adequately designed controls to determine operating effectiveness.  
  • Led several IT risk assessments to assist organizations in identifying IT risk focus areas.  Worked with internal audit leadership to develop risk-based IT audit plans to ensure audit coverage for significant IT risks.
  • Performed multiple project risk management reviews for clients in various industries.  Projects included the identification of unmitigated risks in the areas of project planning (e.g., time, cost) and life cycle support (e.g., requirements, testing, data conversion).
  • Executed several pre and post implementation reviews to identify gaps in control design and operating effectiveness. Reviews included the assessment of controls within IT processes (e.g., data conversion, security, change management) and business processes (e.g., accounts payable, accounts receivable, sales, warehouse management).
  • Led engagement teams to develop technology policies and procedures for several financial service organizations.  Team identified control process weaknesses and provided best practice recommendations during the documentation of the security, computer operations, and change management procedures. 
  • Performed multiple application reviews to ensure application controls were properly designed and operating effectively. Developed recommendations for manual and system based controls to improve efficiency of business processes. 

Areas of Expertise

  • Technology Risk
  • Regulatory
  • Corporate Governance

Industry Expertise

  • Financial Services
  • Life Sciences
  • Medical Devices
  • Utilities


  • BS, Rensselaer Polytechnic Institute

Professional memberships and certifications

  • Certified Information Systems Auditor (CISA)
  • Certified in Risk Information Systems Control (CRISC)
  • Information Systems Audit and Control Association (ISACA)
  • Institute of Internal Auditors (IIA)
  • Project Management Institute


Download Resume