David is a Managing Director in Protiviti’s New York office focusing on technology risk services. He specializes in delivering IT audit, overall SOX compliance with a focus on IT SOX, IT governance
, and risk management services. He has worked with small to large-sized firms, both domestic and international, across many industry sectors with a focus on Financial Services. Prior to joining Protiviti, David managed IT audit activities in the Americas for Reuters Group. David previously worked in the Technology Risk Consulting group at Arthur Andersen focusing on the Financial Services industry. He is a Certified Public Accountant (CPA), a member of the Information Systems Audit and Control Association (ISACA) and Institute of Internal Auditors (IIA), and has previously held a position of Director on the NY Chapter Board of ISACA. David has been a speaker at ISACA’s annual global conference on the topic of IT risk assessment, and currently serves on the Board of the Westchester/Fairfield chapter of the IIA.
- Has led global IT audit activities at a large reinsurance corporation for 9+ years
- Has led IT audit at other clients including a large broker dealer and asset manager
- Led numerous IT risk and control-related projects across a range of industries.
- Has assisted many clients with both initial and ongoing IT SOX compliance efforts
- Assisted investment management and banking clients in designing an approach and framework for IT SOX compliance, and managed performance of ongoing controls testing processes for these firms.
- Helped design and implement significant components of a Model Audit Rule compliance program at one of the largest life insurers in the US.
- Led an assessment project at the US broker dealer segment of a large multi-national bank at the request of the NYSE. This included reviewing transaction processing and financial reporting applications, and the related IT processes.
- Assisted a leading P&C insurance firm to integrate the IT risk and control environment of a large-scale acquisition.
- Led IT aspects of Internal Audit QAR assessments for multiple clients across a range of industries.
- Served as the overall lead on a project to assist a large registered investment advisor with its preparedness for an anticipated SEC examination
- Worked with a large multinational bank to design a significant component of its IT risk and controls compliance program
Areas of Expertise
- Internal Audit / IT Audit
- Sarbanes-Oxley Compliance
- Governance, Risk and Compliance
- B.S. – Accounting, Binghamton University
Professional memberships and certifications
- Certified Public Accountant (CPA)
- Information Systems Auditing and Controls Association (ISACA)
- Institute of Internal Auditors (IIA)
Read Protiviti Blog Posts from David Lehmann