Scott Springman serves as the Managing Director responsible for Protiviti’s St. Louis office and has primary service delivery focus on IT Audit and IT Consulting. Scott has managed and executed numerous projects in the areas of performance and functionality testing, vendor management, program management, information security governance assessments, technical security reviews, attack and penetration reviews, Sarbanes-Oxley / SSAE16 / HIPAA regulatory compliance, pre-implementation reviews, and numerous IT and business process reviews. He is a Certified Information Systems Auditor (CISA), Certification in Risk Management Assurance (CRMA), and Project Management Professional (PMP).
- Managed IT Audit co-sourcing engagements for clients in the Telecommunications, Manufacturing, Gaming, Energy, Healthcare, Consumer Products, and Financial Services industries. IT Audits managed include asset management, vendor management, security configuration, external penetration assessment, data de-identification, system go-live, change management, disaster recovery, data privacy (HIPAA, PCI, GLBA), NIST CSF, SSAE16 readiness, logical access, and others.
- Manages the co-source IT Audit relationship for a $100 billion healthcare company. Audits performed include numerous security and configuration reviews, application reviews, data analysis and reporting, data warehouse, patch management, logical access, SOX , SOC1 / SOC 2, and pre-implementation reviews
- Managed an ERP assessment project for a multi-billion dollar multi-line healthcare enterprise. The assessment involved reviews of hundreds of requirements across multiple business processes as well as a review of the technology infrastructure to determine if the current ERP software was effectively supporting the business at the current time and after several years of strong growth.
- Developed vendor management policies, forms, and templates for a large healthcare client as they rolled out a vendor management program across the company.
- Managed the IT SOX compliance efforts from scoping to control identification, documentation, and testing for over thirty clients, including numerous global clients. Additional responsibilities included assistance with designing controls to remediate gaps, training client IT personnel on SOX and the importance of their role, facilitating discussions with external auditors, and reporting results to executive management and audit committees. Engagements included coverage of JD Edwards, SAP, PeopleSoft, Oracle, Great Plains, Dynamics, Hyperion, a variety of telecommunications billing systems, various casino and hotel management systems, and home-grown legacy applications.
- Manages the co-source IT Audit relationship for an $14 billion bank including managing audits, preparing audit reports, presenting results to senior management and Board of Directors, and meeting with the OCC review staff. IT Audits performed have included social engineering (including physical, phishing, and telephone attempts), GLBA 501b review, vendor management, business continuity / disaster recovery, internet banking, mobile banking, application reviews, network security reviews, external penetration attempts, VISA PIN ATM audit, BSA/AML application interface reviews, and report reconciliation projects.
- Managed an IT Asset Management review for a multi-billion dollar construction contractor that included assessing IT Asset Management from sourcing and procuring through tracking, billing, accounting, and retiring. lso assisted in helping management implement remediation for gaps identified through review.
Areas of Expertise
- IT Audit
- IT Consulting
- Sarbanes-Oxley Compliance
- University of Notre Dame – BBA in Accounting
- BS in Computer Applications
Professional Memberships and Certifications
- Certified Information Systems Auditor (CISA)
- Certification in Risk Management Assurance (CRMA)
- Project Management Professional (PMP)
- Member, Information Systems Audit and Control Association (ISACA)
- Member, Institute of Internal Auditors (IIA)