Protiviti Contact

Protiviti Contact

Toni Lastella

Managing Director


Toni is a Managing Director in our Information Consulting and ERP Solutions practice in New York. She has extensive knowledge in leading IT Audit and ERP related projects, including Sarbanes Oxley compliance, pre and post implementation reviews, and the implementation and deployment of GRC solutions. During these reviews, Toni has managed the development of Risk and Control Matrices, policies and procedures for IT management, including security administration, change management, computer operations, and participated in the development and execution of remediation plans to optimize control environments.

Toni has 15 years of business experience most recently with a global retail company where she was responsible for leading the internal control design for the first two phases of their SAP implementation. Additionally, she managed the establishment of the segregation of duty rule set within the SAP GRC solution to enable continuous monitoring of their security environment and continues to work closely with them to lay out a roadmap for implementing a comprehensive GRC solution.


  • Managed and coordinated several IT audit co-sourcing engagements, for purposes of audit plan development and execution focused on raising key issues and value-added recommendations for the business.
  • Managed development of documentation surrounding the following components of an IT project: functional & technical requirements, user guide, project plan, testing, and implementation (System Development Life Cycle).
  • Conducted several risk assessments, IT and integrated audits, and compliance reviews based on COSO and COBIT frameworks.
  • ERP Project Risk Management reviews using leading practices to provide Management with an independent perspective on project risks and advisory guidance on managing risk throughout ERP projects.
  • In-depth understanding of leading practice security frameworks and structure to implement a flexible, scalable, compliant security access environment and processes.
  • Extensive experience related to control baseline assessments, facilitating control workshops, and business process control design.
  • Extensive experience in SAP business control and access security analysis using automated techniques, including the SAP GRC Access Control Suite of tools.

Areas of Expertise

  • Governance, Risk and Compliance
  • ERP Solutions
  • Internal Audit

Industry Expertise

  • Retail and Consumer Products
  • Manufacturing
  • Pharmaceuticals
  • Financial Services


  • Master of Science – McCallum Graduate School of Business

  • Bachelor of Science – Bentley University

Professional Memberships and Certification

  • CISA Certification

  • CRISC Certification

  • SAP Certified Associate

  • Information System Audit and Controls Association (ISACA)