Martin Nash is a Managing Director in Protiviti’s Enterprise Applications Solutions practice. He has over 20 years of experience in IT consulting and internal audit, including delivery of implementation best practices, automation, and governance of ERPs and other cloud applications. Prior to joining Protiviti, Martin spent roughly 5 years within the PeopleSoft practice of another consulting company. There he participated in full life cycle implementations of PeopleSoft Financials and Human Capital Management at major Fortune 500 companies.
At Protiviti, Martin leads the EAS practice for Florida and serves as the Firm’s PeopleSoft SME for the US. Martin manages EAS related services focused on software selection, solution design, control optimization, pre and post-implementation reviews, sensitive access and segregation of duty reviews, security redesign, and project risk management activities related to new system implementations at Fortune 500 companies. Additionally, Martin manages audit and compliance services including Sarbanes-Oxley Compliance, General Computer Controls, ERP Audits, Internal Control Reviews, SDLC Reviews, and other IT Audits.
Martin is currently on the board and finance committees for Junior Achievement of Tampa Bay.
- Martin leads of dozens of PeopleSoft (FSCM and HCM) application security, process controls and data integrity assessments using Protiviti’s Assure tools. Working primarily with internal audit departments, activities included planning/scoping, data extraction, analysis, and report preparation at both a detailed and executive summary level.
- Martin is leading multiple assessments for government entities, focused on evaluating the key implementation risks and IT application controls within their ERP environment, while also evaluating the security design for key risks related to sensitive access and segregation of duties.
- Martin is managing a team focused on designing and building the user security role structure for a Microsoft AX2012 implementation. The project includes security governance to facilitate ongoing monitoring of risks through the implementation of Fastpath.
- Martin has led Workday security and control engagements (across multiple industries) where he has helped clients evaluate and rationalize their controls for a more efficient and streamlined audit.
- Martin led a global security redesign across three ERPs (PeopleSoft, SAP, and AX2012) to address a material weakness in the design. This included implementing Fastpath to provide ongoing security governance and control.
- Martin managed the global redesign of a client’s SAP security model, with a focus on reducing segregation of duty and excessive access risks. He is also leading the effort to improve governance processes to keep the security clean of SoD risks.
- Martin led the remediation efforts for a PeopleSoft security project, where we worked with the Client to correct user’s access and role design. The project also included implementing stronger processes around role management.
- Martin has led various pre-implementation, application security, and configurable control reviews for companies running PeopleSoft Financials and HCM. These reviews focused on key SoD conflicts and weaknesses in the security configuration, as well as transactional controls. The project(s) included assistance with remediation.
Areas of Expertise
- ERP Implementation Reviews
- ERP Application Security Design
- Project Risk Management
- Software Selection
- Internal Audit / Sarbanes-Oxley
- B.S. – Business Administration (Finance/Management), University of Florida
- M.S. Decision & Information Sciences, University of Florida
Professional Memberships and Certifications
- Certified Information Systems Auditor (CISA)
- Information Systems Audit & Control Association (ISACA)
- Institute of Internal Auditors (IIA)