Scott has over 26 years of experience in consulting and public accounting, providing risk management and audit services to clients predominately in the Hotels, Motels, and Resorts segment of the Hospitality industry. He has significant experience helping hospitality companies understand and manage enterprise risks, including cyber security, third-party, privacy, resilience / continuity of operations, regulatory compliance, financial reporting and related operations, loyalty programmes, fraud and forensics, key financial / business system implementations, etc. In addition, he has designed and delivered robust Enterprise Risk Management, Internal Audit, Sarbanes Oxley (SOX) compliance, Business Continuity Management, and various Information Security Risk Management programmes.
Scott leads Protiviti’s Hospitality industry team globally and the Internal Audit and Financial Advisory practice for the Washington DC metropolitan area. Scott started his career with Arthur Andersen, rising to the level of experienced Manager before becoming a founding member of Protiviti in 2002.
- Public Company Readiness: Established an ‘IPO readiness’ programme Management Office for a global hospitality company, creating a multi-workstream project plan, establishing governance protocols / procedures, monitoring progress against plan, and reporting status to senior management and private equity ownership; Enhanced financial reporting control design and operations, partnering with Finance / Internal Audit leadership to develop and deploy a public company SOX compliance programme; Led analysis of financial close policies, procedures, and transactions to identify efficiencies, allowing the organisation to shorten financial close cycle to align with public reporting requirements
- Internal Audit: For a global hospitality company, assumed various Internal Audit leadership roles, including Chief Audit Executive (CAE) and Director of IT Audit; Built (and helped refine over time) the IA function, developing / deploying a charter, policies, and procedures; hiring a management team and supporting staff; and establishing governance / reporting protocols; Led risk assessments and development of annual audit plans; Planned, executed, and reported Corporate, Property, and IT audits, including both advisory and traditional assurance audits; Established department learning programme, including monthly lunch-and-learns with relevant SMEs; Supported the selection and implementation of multiple Internal Audit software tools; Partnered with leadership to development and refine hotel audit programmes
- Sarbanes Oxley Compliance: For various companies in the hospitality and other industries, designed and deployed comprehensive SOX compliance programmes, encompassing programme scoping, process documentation, control design assessment (and enhancement), control operating effectiveness assessment (and remediation), coordination with external audit, and reporting to management / board
- Enterprise Risk Management: For a global hospitality company, built an ERM programme, conducted annual enterprise risks assessments, and facilitated the management / monitoring of top-tier risks; For various service companies, assessed existing ERM functions and developed road maps for programme improvement
- Loyalty programme: For a global hospitality company, performed a detailed analysis of the use / flow of loyalty programme member information (including Personally Identifiable Information) and the controls surrounding the maintenance and security of that data (predominantly within the customer care center); Identified process improvement opportunities and worked with management to enhance programme processes and controls over time; Led point reimbursement fraud investigations, evaluating anomalies in Average Daily Rates (ADR), Occupancy, and Revenue Per Available Room (RevPAR) and identifying / quantifying impact of related frauds
- Fraud and Forensics: For various hospitality companies, led investigations into alleged financial frauds at corporate and hotel locations in various regions of the world (e.g., Middle East, Europe, APAC, Americas); Understood allegation, assessed facts, concluded on existence of fraudulent activity, and quantified impact, reporting results to senior management and/or the Board
- Cyber Security: For various global and domestic hospitality companies, worked with Information Security leadership to establish and/or deliver third-party information security risk assessments, Role-Based Access Controls (RBAC) and related access management services, PCI compliance programmes, cyber champions network, ISO- and NIST-based policy / procedure gap analyses, Multi-Factor Authentication solution assessment services, various Data Breach Kill Chain assessments, and other information security services
- System Implementation Readiness Reviews: Established a ‘real-time application system readiness’ review programme for key system implementations at a global hospitality company; Executed multiple system readiness assessments, including global financial systems (PeopleSoft, Hyperion, and related technologies) and Treasury system (Wallstreet Systems’ GTMS solution), as well as, other business applications (e.g., custom-built Resort Management system); Communicated results to senior management in real time (as system is being developed / deployed) and as an input to programme-wide ‘go / no-go’ decisions
- Crisis Communications and Continuity of Operations: Supervised team responsible for deployment / maintenance of a global crisis communications mobile application (including related protocols) to over 25,000 corporate and property team members; programme included technical development / deployment of the technology and organisational change management procedures to help ensure successful adoption of tool; Expanded programme scope to include deployment / maintenance of a SalesForce.com Fusion backend supporting broader Business Continuity Management efforts; Additional services included Business Continuity Management programme development, periodic Business Impact Analyses (BIAs), and other resilience efforts, as directed by the VP of Safety and Security and/or Senior Director of Business Continuity Management
- Privacy: For a global hospitality company, partnered with management to establish the overall General Data Protection Regulation (GDPR) compliance programme, including inventory of key processes, systems, data, required reporting, awareness programmes, etc.; Managed team responsible for deployment of supporting technology (OneTrust), ongoing Privacy Impact Assessments, Data Subject Access Request fulfillment (for GDPR, California Consumer Protection Act, and Nevada Privacy Regs); Provided additional support to the Data Protection Officer, as needed, to build out global privacy function
As global Hospitality Lead, Scott supports development and delivery of industry-specific services to hospitality companies across the globe. In addition, Scott manages and facilitates a global Hospitality Chief Audit Executive (CAE) network. Activities include quarterly calls with CAEs from leading Lodging, Timeshare, Cruise Line, Casino, and Amusement Park companies, as well as, an annual two-day Summit (i.e., off-site conference covering topics relevant to the industry). Scott frequently speaks at conferences, round tables, and CAE networking groups in the Metro DC area and national conferences.
Areas of Expertise
- Internal Audit
- SOX Compliance
- Security and Privacy
- Business Continuity Management
- Enterprise Risk Management
- BBA Accountancy and BS Computer Applications from University of Notre Dame
- Professional Memberships and Certifications
- Institute of Internal Auditors (IIA)
- Information Systems Audit and Control Association (ISACA)
- Accredited in External Quality Assessments (EQR)