Tom Andreesen

Managing Director

Tom is a managing director with over 29 years experience helping organizations develop and implement a variety of business and technology solutions to enhance their overall operations. Tom has also helped companies establish their risk management functions and overall governance programs to help with required standards and regulatory compliance requirements. Tom is leader of Protiviti’s Chicago office and Central Region Technology Consulting Practice Lead as well as a member of Protiviti’s global Technology Consulting leadership team.

Major Projects

  • Regional Insurance Company: Engaged by the organization to perform a review of their enterprise risk management program and provide recommendations on addressing gaps and to help provide a better governance structure for the overall program.
  • National Broker Dealer Company: Engaged by the client to assist with various risk management activities (business and IT) including annual risk assessment work. Also helped the IT function directly with design and testing of controls and rationalizing the key control environment. Assisted with vendor information security assessments and forensic analysis.
  • National Transportation Company: Led the start-up of an internal audit organization that was tasked with developing the infrastructure for these capabilities and planning the company’s approach to Sarbanes-Oxley compliance. Additional activities included establishing ongoing risk management and reporting capabilities and also enhancing the IT governance of the organization.
  • National Transportation Company: Was the lead for helping the company rationalize its IT controls and governance infrastructure. The efforts included reviewing and revising the process documentation and helping reorganize ownership for the control environment. The work resulted in a thirty-five percent reduction in controls.
  • National Transportation Company: Engaged by the organization to assist with various activities including business continuity planning, SOX compliance support, Quality Assessment Review of the internal audit function, and enhancing and conducting an annual risk assessment process that linked to the organization’s monthly operational reporting efforts.
  • National Broker Dealer Company: Engaged by the client to assist with major integration efforts including establishing project management functions, adoption of required security standards and processes, creating roadmaps for major technical infrastructure changes, and helping redesign data architecture for ongoing data warehouse needs.

Areas of Expertise

  • Risk Assessment
  • Regulatory Compliance
  • IT Process Improvement
  • IT Governance

Industry Expertise

  • Transportation/logistics
  • Financial Services & Real Estate
  • Industrial Products & Technology
  • Consumer Products & Retail


  • BS, Computer Engineering, Iowa State University

Professional Memberships and Certifications

  • Certified Information Systems Auditor (CISA)
  • Certified, Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Controls (CRISC)
  • Member, Institute of Internal Auditors (IIA)
  • Member, Information Systems Audit and Control Association (ISACA)