Toni Lastella

Managing Director, Technology Consulting

Toni is a Managing Director in our Technology Consulting and leads the Enterprise Applications Solutions practice for the Northeast and the SAP Control Optimization solution nationally. She has over 17 years of business experience and has extensive knowledge in leading ERP transformation and Project Risk Management related projects, including, internal control advisory and design, pre and post implementation reviews, ERP selection and strategy, Sarbanes Oxley compliance, and the implementation and deployment of GRC solutions. In addition, she is leading the initiative and partner alliances in the Northeast related to lease accounting solution implementations to support organizations in their compliance efforts along with building out capabilities in cloud ERP end-to-end solution design and implementations.


  • Extensive experience leading teams in performing global baseline control design / assessments, automated control workshops, and business process optimization focused on SAP (ECC & S/4HANA), Oracle, Workday, Microsoft Dynamics 365, Sage and NetSuite environments.
  • Extensive experience in large scale ERP transformation projects related to business process control design, access security design and continuous monitoring using automated techniques, including Protiviti’s Assure TM Suite, SAP’s GRC Access Control and Process Control, Greenlight’s Access Management, Fastpath’s suite of tools and process mining solutions.
  • Performed ERP Project Risk Readiness reviews using leading practices to provide Management with an independent perspective on project risks and advisory guidance on managing risk throughout the life cycle of the project.
  • Led the establishment of the segregation of duty ruleset within the SAP GRC solution to enable continuous monitoring of security environment and developed a roadmap for implementing a comprehensive GRC governance model, including the Access Control and Process Control solutions.
  • Managed and coordinated several ERP audit co-sourcing engagements, for purposes of audit strategy, execution, and automation techniques focused on raising key issues and value-added recommendations for the business and reporting to the Audit Committee.
  • Managed development of documentation surrounding the following components of an IT project: functional & technical requirements, user guide, project plan, testing, and implementation (System Development Life Cycle).
  • Conducted several risk assessments, IT and integrated audits, and compliance reviews based on COSO and COBIT frameworks.
  • In-depth understanding of leading practice security and cloud frameworks and structure to implement a flexible, scalable, compliant security access environment and processes.

Areas of Expertise

  • Governance, Risk, and Compliance (GRC)
  • Enterprise Application Solutions
  • Internal Audit

Industry Expertise

  • Retail and Consumer Products
  • Manufacturing
  • Technology / Software Services
  • Pharmaceuticals
  • Financial Services


  • Master of Science – McCallum Graduate School of Business
  • Bachelor of Science – Bentley University

Professional Memberships & Certifications

  • CISA Certification
  • CRISC Certification
  • SAP Certified Associate
  • Information System Audit and Controls Association (ISACA)