Tonya Baez

Director, Internal Audit & Financial Advisory

Tonya is a Director in the Internal Audit and Financial Advisory services practice of Protiviti in the Phoenix office.  She brings over 20 years of risk management experience, specifically in internal audit, Sarbanes-Oxley, business process improvement, compliance, enterprise risk management, and investigations. Tonya’s focus is primarily on the higher education industry, where she has helped institutions improve their administrative and academic operations, risk management, internal controls, governance, and compliance efforts. Prior to joining Protiviti, Tonya served in the chief risk officer and chief audit executive roles for a private higher education institution where she oversaw the internal audit, enterprise risk management and compliance functions. She is a former President and Board Member of the Chicago Chapter of the IIA.

Major Projects

  • Internal Audit Services: Work with Internal Audit departments to provide the value-added risk management capabilities needed to support their business strategies and continuously improve operational performance. Recent projects include enterprise-wide risk assessments, reviews of the student grade process, financial aid, scholarships (athletic, institutional aid and donor), treasury services, procurement, Clery Act reporting, third-party vendor management, faculty evaluation process, research grant processes and compliance, admissions process, competitive bid process, NCAA rules compliance, and a protection of minor children program review.
  • Risk and Compliance: Assess university-wide compliance program capabilities, structure and effectiveness. Assist with implementation of key compliance program elements to enhance program maturity and effectiveness.  Help with implementation of enterprise risk management (ERM) program improvements to enhance program awareness, maturity and documentation.
  • SOX Compliance: Work with financial leadership and responsible areas to update SOX documentation and key controls after implementation of a new ERP system.
  • Quality Assessment Review: Perform QARs of Internal Audit functions for clients, focused on providing strategic insights based on management and staff interviews, audit client feedback and benchmarking, while identifying and recommending best practices.
  • Investigations: Lead investigations of fraud or misuse of an organization's assets or other matters, as requested by executive management or the Board.

Areas of Expertise

  • Internal Audit
  • Compliance
  • Risk Management

Industry Expertise

  • Higher Education


  • University of Illinois Urbana-Champaign, B.S - Accountancy

Professional Memberships and Certifications

  • Certified Public Accountant (CPA)
  • Certified Internal Auditor (CIA)
  • Certification in Risk Management Assurance (CRMA)
  • Certified Fraud Examiner (CFE)