Thomas McDermott is a principal with CohnReznick Advisory who specializes in information technology (IT), governance, risk, and compliance. Based in the Parsippany, NJ office, he has more than 17 years of experience in IT, SOX compliance, security, financial, internal control audits, and advisory services. He provides specialized risk and advisory provisions to clients in a variety of areas including IT governance, IT security, data confidentiality and privacy, and compliance as well as IT general and application controls.

Tom’s experience covers a broad range of industries including financial services, retail, manufacturing, biotechnology, entertainment, and technology. He is also member of the firm’s Consumer Industry practice and provides Sarbanes-Oxley compliance and IT internal audit and advisory services to a number of retail clients. His internal audit and SOX experience spans the entire life cycle of the control assessment process and leverages the use of the COSO and COBIT frameworks. Tom’s involvement includes the planning and management of engagements, the performance and use of risk assessments to develop the engagement approach, the design and implementation of policies and procedures, the development of process flows/narratives and risk control matrices, and the identification and remediation of internal control weaknesses.

As a certified information systems auditor (CISA), Tom works in the areas of system development, change control management, information security, computer operations, and disaster recovery. His experience in network, server, and application security, IT general controls, and application controls spans many different applications, IT platforms, and environments. These include main frame and mid-range, Windows operating systems, Oracle, JDE and Dynamics systems, SQL, and DB2, among others.

Tom has presented seminars on IT governance, business continuity planning, the use of security tools to analyze organizations’ network and system vulnerabilities, IT auditing, and the use of ACL and other Computer-Assisted Auditing Techniques. His designations include CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), and CGEIT (Certified in the Governance of Enterprise IT).

THOUGHT LEADERSHIP

9 Mar 21: How to assess risk for emerging technologies – before you use them

19 Nov 20: The importance of incident response plans in protection of data, finances, and reputations