Sixth Annual Third-Party Assurance Summit October 30, 2024

Shannon brings over 25 years of experience leading advisory risk, internal controls and compliance reviews in support of independent financial statement audits, third party examinations, and internal audit engagements. She brings a wealth of knowledge leading a number of SOC reports during with her previous roles as well as her current role as US Third Party Assurance Leader

Carrie Kostelec is Lead Manager for SOC & Related Services for the Association of International Certified Professional Accountants, where she leads efforts related to the development and maintenance of the SOC suite of services, including SOC 2, SOC for Cybersecurity, and SOC for Supply Chain.

Prior to her work at the AICPA, Carrie leveraged her experience at a top-25 CPA firm to write and technically review audit manuals and tools covering a variety of topics, including nonattest services and SOC examinations, for a leading publisher of guidance for small-to-medium sized CPA firms.

Matt has over 24 years of professional experience, including 20 years of managing and performing information systems and business process control reviews spanning multiple platforms and numerous applications for large, complex, multinational clients within the Consumer Products and Financial Services Industries. Matt focuses on Sarbanes-Oxley 404 and SOC 1 reports, and has experience with ERP security and controls, including SAP, Oracle, and JD Edwards.

Matt has a Master of Science in Information Systems and an MBA from Penn State University. He has a B.S. in accounting from the University of Scranton. Matt is a Certified Public Accountant in Pennsylvania (CPA), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional CISSP), Certified Information Technology Professional (CITP), and is certified in the Governance of Enterprise Information Technology (CGEIT).

Kim is a Senior Manager in our Risk and Financial Advisory practice serving clients within the financial services industry. She has over 16 years of experience within the insurance industry serving as an IT Specialist. Her expertise includes conducting both integrated and non-integrated financial statement internal control audits, Sarbanes-Oxley compliance and readiness assessments, internal audits, and third-party assurance attestation engagements (SOC 1, SOC 2, Agreed Upon Procedures). Other services that Kim has provided to her clients include assisting with the remediation of controls to align with SOX, regulatory requirements and leading practices, controls rationalization and redesign, information security assessments, IT Risk Management services, and business process control improvements.

Ivan Mendez Gonzalez is a Manager in Deloitte Risk & Financial Advisory, specializing in the IT & Specialized Assurance offering. With over 8 years of professional experience, Ivan has a strong background in third-party assurance audits (SOC1 and SOC2), primarily serving clients in the investment management and technology industries.

In his current role, Ivan leads multiple teams in executing year-round audit engagements, gaining a deep understanding of IT processes, identifying areas of IT risk, assessing internal controls, and analyzing data to present findings to management.

Katherine has over 19 years of experience evaluating the design and operating effectiveness of business cycle, general computer, internal security, and entity level controls as part of internal and financial statement audits. She specializes in SOC 1 and SOC 2 audits and leads SOC engagements for payroll, technology, SaaS, and workers compensation third party administrator clients, specializing in internal control risk and compliance.

Additionally, Katherine has strong experience in a range of engagements, providing business cycle and IT services, as well as evaluating complex business and technology risks and opportunities for internal control improvement for companies in the technology, media, and manufacturing industries.

Stacie has over twenty-five years of experience providing operational and risk management services to Deloitte's clients in the financial services industry. She is also a leader in the firm's efforts to provide Third Party Assurance services to our clients and actively participates in developing the firm’s guidance and ensuring quality around these services at a national level.

Stacie specializes in evaluating risks and controls for our clients. She leads engagement teams in assisting our clients in the review of current business processes and technology operations, documentation of existing processes and procedures, identification of risks and controls, and identification of opportunities for improved processes and controls.

Tushar Sainani has over 17+ years of Banking and Investment Management industry experience spanning across internal audit and Controls Attestation (SOX, SOC1 / SOC2). Tushar currently leads the Nexus Digital Nerve Center innovation offering which delivers automated control testing and execution solutions to clients. He is also a member of the Blockchain / Digital Assets Assurance team that developed Deloitte's Digital Assets Assurance framework. Tushar has extensive knowledge of Business Process and Information Systems, which he has utilized to advise clients on conducting automation, analytics and visualization of controls, SOX, internal audits, process improvement, design and implementation of controls framework, third party vendor risk management and Cyber services. Tushar has facilitated and moderated at multiple industry conferences in the US such as FIRMA, SIFMA, CPE - SEC, etc. on the above noted topics of automation, analytics and vendor risk management. He has also facilitated Deloitte's SOX modernization, and other Greenhouse labs that enable Control's transformation—leading change through analytics, automation, collaboration with external audit, and more.

Xing is a Risk and Financial Advisory Senior Manager in Deloitte & Touche LLP, within the Assurance market offering. Xing has over 15 years of experience leading multiple teams in a geographical dispersed environment, performing risk assessments, third party assurance audits (SOC 1, and SOC 2), compliance audits (FICCA), SOX IT control audits, business operations, and information technology external and internal audit reviews. Xing has mainly worked on engagements for clients in Investment Management, Mortgage Servicing, Insurance, and Entertainment industries.

Xing's current responsibilities include leading teams to execute audit engagements for multiple clients, understanding compliance, business operations, and IT processes, defining areas of risk, developing audit plans, assessing internal controls, executing test plans, and analyzing and interpreting data to present to C-suite and stakeholders.

Dan is a Managing Director with Deloitte & Touche LLP in Atlanta, Georgia, and specializes in providing internal control assurance and internal controls and risk consulting services to clients in the technology and financial services industries. Dan serves some of our largest technology clients with responsibility for overseeing the management and delivery of our services related to third party assurance reporting, internal controls, controls readiness, and information technology auditing.