Sandra Simonsen, CISA

Sandra is a member of AAFCPAs’ Business Process & IT Consulting Practice, responsible for providing information risk management, cybersecurity, and special IT attestation solutions.

Sandra is a Certified Information Systems Auditor (CISA) and is among the most qualified in the industry providing Information System (IS)/IT auditing, control, and security. Sandra has 30+ years of experience in: auditing; governance and management of IT; IS acquisition, development, and implementation; IS operations and business resilience; and protection of information assets. She assesses clients’ vulnerabilities, reports on compliance, and validates and enhances controls.

Sandra is proficient in using the COSO and COBIT frameworks to focus on IT processes, procedures, and controls to comply with the Sarbanes-Oxley Act and Section 404 compliance. She advises clients on opportunities to make the SOX 404 assessment as efficient as possible, including centralization and automation of processing.

Sandra has experience performing System and Organization Controls (SOC) report attestations and evaluations to help clients ensure they are addressing operational risks associated with outsourcing to third parties outside financial reporting. She provides reports and report evaluations which are clear and concise and include actionable feedback to help improve clients internal control environments.

Education

• Wilson College – Bachelor of Science, Biology

Prior Experience

• Senior IT Auditor, Control Solutions International
• VP, Information Systems, Equis Financial Group

Service

• National Federation of the Blind of Massachusetts – Volunteer Reader and Fundraiser