Joel Lanz

Joel Lanz is the founder and principal of Joel Lanz, CPA, P.C., a niche CPA practice focusing on information and technology governance, risk, compliance and auditing. Prior to starting his practice in 2001, Joel was a technology risk consulting partner at Arthur Andersen (1995-2001) and a manager at Price Waterhouse (1986-1991). He currently serves as a reference member of the American Cancer Society's audit committee. His industry experience includes a job as vice president and audit manager at The Chase Manhattan Bank (1991-1995) and senior IT auditor positions at two insurance companies (1981-1986).

Joel currently chairs the AICPA’s Information Management and Technology Assurance Executive Committee and previously chaired the AICPA's CITP credential committee (IT specialist certification for CPAs) and co-chaired the AICPA’s Top Technology Initiatives Task Force. Joel's prior contributions to professional organizations include serving as chairman of the New York State Society of CPAs Technology Assurance and Information Technology Committees.

Joel is a member of the editorial board of The CPA Journal. He frequently speaks at professional society and industry conferences, including the AICPA, NYSSCPA and IIA, and he is an adjunct professor at New York University’s Stern School of Business and at the State University of New York's College at Old Westbury.

Joel holds a BBA in accounting and an MBA with a focus on information systems from Pace University's Lubin School of Business Administration.

The opinions expressed in this blog are those of Joel Lanz and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.

Hey New York - ready for CyberSOX?

Accepting the risk requires more than doing nothing

Accepting the risk requires more than doing nothing

It's not enough to accept the risk by doing nothing. Getting everyone to sign an agreed upon analysis that justifies accepting the risk is key to optimizing risk decisions and protecting both the organization and the risk management...

Overcoming the ghosts of data analytics past

Overcoming the ghosts of data analytics past

Data analytics has been around for quite some time. Yet, despite the technological advances, many users continue to be challenged in achieving promised benefits. The article provides a checklist of lessons learned that when applied to...

Friend or foe? Bank regulator issues new information security exam procedures

Friend or foe? Bank regulator issues new information security exam procedures

Financial institution regulatory agency issues revised examination handbook that communicates enhanced regulatory expectations on how institutions should better manage cybersecurity risks. Some new and some enhanced requirements will...

Key questions to mull as you head into infosec budgeting season

Key questions to mull as you head into infosec budgeting season

Tips for getting the budget past the financial people - from the financial professional's perspective.

Update to risk management framework should be taken seriously

Update to risk management framework should be taken seriously

COSO, that same organization that sponsors that internal control framework for Sarbanes-Oxley control compliance, recently issued a long awaited exposure draft update to their Enterprise Risk Management framework. By translating the...

How to avoid vulnerability assessment gotchas

How to avoid vulnerability assessment gotchas

Common findings and exceptions when auditing or performing a post-breach exam of vulnerability assessment effectiveness.

Audit committee cheatsheet for IT and cyber professionals

Audit committee cheatsheet for IT and cyber professionals

What exactly do audit committees do and who gets to be on one.

Reflections on the 2016 external audit season

Reflections on the 2016 external audit season

Having a "to-do" hangover from this year's external audit report? Here's what you can do to minimize those recommendations next year - while making yourself and your boss look good.

Answers to audit committee questions that will keep you employed

Answers to audit committee questions that will keep you employed

Cybersecurity continues to receive increasing attention from the Audit Committee. For many information technology professionals this interest creates opportunities for exposure to this critical corporate oversight committee and the...

Load More