Joel Lanz is the founder and principal of Joel Lanz, CPA, P.C., a niche CPA practice focusing on information and technology governance, risk, compliance and auditing. Prior to starting his practice in 2001, Joel was a technology risk consulting partner at Arthur Andersen (1995-2001) and a manager at Price Waterhouse (1986-1991). He currently serves as a reference member of the American Cancer Society’s audit committee. His industry experience includes a job as vice president and audit manager at The Chase Manhattan Bank (1991-1995) and senior IT auditor positions at two insurance companies (1981-1986).
Joel currently chairs the AICPA's Information Management and Technology Assurance Executive Committee and previously chaired the AICPA’s CITP credential committee (IT specialist certification for CPAs) and co-chaired the AICPA's Top Technology Initiatives Task Force. Joel’s prior contributions to professional organizations include serving as chairman of the New York State Society of CPAs Technology Assurance and Information Technology Committees.
Joel is a member of the editorial board of The CPA Journal. He frequently speaks at professional society and industry conferences, including the AICPA, NYSSCPA and IIA, and he is an adjunct professor at New York University's Stern School of Business and at the State University of New York’s College at Old Westbury.
Joel holds a BBA in accounting and an MBA with a focus on information systems from Pace University’s Lubin School of Business Administration.
The opinions expressed in this blog are those of Joel Lanz and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.
Recently released COSO-ERM framework provides guidance to enable cyber and information security professionals to communicate risks and threats in language that stakeholders can understand and take action on.
It's time for information security practitioners to be recognized as professionals.
Ready to sign-off on your organization's compliance with cybersecurity regulations?
It's not enough to accept the risk by doing nothing. Getting everyone to sign an agreed upon analysis that justifies accepting the risk is key to optimizing risk decisions and protecting both the organization and the risk management professional
Learning from past data analytic mistakes and changing behaviors can enable users to finally realize promised benefits.
New information security guidance from the FFIEC will keep financial institution technology risk managers busy for some time. The specific guidance will be welcomed by some but others will consider it intrusive.
Warm temperatures signal the beginning of the budgeting season. As you ponder the "heat" of August, here are some tips from a financial perspective that will hopefully keep you out of the hot water come budget approval time.
By speaking "their language" technology professionals can garner more interest and support from business executives especially as it relates to gaining funding form security risk management initiatives.