Ron brings nearly 40 years of audit, management, analysis, and information technology (IT) experience in the local, state, and federal government sectors to his role as principal on the Benefit/Program Integrity (BPI) engagement team. He has extensive experience in managing risk in the public sector, particularly in the area of IT. He also has experience in helping improve the efficiency and effectiveness of operations through a variety of analytical approaches, including process re-engineering.
Prior to joining Myers and Stauffer, he managed the information security (IS) auditing function for the state of Texas at the Texas State Auditor’s Office (SAO), and managed numerous performance audit and IS audit projects at state agencies and academic institutions. Since joining Myers and Stauffer, Ron has supervised, performed audit procedures, and performed quality reviews for performance audits, technology consulting, and IT security reviews for local governments, state agencies, and federal agencies, with a focus on IT controls and security. He has also been the project director, lead partner/principal, and contract point of contact for outsourced and co-sourced internal audit engagements focused on IT controls and security at multiple state agencies. In addition, Ron has led numerous third-party audits (Statement on Auditing Standards [SAS] 70, Statement on Standards for Attestation Engagements [SSAE] 16, and Systems and Organization Control [SOC] audits), and he has also led Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security risk assessments and compliance audits. Ron has extensive experience assessing IT controls and IT security using best practices and compliance criteria including National Institute of Standards and Technology (NIST)-based criteria (particularly NIST SP 800-53), Internal Revenue Service (IRS) Publication 1075, and HIPAA.
Ron is a Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Fraud Examiner (CFE), Certified Internal Controls Auditor (CICA), and Certified in Risk and Information Systems Control (CRISC). He is a member of the Association of Certified Fraud Examiners and the Information Systems and Audit Control Association, where he served on the Chapter Board for many years. He also was a member of the Information Systems Audit and Control Association (ISACA) International Professional Standards and Career Management Committee.