Director, Michael Hughes CISA, CRISC, CGEIT,
Mike’s experience includes all aspects of governance, risk and compliance, providing assurance and advisory services. Assisting organisations to realise their full business potential by helping them design, implement and operate appropriate governance and management processes. The goal is to ensure effective business use of technology to deliver business value.
Mike spent eight years in mainstream IT, before he joined KPMG’s IT Advisory Practice, where he specialised in IT Audit and Risk. During his time with KPMG, Michael held a number of senior roles, including: the UK service lead for external audit; leading the Midlands Governance & Compliance practice and leading the Midlands Information Security Services team. Michael’s main areas of specialism include: IT, Information & Risk Governance; Programme & Project Assurance; and Cyber & Information Security (Digital Risk).
Michael has been involved with ISACA for over 20 years in a number of roles, both at the Local Chapter and International levels. Michael has served on the Board of the Central UK Chapter since its inception in 1993, 8 years of which were as President. Michael continues to serve on the Chapter Board and he also Chairs the UK & Ireland Chapter Leaders Group. At the International level, Michael has served on the Membership Board, Membership Growth & Retention Committee and Finance Committee. Michael has also involved with the development of COBIT 5.0, COBIT 5 for Risk and the Risk Scenarios for COBIT for Risk. As well as being CISA, CRISC and CGEIT certified, Michael also lectures on preparation courses for the CISA, CISM, CRISC, CGEIT exams.
Director, Steve Connors CISM, FIPA, FFA.
Steve is a GRC specialist working with clients across a range of sectors helping them deliver value from their information systems while at the same time ensuring that the data remains secure.
Steve joined Haines Watts in 1995 to set up the Information Systems and Computer Audit function. Through roles in industry and consultancy Steve gained extensive experience of information security, risk management, corporate and IT governance, business process re-engineerng and business intelligence.
Steve’s approach is to assist organisations to better understand their data and its value, to enable them to implement secure and effective compliance strategies, specifically in relation to information security and vendor assurance programmes.
Approached in the right way compliance with standards and regulations can enhance the bottom line whilst at the same time improving information and data security. Compliance need not be a burden!
Steve often presents at national and international conferences on cyber security, GDPR, data classification and vendor assurance and his specialist areas include: IT Governance; Information Governance; Programme and Project Assurance; IT Internal Audit; IT Risk Management; Service Management, including ITIL, ISAE3402 (SAS 70) advice and Information Security Management Systems, including ISO/27001/02.