Information Systems Department Advisory Board

Michael Nyman

Michael Nyman


Job Title: Senior IT Assurance Manager
Company: CliftonLarsonAllen LLP


Mike is a Senior Manager with the Technology and Security Risk Services (TSRS) practice in Ernst & Young’s Pacific South West region. Mike has over 11 years of information systems auditing, security and risk management experience within a wide range of industries. These industries include Healthcare, Financial Services, Hospitality, Retail, Energy, Technology, and Manufacturing.

Mike received his B.S. degree in Accountancy and his Master of Accountancy in Information System from Brigham Young University. He is a Certified Public Accountant (CPA) in the state of Arizona, Certified Information Systems Auditor (CISA), Certified Information Technology Professional (CITP) and a Certified Information Systems Security Professional (CISSP). He is a member of the Information Systems Audit & Control Association (ISACA). He also serves on the Arizona State University College of Information Systems’ Professional Advisory Board.

Mike has experience in planning, developing, performing, and reviewing information system audits for external financials audits and co-sourced internal audit departments for Ernst & Young. He also has experience working on Statement of Auditing Standards (SAS) No. 70 reporting for transaction processing organizations, application controls reviews, and IT assessment.

Most recently, he has been performed and leaded several Sarbanes Oxley 404 IT assessments and documentation efforts serving in the management’s advisor role. In addition, he has been leading numerous Sarbanes Oxley 404 IT assessments and testing efforts as part of the external auditor’s role. He has significant knowledge and experience with the concepts, terminology, capabilities, and application of business and control risk associated with various information systems architectures. His understanding of complex business processes with the underlying information security and control issues and was able to concisely and effectively communicate the same to the internal and external parties.