Scott Nalley is a principal with Baker Tilly’s risk advisory practice. He has more than 20 years of experience helping clients manage financial, technology, operational and regulatory risk by providing complex risk management, internal control and compliance engagements for clients in heavily regulated industries such as power and utilities, manufacturing, healthcare and governmental. Scott leads a team that provides services including internal and IT audits, network security and vulnerability assessments, data privacy evaluations, enterprise risk management (ERM) and fraud investigations.
- Leads the fully outsourced and integrated internal audit team for the 12th largest public power utility and a large family-owned snack food manufacturer
- Conducts SOC 1, SOC 2 and SOC 3 examinations
- Conducts cybersecurity assessments, including evaluation of controls against common cybersecurity frameworks such as Center for Internet Security (CIS) Top 18, National Institute of Standards and Technology (NIST), Health Insurance Portability and Accountability Act (HIPAA), Health Information Trust Alliance (HITRUST)
- Collaborates with senior management and the board of directors to provide best practices for designing and implementing controls to protect organizational value
- Lead the internal control workstream for a large customer information system implementation, advising on appropriate internal controls, application controls and development of user profiles to ensure appropriate segregation of duties
- Conducted an audit of a multibillion-dollar stadium construction project
- Assisted with the development of policy and procedures
- Conducted multiple fraud investigations including a scheme to steal more than $600,000 through the check request and corporate credit card process
- Assisted with the development and implementation of an ERM application
- Assisted with the evaluation of potential conflicts of interest and the development of mitigation strategies
- Conducted internal audit quality assurance reviews in accordance with the IIA standards
- American Institute of Certified Public Accountants (AICPA)
- Tennessee Society of Certified Public Accountants (TSCPA)
- Institute of Internal Auditors (IIA)
- Information Systems Audit and Control Association (ISACA)
- Tennessee State University, Accounting Advisory Board
- IIA East Tennessee Chapter, “Auditing accounts payable from an IA and fraud examiner perspective”
- Public Utility Accountant Association, “Effective internal controls”
- Middle Tennessee Association of Certified Fraud Examiners, Lipscomb Accounting Conference, TSCPA Nashville Chapter “Fraud: when truth is stranger than fiction”
- Association of Government Accountants, “Keep your boat afloat: Are you cybersecure?”
- Lipscomb Accounting Conference, “Auditing IT internal controls and IT security”
- Tennessee Electric Cooperative Association, “Utility Risk Management”
- IIA Nashville Chapter, “CAE Roundtable – Focus on Today: Implementing the Global Internal Audit Standards”
- Lipscomb Accounting Conference, TSCPA Chattanooga Chapter, “Soured Grapes: A Fraud Case Study in the Wine Industry”