Sanna is the Head of Information Risk Management (IRM) at KPMG Norway. She has a long experience as an information Systems Auditor managing several projects for many national and international companies in wide variety of industries. Her areas of special expertise include IT and business process controls and assurance, ISAE 3402 service organization audits, data analysis, shared service center audits, system implementation assurance and Sarbanes-Oxley (SOX) compliance auditing and implementations.
In years 2003 - 2005 she was performing internal control implementations, validations and evaluations as required by the US Sarbanes-Oxley Act of 2002 in San Jose, US. Since then she has been extensively involved with SOX and other internal control projects worldwide, helping global organizations to develop and harmonize internal controls in business processes and IT.
Her experience as a financial auditor earlier in her career gives her a great understanding on information systems and controls around the financial reporting process.
1999 Master of Science in Economics (Major Accounting), University of Vaasa, Finland
2016 - KPMG Norway, Information Risk Management, Director
2013 - 2016, PwC Norway, Risk Advisory Services, Senior Manager
2005 - 2013, PwC Finland, Systems and Process Assurance, IT Auditor and Internal Control Specialist
2003 - 2005, PwC US, Assurance, Senior Associate
1999 - 2003, PwC Finland, Assurance, Financial Auditor