Heather B. Bearfield is a Principal in the Firm’s Boston office and serves as the National Technology Assurance Services Practice Group Leader. She is also a member of its National Alternative Investment Industry group. Ms. Bearfield has extensive experience with SAS 70 audits/SSAE 16/AT 101, internal and external audits, and specialized projects for application reviews, internal and external vulnerability assessments, wireless assessments and penetration testing.
Ms. Bearfield conducts in-depth analyses of entire business systems including application software, databases, operating systems, hardware, client/server networks and communicates with technical staff and managers to improve internal controls. She conducts IT Risk Assessments and evaluates information security strategies.
Working with Fortune 500 companies, Ms. Bearfield manages Sarbanes-Oxley engagements and control assessments of corporate IT functions to ensure appropriate controls, accurate reporting, and thorough disaster recovery and business continuity plans and testing. She recommends and assists in the implementation of best practices to increase efficiency and effectiveness. Ms. Bearfield has in depth experience assisting companies to strengthen internal controls/ processes for business process flows including payroll, inventory, purchasing, sales, loans, ATMs, personal banking for areas including logical security, interfacing of applications, completeness and accuracy of information, and backup and recovery procedures. She creates standards, policies and procedures for compliance with Sarbanes-Oxley Act 404 and manages SAS 70/ SSAE 16/ AT 101, Pre-Assessments, Type I and Type II audits and draft reports for review.
Professional & Civic Affiliations
Information Systems Auditing and Control Association (ISACA)
Massachusetts Society of Certified Public Accountants (MSCPA)
100 Women in Hedge Funds
Articles, Seminars & Presentations
Data Breaches: Protecting Critical Information, Association of Ski Defense Attorneys, 2010
SSAE 16 and ISAE 3402: Preparing for New Service Company Control Standards, 2011
Accreditations & Designations
Certified Information Systems Auditor
Certified Information Systems Manager
Certified in Risk and Information Systems Control
Areas of Expertise
Business Continuity & Disaster Recovery
SAS 70/SSAE 16/AT 101
Alternative Investment Funds
Master of Business Administration University of Vermont
Bachelor of Science, Business Administration University of Vermont