Maryland CPAs | Directors, Partners, Principals | SC&H Group

Client Portal Log-in

Contact Us Online

Community Involvement

What Our Employees are Saying About Us

Assurance

Business Performance Management

Business Risk Services

Business Valuations & Litigation Support

Government Contractor Consulting Services

Internal Audit

Investment Banking and Strategic Planning

Personal Financial Planning

SC&H Search

State and Local Tax

Supplier Assurance

Tax and Business Advisory

Transition Advisory Services

Unclaimed Property

Overview

Government Contracting

Real Estate

Not For Profit

Technology

Pharmaceutical and Biotech

Manufacturing, Distribution, and Retail

Seminars and Webinars

What Our Employees are Saying About Us

Complete the following form to forward this page...

About Us »

Consulting Leadership

Personal Financial Planning Leadership

State and Local Tax Leadership

Tax and Advisory Services Leadership

Transition Advisors Leadership

Contact

Locations

Success Stories

Community Involvement

C. Scott Heflin, CISA, CRISC

Scott Heflin is an IT Audit Principal with SC&H with more than 10 years of “Big Four” IT audit and compliance experience. He has served clients across numerous industries including, but not limited to, Financial Services, Manufacturing, Telecommunications, Energy, Technology, Insurance, Biotechnology, Utilities, Not-For-Profit organizations, and the Federal Government. He leads teams of IT audit professionals in providing consulting services to an array of clients. He has performed information technology reviews in several compliance and audit areas including Sarbanes-Oxley 404, GLBA, FISCAM, GISRA, OMB A-130, WebTrust, SAS 70, and SSAE 16. His experience includes reviews of IT entity-level controls, IT general controls, and IT application controls for major ERP applications (PeopleSoft, SAP, Oracle, etc.), mainframes environments, commercial off-the-shelf (COTS) software, and internally developed systems.

Prior to joining SC&H, Scott worked for two of the “Big Four” firms with responsibility for the development of clients’ test plans and methodologies utilized to assess Sarbanes-Oxley 404 compliance; co-sourced with numerous internal audit teams, performed extensive Computer Assisted Audit Techniques (CAATs) test work for his clients, and served as the external auditor completing year-end Sarbanes-Oxley reviews and attesting to management’s assessment of key internal controls. Serving as an external auditor, Mr. Heflin also completed IT controls testing in support of various financial statement audits.

Scott has performed numerous SAS 70/SSAE 16 Readiness, Type I, and Type II reviews, where he identified and tested key IT controls, as well as developed multiple SAS 70/SSAE 16 reports. He has led numerous outsourced and co-sourced internal audit projects that included IT risk assessments, IT audit plan development, IT internal controls reviews, IT infrastructure reviews, and IT application reviews. Mr. Heflin also held a critical role in one of the largest financial restatement processes in history by analyzing the design of, and re-running various queries to test the veracity of database files and download processes utilized in the MCI WorldCom re-statement.

Scott holds a B.B.A. in Computer Information Systems from James Madison University in Harrisonburg, Virginia. He is a Certified Information Systems Auditor (CISA) and is Certified in Risk & Information Systems Control (CRISC). He is also a member of the Information Systems Audit and Control Association (ISACA) as well as the Institute of Internal Auditors (IIA) where he serves on the Public Relations Committee.

C. Scott Heflin,
CISA, CRISC

Principal

SC&H Consulting

sheflin@scandh.com
(o) 703-287-5973
(f) 703-485-8076
vCard

Our Services | Testimonials | Press Room | About Us | Careers

Contact Us: 800-832-3008
SC&H Online Contact Form