IT Audit IT Security Internal Audit Risk Management Advisory



Dan J. Gaffney, CPA, CIA, CISA, MBA

Dan Gaffney, founder and principal of Dan Gaffney & Associates, has over 20 years of business and financial experience with some of the top audit and consulting firms in the U.S., including KPMG, Grant Thornton, and most recently, Crowe. He also served as a chief audit executive of a Fortune 500 company for over five years.

Gaffney’s risk management experience covers a wide variety of industries, including financial services and insurance, manufacturing and distribution, higher education, real estate and REITs, information technology, professional and business services, and pharmaceuticals and health services. He has experience building internal audit functions from the ground up, performing annual risk assessments, and conducting process and IT audits. He has led projects for Sarbanes-Oxley compliance and to meet annual financial reporting model regulation in the insurance industry; he has also provided litigation services and testified as an expert witness.

A CPA licensed in the State of Illinois, Gaffney is also a Certified Internal Auditor, Certified Information Systems Auditor with Cybersecurity Certifications. He is a member of the American Institute of Certified Public Accountants (AICPA). He is also a member of the Information Systems Audit and Control Association, and of the Institute of Internal Auditors, where he also serves on committees for the Chicago chapter.

Gaffney earned his MBA from DePaul University's Kellstadt Graduate School of Business and holds a BBA in accounting from the University of Wisconsin-Whitewater. He has also completed over 200 hours of professional certification study on risk management topics, including internal controls, IT controls and security.

Gaffney’s specific industry experience includes implementing solutions across a range of industries:

Health Products and Services

Led project management and delivery team for domestic and international locations of a publicly held health products company’s multi-year SOX 404 compliance.

Business & Professional Services

Performed an organization-wide risk assessment and conducted internal audits for a global law firm, including work at international locations.

Assisted with project management and internal audit co-sourcing for corporate locations and subsidiary operating units for a major US-based company.

Higher Education

Led an internal audit risk assessment for a highly respected liberal arts college in Wisconsin, at the request of the Board of Directors and the institution’s Vice President for Administration.

Led a project with a leading education research and professional services organization in Illinois, on streamlining project management and financial processes to help management identify and implement efficiencies.

Information Technology

Led a multi-year project for Sarbanes-Oxley 404 compliance for the domestic and Canadian operations of a medical radiology software development firm. Helped to devise controls for SOP 98-9 and SOP 97-2,  Software Revenue Recognition.

Financial Services and Insurance

Performed financial analysis and litigation support for insurance companies in rehabilitation or liquidation under State order. Worked with internal and external legal counsel to develop analyses and ultimately testified as an expert witness for recovery of misappropriated funds.

Directed internal audit for three subsidiaries of a $4 billion insurance company; responsible for annual risk assessments, recruiting, training and developing staff, oversight of internal audits, and reporting to executive management and the general auditor. Also led internal fraud investigations under the direction of internal and external legal counsel.


Led and conducted internal audit risk assessments and delivered internal audit and Sarbanes-Oxley services for clients of KPMG.

Led and conducted multi-year internal audit risk assessments and corporate internal audits for the main operations and two operating subsidiaries of a major distribution company, involving work in multiple locations.

Pharmaceuticals & Health Services

Led project management and delivery team for domestic locations of a pharmaceutical research and manufacturing company based in the U.K.

Performed initial risk assessment for Sarbanes-Oxley compliance for a pre-IPO company in preparation for their public offering.

Commercial Real Estate

Led and delivered Sarbanes-Oxley internal controls compliance projects, including the information technology components for two real estate investment trusts.

Delivered Sarbanes-Oxley risk assessment and internal controls testing services for publicly traded real estate partnerships.

Telecommunication /

Led and delivered a one-year project for Sarbanes-Oxley 404 initial year compliance at a Fortune 500 company with revenues in excess of $10 billion.