Professional Headshot of Thomas Furnari

Thomas Furnari

Assurance Managing Principal, IS Assurance

CPA, CISA, CRISC, CGEIT, CISM

Executive Summary

Thomas Furnari is a Principal in the Assurance practice of BDO USA. He has more than 20 years of experience working in the Attestation space, with a focus on a number of industries, including financial services, payment and transaction providers, pricing and index servicers, exchanges, healthcare, oil and gas, and retail. His key areas of emphasis are with business and technology risk and controls, third-party assessment reporting, and information management.

Selected experiences:

  • Industry/Technical Knowledge: Through his financial services experience, Thomas has a deep understanding of key financial processes and risks, along with controls related to them. This includes technical knowledge on financial services products, offerings, and operating models. He is experienced with controls around relevant tools and systems used across financial services companies and has experience with the regulatory reporting required in the industry.
  • External Audit: Thomas has significant experience in public company accounting and reporting, IT and process risks and controls, SOC reporting, PCAOB-standard audits, broker-dealer regulatory matters, index regulatory matters, and overall internal controls.
  • Third Party Reporting: Thomas has assisted a number of his capital market, banking, and asset management clients on third party reports including SOC1, SOC2, IOSCO compliance, and AUPs throughout his career. His efforts have helped his clients to both create new reports from scratch and refine and re-design existing reports to keep up with the ever-changing environment.
  • Internal controls: Thomas has served clients by helping them to evaluate the adequacy and effectiveness of their internal controls; including advising clients on compliance with policies and procedures, local and international regulations and helping to identify, recommend, and implement leading practices.
  • Third Party Risk Management: Thomas has performed reviews of vendors and service providers in the context of outsourced business information systems to help clients improve their overall program and compliance with internal risk programs, as well as with their regulations.

  • American Institute of Certified Public Accountants
  • Information Systems Audit and Control Association
  • The College Bridge Café (board member)
  • Certified in Risk and Information Systems Control (ISACA – CRISC)
  • Certified in the Governance of Enterprise IT (ISACA – CGEIT) 
  • Certified Information Security Manager (ISACA – CISM)
  • Certified Information Systems Auditor (ISACA – CISA) 
  • Certified Public Accountant (CPA) in New York