Skip to Main Content
About
Industries
Services
Professionals
Careers
News + Insights
Locations
Industries
About us
Services
Culture
Careers
Press kit
Events
Articles
Contact us
Submit an RFP
Subscribe
Join our team
Contract with us
Make a payment

Mark A. Caiazzo

Principal | CISA, CISM, CRISC, COBIT 5

mcaiazzo@berrydunn.com

Mark has led over 400 SOC exams and readiness assessments for state lotteries, racing venues, health and retirement plan recordkeepers, e-business providers, website hosting companies, and more. He also leads BerryDunn’s technology assurance service engagements in both the public and private sectors. Prior to joining the firm in 1988, Mark was the EDP Audit Officer in the internal audit department of a large regional bank holding company.

Mark is a Principal in the Management and IT Consulting Group and leader of BerryDunn’s IT Assurance Services team. He is charged with keeping abreast of Information Systems technology, IS audit standards and techniques, information security vulnerabilities and countermeasures. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC), all designations of the Information Systems Audit and Control Association (ISACA).

D 207.541.2321

Mark has led over 400 SOC exams and readiness assessments for state lotteries, racing venues, health and retirement plan recordkeepers, e-business providers, website hosting companies, and more. He also leads BerryDunn’s technology assurance service engagements in both the public and private sectors. Prior to joining the firm in 1988, Mark was the EDP Audit Officer in the internal audit department of a large regional bank holding company.

Mark is a Principal in the Management and IT Consulting Group and leader of BerryDunn’s IT Assurance Services team. He is charged with keeping abreast of Information Systems technology, IS audit standards and techniques, information security vulnerabilities and countermeasures. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Control (CRISC), all designations of the Information Systems Audit and Control Association (ISACA).

experience education & certifications industries services presentations & publications memberships community service events insights

Experience Highlights

Mark helps clients with a variety of issues including:

  • Security program reviews and architecture assessments
  • IT audits and operational reviews
  • Management and regulatory requirements for technology use
  • Internal audit planning and risk management
  • Technology planning

Publications and Presentations

  • NASPL 2017, “Business Continuity Management - an Auditor's Perspective”
  • PPC's 2013, “Guide to Audits of Financial Institutions”, Contributing Author

    Mark advises industry groups on the AICPA’s continuously changing SOC examination standards, with speaking engagements at the following association meetings:
  • National Association of State and Provincial Lotteries (NASPL)
  • Association of Racing Commissioners International (ARCI)
  • Maine and New Hampshire Hospital Associations

Article

The Federal Reserve's FedLine® Solutions Security and Resiliency Assurance Program

Related Services

Accounting and Assurance

FDICIA and SOX 404 Compliance Internal Controls Review IT Controls Review
SOC Audits SOC Audits for Gaming and Lotteries

Consulting

Information Security

Policy and Procedure Development Overview Security Compliance, Risk and Gap Assessment Overview Security Program Development Overview Vulnerability Scanning and Penetration Testing Overview

Information Systems

Independent Verification and Validation for Gaming and Lotteries

Organizational and Governance

Organizational Studies Overview

Related Industries

Insights

Articles

Senior living cybersecurity and scams—it's time to start educating your residents
Cybersecurity Insurance: To buy or not to buy? That is the question.
Preventing fraud at financial institutions 2023 update: An anti-fraud plan is the best investment you can make
Navigating changes to the SOC 2 guide
Beyond weathering the storm: How the gaming industry can succeed during economically challenging times 
FDIC Issues its Third Quarter 2022 Quarterly Banking Profile
Board oversight of cybersecurity: Questions to ask
Yes, you need a SOC for cybersecurity report—here's why
FDIC Issues its Second Quarter 2022 Quarterly Banking Profile
FDIC issues its First Quarter 2022 Quarterly Banking Profile
FDIC Issues its Fourth Quarter 2021 Quarterly Banking Profile
Cyberattack preparation: A basics refresher
Gaming: Reporting requirements for not-for-profit organizations 
FDIC issues its Third Quarter 2021 Quarterly Banking Profile
Cybersecurity update for organizations: Considerations for boards and senior management
FDIC issues its Second Quarter 2021 Quarterly Banking Profile
The Federal Reserve's FedLine® Solutions Security and Resiliency Assurance Program
FDIC issues its First Quarter 2021 Quarterly Banking Profile
In 2021, an anti-fraud plan is the best investment your financial institution can make
FDIC issues its Fourth Quarter 2020 Quarterly Banking Profile
Resources for financial institutions affected by COVID-19
TDR and CECL relief is extended for financial institutions
FDIC issues its Third Quarter 2020 Banking Profile
FDIC grants some banks temporary regulatory relief of Part 363 Audit and Reporting requirements
Do your FDICIA controls "CARES" about the Paycheck Protection Program?
CECL: Understand the audit requirements and prepare for what's to come
Paycheck Protection Program (PPP): Resource for lenders
Banking and finance: 2020 challenges and what to do to overcome them
FASB delays credit loss rules
Five IT risks everyone should be aware of
When one loan rate closes, another opens
Trusting privileged accounts in the age of data breaches
The hidden tax cost of bank incentive rewards
Are you ready for NIST 800-171?
CECL implementation: So, you've developed reasonable and supportable forecasts — now what?
CECL: Reasonable and supportable? Be ready to be ALLL in
Are you "mature" enough? Cybersecurity maturity is the new black
How our new friend CECL affects bank and branch acquisitions
Preventing fraud at financial institutions: An anti-fraud plan is the best investment you can make

Press Releases

BerryDunn Creates New C-Suite Position, Hires Chief Culture and Engagement Officer
December 2, 2021
BerryDunn named a top firm for equity leadership by the MOVE Project
October 20, 2021
11 Years and Running―BerryDunn Once Again a Top 100 Firm
August 5, 2021
BerryDunn Unveils New Logo, Refreshed Brand
December 3, 2020
10 Years and Running―BerryDunn Once Again a Top 100 Firm
August 18, 2020
United Way of Greater Portland Announced Racial Equity Fund
August 3, 2020
BerryDunn Announces Location of New National Headquarters
July 27, 2020

Resources

Internal control over financial reporting: COSO best practices
March 15, 2021
Headquarters location update
FDICIA requirements for banks with total assets* of $500 million to $1 billion
FDICIA reporting requirements for banks with total assets of $1 billion or more
How to manage technology risks: A project management approach

Success Stories

A financial institution gets the upper hand on regulatory requirements and IT security
Preparing a firm for a SOC 2 audit and helping to grow its customer base

Education

BS, Accounting & Finance, University of Maine

Certifications

  • CISA
  • CISM
  • CRISC
  • COBIT 5