Audit professional with almost 15 years of Information Technology (IT) audit, advisory, and risk management experience. Demonstrated success teaming with IT and business executive leadership in the development of annual audit plans and the delivery of integrated and operational audits, SOX 404 work, pre-implementation/project audits, as well as security and data privacy advisory projects. Significant experience executing highly complex IT audits in accordance with both commercial and federal government professional standards. Strong written and verbal communication skills. A focus on delivering high-quality audits in a clear, concise, constructive, and timely manner. Proven ability to mentor and provide on-the-job training for staff. Solid conflict resolution capabilities, and the ability to develop strong positive working relationships with peers and across management levels. Key qualifications in the following areas: • Extensive Big 4 professional services experience • Significant Internal Audit management experience • Substantial project and people management experience • IT and operational audit (CISA certified) • IT controls design and remediation (CRISC certified) • Broad industry, systems, and ERP experience • Commercial audit experience (COSO, COBIT, etc.) • Federal audit experience (FISCAM, NIST, etc.) Specialties: IT Audit (Internal/External, SOX 404, Operational Audit) Project Audit (Pre-Implementation, Post-Implementation, Advisory Project Audit) IT Advisory (Controls Design and Implementation, IT Process/Procedure Design, Risk Management)

Senior Manager. Information Assurance @ From January 2015 to Present (11 months) Washington D.C. Metro AreaManager, IS Audit @ Provided audit oversight and leadership related to the controls, governance, deliverables, and readiness of major corporate initiatives. Responsible for planning and executing IS operational and integrated audits for Capital One’s Bank and Digital IT lines of business. From July 2013 to January 2015 (1 year 7 months) IT Audit Manager @ Led the global IT audit function at the Brunswick Corporation and its subsidiary companies: Mercury Marine, Brunswick Boat Group, Brunswick Bowling & Billiards, and Life Fitness. Responsible for recruiting, scheduling, and management in the audit department. From September 2011 to July 2013 (1 year 11 months) Manager, Advisory Services (Information Technology Risk and Assurance) @ Provided quality leadership to the Midwest Financial Audit and IT Integration (FAIT) practice within ITRA. Managed a $2.1 million book of business (Sarbanes-Oxley 404 attestation, Financial Audit, pre-implementation review and risk advisory). From April 2006 to September 2011 (5 years 6 months) Senior Associate, IT Advisory Services (Information Risk Management) @ Functioned as manager providing project oversight and quality assurance for IT advisory and integrated audit engagements, including SAS 70, IT controls remediation, and ITGC reviews that supported the financial statement audits. From June 2004 to April 2006 (1 year 11 months) Experienced Senior Consultant, Technology Risk Consulting @ Provided project oversight and quality assurance while executing IT advisory engagements; including operations reviews, system implementations and compliance engagements. From March 2001 to June 2004 (3 years 4 months)

BSE, Industrial Engineering @ University of Iowa From 1996 to 2000 Michael Klaessy is skilled in: PMO, IT Audit, CISA, SAS70, Information Technology, Sarbanes-Oxley, IT Controls, CRISC, Sarbanes-Oxley Act, COSO, COBIT, Enterprise Risk Management, Internal Controls, Risk Management, Internal Audit