Sanna is the Head of Information Risk Management (IRM) at KPMG Norway. She has a long experience as an information Systems Auditor managing several projects for many national and international companies in wide variety of industries.
Her areas of special expertise include IT and business process controls and assurance, ISAE 3402 service organization audits, data analysis, shared service center audits, system implementation assurance and Sarbanes-Oxley (SOX) compliance auditing and implementations.
In years 2003 - 2005 she was performing internal control implementations, validations and evaluations as required by the US Sarbanes-Oxley Act of 2002 in San Jose, US. Since then she has been extensively involved with SOX and other internal control projects worldwide, helping global organizations to develop and harmonize internal controls in business processes and IT.
Her experience as a financial auditor earlier in her career gives her a great understanding on information systems and controls around the financial reporting process.