Who Are We?
The Customer is King!
Our CAG Members have unique work experiences in the audit and control space in all three roles as customer, vendor, and consultant. Our mission is to be an independent, trusted advisor to customers first and product vendors secondly. Our membership is comprised of only senior consultants, so we can provide our clients proven methodologies, quicker solution delivery, effective application security design, practical training, and in-depth product evaluations.
With offices in the US, Canada, and Europe, Customer Advisory Group serves corporations at the Enterprise and / or Business Unit levels. We strive to create realistic, tangible, sustainable successes for every client.
Founders:
|
James Roeske is a renowned GRC and Security speaker, practitioner, and advocate since 2005. Mr. Roeske founded firms that became the de facto implementers of SAP GRC, post-acquisition of Virsa Systems by SAP. With 170+ customer consultations, James has developed unique insight on a wide range of customer GRC and Security journeys from assessment to adoption and implementation. James’ 19 years as Auditor, SAP Security, and Compliance practitioner present invaluable insight to clients. |
|
Gary Dickhart
created and ran the GRC Customer Advisory Office at SAP, the main interface with SAP’s GRC customers. He developed the first commercial Segregation of Duties solution, and helped 80+ companies implement SoD management products. Over 200 customer visits provide deep insight on best practices for SAP GRC solutions. Gary also has 30 years of service with F100 firms in Information Security and Internal Audit senior management positions. From its inception Mr. Dickhart has held Certified Information System Auditor status, and recently published his first book, on the subject of corporate integrity, The Power of Integrity: An Ethical Approach to Business Management. |
Senior Members:
|
Ruth Johnson has more than 16 years of experience specializing in SAP security application design, security implementation, and Segregation of Duties design and security audit; over 7 of which has been focused on SAP GRC application implementations. Ruth’s recent experiences in a client’s upgrade to GRC Access Control 10.0 keeps her up to the latest release from SAP. Ruth is a hands-on functional SAP security specialist, ensuring the design and development of appropriate security and controls in both public and private sector companies around the world. She has worked on global scale SAP GRC implementations and has extensive experience in planning, implementing, training and administering SAP GRC applications. Ruth is a speaker at SAP GRC conferences as one of the foremost experts on workflow in SAP GRC Access Control. As most of our members, Ruth has great insight because she has the dual perspectives: One as a performer inside a company and the other as an external advisor to many customers. |
|
Dina Shahin has more than 15 years of experience specializing in SAP security application design, security implementation, Segregation of Duties design, SAP GRC application implementation, and audit. She has worked on global scale SAP implementations and has extensive experience in planning, implementing, training, and administering SAP GRC applications. Dina is a hands-on functional SAP security specialist, ensuring the design and development of appropriate security and controls in both public and private sector companies around the world. Dina has over 60 engagements in a wide-range of organization sizes and industries. She is based in Germany. |
|
Kees Blom combines strong knowledge of financial accounting processes with his expertise of auditing, risk management, IT enablement and change management. He has held positions inside organizations as well as in consulting firms. Kees has experience from the perspective of a customer, a service provider and auditor. In Kees' most recent engagement he was the project lead for the Heineken implementation of SAP GRC Access Control version 10. His background in business allowed him to relay the business benefits to key champions in each of the divisions to get them to adopt the new enterprise standardized approach for critical access and Segregation of Duty monitoring. The project utilized a unique approach for new users to get indoctrinated easily to the new solution and processes. Kees is based in the Netherlands. |
|
John J. Chico provides a value added perspective using his background as both an internal customer and external consultant. His career has evolved from leading Internal Audit and Compliance teams to leading the design and integration of new financial processes and solutions to help companies manage risk and compliance more effectively. His work in a variety of industries enables him to tailor approaches that fit client needs very well. John created new operational processes in connection with a capital project that resulted in annual cost savings of over $750,000. His innovative methods and skills are highly regarded and have been sought to lead projects related to integrating new software to enhance audit and controls techniques. John led one of the largest SAP process control implementations involving 100 financial and operational audit procedures for a utilities industry leader with operations in 140 countries. |
|
Jamie Frame is a dynamic global leader in the field of Information Security, GRC, Risk Management and Audit, with a sophisticated understanding of Information Security Architecture and Infrastructure. He possesses a deep knowledge of best business processes and practices, and excels at building Global Business relationships. Jamie has led over 30 large scale Security, global ERP business transformation projects for multiple F100 companies. He specializes in establishing and leading Information Security innovation and operations programs to enable successful product-strategy innovation, development, deployment, and compliance sustainability. |
