Paul has been a member of ISACA for 25 years, serving originally as a Board member and President of the London (UK) Chapter. He joined the International Board in 1997 serving as International President from 1999 to 2001.
Currently Paul serves as Chair of the ISACA/ITGI Strategy Advisory Group and is a member of the Associationfs Governance Advisory Council. He is also a member of the Val IT Steering Committee.
Paul has been, and continues to be, a regular speaker at ISACA/ITGI conferences and is the author or co-author of a number of ISACA/ITGI publications including two of the titles in the IT Governance Domains series.
Paul is an independent consultant specialising in IT governance, IT due diligence, IT audit and project risk management. He acts as strategy advisor for SeaQuation, a spin out company from ING specialising in intelligent IT portfolio analysis, and as adviser on IT governance activities for Protiviti, a risk management consultancy. He has particular experience in advising financial services companies on IT value, performance, and risk management issues. For the last three years he has been a lead consultant to the ING IT Performance and Investment Value team which has now evolved into SeaQuation. Prior to 2002 he was a partner in one of the largest global professional services firms where he had responsibility for the development and delivery of technology risk management and internal audit services.
He is a UK Chartered Accountant, Chartered Information Systems Professional and a Member of the British Computer Society. He served as the Chairman of the IT Faculty of the Institute of Chartered Accountants in England & Wales from 1993 to 1997. He is a regular writer and contributor to a number of publications including the IS Control Journal, Computer Weekly, IT Leadership Magazine, Accountancy Age, InfoSecurity and computerweekly.com. He has made several TV and radio appearances commenting on IT management issues on BBC, CNN and CNBC.
Paul has been involved in a number of high profile projects including advising on security for the UKfs first on-line bank and a number of public sector reviews and investigations. In 1992/93 he was appointed by the then UK Secretary of State for Health as the IT expert commissioned to report on the failure of the London Ambulance Service computer aided despatch system. The public report produced as a result of this investigation continues to be used by many universities, business schools and companies as a case study on managing project and implementation risk.