Challenges of Auditing a Privacy Program

Mary Tarchinski
Mary Tarchinski AuditBoard
Greg Repala
Greg Repala RSM US LLP

On-Demand Webinars

Webinar Speakers

Mary Tarchinski is a Market Advisor at AuditBoard, supporting organizations, both large and small, transforming their security programs, compliance and risk management through best-in-class technology solutions. Mary has 9 years of global experience in the areas of audit, risk, and compliance. Beginning her career at EY, Mary supported fortune 500 companies as part of their external audits and focused on organization’s information technology general controls. Mary transitioned to a risk and compliance focus with A-LIGN in 2017, where she helped build the risk management practice and grow the SOC practice. During her time at A-LIGN, Mary was a Senior Manager that led a group of 20 SOC and HIPAA professionals and oversaw a variety of SOC, HIPAA and ISO compliance audits. Additionally, Mary has consulted on business continuity and disaster recovery processes, and facilitated various risk assessments for companies, both large and small.

Greg Repala has over seven years of consulting experience assisting organizations in identifying their privacy obligations and designing, building, implementing, running and auditing privacy programs. He has an additional 10 years of industry experience before attending law school and working in a consulting capacity. Greg has previously worked in retail and entertainment industries for a financial services organization and for a midsize commercial printing company. Greg’s clients have included some of the leading entities in the financial services, insurance, technology, pharmaceutical, consumer services and consumer products industries. He has led multiple engagements related to privacy program management, including assessments, compliance requirements mapping, governance design, strategy and capabilities assessments, and the evaluation of organization-wide business processes and supporting IT assets. He has led global remediation programs across several industries to implement various privacy program components and functions, as well as to design and operationalize privacy controls across IT and business processes.


A well-structured privacy program spans the breadth of an enterprise and typically touches on many related capabilities, including third-party and contract management, data governance, legal, human resources, marketing, cybersecurity, website design and maintenance, and others. The most effective privacy programs utilize privacy-by-design principles and imbed tollgates into other key enterprise risk management functions. However, building such programs and getting to a desired maturity level can be a long and challenging process. This presentation will cover typical areas a privacy program should cover, typical challenges in auditing such functions, and the various effectiveness and design testing that can be performed for various maturity organizations.

View Webinar Now