OUR TEAM

Mick Skott, CHSP, CHPP

Partner & Senior Consulting Director

Mick has over 35 years of professional technical and technology consulting experience. His background includes over 25 years of professional business, and information technology risk consulting and project management.

Read More on Mick Skott

Owner and Senior Consulting Director 

Mick has over 35 years of professional technical and technology consulting experience. His background includes over 25 years of professional business, and information technology risk consulting and project management. He assist’s his clients in managing risks related to compliance and IT systems controls. Mick has significant experience within the hospital, medical provider, insurance, manufacturing and clinical analysis industries, and specializes in helping clients with technology deployments and risk management services, project management, training, and policy and procedure implementation.

Deep Specialization includes: 

  • Cybersecurity program implementation and assessment
  • HIPAA Security Risk Analysis
  • Medical Device Security
  • IT General controls Assessment
  • Privacy Assessments
  • Disaster Recovery Planning and Testing
  • IT Implementation, Project Management

Olga Lesinski CPA, MBA

Partner & Senior Consulting Director

Olga brings over 25 years of professional risk management experience, with a proven track record of improving operations, financial performance, and control environment for the clients served. Over the last 15 years, Olga led an outsourced internal audit department for a large hospital system.

Read More on Olga Lesinski

Olga brings over 25 years of professional risk management experience, with a proven track record of improving operations, financial performance, and control environment for the clients served. Over the last 15 years, Olga led an outsourced internal audit department for a large hospital system. Olga’s deep specialization includes enterprise-wide risk assessments, governance, quality assurance, as well as audit plan management and execution.

Olga has performed and managed audits in the areas of:

  • Healthcare Revenue Cycle
  • Physician Compensation and Practice Management
  • Materials Management
  • Real Estate Operations
  • Human Resources
  • Meaningful Use
  • HIPAA Compliance
  • OCR Readiness
  • Contract Compliance

Kevin H. Friesen, CHSP

With over 20 years of Healthcare Information Technology management experience….

Read More on Kevin H. Friesen

With over 20 years of Healthcare Information Technology management experience, Kevin brings expertise in the following areas:

  • IT security
  • Electronic medical records (Epic)
  • ERP systems
  • Customer Relationship Management
  • Project Management
  • Facility Construction.  

Kevin has been responsible for information security risk assessments of EMR systems and clinical sites, analyzing information security controls and compliance.

Andrea Merritt, CHC, CIA, CHCO

Andrea brings over 20 years of healthcare experience in the areas of compliance and internal auditing.  She has experience working with a number of different types of healthcare institutions across the country on improving their compliance program.

Read More on Andrea Merritt

Andrea brings over 20 years of healthcare experience in the areas of compliance and internal auditing.  She has experience working with a number of different types of healthcare institutions across the country on improving their compliance program.  Andrea not only implements innovative, proactive solutions, but has deep expertise in auditing and monitoring in the compliance field. 

Andrea provides customized support in the areas of:

  • Compliance Program Development
  • Compliance Investigations
  • Statistical Sampling and Extrapolation
  • Physician Compensation
  • HIPAA Privacy
  • Compliance Effectiveness Review
  • Development of Effective Compliance and HIPAA Education

Jackie Bonny, CIA, 340B ACE, CHIAP

Jackie is a healthcare auditor with over thirteen years of healthcare audit experience. She has extensive healthcare audit and advisory experience with deep specialization in 340B. She has performed numerous 340B mixed use, contract pharmacy, mock HRSA audits.

Read More on Jackie Bonny

Jackie is a healthcare auditor with over thirteen years of healthcare audit experience. She has extensive healthcare audit and advisory experience with deep specialization in 340B. She has performed numerous 340B mixed use, contract pharmacy, mock HRSA audits. She has experience with multiple covered entity types and split-billing systems. In addition to performing audits, Jackie has provided on-site and off-site support during HRSA audits and has been involved with the implementation of 340B programs. She has also assisted covered entities with program optimization, self-auditing process development, and general compliance guidance. Jackie played an instrumental role in building and growing the 340B practice at one of the largest accounting and consulting firms in the US before moving on to open 340B Partners.

Jackie also has in depth experience in the areas of:

  • Drug diversion
  • Pharmacy operations
  • Revenue Cycle
  • Physician Compensation and Practice Management
  • Fraud Investigations
  • Strategic Planning
  • Risk assessments

David Ponder, CISA

Certified Information Systems Auditor and RSA Archer Certified Professional currently specializing in risk assessment, risk management process design, and GRC system design and configuration.

Read More on David Ponder

Certified Information Systems Auditor and RSA Archer Certified Professional currently specializing in risk assessment, risk management process design, and GRC system design and configuration.

Technologist and Information Risk and Security professional experienced with multiple facets of technology. Highlights include “Big 4” IT audit and consulting experience, managing development teams and building web application testing for fortune 500 clients, implementing an Information Security Risk Management department and supporting eGRC system from the ground up at a major healthcare organization.

Skilled in IT risk management, risk assessment, control design and operation assessments, monitoring, reporting, process improvement, and application and infrastructure security. Seasoned as a liaison between management and internal/external audit functions.

Jeff Neuburger, CPA

Accomplished executive with an established reputation for delivering high value results to clients for over 35 years, with focuses in acute care, health insurance, senior living and medical manufacturing.

Read More on Jeff Neuburger

Accomplished executive with an established reputation for delivering high value results to clients for over 35 years, with focuses in acute care, health insurance, senior living and medical manufacturing. Jeff’s areas of specialization include:

  • Risk Analysis and Auditing including Sarbanes-Oxley (SOX), operational and financially focused audit projects.
  • Financial Analysis and Management – Financial reporting, Budgets & Forecasts, Key Performance, Indicators & Variance Analysis, Policy and Procedure development and Reimbursement and Revenue Cycle management and analysis.
  • Financial Management Interim Staffing.
  • Information Technology – Financial system implementation.
  • Governance Support – Staff to Governance Committees (agendas, self-assessments, retreat preparations, special purpose analyses) and Committee education.

Bryan Johnson, CISA, CRISC

Certified Information Systems Auditor, Certified in Risk and Information Systems Control, and RSA Archer Certified Professional with a diverse and blended background in several facets of governance, risk, compliance, and assurance and over twenty years of experience in the information technology and security field.

Read More on Bryan Johnson

Certified Information Systems Auditor, Certified in Risk and Information Systems Control, and RSA Archer Certified Professional with a diverse and blended background in several facets of governance, risk, compliance, and assurance and over twenty years of experience in the information technology and security field. Successfully assisted organizations deploying enterprise risk management functions in healthcare, energy, and gaming industries through understanding of each industry’s unique technical needs and regulatory requirements.

Technology governance expert with senior level management experience. Highlights include directing IT functions for over ten years, directing IT Audit functions over seven years, and currently helping clients design and implement governance structures such as change management, project initiation management, and change and steering committee operations.

Robert Thomas, CBCP, CISSP

Robert has over 25 years of diversified business continuity and disaster recovery (BC/DR) experience building, managing, and enhancing BC/DR programs.

Read More on Robert Thomas

Robert has over 25 years of diversified business continuity and disaster recovery (BC/DR) experience building, managing, and enhancing BC/DR programs. BC/DR projects types included:

  • Risk and program assessments
  • Business impact analyses
  • Recovery requirements determination
  • IT disaster recovery and High Availability (HA) strategy development
  • BC/DR plan development and documentation
  • Executive crisis management program development
  • BC/DR/HA strategy implementation
  • Testing, training and implementing governance and ongoing quality improvements programs for resiliency.
  • Industry specialist in life sciences, financial services and manufacturing

Robert has knowledge of Federal Reserve, Securities and Exchange Commission and other AICPA specific industries policies and regulations including, but not limited to ISO 22301:2012, FFIEC Guidelines for IT Disaster Recovery for Financial Institutions, BS25999, NFPA 1600, ITIL and COSO standards for BC/DR. 

Christopher Heuman, HCISPP, CISSP, CHP, CHSS, CSCS

Prior to consulting, Chris Heuman worked in healthcare organizations in an information systems and data security capacity for 22 years. Chris held increasingly responsible positions in Information Technology from systems and network administration to project management, infrastructure management and information security.

Read More on Chris Heuman

Chris held increasingly responsible positions in Information Technology from systems and network administration to project management, infrastructure management and information security. Prior to founding RISC Management, Chris developed consulting programs focused on information security and compliance as a Director of Engineering Services at mCurve, and Practice Leader for Compliance and Security at ecfirst. Through his practical experience and certifications as a Certified HIPAA Professional (CHP), Certified Security Compliance Specialist (CSCS), Certified Information Systems Security Professional (CISSP), and Healthcare Information Security and Privacy Practitioner (HCISPP), Chris is uniquely experienced to assist healthcare organizations in understanding and meeting the myriad compliance and security regulations and requirements they face.