Image of Tom R. Wojcinski

Tom R. Wojcinski

414 777 5536

Tom has more than 17 years of technology consulting experience. He leads Baker Tilly’s cybersecurity and information technology (IT) risk consulting practice with 80 professionals. Tom specializes in helping clients maximize the confidentiality, availability and integrity of their information assets. His expertise includes: cybersecurity program development and implementation, cybersecurity and IT risk assessments, IT controls and governance, segregation of duties assessment/remediation, and major system implementation risk management. Additionally, he contributes to the leadership of Baker Tilly’s services in the intersection of IT and audit/assurance services with System and Organization Controls (SOC). His client base includes a variety of industries: energy and utilities, healthcare, insurance, manufacturing and distribution, and technology, as well as service providers and financial institutions. He also chairs the Baker Tilly International North American collaboration committee on IT risk and governance.


  • Advises clients on designing and enhancing cybersecurity, IT risk, governance and compliance programs, including SOX-related activities such as control process definition, test planning and execution, and control assessment
  • Develops programs to address risks presented by large-scale, high-risk corporate IT projects such as new data center development or enterprise resource planning (ERP) application upgrade and migration events
  • Oversees IT audit engagements to coordinate corporate objectives with external audit risks and ensure integration between internal and external audit teams
  • Leads engagements to help clients gain insights in increasing IT effectiveness and improve satisfaction with the IT function
  • Leads engagements to provide IT internal audit services and meets regularly with audit committees on IT risk topics
  • Conducts SAP governance, risk and compliance-based segregation of duties analysis and facilitates remediation workshops to identify access modification requirements
  • Directs transition of IT operations and business processes to outsourced service provider, and develops quality/risk monitoring processes
  • Provides remediation recommendations and implementation plans to address IT control gaps
  • Part of the team that developed Baker Tilly‚Äôs approach for SEC client SOX compliance verification


  • Information Systems Audit and Control Association
  • The Institute of Internal Auditors
  • American Institute of Certified Public Accountants
  • Cloud Security Alliance
  • HITRUST Alliance


Marquette University (Milwaukee, Wisconsin)
Bachelor of Science in Business Administration; majors in Finance and Information Technology