Mr. Lafferty is a Principal with the Advisory practice of KPMG LLP. Mr. Lafferty has more than 22 years of experience with technology environments including the security of corporate networks, Smart Grid and AMI networks, SCADA and PCN networks, computer operations, software evaluations, system development, and NERC CIP risk assessments and compliance audits.
Shawn has broad and deep experience with a wide range of business process and technical control issues including ERP design and implementation, IT Function Transformation and Optimization, Strategy, Performance and Governance assessments, Logical Security, Data Privacy, and Sarbanes-Oxley compliance assessments.
Professional and Industry Experience
Smart Grid / AMI Assessment
Directed a security review of the communication and data flow from the Home meter, across communication networks to the Meter Data Management system. We have provided the clients detailed risk and vulnerability assessments with gap analysis reports, observations and recommendations to mitigate technology risks and improve the security posture.
Directed detailed security audits of SCADA equipment for a regional utility. This included addressing areas such as policies & procedures, user administration, physical security, and operations.
NERC Critical Infrastructure Protection Assessments
Directed Critical Infrastructure Protection readiness assessments and reviews. In the areas of Transmission and Generation Owners/Operators, we assessed the appropriateness of the approach, progress, and posture of the project in place to address government regulations NERC CIP-001 through CIP-009.
Provided key insight on several NERC CIP projects focused specifically on interpretation of existing requirements and the most recent guidance from NERC regarding CIP-009. This included performing gap analyses on existing client methodologies versus the suggested guidance.
External Audit and Controls
Directed numerous risk based Information System audits on computer systems and application user departments to detect operational, system, or application control weaknesses. Directed multiple Financial systems Pre & Post Implementation control and business integration reviews of the Sales & Distribution, Purchasing, General Ledger, Cash Management and Financial Reporting business cycles.
Directed the ERP audit work programs, supervised day-to-day tasks and monitored the progress towards project milestones. ERP systems include SAP, Oracle Financials, PeopleSoft, HFM, Hyperion Enterprise, JD Edwards, Lawson, plus ETRM and GRC software’s.
Industries & Clients
Broad based experience in the Power Utilities, Natural Gas, Chemicals and Refining, and EPC industries. Mr. Lafferty’s energy related experience includes; GenOn, Entergy, RRI, Reliant Energy, CLECO, CenterPoint Energy, NRG, PG&E, Calpine, El Paso Electric, Dynegy, Constellation Energy, Anadarko Petroleum, The Shaw Group, Chicago Bridge & Iron, Halliburton, Valero, Targa Resources, Enron, Input / Output, Dow Chemicals, BG Group, Atmos Energy, United Gas Pipeline, Natural Gas Pipeline and United Texas Transmissions Company (Midcon).