We are Grant Thornton

Fort Lauderdale, Florida

  • Manufacturing, Transportation & Distribution
  • Asset management
  • Healthcare
  • Banking
  • Technology, media & telecommunications
Service Experience
  • Advisory

Andres Castañeda




Executive summary

Andres has over twenty-two years of experience providing advisory services in the United States, Europe, and Latin America. Andres has experience assisting both publicly traded and privately held organizations manage their organizational risks through internal audits (business and IT processes), risk management, regulatory compliance, and special attestation reports (SOC, AUP, HITRUST) services.

Andres has managed large international engagements using in-country and US based resources ensuring delivery consistency and quality across different geographies, and teams. Providing advisory services to clients from an internal and external audit perspective has allowed Andres to understand both perspectives and assist clients implementing efficient and cost-effective programs to address their internal and external stakeholder needs.

Directing the implementation of successful Sarbanes-Oxley compliance programs, which included leading organization wide scoping efforts, controls optimization, development of process documentation, and controls testing of key financial processes in order to minimize the overall cost of compliance, minimize the impact on the day-to-day operations, and maximize the reliance from the external auditors.

Working with organizations to perform a comprehensive assessment of their operations to help the organizations identify ways to increase efficiency, reduce cost, address existing risks, and implement a control environment that would allow senior management and the board of directors to rely on the information provided from an operational level.

Pricing, directing, and managing risk assessment engagements to help identify risk exposures from an operational, information technology, regulatory compliance, and/or corporate compliance standpoints. 

Leading special attestation reports engagements (e. G. SOC1, SOC 2) and other risk services related engagements. Assisting organizations determine how to leverage special attestation reports in order to meet their compliance, regulatory, or client requirements following an efficient, and cost-effective approach.

Scoping, planning, and delivering Internal Audits for large US and international organizations from the risk assessment process through the reporting phase.

Coordinating engagement across multiple industries including technology, retail, financial services, manufacturing, not-for-profit, healthcare, and professional services.



Professional qualifications and memberships

  • Certified Information Systems Auditor (CISA)
  • Institute of Internal Auditors (IIA) – Member
  • Information Systems Audit and Control Association (ISACA) – Member
  • Association of Latino Professionals in Finance and Accounting (ALPFA) – Member.
  • AICPA Cybersecurity Task Force – Committee Member.


Presentations and publications

  • “Adding Value to an Organization Through Internal Audit.” IIA Mexico International Conference – Presenter and Panelist.
  • IIA Mexico Chapter - May 19, 2007 / May 30, 2007 - “Proposed changes by the PCAOB and SEC to the Sarbanes-Oxley implementation guidelines.”
  • Annual National IIA Mexico Conference – October 8, 2007 –“IIA’s GAIT Methodology Implementation.”
  • Tampa FICPA Presentation – March 27, 2008 – “Are Your Controls in Check with your IT?”
  • Fort Lauderdale FICPA Presentation – March 28, 2008 – “Are Your Controls in Check with your IT?”
  • Fort Lauderdale ISACA Presentation – September 12, 2008 – “Is your Privacy Secured?”
  • Puzzled about SOC reports? Clarifying the decision-making process whitepaper – July 2011.
  • Demystifying Service Organization Control reports webcast – September 2011.
  • Implementing Sarbanes Oxley and Internal Controls for a multinational company – Santiago de Chile, Chile – October 2011.
  • FEI South Florida Chapter- October 20, 2011 – “New AICPA Attestation Report Mechanisms How to address the Cloud Computing risks using a SOC report. “ - July 2012.
  • Oracle Application Controls and Key Financial Risks - June 2013.
  • Auditing risks in a web based ERP - July 2013.
  • IIA Mexico International Conference - August 21, 2015 - “Adding Value to an Organization Through Internal Audit.”
  • Cloud Computing Audit Risks – February 2016.



  • Bachelors of Computer Science, Florida State University 
  • Math Minor

Search for people at Grant Thornton


Enter a name and/or keywords such as service area, industry or location to get to know our business leaders — partner, principal or managing director. We look forward to hearing from you.