Our People


Ashwin Pal is a Director of the Risk Advisory division in Sydney specialising in privacy and security. 

Ashwin is passionate about providing solutions to his clients and has worked alongside many industries including energy and utilities, government, health, mining and manufacturing. 

Prior to joining RSM, Ashwin built and controlled a security business for a large global systems integrator across the Asia Pacific region.

Ashwin often jokes that there isn't much he can't hack into but in his free time, when he isn't on a computer, he can usually be found watching rugby and cricket.

Ashwin Pal is a Partner of RSM Australia Partners and a Director of RSM Australia Pty Ltd.

SOLUTIONS Ashwin Pal PROVIDESAshwin Pal is a Director of the Risk Advisory division in Sydney specialising in privacy and security.

  • Governance, risk and controls advisory
  • Security and privacy consulting
  • IT Security testing and compliance
  • Cyber risk management
  • Cyber security transformation
  • Security technology implementation and advice


  • Successfully taking a Tier Two bank through CPS234 compliance in 9 months consequently saving them $850,000 in fees with one project alone. 
  • Ashwin successfully led the security transformation project for a large government organisation and increased their cyber security rating from 1.5 to 3.5.


  • Member - Information Systems Audit and Control Association (ISACA)
  • Member - International Information Systems Security Certification Consortium (ISC)
  • Member – Australian Information Security Association (AISA)
  • Member – EC-Council
  • Member – Australian Computer Society (ACS)


  • Bachelor of Commerce and Administration - Majoring in Information Systems and Management
    (Victoria University of Wellington)


  • Corinium Group  - 2021 Global Top 100 Leaders in Information Security

CPS 234 – Tripartite Audit

12 December 2022
RSM is one of those few organisations that are uniquely qualified to perform the audit and report in line with the ASAE 3150 standards required by APRA. What is the CPS 234 Tripartite Audit? The CPS 234 Tripartite Audit is a one-off audit requested by APRA in response to an increasing number of cyber incidents and data breaches reported to ...

How businesses can respond to current cyber threats

5 October 2022
Cyber security breaches seem to be becoming commonplace these days.   Hardly a week goes by where we do not hear of a breach at an iconic organisation. This has led to increased caution being exercised for cyber by Boards and Executives and I am regularly getting asked for advice in this key area of risk. Given the criticality of this area,...

Responding to current cyber threats and how to protect yourself

5 October 2022
The advent of individuals being scammed or their identity data being stolen seems to be increasing exponentially.

Risk Insider Newsletter - Edition #13

1 September 2022
It is now more critical than ever that businesses take responsibility for, and shape the impact they have on the environment, their community, and stakeholders. Putting sustainable and responsible practices at the heart of the business is fast becoming a pivotal requirement for regulators, investors, and other stakeholders. While profit will, inevi...

Risk Insider Newsletter - Edition #12

31 August 2022
I recently sat down with two ASX listed Board Directors to discuss the board’s role in integrating environmental, social and governance (ESG) criteria into business performance. Overwhelming, we concluded that Boards of Directors can help their companies incorporate elements of ESG into overall strategy by defining short- and long-term objectives...

Cyber security in agriculture: How to adopt technology and keep your business secure

11 July 2022
Cyber security in agriculture is a growing concern.  Innovative technology like smart-sensors can help save a harvest from the whims of Mother Nature, but internet-connected devices do come with added risk. RSM Sydney's Director of Risk Advisory, Ashwin Pal, talks about the cyber risk that comes with smart technology in agribusiness and how to innovate securely.

thinkBIG report: Cyber security

27 June 2022
Just because your business is small, doesn’t mean it’s safe from cyber attack. In fact, a cyber criminal may target small businesses because they’re less likely to have sophisticated cyber defences. Read about what you can do to ensure your business is cyber secure.  ...

Technology Due Diligence

10 May 2022
For private equity and corporate acquirers, identifying and assessing technology that can affect capital allocation and growth potential is critical during the diligence process. Technology risks can consume significant post deal investment or impair long term revenue gains. On the buy side of a deal, this information can validate the asking pri...

The 2022 State of Agribusiness in Australia

21 April 2022
The 2022 State of Agribusiness in Australia report provides an overview of the challenges the industry currently faces, along with recommendations and insights from industry leaders that will let agricultural players harness more opportunities and strengthen their position in the market. ...

Now is the time for Risk and Cyber Security to work closer together

29 March 2022
Having worked across all of Asia Pacific in previous roles, RSM's cybersecurity and privacy specialist Ashwin Pal has seen and experienced how things are done broadly within the region. 

Risk Insider Newsletter - Edition #11

14 March 2022
We hope that this edition of the Risk Insider finds you well. The current circumstances that we are faced with are unprecedented and devastating. We want to take this opportunity to extend our support to any businesses that have been affected during this time

The Six Pillars of Cyber Security and Risk Management

9 February 2022
Not a week goes by without news of a prominent organisation falling victim to a cyber attack.  This list of organisations seems to grow endlessly as cyber criminals enjoy their successes and try more attacks with newer tactics and techniques. As the attacks continue seemingly unabated, Boards are asking why? Why are these attacks and their ...

Adding value through Cyber and Data Analytics

25 January 2022
In a recent report released by Gartner, they stated that one of the top 5 emerging risks for audit executives was ransomware. Stating that due to the "evolution in ransomware" there is an increased risk on their organisations operations or revenue from service attacks or cyberextortion. This increased pressure means that businesses are looking ...

A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and Mandatory Data Breach Notification Scheme

24 January 2022
On 13 February 2017 the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill establishing a Mandatory Data Breach Notification Scheme in Australia.  The purpose of which is to protect the rights of individuals and strengthen community trust in businesses and agencies.  This amendment to the Australian Privacy A...

Staying on top of our Cyber Hygiene

1 December 2021
One of the implications of COVID on our digital lives is that we are now more online than ever before.  With Cyber Monday just gone past and Christmas around the corner, the usual spike in online scamming is imminent. One of the direct consequences of this has been an increase in the number of cyber-attacks we are seeing both on businesses ...

Webinar: Connecting the Dots - Cyber Security and Law

16 November 2021
RSM Australia and Colin Biggers & Paisley hosted a virtual round-table discussing the relationship and links between cyber security and law as the number of data breaches in Australia increases. Ashwin Pal, Director of Cyber Security and Privacy Risk Services at RSM Australia moderated a panel including, Toby Blyth, Corporate and Commer...

Security of Critical Infrastructure Act 2018 (SOCI Act) – A Brief Overview

14 October 2021
No one will argue that the cyber threat landscape is changing rapidly for the worse. We have seen an increasing number of attacks on critical infrastructure lately. Motivations for these attacks vary from financial gain to nation state attacks with the aim of causing damage and destruction to another nation. The Australian government has res...

Cyber Security - Board, Audit and Risk Committee Responsibility

28 September 2021
There aren't too many weeks that go by where there isn’t a new significant data breach reported. It doesn’t matter which report you read, cyber crime is becoming big business for cyber criminals and a major problem for organisations. This is raising a few questions at all levels with respect to trying to get on top of this issue. One of t...

Controls Alignment to Risk Tolerance

28 September 2021
The first half of 2021 has seen a noticeable increase in cyber breaches of some very notable brands. What seems to be of surprise to most is the fact that large companies who we would expect to have robust cyber security strategies in place are falling victim to simple cyber-attacks. This raises the question around what is missing and what needs to...

RSM Australia is prequalified for the NSW ICT Services Scheme (SCM0020)

16 September 2021
Earlier this year, the NSW Stage Government announced the release of the NSW CSP 4.0. One of the key drivers for this Policy is the uplift of cyber resilience in government in response to the significant increase in cyber attacks in Australia.  Additionally, COVID has driven the need for digital transformation to quickly enable remote worki...

Risk Insider Newsletter - Edition #9

31 August 2021
Cybersecurity and data privacy issues continue to make headlines, and the risks surrounding them are only increasing. The demands on chief information security officers and chief technology officers expand as data moves from in-house systems to cloud computing, mobile devices, remote work setups, and new technologies including artificial intelligence and robotic process automation.

Operational Technology (OT) security in healthcare

16 August 2021
Cyber security incidents are continuing to grow exponentially globally. Pharma companies have rushed to find vaccines and have stepped up efforts to manufacture these in large numbers to meet global demand. Unfortunately, cyber criminals have also realised this and are now ramping up attacks on healthcare.

Cyber Security – A practical approach

9 August 2021
As the threat landscape worsens and we see new attacks emerging daily, organisations are left asking the question “what needs to change” to stop this? Having worked with multiple organisations to develop their cyber security strategy and to uplift their cyber security posture, our advice has stayed the same over the last two decades – focu...

Ransomware – How SMEs Can Stay Safe Online

15 July 2021
There have been several ransomware attacks on Australian businesses lately. Awareness of this threat is increasing, but a number of small businesses, in particular, are still in the dark around what this is and how to protect themselves against it.  BUT FIRST, WHAT IS RANSOMWARE? Ransomware comprises a class of malware that restricts acc...

RSM & Menlo Partnership

Professional services firm RSM Australia is pleased to announce a new reseller agreement with Menlo Security, a leader in cloud security. The two companies have signed a partnership agreement in which Menlo Security will provide turnkey cyber security solutions delivered as managed business services through RSM.  The provision of impro...

RSM and Avertro forge a partnership to secure Australian businesses

RSM Australia (RSM), one of the largest mid-tier accounting firms in Australia, are joining forces with Avertro, a sovereign Australian cybersecurity startup, in an industry-leading partnership that will improve the cyber resilience of Australian businesses. Among today’s advanced threats, rapidly evolving ransomware and a constantly shifting ...