Our People


Jenny is a senior advisor and proven people leader with a combined knowledge of business, audit services, risk advisory, and information technology.

With the ability to talk to all disciplines and apply evidence-based judgement, Jenny can deliver assurance to boards and executive management teams. 

Jenny has held roles in compliance and internal audit at Hastings Funds Management and was the Head of Audit Services and was a General Manager of Audit – Technology at ANZ. In a previous role, Jenny was also a Senior Manager of Information Systems & Technology Risk Management & Assurance at Telstra.

“I enjoy the balance between the leadership of the team, the technical elements of working in cybersecurity and privacy, and client relationship management.”

Additionally, Jenny is an independent non-executive director, an experienced chair of board committees, particularly audit, finance, and risk, and an independent member of several audit, risk, and finance committees across Australia.

Jenny supports her clients by helping them mature their risk management practices and is enthusiastic in supporting their team and watching them develop. 

She attributes some of her success to waking up early, “I'm an early starter - love the quiet time from 6 am when I can get things done before everyone else wakes up!”

SOLUTIONS JENNY JOHANSON PROVIDES basic_illustrations-innovation.png

  • Strategy design and execution: Jenny designed an internal audit (IA) strategy and led the execution of the people part of this project. This was designed to up-skill future leaders with audit skills and led to an increase in non-audit personnel in an internal audit of 25% over two years.
  • Leadership/team building: Jenny led the change process to move a dysfunctional team to a highly engaged team by setting the vision and engaging the people across the team. This was achieved by ensuring role clarity and alignment to team goals.
  • Learning and development: Jenny oversaw the transformation of development programs to focus on internal audit’s competencies.  This enabled a lift in capability, the achievement of the internal audit strategy, and a well-defined and embedded induction/training program.
  • Proactively improve risk management and controls: Jenny has overseen, and currently oversees complex technology audits in information security and other areas.  Audit findings have resulted in increased investments in technology to prevent, detect, and respond to emerging and evolving threats.
  • Governance improvements: established the finance and audit committee of the board and worked with the board to ensure a sound governance structure.


Jenny has been a key driver in delivering outcomes in her previous roles. Some of the projects she has been involved in include: 

  • Developed and implemented compliance and internal audit framework across the corporate and funds businesses at Hastings Funds Management.
  • Led the audit services team at ANZ, which had responsibility for enabling support activities for the global internal audit team, including reporting to the audit and risk committees, as well as Management Board.
  • Led global internal audit activities at ANZ across Group Technology to provide an independent appraisal of the internal controls within the global segment.
  • Developed a framework to assist Telstra’s understanding of the components of ideal risk management.

Associations basic_illustrations-10-tax_alert.png

  • Chartered Accountants Australia New Zealand (CAANZ) 
  • Information Systems Audit & Control Association (ISACA)
  • Institute of Internal Auditors (IIA)
  • CPA Australia
  • Australian Institute of Company Directors (AICD)


  • Bachelor of Commerce - University of Melbourne
  • Chartered Accountant - CAANZ
  • Certified Information Systems Auditor (CISA) -  ISACA
  • Company Director’s Diploma - AICD


  • Finalist - Australian Women in Security Network (AWSN) - Best Mentor of Security/Resilience Category

New Regulations for a New Year - CPS 234

8 January 2019
Following an increase in the frequency of information security attacks, a new Australian Prudential Regulation Authority (APRA) Information Security Prudential Standard (CPS 234) is coming into effect on 1 July 2019.  The new standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security in...

Banking Royal Commission: next steps for financial industry

28 November 2018
The interim report from the Banking Royal Commission (BRC) into misconduct in the banking, superannuation and financial services industry has some hard lessons for those in the financial services industry, including accountants and financial advisors. Leadership failures, deeply-ingrained cultural issues, governance and accountability break...