RSM Australia

Our People

Biography

As a trusted advisor with over 27 years of experience, specialising in delivering probity advice and services to an extensive range of public sector and government enterprise clients across all jurisdictions, Michael Shatter brings an informed and expert perspective as a Director of the Risk Advisory Services division in Melbourne, delivering practical and defensible probity advice that aligns with the highest probity standards of Australian and state governments. Working with teams that focus on Probity & Assurance as well as Security & Privacy services - both services reflect his focus on the security and integrity of information and related processes.

Michael Shatter is a Partner of RSM Australia Partners and a Director of RSM Australia Pty Ltd.

ifrs accounting standardsMichael has worked on extensive strategic and tactical probity advisory and assurance projects, from small but complex procurements through to high risk and high-value transactions. These procurements have included complexities associated with technical challenges or incumbency/market risks through to high-profile and high vale risk profiles that need the independent comfort from a probity practitioner with credibility and a robust record, Some of the larger projects include Public-Private Partnership transactions through to alliance or managing contractor arrangements for some of the country’s and State’s highest profile projects.

Michael has also been responsible for the delivery of comprehensive Cyber Security Assessments, Internal and External Penetration Tests, Social Engineering Security Reviews and comprehensive reviews of information technology and communication controls of medium to large organisations. 

With a comprehensive education, skill and experience in maintaining integrity of some of the highest risk and profile projects in the country, Michael is has been involved in sensitive investigations and reviews of transactions to analyse and opine on their integrity and identify breaches in integrity and process.

Before joining RSM, Michael was with the risk consulting practice of a 'Big 4' firm for 11 years.  In addition to delivering probity services throughout his career, he has worked in the security, control and privacy of information, business and financial information systems and processes. More recently, Michael also established the Cyber Security and Privacy practice at RSM Australia.

"I find it rewarding to connect with my clients and work closely with them, to not only overcome probity challenges, but to ensure that integrity is embedded in their projects in a commensurate and commercial manner, maintaining focus on the project objectives. However, it is the meaningful and long term business relationships that have been created over my career which provides the motivation to continue to deliver probity in a personable, professional and enjoyable manner".

Michael has been the probity advisor and auditor on Australia’s largest recent privatisation projects, including the recent Port of Melbourne Medium Term Lease, Long Term Lease of TransGrid (NSW). He has also assisted governments in delivering their public-private projects, such as the recent Ravenhall Prison Project for the Victorian Department of Justice and Regulation. These projects, combined with hundreds of other procurement projects across a broad range of goods and services, has resulted in RSM Australia being one of the most experienced probity practitioners in the country.

Outside RSM, Michael has a deep-seeded love and respect for karate and is passionate about cycling,  both as a participant and spectator (although he regrets the time zone he lives in!). Acknowledging that probity can be a conversation killer, Michael has a quirky knack for making his interactions with people and clients, as well as the delivery of professional probity advice,  enjoyable and memorable.

Solutions Michael provides

Michael assists clients in:

  • management system reviews
  • procurement and project & organisation governance
  • probity advisory services across the initial through to contract execution of a large range of procurements and commercial transactions
  • probity audit of transactions that require an independent opinion on the integrity and appropriateness of the process
  • delivery of comprehensive and project wide probity services for public-private projects
  • probity services for large government divestment and privatisation projects
  • tender development and evaluation services
  • probity investigations and post-transaction reviews
  • project and process governance development
  • governance and probity plan development
  • financial and business probity process risk management
  • financial and business process controls and assurance
  • probity training development and delivery
  • probity and transaction process presentations and workshops

 

Michael previously was extensively involved with and can assist clients with:

  • cyber security risk assessment
  • cyber security tests and reviews
  • penetration testing (internal and external)
  • vulnerability assessments of existing systems and networks
  • performance of multi-vector social engineering assessments
  • SCADA security process reviews
  • physical security assessments
  • counter-surveillance measures assessments
  • security awareness training
  • computer forensics
  • disaster recovery planning
  • business continuity planning

Significant projects

Michael delivers probity services to various complex and significant projects, including the integration of probity into organisation risk management frameworks. Some of his notable projects include:

  • Assisted both the NSW and Victorian Governments in the implementation and management of probity across multiple billion-dollar divestment transactions including privatisation of energy and commercial ports.
    • NSW Energy Privatisation program of its generation, distribution, and retail business
    • Privatisation of the Port of Melbourne
    • Privatisation of Port Botany
    • Privatisation of Port Kembla
    • Privatisation of Newcastle Ports
    • Disability and Community Services Transfer Program, NSW
  • Ensured a probity culture was established and maintained through various public-private-partnership community infrastructure projects, including private prisons, court facilities and state road projects.
    • Victorian private prison Public-Private-Partnership Projects, most recently, the Ravenhall Prison Project
    • The North East Link Project
    • Major Roads Projects Victoria
    • Court Services
    • Frankston Hospital Redevelopment Projects
    • Victorian Health and Human Services Building Authority Projects
    • Correction Services Building Authority Projects
  • Worked closely with a national communications infrastructure provider over the last five years to maintain probity across its rollout of key technical infrastructure and services, ensuring Commonwealth and organisations probity processes are in place and being maintained.
    • nbn infrastructure construction projects
    • nbn systems and process projects

Professional associations

  • Fellow, Chartered Accountants Australia and New Zealand
  • Information Systems Audit and Control Association (ISACA)
  • Certified Information Systems Auditor (CISA)
  • Institute of Internal Auditors

Qualifications

  • Bachelor of Business – Accounting (Deakin University)

Events & Presentations

  • “Cyber threats are endless, so protect your organisation’s crown jewels”, Acuity Journal (2019)
  • “Cyber Crime”, ACFE Fraud Conference Asia Pacific, Singapore (2016)
  • “Does your investment in Security Deliver Value” presented at the Australian Cyber Security Conference, Canberra (2017)
  • "Future Crime: A virtual certainty" - 32nd Governance Institute of Australia National Conference (2015)
  • “Integrity in Procurement” presented to the Singapore Auditor General’s Office (2012)
Publications

IIA's Procurement Integrity (Probity) Paper

24 April 2020
Probity is often considered as the "integrity & uprightness" of a process. A pragmatic approach to probity means maintaining flexibility in a controlled manner within an acceptable and defensible probity framework. Procurement process conducted within a defensible probity framework that considers appropriate probity risks will ensure proce...

Independence issues for internal auditors

12 February 2020
Internal audits can help organisations understand how well they’re managing their risk, control, and governance processes. Internal auditors don’t just examine an organisation’s financials; they review all aspects of its operations to identify ways to help the organisation improve its performance.  While independence is extremely valu...

Cyber Security: The show me - don't tell me approach

25 February 2019
The complexity and challenges presented by cyber security risks are both many and multi-dimensional.  However, there’s no single solution that is the panacea as organisations assess their cyber security risks.  The importance of adopting a strategic and holistic approach is more important than ever. The 2018 AISA conference covered l...

Maintaining data security: tips for franchisors and franchisees

17 December 2018
Running a business in the digital age means that, on top of operational and customer delivery, there is another layer of complexity in the form of ensuring data security within your business is strong. As online channels provide more opportunities to build customer loyalty and offer increased choice in how customers interact with the business, t...

Are you ready to meet the challenges of the GDPR?

19 July 2018
Digital advancements have resulted in consumer data being created, collected and stored within seconds. It is increasingly important to have clear laws and safeguards in place given the growing digital economy and associated cyber security risk. In May 2018, the new European Union General Data Protection Regulation (GDPR) came into force...

How damaging is the KRACK Wi-Fi attack?

24 October 2017
Mind the KRACK – How damaging is the KRACK Wi-Fi attack? How damaging is the KRACK Wi-Fi attack and can it simply be patched with software updates? RSM’s Cyber expert, Michael Shatter (National Director, Security and Privacy Risk Services) catches up with Daimon Geopfert, National Leader of Security and Privacy (RSM US) to discuss the i...

KRACK Wi-Fi exploit highlights core vulnerabilities of the internet

24 October 2017
Mind the KRACK - How the KRACK Wi-Fi exploit highlights the core vulnerabilities of the internet. KRACK (Key Reinstallation AttaCK) is a severe replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections and targets the third step in a four-way authentication “handshake” perform...

Why the ‘Cyber-drill’ is now the new ‘fire drill’

21 July 2017
RSM Australia was proud to recently sponsor a Boardroom Hypothetical presented by the theresolution.com.au around a major cyber incident. Following on from the recent article on the Boardroom Hypothetical 'The Chairperson has a critical role', we take a look at some key takeaways from the event which includes the readiness of organisat...

The Chairperson has a critical role

14 June 2017
RSM Australia was proud to recently sponsor a Boardroom Hypothetical around a major cyber incident. The Board was made up of Lindsay Tanner, Graeme Samuel and Chaired by Sue O’Connor - three very accomplished directors. The importance of having a strong Chairperson was highlighted given the key issues and director risk areas of ...

Global ransomware outbreak

15 May 2017
You will have noticed significant media coverage of an outbreak of ransomware globally which impacted 10,000 organisations in over 150 countries including Britain’s National Health Service and automaker Renault. To provide more insight, this is ransomware (named WannaCry) spreading through MS17-010, which is a set of vulnerabilities for which ...

Defining cyber risk. A view from the directors chair.

29 November 2016
Tim Daly, Group Manager Risk, Security and Service Management at AEMO, recently discussed cyber risks at the Sydney Women on Boards luncheon. INTRODUCTION Every organisation and every business is now reliant on technology. Therefore cyber security cannot be considered a risk in isolation or something IT ‘will deal with’,...

Five ways to protect your organisation against cyberattacks

15 June 2016
Large corporations are not the only targets that cybercriminals have in their sights; unfortunately, mid-size and even smaller entities are increasingly becoming victims of cyberattacks. Ensure your organisation has the appropriate security controls in place to help protect your valuable corporate and customer data, and mitigate the chance of b...

Five cybersecurity predictions for 2016

31 May 2016
As cyber attacks become more frequent and sophisticated, RSM advisors discuss how to protect your organisation against 2016’s emerging cyber threats. As companies become increasingly reliant on technology to improve efficiency, productivity and mobility, vulnerabilities to cyberattacks are growing. While breaches at large organisations mak...

Ultranet Operation Dunham

31 March 2016
RSM’s Fraud and Forensic Services’ Roger Darvall-Stevens and Probity Adviser Michael Shatter share their thoughts on the public examinations of Operation Dunham, Victoria’s Independent Broad-based Anti-Corruption Commission’s (IBAC) investigation into the Department of Education and Training’s $180 million Ultranet project. The examinatio...

Cyber risks: How SMEs can protect themselves and their customers

9 March 2016
Small- and medium-sized enterprises (SMEs) are often at risk of the same scams and cyber attacks that affect individuals, and should take steps to protect themselves, according to RSM Australia. The cost of a security breach in Australia can run into the millions of dollars, which doesn’t take into account the reputational damage a high-pr...

Why security shouldn’t be a spectator sport in your organisation in 2016

17 February 2016
There are many organisatons with a gap in their risk management strategies that is affecting the security of sensitive and private information according to RSM Australia. The level of diligence in organisations when it comes to risk management and security often depends on the resources allocated to it. This can become a shor...

The importance of risk management in today’s digital business environment

28 May 2015
Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical. However, these steps do not require complex solutions in all cases, just diligence and attentiveness to t...