RSM Australia

Our People

Michael Shatter
Partner - Melbourne

Office : Melbourne
Service : Risk Consulting

Michael is a Director of the Risk Consulting division in Melbourne with over 24 years' experience in the accounting and risk management industry, specialising in Security & Privacy Services and Probity Assurance and Advisory Services.  Both of these services reflect Michael’s focus on the security and integrity of information and related processes.  He has worked on an extensive range of strategic and tactical risk management projects including the delivery of comprehensive Cyber Security Assessments, Internal and External Penetration Tests, Social Engineering Security Reviews and comprehensive reviews of information technology and communication controls of medium to large organisations. 

In delivering probity services, he has been the probity advisors and auditor on Australia’s largest recent privatisation projects, including the recent Port of Melbourne Medium Term Lease, Long Term Lease of TransGrid (NSW).  Michael has assisted governments in delivering their public private projects, including the recent Ravenhall Prison Project for the Victorian Department of Justice and Regulation.  These projects combined with hundreds of other procurements projects across a broad ranges of goods and services has resulted in RSM Australia being one of the most experienced probity practitioners in the Australia.

Michael Shatter is a Partner of RSM Australia Partners and a Director of RSM Australia Pty Ltd.

Solutions Michael provides

Michael assists clients with:

  • cyber security risks
  • cyber security tests and reviews
  •  penetration testing (internal and external)
  • vulnerability assessments of existing systems and networks
  •  performance of multi-vector social engineering assessments
  • SCADA security process reviews
  • physical security assessments
  • counter surveillance measures assessments
  • security awareness training
  • computer forensics
  • disaster recovery planning
  • business continuity planning
  • probity audit and advisory services
  • probity services for public private projects
  • probity services for large government divestment and privatisation projects
  • tender development and evaluation services
  • probity investigation reviews
  • financial and business process risk management
  • financial and business process controls and assurance

Significant projects

  • Australian and international penetration testing engagement for a multinational organisations
  • SCADA security review of a major victorian water utility
  • Internal penetration and social engineering assessment of major Victorian department agency
  • probity advisory and assurance services to the NSW Government on the Electricity Networks and Transmission Privatisation Project
  • Probity advisory services for the medium term lease of Port of Melbourne
  • Probity advisory services for the Ravenhall Prison Project
  • International assessment of a multinational’s information and technology general controls at a large number of locations in Europe, the Americas, and Asia Pacific
  • Delivery of global business continuity planning engagement which involved the planning and testing of existing continuity processes for a large multinational financial institution.

Professional associations

  • Fellow, Chartered Accountants Australia and New Zealand
  • Information Systems Audit and Control Association (ISACA)
  • Certified Information Systems Auditor (CISA)
  • Institute of Internal Auditors


  • Bachelor of Business – Accounting (Deakin University)

Events & Presentations

  • "Future Crime: A virtual certainty" - 32nd Governance Institute of Australia National Conference (30 November 2015)
  • “Integrity in Procurement” presented to the Singapore Auditor General’s Office (2012)

IIA's Procurement Integrity (Probity) Paper

24 April 2020
Probity is often considered as the "integrity & uprightness" of a process. A pragmatic approach to probity means maintaining flexibility in a controlled manner within an acceptable and defensible probity framework. Procurement process conducted within a defensible probity framework that considers appropriate probity risks will ensure proce...

Independence issues for internal auditors

12 February 2020
Internal audits can help organisations understand how well they’re managing their risk, control, and governance processes. Internal auditors don’t just examine an organisation’s financials; they review all aspects of its operations to identify ways to help the organisation improve its performance.  While independence is extremely valu...

Cyber Security: The show me - don't tell me approach

25 February 2019
The complexity and challenges presented by cyber security risks are both many and multi-dimensional.  However, there’s no single solution that is the panacea as organisations assess their cyber security risks.  The importance of adopting a strategic and holistic approach is more important than ever. The 2018 AISA conference covered l...

Maintaining data security: tips for franchisors and franchisees

17 December 2018
Running a business in the digital age means that, on top of operational and customer delivery, there is another layer of complexity in the form of ensuring data security within your business is strong. As online channels provide more opportunities to build customer loyalty and offer increased choice in how customers interact with the business, t...

Are you ready to meet the challenges of the GDPR?

19 July 2018
Digital advancements have resulted in consumer data being created, collected and stored within seconds. It is increasingly important to have clear laws and safeguards in place given the growing digital economy and associated cyber security risk. In May 2018, the new European Union General Data Protection Regulation (GDPR) came into force...

How damaging is the KRACK Wi-Fi attack?

24 October 2017
Mind the KRACK – How damaging is the KRACK Wi-Fi attack? How damaging is the KRACK Wi-Fi attack and can it simply be patched with software updates? RSM’s Cyber expert, Michael Shatter (National Director, Security and Privacy Risk Services) catches up with Daimon Geopfert, National Leader of Security and Privacy (RSM US) to discuss the i...

KRACK Wi-Fi exploit highlights core vulnerabilities of the internet

24 October 2017
Mind the KRACK - How the KRACK Wi-Fi exploit highlights the core vulnerabilities of the internet. KRACK (Key Reinstallation AttaCK) is a severe replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections and targets the third step in a four-way authentication “handshake” perform...

Why the ‘Cyber-drill’ is now the new ‘fire drill’

21 July 2017
RSM Australia was proud to recently sponsor a Boardroom Hypothetical presented by the around a major cyber incident. Following on from the recent article on the Boardroom Hypothetical 'The Chairperson has a critical role', we take a look at some key takeaways from the event which includes the readiness of organisat...

The Chairperson has a critical role

14 June 2017
RSM Australia was proud to recently sponsor a Boardroom Hypothetical around a major cyber incident. The Board was made up of Lindsay Tanner, Graeme Samuel and Chaired by Sue O’Connor - three very accomplished directors. The importance of having a strong Chairperson was highlighted given the key issues and director risk areas of ...

Global ransomware outbreak

15 May 2017
You will have noticed significant media coverage of an outbreak of ransomware globally which impacted 10,000 organisations in over 150 countries including Britain’s National Health Service and automaker Renault. To provide more insight, this is ransomware (named WannaCry) spreading through MS17-010, which is a set of vulnerabilities for which ...

Defining cyber risk. A view from the directors chair.

29 November 2016
Tim Daly, Group Manager Risk, Security and Service Management at AEMO, recently discussed cyber risks at the Sydney Women on Boards luncheon. INTRODUCTION Every organisation and every business is now reliant on technology. Therefore cyber security cannot be considered a risk in isolation or something IT ‘will deal with’,...

Five ways to protect your organisation against cyberattacks

15 June 2016
Large corporations are not the only targets that cybercriminals have in their sights; unfortunately, mid-size and even smaller entities are increasingly becoming victims of cyberattacks. Ensure your organisation has the appropriate security controls in place to help protect your valuable corporate and customer data, and mitigate the chance of b...

Five cybersecurity predictions for 2016

31 May 2016
As cyber attacks become more frequent and sophisticated, RSM advisors discuss how to protect your organisation against 2016’s emerging cyber threats. As companies become increasingly reliant on technology to improve efficiency, productivity and mobility, vulnerabilities to cyberattacks are growing. While breaches at large organisations mak...

Ultranet Operation Dunham

31 March 2016
RSM’s Fraud and Forensic Services’ Roger Darvall-Stevens and Probity Adviser Michael Shatter share their thoughts on the public examinations of Operation Dunham, Victoria’s Independent Broad-based Anti-Corruption Commission’s (IBAC) investigation into the Department of Education and Training’s $180 million Ultranet project. The examinatio...

Cyber risks: How SMEs can protect themselves and their customers

9 March 2016
Small- and medium-sized enterprises (SMEs) are often at risk of the same scams and cyber attacks that affect individuals, and should take steps to protect themselves, according to RSM Australia. The cost of a security breach in Australia can run into the millions of dollars, which doesn’t take into account the reputational damage a high-pr...

Why security shouldn’t be a spectator sport in your organisation in 2016

17 February 2016
There are many organisatons with a gap in their risk management strategies that is affecting the security of sensitive and private information according to RSM Australia. The level of diligence in organisations when it comes to risk management and security often depends on the resources allocated to it. This can become a shor...

The importance of risk management in today’s digital business environment

28 May 2015
Businesses must put the right security and processes in place to remain safe and sustainable, particularly in today’s changing business environment. There are many factors to consider from a risk perspective, and getting it right is critical. However, these steps do not require complex solutions in all cases, just diligence and attentiveness to t...