Mac Lillard, CPA/ABV/CITP, CIA, CFE, CISA/CRISC
Senior Manager, Risk & Advisory Services
Home / Leadership Team / Mac Lillard, CPA/ABV/CITP, CIA, CFE, CISA/CRISC
Biography
Mac Lillard is a Risk & Advisory Services Senior Manager with GRF CPAs & Advisors, specializing in the nonprofit and International Non-Governmental Organization (INGO) industry since 2014. He performs a wide range of client services, providing technical expertise to help organizations build and maintain risk management processes, optimize systems through integration and automation, enhance controls for fraud prevention/detection, and improve their cybersecurity posture. He travels domestically and internationally to provide services to global organizations.
As a Senior Manager, Mr. Lillard leads planning, fieldwork, reporting, and ongoing communications for his engagements. He holds designations through professional organizations that allow him to provide his clients with added value and a holistic experience on every engagement.
He continues his education by speaking at and attending professional seminars related to auditing (internal and external), enterprise risk management, fraud examinations, and information systems control and security. He is also the Vice President of Programs for the Washington, DC Chapter of the Institute of Internal Auditors and helps to develop content to educate professionals on emerging topics, industry trends, and best practices.
Education and Certifications
- M.S. in Professional Accountancy, Clemson University
- B.S. in Accounting, Clemson University
- Certified Public Accountant (CPA)
- Accredited in Business Valuation (ABV®)
- Certified Information Technology Professional (CITP)
- Certified Internal Auditor (CIA)
- Certified Fraud Examiner (CFE)
- Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Advanced Single Audit Certificate
Professional Affiliations
- Institute of Internal Auditors (IIA), Washington, DC Chapter, Associate Vice President of Programs
- Association of Certified Fraud Examiners
- Information Systems Audit and Control Association
- The Greater Washington Society of CPAs (GWSCPA)
- Habitat for Humanity of Metro Maryland, Board and Finance Committee Member
Expert Insights
Webinar
Engaging Your Board in Risk Management
As the operating environment for organizations becomes more complex, the role of the board of directors in risk management becomes…
Articles
Improve Internal Audit Efficiency with Emerging Technologies
Using emerging technologies for risk management and audit procedures can be done cost-effectively today using creative strategies, such as co-sourcing,…
Articles
Insider Tip to Reduce Procurement Requirements Under Uniform Guidance
If your organization follows Uniform Guidance requirements for procurement under 2CFR 200.320, you might be able to increase the threshold…
Publication, White Paper
How to Build a Worldclass Whistleblower Program
Learn the steps and best practices for developing a whistleblower program, and how it reinforces ethical standards and protects organizational…
Publication, White Paper
2025 Top Risks for Nonprofits and Associations
Our 2025 Top Risks Report explores the top risk themes of the year and the potential implications for nonprofits and…
Articles
Checklist for Optimizing Government Contractor Value
Written and edited by Mac Lillard. Research assistance by AI. High-Level Strategies for Financial, Operational, and Sustainability Excellence Government contractors…
Articles
Using Business Valuations to Drive Performance
Written and edited by Mac Lillard. Research assistance by AI. In the dynamic world of small and medium-sized enterprises (SMEs),…
Articles
The Forensic Accountant: Your Secret Weapon for Thorough Due Diligence
A forensic accountant can enhance the valuation process, providing a credible and accurate assessment of the business's value.
Case Studies
Strengthening IT Security: One Nonprofit’s Journey to Meet SAS 145 Requirements
In response to growing IT and cybersecurity risks, auditors are placing greater scrutiny on IT risk and risk controls in…
Articles
ACFE Study Finds Median Losses from Occupational Fraud Increasing
Every two years, the Association of Certified Fraud Examiners (ACFE) publishes a study detailing the costs, schemes, perpetrators and victims…
Webinar
Luck of the Audit: The Role of Internal Controls in Audit Preparedness
Whether your organization is new to the audit process, or preparing for your 50th audit, savvy nonprofits know that the…
Case Studies
Navigating Digital Transformation: How One INGO Successfully Conducted a System Assessment
Navigating Digital Transformation In virtual work environments, having streamlined operations, efficient collaboration, and transparent processes is paramount. This rings especially…
Publication, White Paper
2024 Top Risks for Nonprofits and Associations
At the start of 2024, the landscape of risks facing organizations is evolving at an unprecedented pace. The Risk &…
Webinar
Part 3: How to Set Up a World-Class Whistleblower Program
This on-demand video delves into the performance of whistleblower investigations. In this session, we explore the critical decision-making process behind…
Webinar
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Webinar
Winning the Financial Game: Your Playbook for SAS 145 and CECL Implementation
The Auditing Standards Board of the American Institute of CPAs, released an auditing standard that impacts nonprofits, private companies, and…
Webinar
Part 2: How to Set Up a World-Class Whistleblower Program
Early detection can limit the impact of fraud, and insider tips are by far the most effective source. Having a…
Webinar
How to Set Up a World-Class Whistleblower Program
Early detection can limit the impact of fraud, and insider tips are by far the most effective source. Having a…
Webinar
Enhance Fraud Mitigation Through Internal Audits
Organizations have to be proactive in not only implementing, but monitoring and improving fraud prevention/detection controls in order to stay…
Webinar
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Webinar
Engaging Your Board in Risk Management
As the operating environment for organizations becomes more complex, the role of the board of directors in risk management becomes…
Articles
Improve Internal Audit Efficiency with Emerging Technologies
Using emerging technologies for risk management and audit procedures can be done cost-effectively today using creative strategies, such as co-sourcing,…
Articles
Insider Tip to Reduce Procurement Requirements Under Uniform Guidance
If your organization follows Uniform Guidance requirements for procurement under 2CFR 200.320, you might be able to increase the threshold…
Publication, White Paper
How to Build a Worldclass Whistleblower Program
Learn the steps and best practices for developing a whistleblower program, and how it reinforces ethical standards and protects organizational…
Publication, White Paper
2025 Top Risks for Nonprofits and Associations
Our 2025 Top Risks Report explores the top risk themes of the year and the potential implications for nonprofits and…
Articles
Checklist for Optimizing Government Contractor Value
Written and edited by Mac Lillard. Research assistance by AI. High-Level Strategies for Financial, Operational, and Sustainability Excellence Government contractors…
Articles
Using Business Valuations to Drive Performance
Written and edited by Mac Lillard. Research assistance by AI. In the dynamic world of small and medium-sized enterprises (SMEs),…
Articles
The Forensic Accountant: Your Secret Weapon for Thorough Due Diligence
A forensic accountant can enhance the valuation process, providing a credible and accurate assessment of the business's value.
Case Studies
Strengthening IT Security: One Nonprofit’s Journey to Meet SAS 145 Requirements
In response to growing IT and cybersecurity risks, auditors are placing greater scrutiny on IT risk and risk controls in…
Articles
ACFE Study Finds Median Losses from Occupational Fraud Increasing
Every two years, the Association of Certified Fraud Examiners (ACFE) publishes a study detailing the costs, schemes, perpetrators and victims…
Webinar
Luck of the Audit: The Role of Internal Controls in Audit Preparedness
Whether your organization is new to the audit process, or preparing for your 50th audit, savvy nonprofits know that the…
Case Studies
Navigating Digital Transformation: How One INGO Successfully Conducted a System Assessment
Navigating Digital Transformation In virtual work environments, having streamlined operations, efficient collaboration, and transparent processes is paramount. This rings especially…
Publication, White Paper
2024 Top Risks for Nonprofits and Associations
At the start of 2024, the landscape of risks facing organizations is evolving at an unprecedented pace. The Risk &…
Webinar
Part 3: How to Set Up a World-Class Whistleblower Program
This on-demand video delves into the performance of whistleblower investigations. In this session, we explore the critical decision-making process behind…
Webinar
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
Webinar
Winning the Financial Game: Your Playbook for SAS 145 and CECL Implementation
The Auditing Standards Board of the American Institute of CPAs, released an auditing standard that impacts nonprofits, private companies, and…
Webinar
Part 2: How to Set Up a World-Class Whistleblower Program
Early detection can limit the impact of fraud, and insider tips are by far the most effective source. Having a…
Webinar
How to Set Up a World-Class Whistleblower Program
Early detection can limit the impact of fraud, and insider tips are by far the most effective source. Having a…
Webinar
Enhance Fraud Mitigation Through Internal Audits
Organizations have to be proactive in not only implementing, but monitoring and improving fraud prevention/detection controls in order to stay…
Webinar
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Webinar
Engaging Your Board in Risk Management
As the operating environment for organizations becomes more complex, the role of the board of directors in risk management becomes…
Articles
Improve Internal Audit Efficiency with Emerging Technologies
Using emerging technologies for risk management and audit procedures can be done cost-effectively today using creative strategies, such as co-sourcing,…
Articles
Insider Tip to Reduce Procurement Requirements Under Uniform Guidance
If your organization follows Uniform Guidance requirements for procurement under 2CFR 200.320, you might be able to increase the threshold…
News and Events
Fraud Control and Prevention: Mastering the Basics
Keeping it simple provides more protection than you might expect The Basics of Fraud Control and Prevention A common misconception…
Forensic Auditing and Artificial Intelligence Help Detect Fraudulent Activity
Fraud prevention is one of the most important aspects of an effective organizational risk management strategy. According to the Association…
Internal Audit is a Critical Investment for Nonprofit Organizations
By their nature, tax-exempt entities are under extraordinary scrutiny. With the IRS, external auditors, donors, watchdogs and stakeholders all analyzing…
Focus on Corporate Risk: Navigating an Uncertain Landscape
Join Orrick and GRF for a conversation where we will explore emerging risks and how corporate leaders can effectively navigate…
Fraud Watch DC
Fraud Watch DC is a workshop designed to equip professionals with the latest insights and strategies for fraud prevention, whistleblower protection,…
Reflecting on Key Revisions to the Uniform Guidance (2 CFR Part 200)
Join us for a follow-up session where GRF experts will delve deeper into the material covered in our October session…
2025 Fraud Virtual Conference
Join GRF at the 2025 Fraud Virtual Conference hosted by the Institute of Internal Auditors.
Blog
2024 Update on Retirement Plans: Cyber Best Practices
Cybersecurity remains a crucial concern for retirement plan administrators and sponsors. Ensuring the security of sensitive data and maintaining compliance…
Understanding 2024 OMB 2 CFR 200 Uniform Guidance Changes
The Office of Management and Budget (OMB) recently published its final revisions to the federal Uniform Guidance (2 CFR Part…
GRF Celebrates Internal Audit Awareness Month
At GRF, we know and love the role of the internal auditor, but it’s not clearly understood by people outside…
GRF Cyber Symposium
GRF’s second annual Virtual Cyber Symposium is designed to provide a 360-degree overview of the latest strategies for improving cybersecurity…
Article
Embedding Risk Management in Federal Grant Compliance
Are you ready to take your risk management strategy to the next level? Do you want to find out ways…
2024 Update on Retirement Plans
Join GRF for a comprehensive overview of changes to employee benefit plan regulations and auditing standards. We will summarize key…
Luck of the Audit: The Role of Internal Controls in Audit Preparedness
In this webinar we will focus on common audit findings and best practice recommendations to help strengthen controls over specific…
Fraud Awareness Tips and Resources
International Fraud Awareness Week takes place November 12 – 18, 2023 Fraud Awareness Week highlights how crucial it is for…
Mitigate Online Donation Risks with PCI Compliance and Third-Party Risk Management
Taking donations online is a huge benefit to nonprofit organizations, but online payments also expose potential risks. To safeguard their…
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
DC Top Risks Summit
Join IIA DC for a cutting-edge Continuing Professional Education (CPE) event tailor-made for auditors, fraud examiners, risk practitioners and business…
Part 3: How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
Part 2: How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
Winning the Financial Game: Your Playbook for SAS 145 and CECL Implementation
Join us for a power-packed webinar as we explore and summarize the recently issued audit and accounting standards. This webinar…
2-Part Virtual Workshop Series: ERM in Non-Profit Organizations
GRF CPAs & Advisors and the NC State Poole College of Management Enterprise Risk Management Initiative host this annual online…
Optimize Risk Management Efforts with Enhanced Collaboration
To some extent, all business functions are responsible for managing risks. However, certain departments have direct responsibilities in risk management,…
How INGOs Can Maximize Their Internal Audit Function
International Non-governmental Organizations (INGOs) are particularly vulnerable to fraudulent activity due to their multinational offices and dependence on remote access…
Article
Mac Lillard Receives AICPA’s Technology Advisory Standing Ovation Award
GRF CPAs & Advisors (GRF) Senior Manager, Mac Lillard, CPA, CITP, CFE, CISA, CRISC, was honored for his significant contributions…
Best Practices for Mitigating Risk in Expense Reporting Platforms
Expense reporting platforms have simplified the review and approval processes, making it easier to submit documentation for payment. However, this…
How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
How Internal Audit Can Support Whistleblower Investigations
Do you know if an employee is stealing from your company? Quite often, the first hint of a problem comes…
GRC Conference 2023 (Governance, Risk & Control)
The GRC Conference gathers leading minds from around the world to provide dedicated professionals like you with the most up…
Key Controls and Processes, and Preventing and Detecting Fraud
Join the ACFE Washington Metro Chapter, IIA DC Chapter and GRF as we discuss the key controls and processes organizations…
Risk World Conference (RIMS 2023)
RISKWORLD® is more than a conference — it’s the center of the risk management universe. This is where you swap…
IIA Long Island Chapter Dual Track Conference for IT & Banking
Is your organization focused on the right issues when it comes to privacy, IT asset protection and third party risk…
CEO Roundtable: Zooming in on Fraud Risk
Humentum’s CEO roundtables bring together CEOs to exchange ideas with their peers. These events allow participants to share challenges, brainstorm…
MACPA 2023 Government and Not-for-Profit Conference
Join us online and in-person at the Maritime Conference Center in Linthicum, MD, for the MACPA 2023 Government and Not-for-Profit…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as a re-broadcast of the 2022 GWSCPA Nonprofit Symposium.
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as part of the 2022 GWSCPA Nonprofit Symposium.
Enhance Fraud Mitigation Through Internal Audits
Join our team as we discuss the key controls and processes organizations should consider in order to adequately prevent/detect fraudulent…
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Engaging Your Board in Risk Management
Join GRF’s risk management experts as we explore ways to engage your board of directors in risk management activities. This…
DC Top Risks Summit
Don’t miss the opportunity to take home advice from some of the most influential leaders in the risk community! Join…
RIMS ERM Conference
RIMS ERM Conference is the premier enterprise risk management event offering valuable interaction with experienced speakers, relevant and practical presentations…
Understanding What’s Next for SAS No. 145 and the 2022 Compliance Supplement
Join GRF audit experts for an interactive discussion on the overarching changes as a result of SAS No. 145 and…
Fraud Control and Prevention: Proactive Measures
The Association of Certified Fraud Examiners (ACFE) publishes a bi-annual, Report to the Nations (the Report) providing detailed statistics and…
Fraud Control and Prevention: Mastering the Basics
Keeping it simple provides more protection than you might expect The Basics of Fraud Control and Prevention A common misconception…
Forensic Auditing and Artificial Intelligence Help Detect Fraudulent Activity
Fraud prevention is one of the most important aspects of an effective organizational risk management strategy. According to the Association…
Internal Audit is a Critical Investment for Nonprofit Organizations
By their nature, tax-exempt entities are under extraordinary scrutiny. With the IRS, external auditors, donors, watchdogs and stakeholders all analyzing…
Focus on Corporate Risk: Navigating an Uncertain Landscape
Join Orrick and GRF for a conversation where we will explore emerging risks and how corporate leaders can effectively navigate…
Fraud Watch DC
Fraud Watch DC is a workshop designed to equip professionals with the latest insights and strategies for fraud prevention, whistleblower protection,…
Reflecting on Key Revisions to the Uniform Guidance (2 CFR Part 200)
Join us for a follow-up session where GRF experts will delve deeper into the material covered in our October session…
2025 Fraud Virtual Conference
Join GRF at the 2025 Fraud Virtual Conference hosted by the Institute of Internal Auditors.
Blog
2024 Update on Retirement Plans: Cyber Best Practices
Cybersecurity remains a crucial concern for retirement plan administrators and sponsors. Ensuring the security of sensitive data and maintaining compliance…
Understanding 2024 OMB 2 CFR 200 Uniform Guidance Changes
The Office of Management and Budget (OMB) recently published its final revisions to the federal Uniform Guidance (2 CFR Part…
GRF Celebrates Internal Audit Awareness Month
At GRF, we know and love the role of the internal auditor, but it’s not clearly understood by people outside…
GRF Cyber Symposium
GRF’s second annual Virtual Cyber Symposium is designed to provide a 360-degree overview of the latest strategies for improving cybersecurity…
Article
Embedding Risk Management in Federal Grant Compliance
Are you ready to take your risk management strategy to the next level? Do you want to find out ways…
2024 Update on Retirement Plans
Join GRF for a comprehensive overview of changes to employee benefit plan regulations and auditing standards. We will summarize key…
Luck of the Audit: The Role of Internal Controls in Audit Preparedness
In this webinar we will focus on common audit findings and best practice recommendations to help strengthen controls over specific…
Fraud Awareness Tips and Resources
International Fraud Awareness Week takes place November 12 – 18, 2023 Fraud Awareness Week highlights how crucial it is for…
Mitigate Online Donation Risks with PCI Compliance and Third-Party Risk Management
Taking donations online is a huge benefit to nonprofit organizations, but online payments also expose potential risks. To safeguard their…
Virtual Cyber Symposium for Nonprofits & Associations
Virtual Cyber Symposium for Nonprofits & Associations: Tax exempt organizations are not exempt from the growing threats of cyberattacks. Nonprofit…
DC Top Risks Summit
Join IIA DC for a cutting-edge Continuing Professional Education (CPE) event tailor-made for auditors, fraud examiners, risk practitioners and business…
Part 3: How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
Part 2: How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
Winning the Financial Game: Your Playbook for SAS 145 and CECL Implementation
Join us for a power-packed webinar as we explore and summarize the recently issued audit and accounting standards. This webinar…
2-Part Virtual Workshop Series: ERM in Non-Profit Organizations
GRF CPAs & Advisors and the NC State Poole College of Management Enterprise Risk Management Initiative host this annual online…
Optimize Risk Management Efforts with Enhanced Collaboration
To some extent, all business functions are responsible for managing risks. However, certain departments have direct responsibilities in risk management,…
How INGOs Can Maximize Their Internal Audit Function
International Non-governmental Organizations (INGOs) are particularly vulnerable to fraudulent activity due to their multinational offices and dependence on remote access…
Article
Mac Lillard Receives AICPA’s Technology Advisory Standing Ovation Award
GRF CPAs & Advisors (GRF) Senior Manager, Mac Lillard, CPA, CITP, CFE, CISA, CRISC, was honored for his significant contributions…
Best Practices for Mitigating Risk in Expense Reporting Platforms
Expense reporting platforms have simplified the review and approval processes, making it easier to submit documentation for payment. However, this…
How to Set Up a World-Class Whistleblower Program
Join GRF as we discuss the process for establishing a secured incident reporting platform that includes online reporting, document upload,…
How Internal Audit Can Support Whistleblower Investigations
Do you know if an employee is stealing from your company? Quite often, the first hint of a problem comes…
GRC Conference 2023 (Governance, Risk & Control)
The GRC Conference gathers leading minds from around the world to provide dedicated professionals like you with the most up…
Key Controls and Processes, and Preventing and Detecting Fraud
Join the ACFE Washington Metro Chapter, IIA DC Chapter and GRF as we discuss the key controls and processes organizations…
Risk World Conference (RIMS 2023)
RISKWORLD® is more than a conference — it’s the center of the risk management universe. This is where you swap…
IIA Long Island Chapter Dual Track Conference for IT & Banking
Is your organization focused on the right issues when it comes to privacy, IT asset protection and third party risk…
CEO Roundtable: Zooming in on Fraud Risk
Humentum’s CEO roundtables bring together CEOs to exchange ideas with their peers. These events allow participants to share challenges, brainstorm…
MACPA 2023 Government and Not-for-Profit Conference
Join us online and in-person at the Maritime Conference Center in Linthicum, MD, for the MACPA 2023 Government and Not-for-Profit…
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as a re-broadcast of the 2022 GWSCPA Nonprofit Symposium.
Reputation Risk as Part of Your Cybersecurity Program
This session is being presented as part of the 2022 GWSCPA Nonprofit Symposium.
Enhance Fraud Mitigation Through Internal Audits
Join our team as we discuss the key controls and processes organizations should consider in order to adequately prevent/detect fraudulent…
Your Organization’s Guide to Cybersecurity
Cybersecurity is a part of every organization’s daily life. Want to learn how to protect your organization but become overwhelmed…
Engaging Your Board in Risk Management
Join GRF’s risk management experts as we explore ways to engage your board of directors in risk management activities. This…
DC Top Risks Summit
Don’t miss the opportunity to take home advice from some of the most influential leaders in the risk community! Join…
RIMS ERM Conference
RIMS ERM Conference is the premier enterprise risk management event offering valuable interaction with experienced speakers, relevant and practical presentations…
Understanding What’s Next for SAS No. 145 and the 2022 Compliance Supplement
Join GRF audit experts for an interactive discussion on the overarching changes as a result of SAS No. 145 and…
Fraud Control and Prevention: Proactive Measures
The Association of Certified Fraud Examiners (ACFE) publishes a bi-annual, Report to the Nations (the Report) providing detailed statistics and…
Fraud Control and Prevention: Mastering the Basics
Keeping it simple provides more protection than you might expect The Basics of Fraud Control and Prevention A common misconception…
Forensic Auditing and Artificial Intelligence Help Detect Fraudulent Activity
Fraud prevention is one of the most important aspects of an effective organizational risk management strategy. According to the Association…
Internal Audit is a Critical Investment for Nonprofit Organizations
By their nature, tax-exempt entities are under extraordinary scrutiny. With the IRS, external auditors, donors, watchdogs and stakeholders all analyzing…