Francis Tam


Francis has practiced public accounting with a focus on risk and compliance consulting since 1994. He concentrates on risk mitigation activities relating to information technology and security. His expertise includes the application of industry-specific cybersecurity frameworks including the payment card industry (PCI-DSS) security framework, National Institute of Standards and Technology (NIST) cybersecurity framework, AICPA’s system and organization controls (SOC 1-2-3) guidance, and others.

Francis helps his clients develop a comprehensive approach to information security and technology controls, which may include cost-benefit or system analyses, compliance and internal controls reviews, project management and quality assurance, business process reengineering, penetration testing, external operational assessments, policy development, or financial audits. He works with clients in a variety of industries, including financial services, technology, communications, and life sciences.

Selected Publications

  • "Application Security for Technology, Communications, and Life Sciences" (Moss Adams Insight, May 2019)
  • "Conducting IT Audits Can Help Protect Data and Prevent Cybersecurity Breaches" (Corporate Compliance Insights, April 2019)
  • "Cyber Criminals Seek Security Weak Spots" (North Bay Business Journal, June 2017)
  • "Firm’s Data Storage Plan Out of This World" (Los Angeles Business Journal, quoted, January 2017)
  • "Banking Compliance and the Cloud: Can They Coexist?" (, August 2015)
  • "For Financial Institutions, the Risk of Cybercrime is as Real as Ever" (Moss Adams Insight, May 2014)

Selected Speaking Engagements

  • Retail Industry Outlook: Trends and Strategies for 2019
    (Moss Adams Webcast, March 2019)
  • Six Steps to an Affordable Risk-Based Information Security Program
    (Moss Adams Webcast, December 2018)
  • Refocusing Retail: 2018 Industry Trends
    (Moss Adams Webcast, March 2018)
  • Five Challenges Every Chief Information Officer Faces
    (Moss Adams Webcast, October 2017)
  • 2017 Retail Outlook
    (Moss Adams webcast, June 2017)
  • Cyber Attacks: Spear Phishing, Ransomware and the Internet of Things (IoT)
    (Moss Adams Webcast, August 2016)
  • The Future of Retail—Are You Prepared?
    (Moss Adams Webcast, September 2015)
  • Stay Ahead of Cybersecurity Breaches and Off the Media’s Radar
    (Moss Adams Webcast, June 2015)

Professional Affiliations

  • Member, American Institute of Certified Public Accountants
  • Member, California Society of Certified Public Accountants
  • Member, Information Systems Audit and Control Association


  • BS, computer science and mathematics, University of British Columbia
  • MBA, finance and accounting, California State Polytechnic University-Pomona