Joel Eshleman


Joel is an engagement director within the Specialty Advisory Services group and has more than 20 years of experience. His experience includes over 15 years with CliftonLarsonAllen and five years with a Big 4 firm performing information technology, business process and control, and third-party reporting reviews. Joel is the national operational leader for the Service and Organization Control (SOC) practice responsible for developing and deploying CLA's assessment and attestation procedures. Joel is responsible for managing the performance and reporting of SSAE 21, in a wide range of industries; including financial institutions, government services, healthcare, data center operations, and call center hosting.


Additionally, he has extensive experience with internal control assessments within financial institutions.  Beyond his experience in third-party reporting, Joel has experience with assessing internal controls in student loan agencies, state and local government units, financial institutions, and higher education institutions.

  • Led SSAE 18, previously SSAE 16 and SAS70, engagements both SOCv1 and SOC 2, within health care, financial institution, emerging technology, retail, state and local government industries.
  • Led internal controls assessments, both business process and information technology, for state and local government, financial institutions, and healthcare industries.
  • Assisted clients with SAP system design implementations in the government, manufacturing, and entertainment industries, specifically working with implementation of continuous control monitoring tools.
  • Has significant experience in effectively coordinating and directing complex projects confirming completion with strict regard for client specifications, time and budgetary constraints and the development of numerous risk services offerings including:
    • SSAE18 (formally known as SSAE 16 and SAS70) assurance engagements
    • ERP controls assessments and utilizations
    • Developed procedures for the evaluation of information technology controls in support of a financial audit and service organization reporting
    • Served as the project manager for information technology (IT) control audits, service organization audits, business advisory projects, internal audit projects, and data analytics
    • Current state assessments, including inefficiency and process improvement identification
    • Future state design and process reengineering and implementation
    • Application of Control Objectives for Information and Related Technology (COBIT) guidelines as published by the Information Systems Audit and Control Association (ISACA)


  • Bachelor of Science, Accounting, York College of Pennsylvania

In the community

  • Certified Pubic Accountant (CPA)
  • Certified Information Security Auditor (CISA)
  • Certified Internal Auditor (CIA).