Harvey Johnson joined PBMares in October 2003, and all his 17 years of public accounting experience have been with the firm. He currently serves as PBMares’ Chief Executive Officer.
Prior to taking on the role of CEO, Mr. Johnson served as an assurance partner and leader of the firm’s financial institutions team, overseeing internal and external audit engagements for financial institutions ranging in size from $1.5 million to over $3 billion. He also provided audit services for many of the firm’s SEC registrant clients, as well as non-profit and governmental clients.
Mr. Johnson started the firm’s cybersecurity practice in 2016. As leader of PBMares’ Cyber & Control Risk Services Team, he led the strategic direction, growth and execution of the firm’s cybersecurity, internal audit and System and Organization Controls (SOC) initiatives, and worked with team members to plan, direct and perform these engagements.
In addition to being a CPA, he has also earned the following: Chartered Global Management Accountant (CGMA); Certified Information Systems Auditor (CISA); Cybersecurity Advisory Services Certificate; and Advanced SOC for Services Organizations designation. He also serves as a SOC Specialist and Peer Reviewer for the AICPA, inspecting the quality of SOC audits for accounting firms across the United States.
Professional affiliations include membership in the American Institute of Certified Public Accountants (AICPA), the Virginia Society of Certified Public Accountants (VSCPA) and the Tidewater Chapter of the VSCPA (TCVSCPA). Past leadership roles with the TCVSCPA include President, Vice President, Secretary, Treasurer, and Chair of the Young CPA Committee. In 2016, he was recognized by both Inside Business and CPA Practice Advisor as a Top Forty Under 40 honoree. In addition, he is a five-time recipient of Virginia Business magazine’s “Super CPA” recognition in the Young CPAs category and was awarded the VSCPA’s Top 5 Under 35 distinction in 2012.
He believes in using his professional skills to support his community as well and serves on the Board of Directors for TowneBank (Peninsula) and the H.E.R. Shelter. In addition, he regularly volunteers in the community.
EDUCATION:
- Bachelor of Science in Business Administration with a concentration in Accounting from the University of North Carolina Wilmington in North Carolina
- Master of Science in Accounting from Old Dominion University in Norfolk, Virginia
ARTICLES:
Manage Third Party Risk with a SOC 2 Audit

Business owners and executives are familiar with the concept of risk management. From managing inventory levels to reviewing insurance coverage to maintain a proper level of protection, it’s a routine business practice
10 Things to Consider When Buying Cyber Insurance

When most people think of cybersecurity and data breaches, large government, financial, and retail entities typically come to mind. Since we tend to only hear of breaches with big-name entities, small businesses tune it out, thinking these are problems only larger organizations experience.
Cyber Insurance for Small Businesses

When most people think of cybersecurity and data breaches, large government, financial, and retail entities typically come to mind. Since we tend to only hear of breaches with big-name entities, small businesses tune it out, thinking these are problems only larger organizations experience.
Fighting Cyber Risk at Clubs

Ask any security expert and they will tell you that it’s not a matter of “if”, but “when” your organization will suffer a cyberattack. And while you might think a Country Club isn’t a huge target for hackers, the reality is that no organization is safe anymore, particularly smaller entities.
Don’t Be A Target for Cyber Fraud

Reduce your cyber risk by following the cyber risk triangle and building a cybersecurity program. Do you realize you have a target on your back? […]
4 Things You Should Know About Troubled Debt Restructuring

Troubled Debt Restructuring (TDR) accounting has some of the most difficult accounting rules to interpret, primarily because they are subjective in nature.
What You Should Learn from the Equifax Data Breach

Equifax, one of the three main credit reporting companies, announced last week that the personal information of 143 million people was exposed in a data breach – one of the largest in U.S. history.
TDR Accounting: How to Get It Right

Seeing a significant uptick in the number of loan modifications over the past few years, regulators and external auditors alike have been putting increased pressure on credit unions to become compliant with troubled debt restructuring rules.
Many Questions Remain After International Banking Heist

Tesco Bank, a Scotland-based bank and subsidiary of U.K. supermarket giant Tesco, recently blocked all online transactions tied to customers’ checking accounts after money was […]
2016 Cybersecurity Threat Report

Listen to any IT expert when he or she is talking about a cyber-attack and the typical response will be– It’s not a matter of […]
New Malware Could Be Stealing Your Money Right Now

No joke, the headline for this article is factual, correct and happening right now. Experts in the malware field have identified a new hybrid malware […]