All Things Internal Audit

The Institute of Internal Auditors Presents: All Things Internal Audit Tech 
In this episode, Daniel McCarville speaks with Bill Bensing about shadow IT and why it continues to emerge inside organizations. They explore how shadow IT often signals innovation rather than just risk, and how internal auditors can help organizations balance experimentation, governance, and operational control. The conversation also introduces a practical framework for understanding how ideas move from exploration to validation and ultimately into formal operations.
 
HOST: Daniel McCarville
Executive Vice President of Internal Audit
Arch Capital




 



GUEST: Bill Bensing
Chief Technologist and Co-Founder
Attestify









 
KEY POINTS:

Introduction [00:00:02-00:00:39]
What Is Shadow IT? [00:00:39-00:01:56]
Why Shadow IT Exists in Organizations [00:02:13-00:05:08]
Shadow IT as a Source of Innovation [00:05:33-00:08:03]
Why Small Internal Solutions Can Deliver Big Value [00:06:10-00:07:33]
The Role of Shadow IT in Validating Ideas [00:09:14-00:10:56]
Why Innovation Often Fails to Take Hold [00:12:41-00:14:00]
How Leaders Can Enable Innovation Safely [00:14:00-00:16:54]
Building Communities and Internal Flywheels of Innovation [00:17:00-00:18:55]
Developing Internal Innovation Teams [00:19:08-00:21:24]
Why Experimentation and Imperfection Are Necessary for Innovation [00:21:59-00:22:59]
How Auditors Should Rethink Shadow IT Risk [00:23:02-00:24:17]
The Exploration-Validation-Operation Model [00:24:17-00:28:07]
Internal Audit's Role Across the Innovation Lifecycle [00:28:07-00:31:11]
Addressing Shadow IT Risks Without Stifling Innovation [00:32:29-00:35:32]
Why Building Tools Strengthens Career Growth [00:37:11-00:39:04]
Learning Principles vs. Learning Tools [00:39:21-00:41:51]
How Auditors Can Encourage Innovation While Maintaining Controls [00:41:59-00:46:30]
Final Thoughts: Enabling Coordination Across the Three Lines [00:47:39-00:50:14]
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards
IIA Certificates: IT General Controls Certificate
Knowledge Centers: Artificial Intelligence
Vison 2035
Become a Certified Internal Auditor (CIA)
IIA Courses: Fundamentals of IT Auditing
Combined Assurance
2026 Analytics, Automation and AI Virtual Conference
 The Big Idea: Shadow AI Isn't Just a Sign of Control Gaps

 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit Tech 
 
In this episode, Antonio Cacciapuoti and Alessandro Casarotti unpack the ethical challenges of artificial intelligence in internal audit and anti-financial crime. They discuss AI hallucinations as a risk to be governed, not eliminated, and examine why governance, accountability, and human judgment are central to ethical AI. 
 
HOST: Antonio Cacciapuoti, CIA, CAMS
Head of Internal Audit, Eurizon Capital
Vice President, IIA Luxembourg



 



GUEST: Alessandro Casarotti
Director, Forensic & Anti-Financial Crime, PwC Luxembourg








 
KEY POINTS:

AI Hallucinations as a Governance Risk (00:00:28 – 00:02:46)
How AI Developers Build Ethical Safeguards (00:02:50 – 00:06:10)
Human Judgment and Ethical Decision-Making in AI (00:06:14 – 00:09:26)
Automation, Accountability, and Ethical Responsibility (00:09:26 – 00:10:49)
Global Approaches to AI Regulation (00:10:49 – 00:14:52)
Why "Human in the Loop" Is Necessary but Not Sufficient (00:14:52 – 00:19:10)
Strengthening Governance and Risk Controls for AI (00:19:10 – 00:21:01)
Using AI in Anti-Financial Crime Investigations (00:21:01 – 00:24:12)
How Fraudsters Attempt to Bypass AI Safeguards (00:24:12 – 00:27:44)
The Future Relationship Between Internal Auditors and AI (00:27:44 – 00:31:17)
 
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards Domain II: Ethics and Professionalism

Knowledge Centers: Artificial Intelligence
Vison 2035
Become a Certified Internal Auditor (CIA)
2026 Analytics, Automation and AI Virtual Conference


 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit 
 
In this episode, Mike Jacka and Tshepo Mofokeng tackle one of the most common questions internal auditors face: Who audits the auditors? They break down how the quality assurance and improvement program (QAIP), professional standards, peer reviews, and self-regulation protect the integrity of the profession. They discuss how quality assurance strengthens credibility with boards, builds trust with stakeholders, and positions internal audit as a strategic advisor.
 
HOST: Mike Jacka, CIA, CPA, CPCU, CLU
Chief Creative Pilot at Flying Pig Audit, Consulting, and Training Solutions


 



GUEST: Tshepo Mofokeng, CIA, CRMA
CAE, Sefako Makgatho Health Sciences University
Global Board of Directors, The IIA







 
KEY POINTS:

Introduction: Who Audits the Auditors? [00:00:06–00:01:23]
What QAIP Really Means and Why It Matters [00:01:29–00:02:43]
The Role of Standards in Professional Legitimacy [00:03:05–00:03:58]
Explaining Self-Regulation to the Board vs. Management [00:04:02–00:06:06]
Addressing Defensiveness and Educating Peers [00:06:52–00:08:10]
Moving from Compliance to Credibility in Quality Reviews [00:08:43–00:11:28]
Measuring Impact, Not Just Audit Volume [00:12:01–00:13:39]
Marketing Internal Audit's Value Through Quality [00:14:02–00:14:30]
Finding Time for Quality Assurance Work [00:14:40–00:15:22]
Real-World Example: How Peer Review Strengthened Trust [00:15:24–00:17:48]
When Weak Self-Regulation Damages Trust [00:17:52–00:20:48]
The Future of QAIP and Vision 2035 [00:21:02–00:23:19]
Internal Audit's "Superpower" with the Board [00:23:21–00:25:11]
 
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards
Quality Assurance and Improvement Program
Vison 2035
Become a Certified Internal Auditor (CIA)
2026 Analytics, Automation and AI Virtual Conference


 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit 
 
In this episode, Scott Madenburg and Sanjay Vadlamani talk trust; and why it's the defining currency of internal audit. From hyper-growth environments to large, mature organizations, they discuss how audit teams can build credibility, and deliver value without slowing the business down. Through real-world use cases; including AI-assisted code reviews, ERP implementations, and building an internal audit function from scratch, they share practical examples of how trust enables earlier insights, stronger controls, and a true seat at the table.
 
HOST: Scott Madenburg, CIA, CISA, CRMA
Founder and President, ARC Hybrid Corporation

 



GUEST: Sanjay Vadlamani, CIA, CISA, CISM, CRISC
Senior Manager, Internal Controls, PayJoy






 
KEY POINTS:

Defining Trust in Internal Audit [00:01:27 – 00:03:17]
Holistic Risk and Connected Controls [00:03:55 – 00:07:01]
Bridging the Gap Between Audit and Leadership [00:07:15 – 00:10:18]
Small vs. Large Organization Trust Challenges [00:11:45 – 00:13:56]
High-Growth Tension: Will Audit Slow Us Down? [00:14:14 – 00:16:51]
AI-Assisted Code and "Slow Down to Speed Up" [00:17:01 – 00:18:53]
Building Trust from Scratch in a Developing Organization [00:19:09 – 00:23:19]
Early Insight Through ERP Implementation [00:23:49 – 00:26:02]
Rolling Up Sleeves: Creating SOPs and Process Improvements [00:26:25 – 00:28:35]
Where Audit Can Undermine Trust [00:29:28 – 00:33:16]
Audit Committee Alignment and Expectation Management [00:33:16 – 00:36:44]
The Next 6–12 Months: AI Literacy and Critical Thinking [00:37:00 – 00:40:52]
 
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards
Resources: Governance
Course: Building Stakeholder Relationships
Course: Effective Communication and Conflict Resolution for Internal Auditors
GAM 2026


 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit 
 
In this episode, Adam Ross is joined by Filipe Ribeiro and Julien Perreault to discuss how supply chain risk has evolved into an interconnected, enterprisewide challenge. They discuss where organizations underestimate exposure, how risks quietly accumulate across the value chain, and why internal audit is uniquely positioned to identify blind spots before disruptions escalate. The conversation spans real-world examples from agriculture and highly regulated industries, third-party risk, continuous monitoring, and the growing impact of automation and AI on supply chains.
 
HOST: Adam Ross, CIA, CISA
Partner, Grant Thornton Advisors LLC





GUEST: Filipe Ribeiro, CIA, CRMA, CFE
Group Internal Audit Manager, Aldar




Julien Perreault, CPIM, MBA
Experienced Manager, Sourcing and Supply Chain Advisory, Grant Thornton Advisors LLC





 
KEY POINTS:

Introduction to Modern Supply Chain Risk [00:00:02–00:01:22]
From Operational Inconvenience to Strategic Risk [00:01:22–00:02:24]
Why Supply Chain Risk Is Now Systemic and Enterprisewide [00:02:32–00:03:11]
Where Organizations Commonly Underestimate Exposure [00:03:22–00:04:33]
When "Green Dashboards" Mask Emerging Risk [00:03:33–00:05:08]
How Informal Workarounds Quietly Accumulate Enterprise Risk [00:05:08–00:05:47]
Agricultural Case Study: How Small Upstream Delays Become Major Downstream Failures [00:05:53–00:07:52]
Using Continuous Monitoring to Detect Hidden Timing and Dependency Risks [00:07:57–00:12:26]
Supply Chain Risk in Remote, Capital-Intensive, and Highly Regulated Environments [00:12:54–00:15:25]
Balancing Regulatory Compliance and Operational Efficiency [00:15:42–00:18:55]
Procure-to-Pay Risk and the Rise of Operational "Noise" [00:19:14–00:21:01]
When Exceptions Become the Normal Operating Model [00:21:01–00:23:15]
Third-Party Risk as a Business Resilience Issue [00:25:15–00:27:12]
Governance, Speed of Business, and Supplier Ecosystems [00:27:12–00:30:25]
Managing Supplier Concentration Risk Without Sacrificing Resilience [00:31:20–00:35:04]
Geographic and Cultural Complexity as an Underestimated Risk Driver [00:35:36–00:37:27]
How Internal Audit Can Add Value Without Compromising Independence [00:38:35–00:41:29]
Emerging Risks: Automation, AI, Data Quality, and Governance Lag [00:41:47–00:46:18]
Final Thoughts on the Future of Supply Chain Risk [00:46:29–00:47:05]

 
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards
Third-Party Topical Requirement
Continuous Auditing and Monitoring, 3rd Edition
Boardroom: Breaks in the Chain
GAM 2026


 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer