All Things Internal Audit

The Institute of Internal Auditors Presents: All Things Internal Audit 


In this episode, Ahmed Sharif Hawky and Emmanuel Pascal discuss why greenwashing is no longer just a reputational risk, but also a governance and assurance challenge. Together they break down how greenwashing qualifies as legal misrepresentation, why most control environments are far weaker than leadership realizes, and what a practical audit approach looks like — from mapping sustainability claims across  channels to using data analytics and intensity ratios to test what companies report and what they don't.
 

 
HOST: Ahmed Sharif Shawky, CIA, CPA
CEO, SustainGRC


GUESTS: Emmanuel Pascal, CIA, CRMA, CFE
CEO, Condor Strike 
Member, Committee of Research and Education Advisors, Internal Audit Foundation


 
KEY POINTS:
Introduction [00:00-00:00:50]
Defining Greenwashing [00:00:50-00:02:14]
Political Backlash vs. Regulatory Reality [00:02:16-00:03:21]
Greenwashing as Misrepresentation [00:03:24-00:06:13]
Global Greenwashing Regulations [00:06:13-00:07:16]
Greenwashing as Value Fraud [00:07:22-00:11:07]
Assessing Greenwashing Risk [00:11:14-00:13:49]
Green Strategy and Red Flags [00:13:50-00:14:48]
Using Data Analytics to Test Sustainability Claims [00:14:48-00:18:10]
Building a Strong Control Framework [00:18:13-00:19:27]
Internal Audit's Approach to Greenwashing Risk [00:19:27-00:20:58]
Training Auditors on Sustainability [00:20:58-00:21:52]
DWS Greenwashing Case [00:21:52-00:23:42]
2026 International Conference Promo [00:23:47-00:24:18]
Closing [00:24:25-00:24:34]
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
2026 IIA International Conference
Knowledge Centers: Environmental, Social, and Governance
Global Internal Audit Standards
Vision 2035
Global Perspectives & Insights: Sustainability
All Things Internal Audit: Unmasking Greenwashing
On the Frontlines: Greenwashing and Closing the Authenticity Gap
Five Questions: Preventing Greenwashing
 
Visit The IIA's website or YouTube channel for related topics and more.


Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit

In this episode, Pam Strobel Powers and Mark Maraccini discuss The IIA's recently updated Global Practice Guide Auditing Procurement in the Public Sector. They walk through the three pillars that make public sector procurement unique, explain how to distinguish a vendor from a subrecipient, and share why fraud risk in procurement deserves its own lane in your audit approach.

*Members Save in May*

Members can save 20% on CIA, CRMA, and IAP application and exam fees throughout May.
Becker, the official CIA exam review partner of The IIA, is also offering up to 20% off CIA exam prep and $50 off IAP prep.

Use the code May20% and access the offer here.
HOST: Pamela Stroebel Powers, CIA, CGAP, CRMA, CPA
Director of Professional Guidance, Public Sector, The IIA



GUEST: Mark Maraccini, CIA, CPA
Partner, Crowe LLP
Member, International Internal Audit Standards Board
 



 


KEY POINTS:
Introduction [00:00:02 - 00:00:30]

What Makes Public Sector Procurement Unique [00:01:07 - 00:04:16]
Transparency in Procurement [00:01:37 - 00:02:42]

Fairness and Equity in Procurement [00:02:42 - 00:03:31]

Legal and Regulatory Compliance [00:03:31 - 00:04:16]


Vendor vs. Subrecipient: Key Differences [00:05:24 - 00:08:44]

Applying the Procurement Lifecycle [00:09:34 - 00:10:54]

Using Risk and Control Matrices [00:11:23 - 00:12:54]
Manual vs. Technology-Driven Risk Assessment [00:11:48 - 00:12:33]


Fraud Risk in Procurement [00:13:24 - 00:15:31]

Equity and Supplier Diversity Programs [00:17:49 - 00:20:11]

Auditing Program Effectiveness vs. Compliance [00:20:47 - 00:21:28]

Final Thoughts [00:21:28 - 00:21:50]


IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
Global Practice Guide: Auditing Procurement in the Public Sector, 2nd Edition
Audit Tool: Procurement Risks and Controls for the Public Sector Examples
Third-Party Topical Requirement
Global Internal Audit Standards
Knowledge Centers: Public Sector
Certifications May Sale
Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit Tech 
In this episode, Adam Ross speaks with Vipul Patel about how organizations can better prepare for ransomware attacks. They talk through what goes wrong in the first hours of an attack, what smart preparation looks like, and where traditional audit approaches fall short when a business is in crisis mode.
 
HOST: Adam Ross, CIA, CISA

Partner and Internal Audit Services Leader, Grant Thornton




 



GUEST: Vipul Patel, CISA

Audit and Assurance Managing Director, IT Internal Audit Leader, Deloitte & Touche LLP









 
KEY POINTS:

Introduction [00:00:02-00:00:27]
Common Mistakes in Ransomware Response [00:00:27-00:02:14]
Building Crisis Communication Plans [00:02:20-00:03:03]
A Simple Incident Response Runbook [00:03:03-00:05:03]
Internal Audit's Role Before an Incident [00:05:03-00:07:05]
Stress Testing and "What If" Scenarios [00:07:05-00:08:01]
Tabletop Exercises and Cross-Functional Readiness [00:08:02-00:10:03]
Partnering With the CISO and Management [00:10:03-00:11:15]
Lessons Learned After Ransomware Incidents [00:11:15-00:14:05]
Governance Changes After an Attack [00:14:55-00:16:55]
Cyber Risk as a Business Issue [00:16:55-00:17:16]
Traits of Organizations That Respond Well [00:17:20-00:19:44]
Final Advice for Internal Auditors [00:19:44-00:20:56]
Visit The IIA's website or YouTube channel for related topics and more.


 
IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

Global Internal Audit Standards
Cybersecurity Topical Requirement
Course: Detecting, Mitigating and Responding to Global Ransomware Attacks
Articles: A Ransomware Playbook
IIA Certificates: IT General Controls Certificate
Knowledge Centers: Artificial Intelligence
Vison 2035
IIA Courses: Fundamentals of IT Auditing
Become a Certified Internal Auditor (CIA)
CIA Challenge Exam
 
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit 
 

In this episode, Benito Ybarra speaks with Margaret Pacheco about her experience earning the CIA through the Challenge Exam. They discuss who the exam is designed for, how it differs from the traditional three-part path, why it is not a shortcut, and how the CIA can strengthen credibility for internal audit professionals at every stage of their careers.
 
You can apply for the CIA Challenge Exam now if you meet the eligibility requirements, with multiple testing windows offered throughout the year.
If you're planning to qualify through the 10+ years of internal audit experience pilot, you must apply before September 30, 2026, and test during one of the remaining windows in 2026.

What's covered on the exam? The CIA Challenge Exam syllabus outlines the topics and structure so you know what to expect.

Not sure you're up for the Challenge? The IIA's Challenge Exam practice questions offer a simple way to preview the format and level of difficulty before you commit to the exam.
 


HOST: Benito Ybarra, CIA 

Executive Vice President, Global Standards, Guidance, and Certifications, The IIA







GUEST: Margaret Pacheco, CIA, CPA, PMP

Managing Director, Protiviti
 









 
KEY POINTS:
Introduction and Margaret's Background [00:00:27-00:01:20] 
Why Margaret Pursued the CIA Through the Challenge Exam [00:01:21-00:02:58] 
Is the Challenge Exam a Shortcut? [00:03:06-00:03:33] 
How the Challenge Exam Differs From the Three-Part CIA Exam [00:03:39-00:04:38] 
Who Is Eligible for the Challenge Exam? [00:04:49-00:06:09] 
Why the Challenge Exam Made Sense Later in Her Career [00:06:12-00:06:39] 
Study Strategy and Preparation Tips [00:06:40-00:07:53] 
How Margaret's CPA Background Helped [00:07:57-00:08:28] 
Advice for Candidates Considering the Exam [00:08:30-00:09:01] 
What the CIA Has Meant for Margaret's Career [00:09:03-00:09:54] 
How the CIA Builds Credibility With Employers and Clients [00:09:58-00:11:05] 
Why Accessibility Matters and Final Thoughts [00:11:05-00:11:57] 
Challenge Exam Reminder and Pilot Deadline [00:11:57-00:12:32]
Visit The IIA's website or YouTube channel for related topics and more.


RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

CIA Challenge Exam
Global Internal Audit Standards
Vison 2035
Become a Certified Internal Auditor (CIA)
IAP (Internal Audit Practitioner)
Certification Candidate Handbook
Certificate Programs
Follow All Things Internal Audit:

Apple Podcasts

Spotify

Libsyn

Deezer

All Things Internal Audit: Fraud Podcast
"The Heartbreaking Fraud"
Listen to The IIA's Fraud Podcast, brought to you by All Things Internal Audit. The Fraud Podcast provides fictionalized accounts of real-world frauds featured in Internal Auditor magazine's Fraud department. 
In this episode, one ordinary Thursday cracks open a decade of misplaced trust. What starts as a simple payroll question quickly spirals into a trail of inflated salaries, personal charges, and checks written to someone who was practically family. The money is gone, but the real cost runs much deeper.
Access the full article here.
Read the April issue here.
Interested in more fraud-related topics? Earn CPEs by registering for The IIA's Fraud Analytics for Internal Auditors Certificate, available online and in-person.


Chapters:
Introduction to the Case (00:00:00)
Part 1: A Thursday That Changed Everything (00:00:23)
Part 2: Something Doesn't Add Up (00:02:46)
Part 3: Peeling Back the Layers (00:03:56)
Part 4: The Truth (00:05:13)
Part 5: A Hard Lesson (00:06:07)

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Youtube
Libsyn
Deezer