All Things Internal Audit

The Institute of Internal Auditors Presents: All Things Internal Audit Tech
Internal audit is no longer operating in a world of fixed scopes and hindsight reviews. As risk becomes continuous, digital, and increasingly driven by AI-enabled decisions, audit must evolve just as quickly.
 
In this episode, Aadesh Gandhre is joined by Dave Montez and Richard Penfil from PayPal to introduce swarm auditing; an emerging approach that combines human judgment with orchestrated AI agents working in parallel. They discuss how audit functions can move beyond prompt libraries, embed AI directly into audit workflows, and rethink the assurance operating model without sacrificing independence or professional judgment.

HOST:
Aadesh Gandhre, CISA
Chief Audit Executive, DTCC
 
GUESTS:
Dave Montez
Chief Audit Executive, PayPal
 
Richard Penfil
Data Science Manager, Audit Operations, PayPal
 
KEY POINTS:
Introduction to Swarm Auditing and the Limits of Traditional Audit Models [00:00:02–00:01:25]
 

Why Audit Must Evolve for Continuous, AI-Driven Risk [00:01:40–00:03:26]
 

From Static Audit Cycles to Constant Evolution [00:03:27–00:04:17]
 

The "Flip Phone in a Smartphone World" Analogy [00:04:54–00:05:12]
 

The Mindset Shift Required for Swarm Auditing [00:05:48–00:07:32]
 

Cultural, Legal, and Psychological Barriers to AI Adoption [00:07:36–00:08:41]
 

Failing Forward and Creating Permission to Experiment [00:08:49–00:09:54]
 

From Doers to Reviewers: How the Auditor's Role Evolves [00:10:02–00:11:28]
 

Responsiveness to Change as a Core Audit Skill [00:11:40–00:12:29]
 

Building AI for Audit vs. Adopting Enterprise AI [00:12:39–00:14:23]
 

Making Space for AI Experimentation Within the Audit Plan [00:14:32–00:16:35]
 

Embedding AI Into Daily Audit Workflows [00:16:45–00:18:45]
 

What Swarm Auditing Really Means [00:19:00–00:20:39]
 

Managing Independence While Sharing AI Capabilities [00:21:10–00:22:32]
 

Moving Beyond Prompt Libraries to Agentic Swarms [00:23:38–00:25:03]
 

Collaboration Across Audit Functions and the Profession [00:25:14–00:27:09]
 

One Meaningful First Step Toward Swarm Auditing [00:27:50–00:28:25]
 

Closing Thoughts on the Future of Audit and Innovation [00:28:31–00:29:26]



IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
GAM 2026
2026 Analytics, Automation and AI Virtual Conference
AI Knowledge Centers
Learning Solutions: Leveraging Artificial Intelligence in Internal Audit
Global Internal Audit Standards
Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit
AI regulation is no longer on the horizon. It's here. In this episode, Ernest Anunciacion talks with Marko Horvat about how global AI regulations are reshaping governance, risk management, and the role of internal audit. They discuss why regulators are prioritizing risk to individuals and how AI governance spans the full system life cycle.

HOST:
Ernest Anunciacion, CIA
Head of Product Marketing, MindBridge AI
 
GUEST:
Marko Horvat, CPA
Senior Vice President of Business Transformation, ELB Learning
 




KEY POINTS:
Introduction and episode overview [00:00:01 – 00:00:28]

Why AI regulation is accelerating globally [00:00:56 – 00:01:26]

How regulators are redefining risk as harm to individuals [00:01:35 – 00:02:18]

EU-style risk tiering and prohibited vs. high-risk AI use cases [00:02:37 – 00:03:36]

Human-in-the-loop expectations and judgment-based AI decisions [00:03:36 – 00:04:11]

What regulators expect organizations to demonstrate [00:04:31 – 00:05:32]

Internal audit's expanding role across the AI life cycle [00:05:38 – 00:06:39]

Readiness assessments and the challenge of locating AI use [00:06:59 – 00:07:27]

AI literacy skills auditors need today [00:07:43 – 00:09:29]

Explainable AI, hallucinations, and model drift [00:08:21 – 00:09:29]

Common audit gaps: shadow AI, monitoring, and third-party risk [00:09:44 – 00:12:00]

Why vendor AI does not transfer accountability [00:12:02 – 00:12:21]

What internal audit teams should be doing right now [00:12:32 – 00:14:28]

Balancing continuous monitoring with new risk exposure [00:13:48 – 00:14:20]

Partnering with legal and compliance on AI governance [00:14:40 – 00:15:10]

Final takeaways: AI regulation is no longer theoretical [00:15:28 – 00:16:31]


IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
GAM 2026
2026 Analytics, Automation and AI Virtual Conference
AI Knowledge Centers
Learning Solutions: European Union Regulations
Learning Solutions: Leveraging Artificial Intelligence in Internal Audit
Global Internal Audit Standards
 
Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit
Deepfakes are reshaping fraud, trust, and evidence, and challenging what organizations can rely on as "proof." In this episode, Andrew Guasp speaks with Corey Chadderton about how AI-generated media is being used to impersonate leadership and bypass controls, why the barriers to entry have collapsed, and what internal auditors must do to strengthen governance, training, and response as these risks accelerate into 2026.

HOST:
Andrew Guasp, CIA, CFE
Senior manager, Standards & Professional Guidance, The IIA

GUEST:
Corey Chadderton, IAP
Internal Auditor, Barbados Water Authority






KEY POINTS:
Introduction to Deepfakes and Audit Risk [00:00:02–00:00:40]

What Are Deepfakes and Why Auditors Must Pay Attention [00:00:40–00:02:40]

How Deepfake Technology Works (Without Becoming a Technical Expert) [00:02:50–00:04:10]

Deepfakes as a "Force Multiplier" for Fraud [00:04:20–00:06:22]

Real-World Deepfake Fraud and Governance Failures [00:06:24–00:08:36]

Reputational Risk, Content Monitoring, and Trust Breakdown [00:08:36–00:09:32]

Where Organizations Are Most Vulnerable Today [00:09:51–00:12:59]

Applying Cyber Testing Techniques to Deepfake Risk [00:13:10–00:13:55]

Red Flags and Indicators of Manipulated Media [00:14:04–00:16:10]

The Power of the Pause and Training Against Urgency Attacks [00:16:13–00:18:22]

Limits of Deepfake Detection Tools and the Human Factor [00:18:28–00:22:01]

Professional Skepticism Beyond the Audit Function [00:22:01–00:23:51]

Internal Audit's Advisory Role in Policies and Incident Response [00:24:02–00:27:14]

Staying Ahead Through Continuous Risk Assessment [00:27:23–00:30:04]

Closing Thoughts [00:30:04–00:30:19]


IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
GAM 2026
AI Knowledge Centers
CEO Message: Combating Deepfakes
Global Internal Audit Standards
 
Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit
In this episode, Eric Wilson talks with Dr. Kelly Richmond Pope about the psychology behind fraud, why ordinary people commit unethical acts, and how trust, pressure, and culture shape fraud risk. They explore accidental versus intentional perpetrators, cognitive blind spots, whistleblowing challenges, and what auditors can do to better detect and prevent fraud. 



HOST:
Eric Wilson, CIA
Director of Internal Audit & Chief Audit Executive, Gulfport Energy
 
GUEST:
Kelly Richmond Pope, CPA, PhD
Forensic Accounting Professor, DePaul University
https://www.kellyrichmondpope.com/



KEY POINTS:
Introduction to Fraud Psychology [00:00:02–00:00:32]

What Sparked an Interest in Fraud and Human Behavior [00:00:32–00:03:33]

Why Fraud Is Often Committed by "Ordinary" People [00:03:33–00:04:21]

Pressure, Life Events, and the Path to Fraud [00:04:21–00:06:48]

Thrill-Seeking, Power, and the Adrenaline Factor [00:06:58–00:08:20]

Intentional, Accidental, and Righteous Fraud Explained [00:08:20–00:10:18]

Why Accidental Perpetrators Are the Hardest to Detect [00:08:40–00:10:18]

Cognitive Blind Spots and the Role of Trust [00:10:19–00:13:46]

Lessons from One of the Largest Municipal Fraud Cases [00:12:29–00:13:46]

The Difficult Reality of the Internal Auditor's Role [00:13:46–00:15:38]

When and Why to Bring in Third-Party Investigators [00:15:52–00:16:16]

Cultural Warning Signs That Fraud Risk Is Increasing [00:16:36–00:17:51]

Charisma, Likability, and Fraud Risk [00:17:51–00:19:07]

Managing Relationships While Maintaining Objectivity [00:18:20–00:20:12]

Behavioral Red Flags Auditors Should Not Ignore [00:20:16–00:22:50]

Narcissism, Leadership, and Corporate Environments [00:22:50–00:23:38]

Why Whistleblowing Is So Difficult [00:23:59–00:25:59]

A Critical Mindset Shift for Auditors [00:26:11–00:26:33]

Closing Thoughts and Practical Takeaways [00:26:33–00:27:16]


IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
Global Practice Guide: Internal Auditing and Fraud, 3rd Edition
Vision 2035
2026 Fraud Unmasked Virtual Conference
Global Internal Audit Standards
Internal Auditor Magazine: "Playing the Long Game" (Eric Wilson's article)
Webinar: Internal Auditing and Human Personality: Compatibility Mapping
Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit
In this episode, Mike Levy talks with Dan Fornelius about the skills internal auditors need in 2026 and how to deliver real advice, insight, and foresight that leaders value. They discuss earning a seat at the table, balancing advisory work with independence, aligning audit work to strategy, and how AI and analytics are transforming internal audit. The conversation highlights the shift toward strategic, insight-driven auditing and what auditors must do to stay relevant.


HOST:
Mike Levy, CIA, CRMA, CISSP
CEO, Cherry Hill Advisory

GUEST:
Dan Fornelius, CIA
Director & Integrated Risk Leader, CrossCountry Consulting
IIA North Jersey Chapter Board Member 


 


KEY POINTS:
 
Introduction and the Evolution of Internal Auditing [00:00:02–00:00:39]

Defining Advice, Insight, and Foresight in Internal Audit [00:00:39–00:01:16]

Earning a Seat at the Table Through Early Engagement [00:01:16–00:02:00]

Aligning Audit Work With Organizational Strategy [00:02:42–00:03:33]

Using Business Language to Drive Impact and Value [00:03:37–00:04:20]

Balancing Advisory Services and Independence [00:04:32–00:06:40]

Independence vs. Objectivity: Reframing the Debate [00:07:02–00:08:35]

Providing Real-Time Guidance on Emerging Risks [00:09:12–00:10:27]

Why Internal Audit's Holistic View Drives Insight [00:10:31–00:11:24]

Defining and Delivering Actionable Insights [00:11:26–00:16:01]

Using Data, Analytics, and Early Warning Indicators [00:12:21–00:15:27]

Technology and AI as Enablers of Better Storytelling [00:16:12–00:18:33]

How AI Frees Auditors to Focus on the "So What" [00:18:45–00:21:06]

Skills and Attributes of the Future Auditor [00:21:22–00:23:25]

Why Communication and Questioning Matter More Than Ever [00:23:25–00:25:01]

Final Reflections on Value-Driven Internal Auditing [00:25:01–00:26:16]

IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:
2026 Fraud Unmasked Virtual Conference
Global Internal Audit Standards
Vision 2035
Advice and Resources
Knowledge Centers Artificial Intelligence
All Things Internal Audit: Advisory Work: How to Consult
Learning Solutions: The Advisory Engagement

Visit The IIA's website or YouTube channel for related topics and more.


Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer