The Institute of Internal Auditors Presents: All Things Internal Audit Tech

HOST:
Bill Truett, CIA, CISA
Senior Manager, Standards & Guidance, IT, The IIA

GUEST:
Nick Reese
Co-founder and Chief Operating Officer, Frontier Foundry
Adjunct Professor, New York University

KEY POINTS:

• Introduction and What's New in Quantum [00:00-01:34]
• What is Quantum Computing? [00:01:34-05:57]
• Milestones in Quantum Development [00:05:58-07:50]
• Quantum + AI? Not Yet [00:08:12-09:58]
• What Auditors Should Know About NIST Standards [00:10:00-11:54]
• Immediate Steps for Internal Audit [00:13:15-17:38]
• Legislation and Regulatory Outlook [00:20:28-22:19]
• Global Threats and Historical Analogies [00:22:20-26:11]
• Key Terms Auditors Should Learn [00:26:17-28:34]
• Training Resources [00:28:35-31:00]
• Opportunities Beyond Risk Management [00:31:00-34:11]
• The Five-Year Vision [00:34:16-37:21]
  

THE IIA RELATED CONTENT:
Interested in this topic? Visit the links below for more resources:

• 2025 Governance, Risk & Controls Conference
• All Things Internal Audit: Quantum Computing
• GTAG: Assessing Cybersecurity Risk
• Cyber Resource Center
• Post-Quantum Cryptography Roadmap – DHS.gov
• NIST’s Post-Quantum Cryptography Project

Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit Tech

In this episode, Mike Levy and Shontelle Mixon discuss the growing risks tied to fourth-party relationships. They discuss how internal auditors can leverage technology, enhanced contracts, and cross-functional collaboration to pinpoint, track, and reduce those downstream risks. They break down how internal audit's role is evolving in a world shaped by cybersecurity, AI, and shifting regulations.

HOST:
Mike Levy, CIA, CRMA, CISSP
CEO, Cherry Hill Advisory

GUEST:
Shontelle Mixon, CPA
Divisional SVP, Internal Audit and Special Investigations, Healthcare Service Corporation

KEY POINTS:

• Introduction [00:00–00:00:38]
• What Is Fourth-Party Risk? [00:00:38–00:01:52]
• Evolution of Risk and Offshoring Trends [00:01:52–00:02:32]
• Mitigating Fourth-Party Risks [00:02:32–00:03:47]
• Steps for Maturing a Vendor Risk Program [00:03:47–00:04:50]
• The Challenge of Shadow IT [00:04:50–00:05:54]
• Data Mining and Continuous Monitoring [00:05:54–00:06:59]
• Beyond the SOC Report [00:06:59–00:08:27]
• Getting Started Without Tech [00:08:27–00:09:32]
• Cybersecurity as a Starting Point [00:09:32–00:10:44]
• Educating the Audit Committee [00:10:44–00:12:00]
• Real-Time Monitoring and Vendor Audits [00:12:00–00:13:09]
• Misconceptions About Outsourcing Risk [00:13:09–00:13:56]
• Preparing for the Future [00:13:56–00:15:32]
• Pitfalls in Contracting [00:15:32–00:16:38]
• First Step for New Audit Functions [00:16:38–00:17:12]
• Aligning with Organizational Risk Priorities [00:17:12–00:18:36]
• Getting Executive Buy-In [00:18:36–00:20:06]
• Supporting Smaller Audit Shops [00:20:06–00:21:14]
• Final Advice [00:21:14–00:21:58]

THE IIA RELATED CONTENT:
Interested in this topic? Visit the links below for more resources:

• 2025 International Conference
• Learning Solutions: Navigating Third and Fourth Party Risks
• Learning Solutions: Auditing Third-Party Risks

Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer

The Institute of Internal Auditors Presents: All Things Internal Audit Tech

In this episode, Logan Wamsley talks with George Barham about The IIA’s Cybersecurity Topical Requirement. They discuss how internal audit functions should prepare for its 2026 effective date, and why CAEs should take action now. The conversation also highlights the requirement's companion user guide, outsourcing considerations, framework references, and IIA resources available to help internal audit functions conform with confidence.

HOST:
Logan Wamsley
Associate Manager, Content Development, The IIA

GUEST:
George Barham, CIA, CRMA, CISA,
Director, Standards & Guidance, The IIA

KEY POINTS:

• Introduction [00:00-00:00:21]
• Background on the Cybersecurity Topical Requirement [00:00:21-00:01:31]
• Key Feedback and Early Implementation Advice [00:01:31-00:03:09]
• Tips from CAEs on Getting Started [00:03:09-00:04:37]
• How to Use the Companion User Guide [00:04:37-00:05:57]
• Outsourcing Considerations [00:05:57-00:07:30]
• Framework References and Mapping [00:07:30-00:09:37]
• Keeping Up with the Evolving Cyber Landscape [00:09:37-00:11:30]
• Annual Review and Updates [00:11:30-00:12:24]
• Advice as the Effective Date Approaches [00:12:24-00:14:26]
• Additional IIA Resources and Support [00:14:26-00:16:38]
• Final Thoughts [00:16:38-00:18:23]

THE IIA RELATED CONTENT:
Interested in this topic? Visit the links below for more resources:

• Cybersecurity Topical Requirement
• Executive Knowledge Brief: The Cybersecurity Topical Requirement in Practice
• GTAG: Assessing Cybersecurity Risk
• 2025 Cybersecurity Virtual Conference
• Cyber Resource Center
• A New Tool to Monitor Established Risks

Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer