Audit ≠ Security: Building Auditable Controls in a High-Velocity World ft Varun Prasad, Cloud Security & Privacy Assurance @ BDO

No se pudo agregar al carrito

Solo puedes tener X títulos en el carrito para realizar el pago.

Add to Cart failed.

Por favor prueba de nuevo más tarde

Error al Agregar a Lista de Deseos.

Por favor prueba de nuevo más tarde

Error al eliminar de la lista de deseos.

Por favor prueba de nuevo más tarde

Error al añadir a tu biblioteca

Por favor intenta de nuevo

Error al seguir el podcast

Intenta nuevamente

Error al dejar de seguir el podcast

Intenta nuevamente

Audit ≠ Security: Building Auditable Controls in a High-Velocity World ft Varun Prasad, Cloud Security & Privacy Assurance @ BDO

Escúchala gratis

Ver detalles del espectáculo

OFERTA POR TIEMPO LIMITADO | Obtén 3 meses por US$0.99 al mes

$14.95/mes despues- se aplican términos.

Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing link between fast-moving engineering teams and slow, annual audit cycles — and how organizations can stop treating audits as an afterthought and start using them as a trust-building mechanism.

Key Takeaways:

Audits are designed to provide reasonable assurance, not eliminate all risk
The biggest failure in modern GRC is building controls that are automated but not auditable
Continuous controls monitoring only works if auditors can validate completeness and accuracy
Screenshots persist because they remain the clearest way to demonstrate system state over time
Security controls should be built to improve posture first — and explained clearly second

What You’ll Learn:

Why audit skepticism is a feature, not a flaw
How internal and external audits serve fundamentally different purposes
Where continuous monitoring breaks down from an auditor’s perspective
What “auditable controls” actually mean in CI/CD environments
How AI can assist auditors without replacing human judgment

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Varun Prasad | Cloud Security & Privacy Assurance | BDO
Connect on LinkedIn: https://www.linkedin.com/in/varunprasad/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:

Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683

Apple Podcasts:

https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

Todavía no hay opiniones