Governance Unplugged - Internal Audit, Risk & Controls

Governance Unplugged – Episode 12 From Trustless Code to Trusted Governance: Why Crypto Needs Boards and (Internal) Audit Guest: Marieke Flament: https://www.linkedin.com/in/mariekeflament/ Episode Summary Crypto was built on “don’t trust people, trust the code.” But code is written, maintained, and exploited by people. In this episode, Thomas sits down with Marieke — a crypto-governance expert and industry leader — to explore the paradox at the heart of Web3: trustless architectures still require trusted structures. We unpack how Bitcoin and Ethereum took different paths, what DAOs have actually taught us about decision-making, why “trustless ≠ riskless,” and how boards, risk management, and internal audit can bring credibility, resilience, and scale to this fast-maturing space. You’ll hear concrete examples (FTX, Terra/Luna), practical boardroom questions for M&A and partnership decisions, and a clear playbook for founders who want governance to be a growth multiplier, not a brake pedal. What We Cover • Bitcoin vs. Ethereum: two governance philosophies, one shared lesson • DAOs: transparency, participation—and the human layer that never disappears • “Trustless ≠ Riskless”: why accountability and oversight still matter • What TradFi can learn from Web3 (traceability, on-chain analytics) • What Web3 can learn from TradFi (boards, controls, audit discipline) • The role of Internal Audit in crypto: from “after-the-fact” to “at-the-table” • Crisis readiness: scenarios, controls, and board behaviour when things break • Founder–Board dynamics: co-creation over compliance theatre • A day-one governance checklist for crypto founders Key Takeaways • Governance is a capability, not a constraint. In crypto, it’s the difference between hype and scale. • DAOs increase transparency, not infallibility. Human incentives and bias remain—just more visible. • Internal Audit belongs at the table. Anticipate risks early, shape controls, and strengthen credibility. • Convergence is here. TradFi gains traceability; Web3 gains board discipline and structured assurance. • Trust is built before the storm. Scenario planning and control design are non-negotiable. Memorable Lines • “Trustless doesn’t mean riskless.” • “Founders who treat boards as partners unlock real, sustainable growth.” • “Governance isn’t the enemy of innovation—it’s a multiplier.”

🎙 Governance Unplugged – Episode 11 Small but Mighty: Running a High-Impact Audit Function with Limited Resources with Ingo Hartmann Welcome back to Governance Unplugged! In Episode 11, Thomas sits down with Ingo Hartmann, Head of Group Audit & Consulting at Maxon, to unpack how lean internal audit teams can punch well above their weight. With 20+ years across internal audit, risk, and compliance (including Big-4 and industry roles), Ingo shares practical strategies for credibility, focus, and influence when you don’t have a big headcount. 🎯 Episode Highlights ✅ Closer to the business = earlier risk sensing. Small teams build trust faster, hear the “real story,” and spot issues before they escalate. ✅ Credibility through consistency. Deliver what you promise, meet deadlines, and show up prepared — reliability beats volume of reports. ✅ Focus where it matters (the 20% driving 80% of risk). Use risk-based planning across process, IT, and board/shareholder lenses; keep reporting sharp and succinct. ✅ Narrative over noise. Position audit as a connector and enabler — tell impact stories (risk reduction, safer operations, better decisions), not just lists of findings. ✅ Say “no” to protect “yes.” Avoid overcommitting; defend independence and quality by being transparent about priorities and capacity. ✅ Scale with partnerships. Use guest auditors (finance, procurement, etc.) with light training and clear guidance; co-/outsourcing for specialist topics (e.g., IT, ESG). ✅ Board engagement that counts. Regularly gather insights from directors; align on top risks and trade-offs (e.g., supply-chain stock decisions and their real costs). ✅ Pragmatic yet principled. Be approachable and solution-oriented while staying independent and compliant — clarity about the audit mission keeps the balance. ✅ Looking ahead. Smart use of AI in audit — and a cultural shift so leaders see audit as a driver of improvement, not a “pain.” 💡 Key Takeaway Lean audit teams win by focus, reliability, and storytelling. When you consistently deliver on the few things that matter most — and communicate the value — size stops being the headline. 🔗 Connect with Ingo Hartmann LinkedIn: Ingo Hartmann https://www.linkedin.com/in/ingo-hartmann-44a53a8/ 📝 Disclaimer The views expressed by the guest are personal and do not represent any current or former employer. 🎧 Listen & Join the Conversation Catch the full episode now on Spotify, Apple Podcasts, or your favorite platform. If it resonates, please subscribe, rate, and share — and let’s keep building smarter, more resilient organizations, one conversation at a time!

Welcome to another episode of Governance Unplugged! In Episode 10, host sits down with Barry Franck (LinkedIn | www.tech-trust.ch), renowned board advisor, transformation leader, and founder of Tech Trust. This episode cuts through the buzzwords — AI, blockchain, cybersecurity, digital transformation — and gets to the heart of what truly matters in today’s boardrooms. 🎯 Episode Highlights • ✅ Why boards must become digitally savvy — and the crucial role internal audit plays in guiding this journey. • ✅ Translating complex technology risks into actionable board insights, not just technical jargon. • ✅ Why 75% of ERP and digital transformation programs fail — and what auditors need to watch for to ensure success. • ✅ Embedding culture into every audit — moving beyond checkbox exercises to truly shape organizational values. • ✅ Diversity and inclusion as governance strengths — discovering how varied perspectives help spot risks sooner and drive smarter decisions. • ✅ From defense to resilience in cybersecurity — shifting the mindset to thrive amid emerging threats. • ✅ Building credibility and influence as audit leaders — evolving from “trend chasers” to trusted strategic partners in the boardroom. 💡 Key Takeaway Internal audit earns its seat at the table not by reacting to headlines, but by translating them into clarity, foresight, and better decisions. 🔗 Connect with Barry Franck • LinkedIn: Barry Franck • Website: www.tech-trust.ch 🎧 Listen & Join the Conversation Catch the full episode now on Spotify, Apple Podcasts, or your favorite podcast

Ep 9: Founders Need Firepower: Why Smart Startups Build Smart Boards (w/ Marieke Flament) 🚀 Episode summary Boards aren’t a brake—they’re a launchpad. In this episode, Marieke Flament https://www.linkedin.com/in/mariekeflament/ (two-time CEO, builder, investor, and board member) joins host Thomas Michel https://www.linkedin.com/in/thomas-michel-ksg/ to demystify startup governance. We explore why smart founders build boards early, how to select the right people, and what a “smart board” looks like as a company scales. We also dive into crisis readiness, founder–board trust, and the practical role of risk, compliance, and internal audit on the growth journey. 💡🛡️ What you’ll learn • Why early boards matter: Build the governance “muscle” before investors require it. 🏋️‍♀️ • Debunking myths: Boards don’t slow you down—the wrong boards do. ❌🐢 • Designing a smart board: Complement founder skills, think in phases, evolve as you scale. 🧩📈 • Crisis firepower: How strong boards show up when things get tough. 🔥🧭 • Pragmatic assurance: Risk mapping, compliance, and (later) internal audit as strategic enablers. 🗺️🧰 • Founder–board trust: Rituals, communication, and the value of “coffee-machine” moments. 🤝☕ Who this episode is for Founders, co-founders, startup leaders, operators moving into governance roles, early investors, and anyone designing boards for growth. 🎯 Key takeaways (fast facts) • Treat your board like a product. Define requirements, iterate, and measure fit. 🛠️ • Pick for fit and value, not for logos. Big names ≠ right chemistry. 🏷️ • Build before you “need” it. Governance works best when it’s proactive. ✅ • Map your risks early. Decide what to mitigate vs. accept. ⚖️ • In a crisis, boards add altitude. Perspective, networks, and calm execution matter. 🧠 • “Know your place.” Great board members challenge, support, and don’t try to be the CEO. 🪑 Memorable quotes • “Build your board like it’s your product.” 🧪 • “Smart startups don’t build boards because they have to—they build them because they’re ready to go the distance.” 🏁 • “Governance isn’t a brake; it’s a launchpad.” 🚀 Guest Marieke Flament — operator, two-time CEO, investor, and board member at the intersection of innovation, governance, and impact. Connect with Marieke on LinkedIn: https://www.linkedin.com/in/mariekeflament/ 🔗 Host Thomas Michel — Founder of Governance Unplugged – Internal Audit, Risk & Controls. Senior audit & risk leader focused on making governance practical, impactful, and future-ready. ⚙️ Links & resources • Follow the podcast on your favorite platform and on LinkedIn for new episodes and extras. ⭐ • Interested in governance, risk & internal audit topics for your team? Get in touch. 📩 Disclaimer The views expressed by guests are their own and do not represent the views of any affiliated organization.

Governance Unplugged – Episode 8 “Culture in the Spotlight: Where Tone, Behaviours and Risk Intersect” Culture isn’t just a “soft” topic—it’s a core driver of behaviour, and behaviour drives risk. In this episode, Thomas Michel is joined once again by Kevin Martin to explore one of the most elusive yet impactful areas of internal audit: auditing culture. Together, they unpack why culture matters, the risks of ignoring it, and how auditors can approach this sensitive area with credibility and value. Auditing culture is not about passing judgment, but about understanding behaviours, assessing tone, and connecting the dots between risks, incentives, and the control environment. Key Topics Discussed • Why culture is a critical risk factor—and what’s at stake if we ignore it • The link between tone at the top, individual behaviours, and organizational outcomes • How to approach auditing culture without making it personal or confrontational • Warning signs of cultural weakness: from mandatory training to incentive schemes • Embedding culture assessment into every audit instead of treating it as a standalone exercise • The role of auditors as both analysts and “organizational anthropologists” • Why whistleblowing, psychological safety, and trust are central to healthy culture • Practical ways to spot “cliff edge” risks and unintended consequences of incentive programs Takeaway Auditing culture requires courage, curiosity, and sensitivity. By focusing on behaviours, incentives, and tone, internal auditors can shine a light on cultural dynamics that either strengthen or undermine resilience. Culture, when understood well, becomes not a minefield—but a source of meaningful insight and lasting organisational strength. Listen now on Apple Podcasts, Spotify, or your favourite platform—and join the conversation on LinkedIn at KeyStone Governance.

Governance Unplugged – Episode 7 “Beyond the Hype: Using AI with Integrity in Internal Audit” Guest: Gavin Martin, seasoned internal audit executive and technology risk expert with leadership roles at UBS, Credit Suisse, and Lloyds Banking Group. How can we embrace Artificial Intelligence in Internal Audit, without losing our professional skepticism? In this episode, host Thomas is joined once again by Gavin Martin to explore one of the most pressing topics in today’s assurance landscape: the rise of AI. Together, they unpack how internal auditors can leverage AI responsibly, without falling into the trap of blind adoption or over-reliance. Drawing on decades of experience and sharp observation, Gavin explains how to distinguish between efficiency and effectiveness when applying AI, and why focusing on outcomes is more critical than ever. Key Topics Discussed: • The real value of AI: boosting efficiency and audit effectiveness • Why outcome thinking must come before AI adoption • How unconscious biases and “authority bias” can mislead auditors • What “AI drift” is, and how to spot it before it erodes trust • Risks of over-relying on AI-generated audit evidence and reports • How internal audit can audit AI-enabled business processes • What it takes to build responsible AI governance frameworks • Deepfakes, model risk, and the return of old-school audit techniques • Human roles in an AI-driven audit world: recalibrating expectations Takeaway: Adopting AI is inevitable, but it must be done with clarity, curiosity, and integrity. Don’t just follow the trend. Define the outcome, align the tools, and empower the humans behind the process. Gavin’s Advice to Auditors: “Focus on the outcome. Know whether you're targeting efficiency, effectiveness, or both. Then ask the right questions, of the AI, and of yourself.” Don’t forget to follow or subscribe to Governance Unplugged on your favorite podcast platform and connect with host Thomas Michel on LinkedIn. Have a guest or topic in mind? Visit keystone-governance.ch to get in touch.

Timeless Risks & Integrated Assurance: Rethinking the Audit Lens Guest: Gavin Martin, Experienced Internal and External auditor having worked with some of the largest banks in the world. (Linkedin: https://www.linkedin.com/in/gavin-martin-ukch/) 🔍 Why do “forever risks” demand a different audit playbook? Host Thomas sits down with Gavin with nearly 30 years of experience across internal and external audit functions at organizations like UBS, Credit Suisse, and Lloyds Banking Group. Gavin shares how how Internal Audit, and the wider 3-lines ecosystem, can stay ahead of risks that never really disappear (think cyber, AML, climate) while orchestrating truly integrated assurance. 🎧 Key Topics Discussed • Defining timeless risks vs. short-lived “hot topics” • Moving from photo-snap audits to a full-length film of control maturity • Why annual planning may block a multi-year risk view… and how to fix it • Continuous insights: spotting stress points before they become findings • Integrated assurance in practice: same destination, different vantage points • Sampling, taxonomies & maturity models, aligning on the fundamentals • Internal Audit as orchestrator: nudging first & second lines without losing independence • Small-step pilots: starting with one risk (e.g., cyber) and scaling what works 💡 Takeaway Sustainable assurance isn’t about more audits, it’s about shared outcomes, aligned methods and continuous storytelling. Start with one enduring risk, agree on what “good” looks like together, and build momentum from there. 🎯 Gavin’s Advice to Auditors “Pick one area, unite the right people, agree on the outcome, and prove it works. Then replicate. Progress beats perfection.” 📌 Subscribe to Governance Unplugged on Apple Podcasts or Spotify, and connect with host Thomas Michel on LinkedIn (https://www.linkedin.com/in/thomas-michel-ksg/). Have a guest or topic suggestion? Visit keystone-governance.ch and let us know!

Guest: Gavin Martin, Experienced Internal and External auditor having worked with some of the largest banks in the world. 🔍 What should audit committees really be asking internal audit? In this episode, host Thomas Michel is joined by governance, risk and control expert Gavin Martin to explore how audit committees can further enhance their effectiveness as stewards of internal audit. With nearly 30 years of experience across internal and external audit functions at organizations like UBS, Credit Suisse, and Lloyds Banking Group, Gavin shares how audit committees can engage more meaningfully, with the right questions, fostering a deeper understanding of risk appetite, and stronger collaboration. 🎧 Key Topics Discussed: • Why understanding internal audit’s risk appetite choices is critical for effective oversight • How to make audit planning and audit universes more transparent to the committee • The power of generative AI in audit, and the behavioral risks it introduces • Rethinking assurance: From single-year outputs to timeless risks perspectives • How audit committees can better challenge, calibrate, and align with internal audit • Why it’s time to balance audit calendars with flexible, risk-based interventions • Building trusted relationships through onboarding, curiosity, and clarity 💡 Takeaway: Oversight isn’t just about reviewing audit reports, it’s about surfacing and aligning on the assumptions and judgments that underpin them. True value lies in transparency, shared risk understanding, and honest dialogue between internal audit and the audit committee. 🎯 Gavin’s Advice to Auditors: “Be brave enough to have the conversations. Focus on outcomes, not just tasks. The real power lies in understanding, not ticking boxes.” 📌 Don’t forget to follow or subscribe to Governance Unplugged on your favorite platform and connect with host Thomas Michel on LinkedIn. Have a guest or topic in mind? Visit keystone-governance.ch to get in touch.

Episode 3: Beyond the Checklist – The True Power of Internal Audit Guest: Nicolas Steyaert Head of Internal Audit at Swarovski (Connect on LinkedIn) In this episode of Governance Unplugged, we go beyond the checklist with Nicolas Steyaert, a seasoned internal audit professional with 28 years of global experience. Nicolas reflects on the remarkable evolution of internal audit—from a traditional watchdog function to a strategic partner that drives transformation, culture, and trust within organisations. We explore: • The mirror effect: how internal audit helps organisations reflect and evolve • Why humility, curiosity, and integrity are the true superpowers of great auditors • The future of internal audit in the age of AI, automation, and responsible governance • How internal audit earns its seat at the table and influences corporate strategy Nicolas also shares stories from his early career at WorldCom, and how that experience shaped his approach to ethical leadership and impact. Connect with Nicolas Steyaert on LinkedIn: linkedin.com/in/nicolas-steyaert-2529a83 Thomas Michel https://www.linkedin.com/in/thomas-michel-ksg/ Whether you're an auditor, a corporate governance leader, or simply curious about how internal audit can become a true co-pilot for organisational success, this episode is for you. 🛫 Step into the cockpit with us. This is internal audit like you've never heard it before. Webpage: www.keystone-governance.ch Email: podcast@keystone-governance.ch

In this energizing episode of Governance Unplugged, host Thomas Michel sits down with internal audit specialist and veteran Cynthia Boumann to explore how internal audit can evolve into a future-fit, value-adding function, without losing sight of governance principles. With decades of experience as Global Head of Internal Audit, CFO, and Big Four leader, Cynthia shares powerful insights on: • Why internal audit is often seen as a “square peg in a round hole” — and how to change that • The importance of influence over enforcement in driving value • How to build trust and credibility across senior leadership • Embracing agility and design-focused auditing • Practical ways to embed AI into the audit lifecycle (yes—even talking about scorpion stings!) • The changing skillset of internal auditors in the age of automation • How soft skills, curiosity, and joy drive career resilience and relevance “The true power of internal audit lies in its influence — not in counting findings.” – Cynthia Boumann Whether you're a Chief Audit Executive or just starting your career, this episode offers practical advice, real-world stories, and a refreshing perspective on audit's evolving role in today's fast-paced world. Don’t forget to follow, share, and rate the show. For feedback or topic suggestions, connect with Thomas via LinkedIn or visit www.keystone-governance.ch. Together, let’s build stronger, more resilient organizations — one conversation at a time.

Welcome to the very first episode of Governance Unplugged! In this premiere, host Thomas Michel—a governance expert with 25 years of experience, including leadership roles at the World Economic Forum—sets the stage for an engaging journey into corporate governance, risk management, and internal audit. In this episode, Thomas shares the vision behind the podcast, highlights key upcoming topics like the future of internal audit, risk management in a volatile world, digital transformation, and ESG governance, and explains why governance professionals must evolve from oversight functions to strategic enablers. Join the conversation, subscribe, and be part of a growing community dedicated to driving governance excellence. Let’s build stronger, more resilient organizations—one conversation at a time!

The Global Internal Audit Standards (GIAS) 2025 are here! But what do they really mean for internal auditors, risk managers, and governance professionals? In this episode of Governance Unplugged, host Thomas Michel—a seasoned internal audit and risk expert—breaks down everything you need to know about the new standards. Key Takeaways: - Why the new standards matter and how they modernize internal audit - The biggest changes in GIAS 2025, from a principle-based approach to data-driven auditing - How to align internal audit with strategy, risk, and corporate culture Practical steps to implement the standards while maintaining independence and impact GIAS 2025 isn’t just an update—it’s an opportunity to elevate the role of internal audit and create true business value. Tune in to discover how to move beyond compliance and become a trusted, strategic partner in your organisation. Don’t forget to subscribe, share, and leave a review to support the podcast and help bring more great conversations to the governance community! Together, let’s build stronger, more resilient organisations—one conversation at a time. Contact: www.keystone-governance.ch