The Institute of Internal Auditors Presents: All Things Internal Audit Tech
Sponsored by Grant Thornton

Cloud security has become a top board-level concern and a permanent fixture on audit plans. In this companion episode to the Global Best Practices’ A Roadmap to Auditing Cloud Security, Adam Ross talks with Vik Rai and Aadesh Gandhre about the challenges of auditing in multi-cloud environments, regulatory requirements, and the importance of governance and shared responsibility. They explore skill gaps, third-party risk, frameworks, and practical approaches to building a phased cloud security audit program, helping internal auditors strengthen resilience and provide real value.

KEY POINTS:

• Introduction [00:00 –00:00:47 ]
  

• Why Cloud Security Matters Now [00:00:51 –00:03:10 ]
  

• Board-Level Visibility and Audit’s Role [00:03:12 –00:05:51 ]
  

• Regulatory Expectations and Frameworks [00:05:54 –00:10:28 ]
  

• Skills and Governance at the Board Level [00:11:14 –00:13:49 ]
  

• Shared Responsibility and Security Models [00:14:05 –00:17:51 ]
  

• Resiliency, Outages, and Accountability [00:17:13 –00:18:57 ]
  

• Starting a Cloud Security Audit [00:19:08 –00:21:46 ]
  

• Upskilling Auditors for Cloud Environments [00:22:14 –00:23:05 ]
  

• Cloud Security Posture Management (CSPM) [00:23:15 –00:27:54 ]
  

• Phased and Risk-Based Audit Planning [00:29:07 –00:35:42 ]
  

• Final Thoughts [00:37:02 –00:40:43 ]
  

• Closing [00:41:28 –00:41:46 ]

IIA RELATED CONTENT: 
Interested in this topic? Visit the links below for more resources:

• Global Best Practices: A Roadmap To Auditing Cloud Security
• Webinar: Hybrid Cloud Security: A Primer for Internal Auditors
• Tech: Control in the Cloud
• 2025 Financial Services Exchange Conference

Visit The IIA's website or YouTube channel for related topics and more.

Follow All Things Internal Audit:
Apple Podcasts
Spotify
Libsyn
Deezer