The Institute of Internal Auditors Presents: All Things Internal Audit Tech

In this episode, Daniel McCarville speaks with Bill Bensing about shadow IT and why it continues to emerge inside organizations. They explore how shadow IT often signals innovation rather than just risk, and how internal auditors can help organizations balance experimentation, governance, and operational control. The conversation also introduces a practical framework for understanding how ideas move from exploration to validation and ultimately into formal operations.

• HOST:
  • Daniel McCarville Associate Vice President of Internal Audit Arch Capital

• GUEST:
  • Bill Bensing Chief Technologist and Co-Founder Attestify

KEY POINTS:

• Introduction [00:00:02-00:00:39]
• What Is Shadow IT? [00:00:39-00:01:56]
• Why Shadow IT Exists in Organizations [00:02:13-00:05:08]
• Shadow IT as a Source of Innovation [00:05:33-00:08:03]
• Why Small Internal Solutions Can Deliver Big Value [00:06:10-00:07:33]
• The Role of Shadow IT in Validating Ideas [00:09:14-00:10:56]
• Why Innovation Often Fails to Take Hold [00:12:41-00:14:00]
• How Leaders Can Enable Innovation Safely [00:14:00-00:16:54]
• Building Communities and Internal Flywheels of Innovation [00:17:00-00:18:55]
• Developing Internal Innovation Teams [00:19:08-00:21:24]
• Why Experimentation and Imperfection Are Necessary for Innovation [00:21:59-00:22:59]
• How Auditors Should Rethink Shadow IT Risk [00:23:02-00:24:17]
• The Exploration-Validation-Operation Model [00:24:17-00:28:07]
• Internal Audit's Role Across the Innovation Lifecycle [00:28:07-00:31:11]
• Addressing Shadow IT Risks Without Stifling Innovation [00:32:29-00:35:32]
• Why Building Tools Strengthens Career Growth [00:37:11-00:39:04]
• Learning Principles vs. Learning Tools [00:39:21-00:41:51]
• How Auditors Can Encourage Innovation While Maintaining Controls [00:41:59-00:46:30]
• Final Thoughts: Enabling Coordination Across the Three Lines [00:47:39-00:50:14]

Visit The IIA's website or YouTube channel for related topics and more.

IIA RELATED CONTENT: Interested in this topic? Visit the links below for more resources:

• Global Internal Audit Standards
• IIA Certificates: IT General Controls Certificate
• Knowledge Centers: Artificial Intelligence
• Vison 2035
• Become a Certified Internal Auditor (CIA)
• IIA Courses: Fundamentals of IT Auditing
• Combined Assurance
• 2026 Analytics, Automation and AI Virtual Conference
• The Big Idea: Shadow AI Isn't Just a Sign of Control Gaps

Follow All Things Internal Audit:

• Apple Podcasts
• Spotify
• Libsyn
• Deezer