Cherry Bekaert: Risk & Cybersecurity

Key Governance Risks in AI Deployments

In the third episode of the Risk and Cybersecurity podcast’s AI Compliance series, host Lauren Ross is joined by Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services. Together, they dive into the unique governance and risk management challenges organizations face when deploying internal AI versus leveraging third-party artificial intelligence (AI) solutions.  This episode covers practical approaches to data and model governance, the role of frameworks like ISO 42001 and SOC 2 in supporting responsible AI development, and the essentials of effective vendor due diligence. Our guests also explore how organizations can strengthen contractual safeguards and monitor for model drift and ethical concerns in vendor AI tools.  Tune in to learn more about: * Key governance and risk management considerations for internal and vendor AI * How ISO 42001 and SOC 2 frameworks support responsible AI  * Vendor due diligence and contractual safeguards in AI partnerships * Strategies for monitoring model drift, bias, and ethical risks in third-party AI tools * Practical steps organizations can take today to strengthen AI compliance and data protection View All Podcasts from this Series [https://www.cbh.com/guide/?s=&guidance-service=risk-advisory-services&guidance-industry=0&guidance-type=podcasts&orderby=relevance&post_type=guide]

Understanding the Drivers of AI Compliance

In the second episode of the AI Compliance series, host Lauren Ross is joined by Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services. Listen in as they explore the evolving landscape of artificial intelligence (AI) regulations, including the impact of the European Union (EU) AI Act and U.S. executive orders, and how organizations can proactively prepare for regulatory uncertainty.  The episode also covers what enterprises should look for when evaluating AI vendors, the changing role of procurement in assessing AI risk, and the most overlooked risks in AI systems today. Finally, they examine how compliance frameworks can help organizations mitigate reputational harm in the event of AI failures.  Tune in to learn more about: * The impact of emerging regulations on global AI strategies * How organizations can prepare for regulatory uncertainty and evolving compliance requirements * Key compliance criteria and certifications enterprises should look for from AI vendors * Overlooked risks in AI systems, from bias and privacy to shadow AI and automation bias * How compliance frameworks and due diligence can help mitigate reputational damage from AI failures View All Podcasts from this Series [https://www.cbh.com/guide/?s=&guidance-service=risk-advisory-services&guidance-industry=0&guidance-type=podcasts&orderby=relevance&post_type=guide]

Building Trust with AI Compliance Frameworks

In the kickoff episode of the Risk and Cybersecurity podcast’s AI Compliance series, host Lauren Ross welcomes Steve Ursillo, Partner in Cybersecurity at Cherry Bekaert, and Morgan Hague, Senior Manager at Meditology Services, for a deep dive into the frameworks shaping responsible artificial intelligence (AI).  The conversation unpacks how standards like SOC 2, ISO 42001, and the National Insititue of Standards and Technology’s (NIST) AI Risk Management Framework are evolving to address the unique risks and governance challenges of artificial intelligence. They discuss the intersection of AI with privacy regulations like the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), as well as practical strategies for harmonizing multiple frameworks in complex environments.  Whether you’re just starting your AI journey or looking to strengthen your compliance posture, this episode offers foundational insights to help you build trust and resilience in your AI initiatives. Tune in to learn more about: * The role of SOC 2, ISO 42001, and NIST in AI governance and risk management * How ethical principles are operationalized in AI development and deployment * Aligning AI compliance with privacy regulations such as GDPR and HIPAA * The importance of model registries, bias monitoring and continuous oversight * Strategies for harmonizing multiple frameworks and reducing audit fatigue View All Podcasts from this Series [https://www.cbh.com/guide/?s=&guidance-service=risk-advisory-services&guidance-industry=0&guidance-type=podcasts&orderby=relevance&post_type=guide]

Auditing AI: Internal Audit's Expanding Role

In this episode of our Internal Audit podcast series, John Heagy [https://www.linkedin.com/in/john-heagy-cpa-385779102/], Senior Manager, and Scott Peyton [https://www.cbh.com/professional/scott-peyton/], Partner in our Risk Advisory [https://www.cbh.com/services/risk-cybersecurity/risk-advisory-services/] practice, discuss the evolving role of internal audit in artificial intelligence (AI) oversight.  They unpack the differences between traditional and generative AI, explore how internal audit function is leveraging these technologies, and examine the risks that come with AI adoption—while providing risk mitigation and identification strategies. This is the final episode in our four-part internal audit series. Catch up on the first three episodes The Evolving Role of Internal Audit: Unpacking IIA’s Vision 2035 Report [https://www.cbh.com/insights/podcasts/a-guide-to-iias-vision-2035-for-audit-teams/], Top 3 Critical Skills for the IA Profession [https://www.cbh.com/insights/podcasts/top-3-skills-for-internal-audit-profession/] and The Client's Guide to Data Analytics in Internal Audit [https://www.cbh.com/insights/podcasts/guide-to-data-analytics-in-internal-audit/]. Tune in to learn more about: * A breakdown of AI types andhow traditional AI differs from generative AI * How internal audit teams are leveraging AI for tasks like fraud detection, control documentation and data analysis * The risks of AI, including bias, hallucinations, outdated data and ethical concerns * Key elements of a strong AI governance framework, including transparency, accountability and responsible use policies * What to include in an AI audit scope, from understanding training data to evaluating cybersecurity and user behavior Related Insights: * Podcast: https://www.cbh.com/insights/podcasts/a-guide-to-iias-vision-2035-for-audit-teams/ [https://www.cbh.com/insights/podcasts/a-guide-to-iias-vision-2035-for-audit-teams/]  * Article: 2025 Internal Audit Risks and Hot Topics [https://www.cbh.com/insights/articles/2025-iia-standards-key-changes-considerations/]  * Podcast: https://www.cbh.com/insights/podcasts/top-3-skills-for-internal-audit-profession/ [https://www.cbh.com/insights/podcasts/top-3-skills-for-internal-audit-profession/]  * Podcast: The Client's Guide to Data Analytics in Internal Audit [https://www.cbh.com/insights/podcasts/guide-to-data-analytics-in-internal-audit/] View All Podcasts from this Series [https://www.cbh.com/guide/?s=&guidance-service=risk-advisory-services&guidance-industry=0&guidance-type=podcasts&orderby=relevance&post_type=guide]

Guide to Data Analytics in Internal Audit

Explore the transformative impact of data analytics on internal audit processes with Yani Diaz [https://www.cbh.com/professional/yani-diaz/], Director and Ann-Blair Jamison [https://www.linkedin.com/in/ann-blair-jamison-4219aa9b/], Senior Manager from our Risk Advisory [https://www.cbh.com/services/risk-cybersecurity/risk-advisory-services/] practice. Throughout the episode, they discuss the key benefits of using data analytics, such as enhanced risk assessment, improved efficiency and predictive analysis. Additionally, they offer insights into how organizations can effectively implement data analytics solutions. This is the third episode in our four-part internal audit series. Be sure to listen to the first two episodes, The Evolving Role of Internal Audit: Unpacking IIA’s Vision 2035 Report [https://www.cbh.com/insights/podcasts/a-guide-to-iias-vision-2035-for-audit-teams/] and Top 3 Critical Skills for the IA Profession [https://www.cbh.com/insights/podcasts/top-3-skills-for-internal-audit-profession/]. Stay connected for the final episode in this series, where we cover how to audit AI.   Tune in to learn more about: * Data analytics’ role in decision making. * The benefits of using data analytics in internal audit, including enhanced risk assessment, improved efficiency and the ability to perform predictive analysis. * How data analytics can be used effectively in Information Technology General Controls (ITGC) testing to identify potential control weaknesses and ensure compliance with regulatory requirements. * Important considerations when implementing data analytics solutions to understand factors such as data quality and analytics tools.   Related Insights: * Podcast: The Evolving Role of Internal Audit: Unpacking IIA’s Vision 2035 Report [https://www.cbh.com/insights/podcasts/a-guide-to-iias-vision-2035-for-audit-teams/]  * Article: 2025 Internal Audit Risks and Hot Topics [https://www.cbh.com/insights/articles/2025-iia-standards-key-changes-considerations/]  * Podcast: Top 3 Critical Skills for the IA Profession [https://www.cbh.com/insights/podcasts/top-3-skills-for-internal-audit-profession/] View All Podcasts from this Series [https://www.cbh.com/guide/?s=&guidance-service=risk-advisory-services&guidance-industry=0&guidance-type=podcasts&orderby=relevance&post_type=guide]