Tim Nackos

Shadow AI—the use of AI-powered tools by company personnel without IT approval—can create SOC 2 audit gaps because it introduces unvetted third-party services into the system, may send confidential data outside governed channels, and bypasses the change management, access control, and vendor oversight processes that auditors examine. This article explains what shadow AI is, how [...]

Having a sound data analytics function within the internal audit department is increasingly critical as the world continues its drive toward digitization. Tools and trends like big data, cloud computing, robotics and automation, machine learning, and artificial intelligence are altering how businesses operate, and internal audits should be no different. The traditional audit approach of [...]

With the frequent personnel changes that many companies are experiencing right now, it’s important to consider how turnover affects companies’ compliance efforts. Almost every company is required to comply with some type of law, rule, regulation, or reporting standard. This blog post will provide some ideas for helping to provide sufficient compliance training as part [...]

Containers, and the concept of containerization, have been continuing to grow. Many organizations are struggling to keep up with the new technology and keep their systems secure. If you and your organization are considering trying to use or moving to containers, many of your current security processes and procedures will no longer work with containerization [...]

A backdoor was recently discovered in a critical open-source utility used by the two major Linux distributions which, had it gone undetected, could have caused immense damage. The people or entity behind the backdoor patiently waited years to create the right circumstances before inserting the vulnerability. Larger questions have been raised about securing software supply [...]

During my time as an auditor, I have had the privilege of working with many clients of all shapes and sizes. As clients prepare for an audit, especially a first-time audit, I often get asked for recommendations on how to help ensure a successful audit outcome. One of the most crucial areas related to security [...]

As companies grow and become subject to increasing regulatory scrutiny, one of the most valuable intangible assets that executives can foster is a culture of compliance. This blog post will describe the importance of a culture of compliance and how to create it. What is a Culture of Compliance? Culture is defined as “the set [...]