Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing link between fast-moving engineering teams and slow, annual audit cycles — and how organizations can stop treating audits as an afterthought and start using them as a trust-building mechanism.
Key Takeaways:
- Audits are designed to provide reasonable assurance, not eliminate all risk
- The biggest failure in modern GRC is building controls that are automated but not auditable
- Continuous controls monitoring only works if auditors can validate completeness and accuracy
- Screenshots persist because they remain the clearest way to demonstrate system state over time
- Security controls should be built to improve posture first — and explained clearly second
What You’ll Learn:
- Why audit skepticism is a feature, not a flaw
- How internal and external audits serve fundamentally different purposes
- Where continuous monitoring breaks down from an auditor’s perspective
- What “auditable controls” actually mean in CI/CD environments
- How AI can assist auditors without replacing human judgment
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Varun Prasad | Cloud Security & Privacy Assurance | BDO
Connect on LinkedIn: https://www.linkedin.com/in/varunprasad/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683
Apple Podcasts:
https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450
Popular Podcasts
Hey Jonas!
Hey Jonas! The official Jonas Brothers podcast. Hosted by Kevin, Joe, and Nick Jonas. It’s the Jonas Brothers you know... musicians, actors, and well, yes, brothers. Now, they’re sharing another side of themselves in the playful, intimate, and irreverent way only they can. Spend time with the Jonas Brothers here and stay a little bit longer for deep conversations like never before.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.