At Trustero, we pride ourselves on creating space for thoughtful dialogue about the future of governance, risk, and compliance. Recently, I had the pleasure of sitting down with Paolo Marquez, our newest team member, bringing a wealth of experience in Internal Audit, compliance, and enterprise risk. Paolo joined Michael Eggerling and me for a candid conversation about how Internal Audit is evolving — and how AI might be the catalyst for its next big leap forward.
Reframing Internal Audit: From Policing to Partnering
We started by grounding us in the fundamentals. Internal Audit, Paolo reminded us, is not a monolith — it’s a practice with multiple dimensions The scope of a typical IA function includes:
- Pre-External Audits, designed to anticipate and address findings before third-party assessors ever walk through the door.
- Operational Audits, which take a broad view across functions like HR, Finance, or Procurement to identify efficiency, risk and process gaps.
- Continuous Monitoring, a key mechanism for ensuring that past audit findings are actually being addressed and resolved over time.
But what stood out wasn’t the taxonomy — it was the philosophy. Paolo’s perspective is one I deeply share: internal audit should be a business partner, not a blocker. It should be part of the solution, embedded in the rhythm of the business, helping teams get better—not just get by.
Making It Work: Relationship-Building in Audit
One of the more persistent challenges in our field is engagement. Audit isn’t always top of mind for functional leaders, and understandably so — it’s rarely part of their day job. If you recall I raised this during our last blogpost, and Paolo was quick to point out that successful audits often hinge on early alignment and trust-building. His approach is pragmatic and human: make sure stakeholders understand the why, not just the what.
At the same time, AI faces similar challenges to GRC: increased speed of the business, new regulations and expansions. Continue to scale linearly with the business is simply not an option.
AI in Audit: Efficiency Without Compromise
The conversation naturally turned to technology — and particularly, to AI. If you’ve ever participated in or led an audit, you know how labor-intensive the process can be. But the potential for AI to enhance, streamline, and even reimagine parts of the audit lifecycle is real — and growing.
Paolo highlighted three areas where he’s already seen AI making an impact:
- Pre-Read and Walkthrough Prep: AI can auto-generate materials and summaries based on existing controls, policies, and evidence — freeing up time for more strategic engagement. This is well suited for AI - a large amount of data that needs to be analyzed for consistency.
- Crown Jewel Identification: Using AI to surface high-value assets or high-risk gaps, especially in complex environments where traditional approaches fall short. Again, the ability of AI to process a lot of information quickly makes it a perfect fit.
- Automated Follow-Up: With clear escalation paths and pre-defined rules, AI can triage and resolve lower-risk issues automatically — reducing the burden on teams and accelerating response cycles. This could be easily achieved with AI agents with pre-described workflows.
What’s important here is not the novelty of the tools, but the outcomes they enable. Better insights. Faster feedback. Higher-value interactions between audit and the rest of the business.
Blurring the Lines Between GRC and Audit — For Good Reason
One of the most thoughtful parts of our discussion was Paolo’s take on the evolving relationship between internal audit and GRC. Historically, these have been siloed efforts. But in a modern, AI-powered environment, shared tooling and shared data aren’t just efficient — they’re essential.
He made an important point: independence isn’t compromised by shared infrastructure. It’s preserved through integrity in analysis and reporting. I couldn’t agree more. When GRC and audit teams work from the same evidence base, they reduce friction, increase transparency, and ultimately serve the business better.
The Takeaway: A New Era for Internal Audit
The world of audit is changing. The days of annual, retrospective reviews as the primary line of defense are behind us. What’s ahead is faster, smarter, and more integrated — and AI will be a central part of that shift.
What resonated most with me was Paolo’s closing message: “Work with your GRC and IA teams. We’re your business partners—not people out to get your jobs.”
That ethos — collaborative, forward-looking, grounded in trust — is exactly what we strive for at Trustero. And with people like Paolo leading the way, I’m more optimistic than ever about what’s next.