The Bottom Line.
Your roadmap for weekly insights into audit, risk, and compliance. Whether it’s a shift in global regulatory standards, emerging risk trends, or the latest internal audit best practices, we get you to the "so what" in a flash. Stay informed and ahead of the curve in three minutes or less.
Recent Episodes
5/12/2026 ● 1 min 33 sec
Nontraditional Majors in Audit
Looking for a career with a front row seat to how organizations really work? Join Allyson Edwards as she breaks down why internal audit needs diverse thinkers and how your nontraditional degree could be your greatest asset. Discover why your perspective is exactly what the profession needs right now. Read the full breakdown on finding your fit in audit on our blog.
Read Full Transcript
Hi, I’m Allyson Edwards, and this is The Bottom Line.
If you haven’t thought about a career in internal audit, you’re not alone. Years ago, when I first got started as a political science major, I thought Internal Audit was the realm of accounting and business majors. But now, several years later? I’ve never looked back.
Internal audit gives you a front-row seat to how organizations really work. It’s easily one of the best first jobs out there because you get to learn about every single part of the business—from operations to finance to the C-suite.
And here is the thing: the field is changing. It needs people who think differently. So, if you’re a recent grad or early in your career, this is for you. Your major isn't just a degree—it’s a massive advantage.
Take my background, for instance. As a political science major, I was trained to understand systems, incentives, and governance. I can use that to look at how one small decision can ripple through an entire organization.
Or look at English and Communications majors—they are the ones who can take complex, messy data and turn those findings into clear, impactful stories that leadership can actually understand and use.
Whether you studied Psychology, History, or Philosophy, if you come from a "non-traditional" major, your perspective is exactly what this profession needs right now to stay ahead of risk.
Ready to see where your background fits? Read the full breakdown in our post on how your major could make you a great auditor.
Thank you for listening to the Bottom Line, and have a great day.
5/6/2026 ● 1 min 31 sec
The GRC Tool Reality Check
Is your GRC platform a strategic asset or just expensive "shelfware"? Join Allyson Edwards for a brief overview of why 50% of implementations fail and how to fix your internal processes and data integrity to ensure your technology investment delivers value on day one. Read the full breakdown on how to choose the right GRC tool on our blog.
Read Full Transcript
Hi, I’m Allyson Edwards from AdviseUp Consulting, and this is The Bottom Line.
Did you know that roughly 50% of GRC software implementations fail to meet their original objectives within the first two years? Here’s why: most organizations buy the "Ferrari" of tools when they are still learning how to drive.
We’re seeing a shift where GRC tools are becoming expensive "shelfware" that creates more technical chores than strategic value. Think of a GRC tool like a high-end GPS. It’s a powerful guide, but it’s useless; if you haven’t mapped out your destination or if your internal processes are still under construction. You don't need a tool to tell you that you're lost; you need it to help you move faster once you know where you’re going.
To ensure your investment delivers value on day one, follow this pre-implementation checklist:
First, fix the process before the automation. A broken process in the cloud is just an expensive rescue mission waiting to happen.
Second, clean the data before the import. You need transparent numbers for board-ready reporting.
And finally, prioritize the risks before the rollout. Start with your top five critical risks. Solve those first and then scale.
A GRC tool is a megaphone for your existing culture. Focus on improving the business from the inside out by fixing the process before you buy the platform. You can find the full breakdown about GRC Tool Selection on our website.
4/27/2026 ● 1 min 50 sec
Payer Lessons from Georgia's $25M Parity Penalty
Is your mental health parity strategy a real-world shield or just a paper policy? Join Allyson Edwards for a brief overview of the fallout from Georgia’s $25M Parity Penalty and how to validate NQTLs to ensure your organization survives the new era of intense regulatory scrutiny.
Read Full Transcript
Hi, I'm Allyson Edwards from AdviseUp Consulting, and welcome to The Bottom Line.
There’s been a major shift in healthcare regulation that every payer needs to have on their radar. On January 13th, Georgia’s Insurance Commissioner issued nearly $25 million in fines against health insurers for violations of the Mental Health Parity Act. If you’ve been treating parity as a compliance checkbox, this is your wake-up call.
That era is over. Parity is no longer a paperwork exercise. We are seeing a hard shift from simple policy reviews toward deep, operational audits.
Look at Georgia. They went beyond the written word and analyzed millions of data points—from claims processing to medical necessity standards—to see how benefits were actually being applied.
What they found was a systemic gap. Even with identical policies on paper, mental health benefits were being applied far more restrictively than medical or surgical care.
For payers, this means your risk environment has fundamentally changed. There are three pressure points you need to address immediately:
The first is data preparedness. You must have the analytics to prove comparative parity in real-time.
The second is NQTL documentation. Non-quantitative treatment limitations are the new focus. Your clinical logic must be documented and it must be evidence-based.
Finally, there’s governance. Parity has to move from a legal requirement to a core enterprise risk managed at the leadership level.
Georgia isn't an outlier; it’s a blueprint. This is the moment for a 90-day action plan to assess your risk and validate your practices before the next audit cycle begins.
You can find a full breakdown of Georgia’s $25 Million Parity Penalty on our website.
4/16/2026 ● 1min 48 sec
Understanding Internal Audit Outsourcing vs. Co-sourcing
Is your internal audit function just a list of "extra hands," or is it a strategic investment? Join Allyson Edwards as she breaks down the critical differences between internal audit outsourcing and co-sourcing. Learn how to choose the model that best protects your organization while building a robust structure that stands up to modern compliance scrutiny.
Read Full Transcript
Hi, I'm Allyson Edwards from AdviseUp Consulting, and welcome to The Bottom Line.
Did you know that roughly 60% of internal audit functions are now leveraging outside help due to recruiting challenges?
Building an internal audit team from scratch is expensive and difficult to accomplish, which means more and more companies are looking to external support to help. So, when you look externally, which model is right for your organization: Outsourcing, or Co-sourcing?
Let’s break it down.
Outsourcing is a fantastic "starter kit" for smaller companies or organizations just beginning their Internal Audit journey. You outsource the administration to an external provider and gain immediate access to specialized tech skills. The downside? It can be the most expensive option, and external teams sometimes face resistance from your internal staff.
Co-sourcing, on the other hand, blends your existing internal resources with a third-party provider. It offers incredible flexibility and scalability. It allows you to augment your team with niche technical expertise exactly when you need it, providing fresh, independent insights directly to your audit committee.
When you are ready to select a partner, you have choices. Large, Big 4 firms have strong reputations, but they can be pricey, have high turnover, and often staff your project with junior associates.
Smaller, specialized firms offer a great alternative. They are agile, provide direct partnership with senior staff, and make you a true priority without the huge margins.
Whichever route you choose, the golden rule is this: Look for experienced internal auditors, not external ones.The internal audit mindset is what will help you improve your business from the inside out.
4/7/2026 ● 1min 26 sec
The "Unified Front" Board Report
Are you giving your Board three different stories or one unified map? Join Dorina Hamzo, Founder and CEO of AdviseUp, as she explains how to align Audit, Security, and Compliance into a "strategic shield" that moves beyond activity reporting to provide a clear picture of organizational safety.
Read Full Transcript
Hi, my name is Dorina Hamzo, and I'm the Founder and CEO of AdviseUp Consulting.
If your Audit, Security, and Compliance plans look like three different storybooks, your Audit Committee is likely overwhelmed and under-informed. They want a single, unified map showing how 'High Risk' vulnerabilities are being addressed.
Here is how to structure that alignment.
Step 1: Start with the 3 to 5 risks threatening your goals. So, if the goal is 'Rapid AI Integration,' the risk isn't just 'privacy'—it’s the risk of unvetted models.
Step 2: Show how the three lines of defense are addressing that specific risk. For example, Security is hardening the environment; Compliance is drafting the Acceptable Use Policy; and Audit is testing the execution of both. When these three move together, you aren't just reporting activity—you're reporting coordinated protection."
This alignment is not just an exercise to please the Audit Committee.It is about becoming a 'strategic shield" for the company.
3/31/2026 ● 1min 9 sec
Standardizing Risk Rating Language
When Audit and Enterprise Risk teams use the same labels to mean different things, it stalls decision-making. Join Andrea St. Pierre, VP of Service Delivery, as she breaks down how to align your rating systems by defining their true purpose—moving your team away from debating severity and toward taking action.
Read Full Transcript
Andrea St. Pierre, VP of Service Delivery:
How do you fix misaligned risk ratings?
It starts with being clear about why each rating exists in the first place.
Audit ratings are meant to drive remediation.
Enterprise risk ratings are to inform strategy.
They serve very different purposes, and they should not be used interchangeably.
Next, get specific about what “high” actually means in each case.
Not just the label, but the impact, the urgency, and the kind of decision it is meant to prompt.
Then make sure those definitions are shared and used consistently across teams.
When everyone understands what a rating is supposed to signal, leaders spend less time debating severity and more time deciding what to do next.
Alignment is not about adding to your process.
It is about using the same language so risk conversations move faster and lead somewhere.
