Finally, educational institutions are continually addressing changes to their business processes. For example, as educational technologies evolve, institutions must address security issues involved with delivering course content and maintaining confidential student records online. All of these factors make educational institutions a rich setting in which to begin investigating the nature of the relationship between the information security and internal audit functions.