“I believe the majority of IT Security staff sees us as collaborators, although that was not always the case.
In the past they probably considered IT Auditing as a nuisance, and based on the skill sets they
encountered that would be understandable. In the past, if Internal Audit found an issue the department
[being audited] might experience the recommendation as an unfunded mandate. Now, internal audit
takes stock of the issue and tries to collaborate system-wide to leverage existing resources. For example:
going to the President's office to get a threat and vulnerability scanning application purchased for all of
the campuses; or asking the President's office to develop a centralized scanning operation so that each
campus doesn't have to create redundant operations. — IT Auditor at Institution A