In summary, it appears that when internal auditors possess detailed technical expertise about information
security, they are able to develop deeper relationships with the information systems security function.When
internal auditors lack such knowledge, their relationship with information systems security staff is less
developed.