We've actually been very fortunate to hire a very competent IT internal auditor. Intimately familiar with
ITGC [IT General Controls] … came from outside, had done IT auditing in a commercial market space,
and brought a lot of resources to bear. That's been really positive. — CISO, Institution A.
“And he's [the internal auditor] very technical so that's a big advantage. A lot of auditors that I have
worked with in the past aren't as technical. They know textbook theory ….When [name of internal
auditor] goes on vacation, I sure am glad to have him back… A lot of the things that I take for granted
that [name of internal auditor] knows, the technical side, not all auditors are created equally.” —
Information Security Manager, Institution C.