“I think the partnership kind of helps with that escalation [of information security procedures], because
internal audit, we report directly to the CEO and so particularly I'll use the example of data privacy and
conducting the data privacy audit. [The information security manager] and I partner together quite
heavily… There were several issues that came out of that. That I was able to sit down with [the internal
audit director] and brief him on the risks that we were facing as a company, and he was able take that to
his one on one with [the chief executive officer], and then in very short order, policies were changed,
adjustments were made, because she was informed that hey there is a risk here that we didn't know
about before, here's what we recommend…we can be an avenue to escalate appropriately while still
maintaining independence and obviously trying not to get into any of the politics among different people
competing agendas. Again, it does that provide in that partnership an avenue to get attention to
something that could potentially be very serious. — Internal Auditor, Institution C.