Hello! I'm wondering if you all could share some information about your credits unions' approach to completing audits of information technology and information security. We are in the process of evaluating our current structure and we are hoping to get some comparative information. Please respond with the following information about your CU, audit department, and IT/IS audits:
1. Asset size
2. Internal Audit FTE's
3. Dedicated IT/IS auditor? FTE's?
4. Does that person(s) report directly to the CAE or equivalent? If not, where?
5. What are the IT/IS auditors general responsibilities? Do they also perform general internal audits?
6. Do you outsource any IT/IS audits? Which ones?
7. Any vendor recommendations?
8. What are the most significant/high risk IT/IS audits you do (internally or outsourced?)?
9. Do you include IT/IS audits on your general Internal Audit Plan?
Thank you!!!!
Jessica Dailey, CPA
Internal Audit
Corning Credit Union
