One of the standard clichés in the industry is that information security managers are at constant loggerheads with internal auditors. Security staff often view auditors as having a less than complete understanding of their roles and are often called upon to ensure controls are satisfied, whether the controls pass the common sense test or not.

This may be a bit of an oversimplification. Still, SearchSecurity.com notes, "Whether tossed together contentiously or coexisting amicably, audit and security better get used to the sight of each other, especially in the current economic downturn that could bring more regulation and more demands for IT risk to be documented and presented." There need not be a clash. As more controls become necessary--and you can bet on it--perhaps it's time for some executives to lay out clearly how common goals can be met.

For more:
- here's the article

Related Articles:
Internal audit news from FierceSarbox
Information security news from FierceSarbox