Last week, we discussed the potential for internal rivalry between the data loss protection (DLP) crowd and the GRC crowd. Of course, traditionally there is even bigger tension between the internal audit employees and the information security folks. Obviously, they take entirely different approaches to the idea of governance, compliance, security and risk. The info security folks set up procedures and controls with security and IT-oriented security in mind.

The internal auditors must validate that the controls actually work and are apt. The rub, as SearchSecurity notes, is that the controls will never be 100 percent satisfactory. There's always going to be some tweaking. So there's no point in seeing the auditors as the bad guys, looking for issues. Some think that auditors have been scaled back a bit, after being elevated in the aftermath of Sarbanes-Oxley. The reality is that the two sides will be most effective working together. Support from auditors, for example, could really help greenlight an IT project. And when it comes to risk management, a new discipline for both sides really, an integrated approach might be useful. 

For more:
- here's the article

Related Articles:
Ten signs your internal audit is in trouble
Big battle: Security managers vs. auditors?
The downside of auditor independence
Where does your internal audit team need help?