Like most successful financial services organizations, the bank recognizes that risk management and information security are a vital part of its growth and of its very existence. Where the bank showed great insight was in realizing that while compliance initiatives may keep auditors at bay, true confidence in one’s information security measures requires a risk based approach that provides answers to questions that auditors will be asking tomorrow, and not just the ones they are asking today. The task of building and delivering this confidence fell to the Technology Risk Management (TRM) team.