Banks INFOSEC departments have increasing roles in audits. The Information Security departments must have a systematic program for managing risk in their day to day operations as regulatory requirements for business overlap.
Comprehensive risk management programs are being broadened to encompass operational risk in many banking institutions. This is due to the increasing prevalence of legislation such as Gramm-Leach-Bliley (GLBA) and even sections of Sarbanes-Oxley. The convergence of information security and business is finally making it apparent that the two are very much inseparable.