We are a $300 million commercial bank with a third party processor. Last year, I convinced senior management that it was to everyone's benefit if we outsourced the data processing audit to a third party precisely for the reasons cited in the second post--cost efficiencies and increase in technical skills required by the development of all the different electronic media delivery channels. I spoke to several bank auditors in the state of Connecticut and to a person none felt they had the technical expertise to continue in-house dp audits. As one person asked me, "Would YOU feel comfortable telling your Board of Directors that adequate internal control systems are in place concerning all areas of data processing--i.e. backroom, INTERNET, bank by telephone, internal network, firewalls, internal/external penetration, routers, configurations, etc.???" I would guess 99% of us out there would say NO WAY!!!!Good luck....