Audit Reporting Structure

Does anyone work for an institution where Audit reports directly to the Chief Risk Officer? If so, would you mind sharing how that is laid out and if the NCUA questions independence?