Skip to main content

HB587 Alabama 2025 Session

Updated Feb 23, 2026
Notable

Summary

Primary Sponsor
Mike Shaw
Mike ShawRepresentative
Republican
Session
2025 Regular Session
Title
Information Technology Auditors, qualifications for being hired to perform audits on state chartered financial institutions specified
Summary

HB587 would set minimum qualifications and ongoing education requirements for independent IT auditors hired to audit certain state-chartered financial institutions.

What This Bill Does

If passed, it would require IT audits for state-chartered financial institutions to be conducted by independent third-party auditors who meet specified qualifications. It would require auditors to hold certifications such as CISA, CIA, or CISSP, have at least five years of IT or financial-institution experience, and hold a certification recognized by ACUA or the State Banking Department. It would also require ongoing learning and would not apply to internal audits or audits conducted by government agencies.

Who It Affects
  • Independent IT auditors or audit firms hired to perform IT audits for state-chartered financial institutions must meet independence, certification, experience, and continuing education requirements.
  • State-chartered financial institutions and their regulators (including ACUA and the State Banking Department) would need to ensure audits are conducted by qualified, independent IT auditors, with internal or government audits excluded.
Key Provisions
  • Definitions for IT, IT audit, and IT auditor, including a broad definition of information technology and a statement that future technologies are included.
  • Qualification requirements for IT auditors: must be an independent third party, hold professional certification (e.g., CISA, CIA, or CISSP), have at least five years of IT or financial-institution experience, and hold a certification specified by ACUA or the State Banking Department.
  • Auditors must engage in continuous learning through workshops, seminars, and industry conferences focused on current trends, best practices, and emerging risks.
  • The requirements apply to IT audits required by regulators for state-chartered financial institutions and their vendors, but do not apply to internal IT audits or audits conducted by state or federal government agencies.
  • The act becomes effective on October 1, 2025.
AI-generated summary using openai/gpt-5-nano on Feb 22, 2026. May contain errors — refer to the official bill text for accuracy.
Subjects
Businesses & Financial Institutions

Bill Actions

H

Pending House Financial Services

H

Read for the first time and referred to the House Committee on Financial Services

Calendar

Hearing

House Financial Services Hearing

Room 617 at 09:00:00

Bill Text

Download Introduced PDF

Documents

Bill Text (Introduced) HB587 Alabama 2025 Session - Introduced
Fiscal Note Fiscal Note - Introduced

Source: Alabama Legislature