Terry Grafenstine, CIA, CISA, CISSP, CGAP, CGEIT, CPA, CRISC

Terry Grafenstine is the 2025-26 Past Chair of the Global Board of Directors of The IIA and Chief Audit Executive with Pentagon Federal Credit Union (PenFed). She was recognized by The IIA as one of the "Top Ten Audit Thought Leaders of the Decade" and inducted into The IIA’s Hall of Distinguished Audit Practitioners. She has served on both The IIA’s North American and Global Boards of Directors.

Terry has over 25 years of experience in the internal auditing and information technology profession. As CAE at PenFed, Terry is responsible for leading internal audit teams covering all aspects of operations at the second largest federal credit union in the U.S. Prior to joining PenFed in May 2023, Terry was the global chief auditor for Operations & Technology at Citi where she led audits covering technology, cyber, business continuity, enterprise resilience, and third party risk management across the 155 countries in which Citi operated.

Before joining Citi, Terry was a Managing Director in Deloitte's Risk and Financial Advisory practice, where she provided strategic advisory services to Chief Audit Executives across all commercial industries and IT audit, risk, and governance advisory services to first line executives in the defense and national security space. Prior to joining Deloitte, Terry served for eight years as the bi-partisan appointed Inspector General of the U.S. House of Representatives, where she designed, managed, and delivered audit and investigative services, including the annual financial statement audit and a comprehensive cyber assurance program.

Terry has held numerous leadership roles to support the auditing, accounting, and information technology profession, including serving as ISACA's Global Chair (2017- 2018) and a member of the AICPA board of directors (2014 – 2018). Terry speaks globally on a wide range of subjects, including cyber security, internal auditing, accounting standards, resilience, leadership, and risk.

Terry earned a bachelor’s degree in accounting from Saint Joseph's University. She is a Certified Internal Auditor (CIA), Certified Public Accountant (CPA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), and Certified Government Auditing Professional (CGAP).