ISACA Continues to Grow and Achieve in Challenging Times
Emil D’Angelo, CISA, CISM, 2009-2010 ISACA International President

• ISACA published a significant amount of valuable guidance, including Risk IT:  Based on COBIT®; Val IT™ Mapping: Mapping of Val IT™ 2.0 to MSP, PRINCE2 and ITIL V3; and Implementing and Continually Improving IT Governance.
• ISACA also conducted several studies, such as An Executive View of IT Governance and Building the Business Case for COBIT® and Val IT™: Executive Briefing.
• To fill the need for a comprehensive model to guide information security professionals, the association released an introduction to the Business Model for Information Security (BMIS), which is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. The full model will be released this year.
• 2009 marked the certification of the 70,000^th Certified Information Systems Auditor™ (CISA^®), as well as the 10,000^th Certified Information Security Manager^® (CISM^®) and the 4,000^th Certified in the Governance of Enterprise IT^® (CGEIT^®).
• The ISACA® Model Curriculum for Information Security Management was developed, as were 10 key IT audit/assurance programs.
• Always a leader in international education, ISACA held successful Computer Audit, Control and Security (CACS^SM) conferences, ISACA^® Training Week events, e-symposia and other events around the world, including the first ISACA virtual conference.
• ISACA joined the Cloud Security Alliance and issued a white paper, Cloud Computing: Business Benefits With Security, Governance and Assurance Perspectives.
• The association welcomed new chapters from Istanbul, Turkey; Kyiv, Ukraine; and Accra, Ghana. In addition, the Hong Kong Chapter expanded to include 1,700 members from mainland China, bringing its total membership to 3,500.

It is clear from these achievements that ISACA has grown tremendously over the years. The members of the board of directors and other ISACA leaders have long recognized the need to be prepared for the evolving requirements of the association’s constituent base. After much research, member input and professional counsel, ISACA introduced a new strategy in 2009 that is focused on delivering best-in-class services that will help reinforce its position as a leading organization.

This strategy review led ISACA leaders into a review of the association’s key messages, resulting in the following statement that clearly describes ISACA’s strengths and core focus. Please feel free to refer to this paragraph when discussing or describing ISACA to others:

As an independent, nonprofit, global membership association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. ISACA helps its members achieve individual and organizational success, resulting in greater trust in, and value from, information systems. Its members and certification holders are qualified and skilled professionals who make a difference.

To help further communicate ISACA’s ability to grow, adapt and deliver, it debuted a new tagline on 1 January 2010. The tagline, “Trust in, and value from, information systems,” reflects ISACA’s strong commitment to its core membership, while also welcoming change, new technologies and a broader scope of professional needs. In keeping with the new strategy, the tagline is also outcome-oriented. Trusted, valuable information systems are the result of what ISACA members do to ensure that their enterprise IT is appropriately governed, secured and assessed.

Volunteer Now to Help ISACA Grow

If you have been considering working on an ISACA task force, subcommittee, committee or board, or if you are interested in helping ISACA achieve the strategic initiatives that have been initiated over the past six months, now is the time to volunteer for the 2010-2011 term.

Whether you are an industry veteran or a novice in the field of IT audit, security and governance, volunteering with ISACA will provide you with a unique opportunity to expand your network of organization leaders and lend your input to developing educational programs, research papers and professional standards.

To become an ISACA volunteer, complete the application form included with volume 6, 2009, of theISACA Journal. Click here to download a form. The deadline for applying is 25 February 2010.

Five Tips to Take IT Governance to the Next Level

As enterprises work to mature the five focus areas of IT governance, they sometimes run into challenges. For the new year, try these tips to “get real” and take each area to the next level:

1. Strategic alignment–Align to the real business environment faced by your sales team and customers, not just to internal service requests.
2. Value management–Focus on how IT creates tangible value to real people in the real world, not just projects or operations.
3. Risk management–Balance risk and return to improve real decisions. Risk is not just security or even just “bad things.” Taking risk is the path to earning return.
4. Resource management–Optimize resources in the context of real business process, not just technology silos.
5. Performance management–Create metrics based on strategy alignment in the real portfolio of business-IT activities.

Remember that IT governance requires continual capability improvement. Usually, it is what you do not know or are not watching that causes problems. Honestly evaluate your gaps and get the skills you need to close them. Have a great year!

For more information, see ISACA’s Board Briefing on IT Governance, 2nd Edition and Implementing and Continually Improving IT Governance.

Brian Barnier, CGEIT, is a principal at ValueBridge Advisors. He helps leaders improve business-IT cost structure management, shorten improvement cycle time and shape more insightful business performance metrics.