@ISACA Volume 15: 18 July 2012 

 
@ISACA Relevant, Timely News

Learn How One Member Finds Value in the Knowledge Center
Norman Marks Shares His Experiences as a Topic Leader

Norman MarksQuestion How were you introduced to the ISACA Knowledge Center?

Answer After many years of active participation with The Institute of Internal Auditors (The IIA), I decided it was time to return to some of my roots (I had been a member of the Electronic Data Processing Auditors Association [EDPAA]—now ISACA—in my youth). Being a topic leader has been an exciting and interesting way to get involved with ISACA and contribute to the profession.



Question In your opinion, what makes the Knowledge Center a valuable resource for ISACA members?

Answer Networking and sharing ideas is perhaps the most valuable aspect of belonging to a professional organization. The discussions and the suggestions for practitioners are a great source of insights into how we all can do our jobs better.

Question What made you decide to become a topic leader and how did you choose your topic?

Answer I chose the IT governance topic because it is an area that I personally find interesting and challenging. A recent study found that 27 percent of IT projects overrun budgets by 200 percent or more, highlighting the need for continued emphasis in this area.

Question What is one thing you wish all ISACA members knew about the Knowledge Center?

Answer You do not have to be an expert to contribute (by asking a question or joining a discussion) or to obtain value from the Knowledge Center. There are many experienced professionals who are very willing to share their insights and advice.

Question Any words of advice to those who have not yet visited the Knowledge Center?

Answer Just check it out, then sign up for the areas that interest you. Share your questions and also your experiences of what worked so you can obtain value for yourself and contribute value to all of us.

Top


Ask Your Pressing Question at EuroCACS/ISRM
ISACA Introduces Speaker Forums

ISACA is introducing speaker forums at the European Computer Audit, Control and Security (CACS) and Information Security and Risk Management (ISRM) Conference in Munich, Germany, 10-12 September 2012. This new format gives attendees the opportunity to meet with conference speakers at the end of each day to discuss session topics further or to ask additional topical questions.

If you have questions about COBIT 5 and COBIT® 5 for Information Security, EuroCACS/ISRM will be the first event in Europe at which delegates can learn more about COBIT 5 during the numerous COBIT 5-related sessions and have an opportunity to talk face-to-face with experts in the COBIT Lounge. You can further expand your COBIT 5 knowledge by attending the one-day Introduction to COBIT 5 Workshop, prior to or after the conference. This one-day workshop provides an overview of COBIT 5 and will help you understand the differences between COBIT 4.1 and COBIT 5.

Visit the EuroCACS/ISRM page of the ISACA web site for more information and to register.

Top


Techniques for Analyzing Business Processes

Quality control of enterprise processes is a key business issue. ISACA Journal volume 4 authors Filip Caron and Jan Vanthienen, Ph.D., discuss the following three classes of business analysis techniques:

  1. Process discovery and visualization—These techniques provide the analyst with a visual summary of a specific aspect of the business process (e.g., the activity sequences). A typical application is the heuristics miner algorithm, which provides easy-to-understand process graphs.
  2. Conformance checking and delta analysis—The second class of techniques aims at detecting inconsistencies between a prescriptive process model (i.e., a designed process model) and the corresponding real-life process behavior. The major difference between them lies in the comparison base for the real-life process: Conformance checking uses the event log, while delta analysis uses a process model obtained with a process discovery technique. The conformance checker is the most fundamental contribution in this technique subset.
  3. Rule-based checking—The third set of techniques enables the analyst to verify whether a specific business rule is satisfied (e.g., segregation of duties, execution of an approval cycle). The linear temporal logic (LTL) checker with configurable rule patterns can be considered one of the most influential contributions in this subset.

Business process analysis techniques have mainly focused on extracting knowledge on common activity sequences. However, each of the three technique classes consists of a wide spectrum of techniques that together cover the main aspects of a business process (i.e., the process perspectives).

Read Filip Caron and Jan Vanthienen’s full article, “Applications of Business Process Analytics and Mining for Internal Control,” in the current issue of the ISACA Journal, in which you will also find additional coverage of timely and relevant issues affecting the ISACA professional communities.

Top


Volunteering Makes a Difference in Difficult Times
Pokit Pui Kit Lok, CISA, CISSP, CPIM, Shares His Experiences

“After the financial crisis caused by major corporate and accounting scandals, concerns about information systems (IS) have significantly increased,” said Pokit Pui Kit Lok. This situation has been a tough test for the world’s social and financial structures which, one way or another, affect all of us without exception. “Personally, it was time for me to prove how far my IT knowledge could take me, so I pursued the widely recognized Certified Information Systems Auditor (CISA) certification and tried to enhance my career opportunities,” Pokit said about his reaction to this complicated situation.

Realizing the need and also the existence of alternative options to overcome difficulties has inspired Lok to increase his volunteering activities. “I spend most of my free time in community service and it is heartening to see people getting ahead of their problems and starting anew.”

Volunteering has been a good thing and offered endless possibilities in Lok’s life. It has been a valuable way to get to know organizations in his community and find resources and activities of interest. “I have been a volunteer as a subject matter expert (SME) reviewer for ISACA; a member of the Newsletter Committee for the China Hong Kong Chapter; and have enjoyed my tenure as former president of the volunteer group in my current organization, the Hong Kong Productivity Council, which runs the Toy Bank that collects and redistributes toys and donations for kids from underprivileged families,” Lok said about his rewarding activities as a volunteer. He has also made a lot of friends and empowered himself with new skills and knowledge.

Lok also likes that volunteer work can be done in many places and in almost any setting around the world. “This year in my community, I have been an active member of the Junior Chamber International and I serve as a national theme director, meaning I promote the implementation of the United Nations Global Compact (UNGC)—a socially responsible corporate project for businesses introduced by the United Nations.”

As a consultant and ISACA volunteer, Lok has an abundance of tools that help him get work done efficiently and to the benefit of his clients. “Not all situations are similar and as a business automation consultant, I try to help clients reassess how they have been doing things so far and help them take control of the situation.”

Volunteering helps Lok hone his personal skills and makes it easier to connect with others at work and in his community. Lok has found there are infinite ways to do volunteer work. “We need only to be open to our surroundings and carefully observe what goes on around us,” he suggested. Each action can be accomplished alone, but it has a bigger impact if done in combination with other volunteer efforts. For Lok, volunteering is a positive chain that goes around making the world a better place, even during challenging times.

Top


ISACA Congratulates 2011-2012 Award Winners

ISACA congratulates the winners of the 2011-2012 awards, many of which were presented at the World Congress: INSIGHTS 2012 in San Francisco, California, USA, in June.

General Awards

Michael Cangemi Best Book/Article Award
This award was instituted during the 1996-97 year to recognize individuals for major contributions in the field of information systems (IS) audit, control and/or security publishing. This year, the award was presented to Angsuman Dutta and Dan Dopp for their article “A Framework for Estimating ROI of Automated Internal Controls,” ISACA Journal, volume 5, 2011.

Eugene M. Frank Award for Meritorious Performance
This award is named after ISACA’s first president and recognizes individuals for outstanding contributions to ISACA or the IT Governance Institute. This award is for performance that far exceeds the norm and nominations are accepted only from a current board member or past international president. The 2012 award was presented to Lynn C. Lawton, CISA, CRISC, FCA, FBCS, CITP, FIIA.

John Kuyers Best Speaker/Conference Contributor Award
This award was instituted during the 1996-97 year to recognize individuals for major contributions in the development of ISACA global conference(s) and/or outstanding speaking achievements. The 2012 award was presented to Robert Stroud, CGEIT, CRISC.

John Lainhart Common Body of Knowledge Award
This award was instituted during the 1996-97 year to recognize individuals for major contributions to the development and enhancement of the common body of knowledge used by the constituencies of the association in the field of IS audit, security and/or control, IS audit certification and/or IS audit standards. It is not intended to be an annual award, but is presented only when individuals far exceed the norm. This year, ISACA presented the award to Patrick Stachtchenko, CISA, CGEIT, CRISC; John Lainhart IV, CISA, CISM, CGEIT, CRISC; and Derek Oliver, CISA, CISM, CRISC, for their work on COBIT 5.

Harold Weiss Award for Outstanding Achievement
This award was instituted in 1985 to recognize individuals for dedication to the IT governance profession. It is for achievement that far exceeds the norm. The 2012 award was presented to Nalin Wijetilleke, CISA, CGEIT.

Paul Williams Award for Inspirational Leadership
This award is given to an ISACA volunteer to recognize strategic leadership accomplishments on ISACA’s behalf. The recipient will have contributed to ISACA over the course of several years and will have far exceeded the norm in achieving strategic results and/or driving ISACA’s strategy forward. This year, the award was presented to Everett C. Johnson, CPA.

President’s Cup Award
Established in 1992, this award recognizes chapters for participation at ISACA’s World Congress. Points are awarded to each chapter for each member who attends the event. This year’s award was presented to the ISACA Silicon Valley Chapter.

Chapter Awards

K. Wayne Snipes Award
This award was established in 1989 to recognize chapters that demonstrate excellent service to their members and communities. Performance is assessed on several criteria, including membership growth, educational events, member communication, promotion of ISACA certifications, involvement with ISACA and involvement with other professional organizations. Winners are selected in each size category in each region. From those, one chapter in each size category is selected as the worldwide winner.

This year’s worldwide winners are:

  • Best small chapter worldwide—Estonia
  • Best medium chapter worldwide—Israel
  • Best large chapter worldwide—Lima (Peru)
  • Best very large chapter worldwide—Denver (Colorado, USA)

This year’s regional winners are:

Asia:
  • Best small chapter—Vijayawada (India)
  • Best medium chapter—Muscat (Oman)
  • Best large chapter—Manila (Philippines)
  • Best very large chapter—Singapore
Central/South America:
  • Best medium chapter—Buenos Aires (Argentina)
  • Best large chapter—Lima (Peru)
Oceania:
  • Best medium chapter—Canberra (Australia)
  • Best very large chapter—Sydney (New South Wales, Australia)
Europe/Africa:
  • Best small chapter—Estonia
  • Best medium chapter—Israel
  • Best large chapter—Budapest (Hungary)
  • Best very large chapter—Switzerland
North America:
  • Best small chapter—Illowa (USA)
  • Best medium chapter—Quebec City (Quebec, Canada)
  • Best large chapter—South Florida (USA)
  • Best very large chapter—Denver (Colorado, USA)

Membership Growth Awards
The award for the highest percentage of growth is presented to four different chapters based on size. The chapters that earned the award for the highest percentage growth are as follows:

  • Small—Macao (51 percent)
  • Medium—Accra (Ghana) (36 percent)
  • Large—Lima (Peru) (19 percent) and Manila (Philippines) (19 percent)
  • Very large—Bangalore (India) (17 percent)

Membership Retention Awards
The award for the highest percentage of retention is presented to four different chapters based on size. The chapters that earned the award for the highest percentage of retention are:

  • Small—Estonia (91.89 percent)
  • Medium—Iowa (USA) (89.44 percent)
  • Large—Denmark (93.80 percent)
  • Very large—Switzerland (87.30 percent)

Chapter Newsletter Awards
This award recognizes chapters for their newsletter, a key form of communication for a chapter. One award per chapter size category is awarded annually. This year, the awards were presented to:

  • Small—Jeddah (Saudi Arabia)
  • Medium—Trinidad & Tobago
  • Large—Athens (Greece)
  • Very large—China Hong Kong

Certification Awards

Thomas H. Fitzgerald Award
This award is given in recognition for achieving the highest worldwide score on the June and December 2011 Certified Information Systems Auditor (CISA) examinations. The 2011 winners are:

  • June—Jesus Alberto Salinas Di Giacomo, CISA, CISM, CRISC
  • December—Sean Malone, David Benjamin Morrison, Ross Cameron Peachy, CISA; and Nanyi Gong (tie)

CISA Worldwide Achievement Award
This award is given in recognition for achieving the second highest worldwide score on the June and December 2011 Certified Information Systems Auditor (CISA) examinations. The 2011 winners are:

  • June—How Cher Hung, CRISC; Nicholas Paul Fosh, CISA; and Wojciech Grabos, CISA (tie)

CISM Worldwide Excellence Award
This award is given in recognition for achieving the highest worldwide score on the June and December 2011 Certified Information Security Manager (CISM) examinations. The 2011 winners are:

  • June—Dmitry Zenkov, CISA, CISM, CRISC, and Debora Gondek (tie)
  • December—Zbynek Kubis, CISA, CISM

CISM Worldwide Achievement Award
This award is given in recognition for achieving the second highest worldwide score on the June and December 2011 CISM examinations. The 2011 winners are:

  • December—Henk Marsman, CISA, CISM, and Juan Carlos Diaz, CISA, CISM (tie)

CGEIT Worldwide Excellence Award
This award is given in recognition for achieving the highest worldwide score on the June and December 2011 Certified in the Governance of Enterprise IT (CGEIT) examinations. The 2011 winners are:

  • June—Binto Kurien, CGEIT
  • December—Andrea Capardi

CGEIT Worldwide Achievement Award
This award is given in recognition for achieving the second highest worldwide score on the June and December 2011 CGEIT examinations. The 2011 winners are:

  • June—Matthew Howard Jeavons, CGEIT, CRISC
  • December—Cecilia Colasanti, CGEIT

CRISC Worldwide Excellence Award
This award is given in recognition for achieving the highest worldwide score on the June and December 2011 Certified in Risk and Information Systems Control (CRISC) examinations. The 2011 winners are:

  • June—Ilker Tutu, CISA, CGEIT, CRISC
  • December—Diego Mueller; Tim Sattler, CISA, CISM, CRISC; and Gotthard Saghi-Szabo, CISA, CISM, CGEIT, CRISC (tie)

CRISC Worldwide Achievement Award
This award is given in recognition for achieving the second highest worldwide score on the June and December 2011 CRISC examinations. The 2011 winner is:

  • June—Michael Kuckein, CISA, CRISC

CISA Geographic Excellence Award
This award is given in recognition for achieving the highest score in the geographic area on the June and December 2011 CISA examinations. The 2011 winners are:

June
  • Area 2—Sandra Alicia Flores, CISA
  • Area 5—Manuel Jose Rebello De Andrade
December
  • Area 1—Wong Kwai Chaw, CISA; and Jianhao Ge, CISA (tie)
  • Area 2—Guillermo Federico Mejia, CISA; Miguel Perez Montero, CISA; and Juan Carlos Vargas, CISA (tie)
  • Area 3—Richard Proudlove

CISA Geographic Achievement Award
This award is given in recognition for achieving the second highest score in the geographic area on the June and December 2011 CISA examinations. The 2011 winners are:

June

  • Area 1—Syed Adnan Shahab, CISA; Yee Wai Chan; and Wisnu Putro Prabowo (tie)
  • Area 2—César Tantaleán Valdiviezo, CISA, CISM, CRISC; Pablo Adrian Carretino, CISA; and Fernando Moreno, CISA (tie)
  • Area 4—Jessica Taylor, CISA
  • Area 5—Minali Gamage, CISA
December
  • Area 3—Alexander Haeussler

CISM Geographic Excellence Award
This award is given in recognition for achieving the highest score in the geographic area on the June and December 2011 CISM examinations. The 2011 winners are:

June

  • Area 1—Muhammad Sohail Memon
  • Area 2—Marcelo Aguilar, CISM
  • Area 5—Bob Smart, CISA, CISM, CRISC, and Richard J. Harris, CISA, CISM (tie)
December
  • Area 1—Doris Cheng Man Wai, CISM, and Chun Wai Tang, CISA, CISM (tie)
  • Area 2—Marcel Gerardino de Castro, CISA, CISM
  • Area 3—Ilene Klein
  • Area 5—Bruce Hore, CISM; Drew Cameron Marshall, CISM; and Mark Mai, CISM (tie)

CISM Geographic Achievement Award
This award is given in recognition for achieving the second highest score in the geographic area on the June and December 2011 CISM examinations. The 2011 winners are:

June

  • Area 1—Ajit Unni, CISA
  • Area 2—Elena Maria Signoris, CISM, CRISC
  • Area 3—Chris Van Der Straeten, CISM, CRISC
  • Area 4—Patrick Michael Wadsword, CISM, CRISC
December
  • Area 2—Javier E. Rios
  • Area 4—Mark Baldwin, CISM; William Hille, CISA, CISM; Jeffrey Keith McWilliams, CISM; and Gabriel Hebert (tie)

CGEIT Geographic Excellence Award
This award is given in recognition for achieving the highest score in the geographic area on the June and December 2011 CGEIT examinations. The 2011 winners are:

June

  • Area 2—Glen Urbina Ramirez, CISA,CGEIT, CRISC
  • Area 4—David F. Severski, CISA, CGEIT, CISM
  • Area 5—Peter Goodchild
December
  • Area 1—Muhammad Riyaz Ahsan
  • Area 2—Fabio Hildebrand, CISA
  • Area 4—John Bair, CGEIT
  • Area 5—Mqhele Nzama, CISA, CISM

CGEIT Geographic Achievement Award
This award is given in recognition for achieving the second highest score in the geographic area on the June and December 2011 CGEIT examinations. The 2011 winners are:

June
  • Area 1—Koladi Ukkuru Varghese, CISM
  • Area 2—Alejandro Botero Giron
  • Area 3—Kevin Jacques Day, CISA, CRISC; Tim Kipps, CGEIT, CISM, CRISC; and Martin Koukal, CISA, CGEIT (tie)
  • Area 4—Angelo G. Poulikakos, CISA, CGEIT
  • Area 5— Rob McQuillan; Claude Day Mandy, CISA, CISM; Francisco Canas; and Stephanie Q. Tran, CISA,CGEIT, CRISC (tie)
December
  • Area 1— Gregory Zoughbi, CGEIT
  • Area 2—John Alexander Alba Gonzalez, CGEIT
  • Area 4—George W. Archibald and Klaus P. Steinbrecher, CISA, CISM, CGEIT, CRISC (tie)
  • Area 5—David Kruger, CGEIT

CRISC Geographic Excellence Award
This award is given in recognition for achieving the highest score in the geographic area on the June and December 2011 CRISC examinations. The 2011 winners are:

June
  • Area 1—Thambi Mathai Puthukkunnathu
  • Area 2—Juan Carlos Morales, CISA, CISM,CGEIT, CRISC
  • Area 4—Jonathan Alumbaugh, CRISC
  • Area 5—Thomas J. Zimmerman
December
  • Area 1—Rizza Gelacio Roxas, CISA
  • Area 2—Roberto Woo Borrego, CISA, CISM
  • Area 5—Lai Fan Tse, CISA, CRISC

CRISC Geographic Achievement Award
This award is given in recognition for achieving the second highest score in the geographic area on the June and December 2011 CRISC examinations. The 2011 winners are:

June

  • Area 1—Charitha Sri Damith Pathirage
  • Area 2—Jose Aguilar, CISA, CISM
  • Area 4—Radostina Koleva, CRISC
  • Area 5—Grant Stafford, CISA, CRISC
December
  • Area 1—Muhammad Asif, CISA
  • Area 2—Daniel Majares Valles, CISA, CISM
  • Area 4—Aimee Leigh Martin, CISA, CRISC
  • Area 5—Andrew Fooks, CISA

Top

Read More Articles in Our Archives