@ISACA Volume 5: 2 March 2011 

@ISACA Relevant, Timely News

Honoring ISACA Members—2011 Award Nominations Now Being Accepted

Nominations for two of ISACA’s annual awards—the Harold Weiss and John Lainhart awards—are now being accepted by International President Emil D’Angelo.

The Harold Weiss Award was initiated by ISACA® in 1985 to honor individuals for outstanding achievement in the field of audit, audit education and/or audit research. November 1996 saw the creation of the John Lainhart Common Body of Knowledge Award by then-ISACA president Akira Matsuo to recognize contributions to the development and enhancement of the common body of knowledge used by professionals in the field of IS audit, security and control, certification, or standards.

ISACA members are asked to nominate qualified and deserving candidates for each of these awards by sending a nomination in letter form to mmcgee@isaca.org (fax:  +1.847.253.1443 to the attention of Mikel McGee). Nominations must include:

  • Name of the nominee
  • Description of accomplishments relating to the award
  • Professional affiliations
  • Other honors and awards achieved
  • Publications or articles published
  • References
  • Name and contact information for the nominator

The deadline for submissions is 25 March 2011.


Key Questions to Help Save Time and Money With Risk Management
By Brian Barnier, CGEIT

In my welcome speech at ISACA’s IT Governance, Risk and Compliance conference, I encouraged participants to apply what they learned to improve business objectives. I also suggested that they adopt my personal objective of achieving six months of work in six weeks. While not everyone will attain this in his/her first project, it can be done with practice. Now, five months after we gathered in Boston, it is time to evaluate personal progress. Ask yourself these questions:

  • Do I begin with business performance objectives and then identify IT-related risks to those business objectives?
  • Do I save time and cost by actively managing risk in all three layers of Risk IT:  Based on COBIT®—investment/portfolio, program/project management and service delivery?
  • Is robust and realistic scenario analysis the central technique in my risk management approach?
  • Are my scenario analysis workshops fun, efficient and engaging?
  • Do I use risk identification in each Risk IT layer to more quickly and easily identify and define problems/risks for improvement?
  • Do I use risk techniques to find root cause faster?
  • Do I embrace root cause and teaming across my enterprise to design more cost-effective solutions more quickly?
  • Do I actively refine controls to make them simpler and focused on root cause to save time and cost in design, implementation, use and monitoring?
  • Do I business cases for all initiatives include a detailed and specific description of risks in design, implementation and operations AND steps to proactively manage them?
  • Is my enterprise actively building skills in risk management?
  • Do executives across my organization seek out my risk management insights to improve performance (not just comply)?

How is your progress? Whether you were at the conference or not, please send me (brian@valuebridgeadvisors.com) a note about your success in improving business performance in your organization by improving IT-related business risk management. In addition, if you are willing to share, please feel free to post to the Risk Management Community on the ISACA web site (or give me permission to post your comment there).

Brian Barnier, CGEIT, is a principal at ValueBridge Advisors. He teaches, speaks and researches widely. For information on Risk IT, visit The ISACA Risk IT Framework presentation by Barnier on the Mash Risk Television web site. Barnier can be reached at brian@valuebridgeadvisors.com.


Young Professionals Community Is a Lively, Interactive Resource

If you are (or know) a young professional who is an ISACA® member, consider joining the Young Professionals Community on the ISACA web site. Located within the Knowledge Center, the Young Professionals Community is an area where ISACA members can start and/or contribute to ongoing discussions, write a blog, start a wiki, or post documents and links that are especially relevant to young professionals. The online community is ideal for ISACA members in their 20s or 30s to encourage the sharing of practical career advice on professional and personal development.

In its short existence, the group already has close to 100 participants and is home to a very active discussion board. All nine members of the Young Professionals Subcommittee are actively engaged in the online community and regularly share professional career advice, goals and strategies with other young professionals.

“Our hope is to make the group more interactive by encouraging members to introduce themselves to one another,” said Isa Ojeda, a member of the Young Professional Subcommittee. “Call me old fashioned, but I think it is difficult to relate to a group of names and titles without adding the personal touch that comes with a community.”

In addition to contributing to the community, members of the Young Professionals Subcommittee wrote an article, published in volume 1, 2011, of the ISACA Journal, that examines the importance of soft skills in career success, identifies a number of the key soft skills areas and discusses ways to improve them. At the 2011 North America Computer Audit, Control and SecuritySM (CACSSM) conference, there will be an entire track dedicated to the human factor. Two of the planned session titles are “Generation Issues” and “Strategies for Sustained Career Success,” both of which will likely address the importance of soft skills in the workplace.

“I think ISACA’s global reach provides professionals with a unique opportunity to tap into and share knowledge and thought leadership on issues of interest to the profession and its members,” said Jotham Nyamari, chair of the Young Professionals Subcommittee and member of the Communities Committee. “Working with ISACA members from around the globe, I have noted without a doubt that we all want to be successful in our careers, and I truly believe ISACA’s online Young Professionals Community is a great place for young professionals around the world to have conversations on career advice and progression.”

If you would like to interact with other ISACA young professionals from around the world, consider joining the Young Professionals Community.


ISACA Cited in Articles on Top Certifications

In today’s candidate-heavy employment climate, standing out among the competition is very valuable to advancing your career. Being recognized on an international level is even better. ISACA® helps to showcase your knowledge and experience through certifications that pave the way for continual growth in your field. The recognitions and benefits of ISACA certifications worldwide are consistently demonstrated in the media.

ISACA’s Certified Information Systems Auditor® (CISA®) and Certified Information Security Manager® (CISM®) certifications are starting the year out strong. Both have been featured in several recent publications, including:

  • In an article at GovInfoSecurity.com, CISM is called “one of the top 5 security certifications for 2011.” The article also notes CISM’s place on the list of highest paying security certifications, according to independent research by Foote Partners.
  • CISA and CISM are featured in the slide show “IT Certifications Around the World” at ITBusinessEdge.com. The slideshow features the strong global appeal of CISA and CISM.
  • CISA is described in the “Top 15 Tech Certifications Right Now” slideshow at ITBusinessEdge.com as one of the “fastest growing certifications.”

More ISACA certification recognitions can be found on the Recognitions page of the ISACA web site. Visit the CISA and CISM pages for more information regarding these certification programs. The ISACA web site also features the latest updates on the Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) certifications.


COBIT Mapping, Audit Program and SharePoint Guide Among Topical Research Available

ISACA® has research on the following hot-button topics to its available resources:

  • COBIT® Mapping:  Mapping ISO 20000 With COBIT® 4.1—The ISO/IEC 20000 series enables service providers to understand how to enhance the quality of service delivered to their customers, both internal and external. The detailed mapping consists of the information requirements of ISO/IEC 2000-1:2005 mapped to each COBIT® control objective. The structure follows the domains, processes and control objectives of COBIT. COBIT can equally be used as a reference or for additional guidance to obtain ISO/IEC 20000:2005 certification. COBIT Mapping:  Mapping ISO 20000 With COBIT 4.1 is available to members as a complimentary download on the COBIT page of the ISACA web site. It is also available to members and nonmembers for purchase from the ISACA Bookstore.
  • VMware® Server Virtualization Audit/Assurance Program—Virtual machine (VM) server virtualization provides many benefits, including increased utilization of hardware resources and cost benefits. However, a virtualized environment also exposes the enterprise to a series of new business and technology risks, including reduced controls over deployment and costly compensating controls. The VMware virtualization audit/assurance review provides management with an independent assessment of the effectiveness of the configuration, controls over and security of the virtualized servers operating under VMware in the enterprise’s computing environment. VMware® Server Virtualization Audit/Assurance Program is available to members as a complimentary download on the Audit Programs page of the ISACA web site. It is also available to members and nonmembers for purchase from the ISACA Bookstore.
  • SharePoint® Deployment and Governance Using COBIT® 4.1:  A Practical Approach is an ISACA publication by Dave Chennault, CISA, MCP, and Chuck Strain, CISA, MCSE, MCTS. It provides a comprehensive, step-by-step guide on how to deploy and govern SharePoint 2007 and 2010 using COBIT 4.1. It has become critical to use COBIT, and the techniques outlined in this book, to govern SharePoint because it is taking on more and more mission-critical applications. SharePoint® Deployment and Governance Using COBIT® 4.1:  A Practical Approach is available for purchase in the ISACA Bookstore.

Learn more about the ongoing ISACA research projects and upcoming deliverables by visiting the Current Projects page of the ISACA web site.


Read More Articles in Our Archives