ISACA Strategy FAQs 

 

Originally published in Global Communiqué volume 11, 2009.

The ISACA strategy, unveiled during the first half of 2009, is well along the implementation path. Perhaps one of the most readily noticed changes is the revision of ISACA’s volunteer governance structure to more closely align with strategic objectives. The Invitation to Participate brochure (which is combined with the nomination form this year) features a description of the “charge” for each of the boards, committees and subcommittees—the groups responsible for helping ISACA achieve its strategic goals.

Questions members have raised about the strategy include the following.

How does the strategy align with the balanced scorecard (BSC) ISACA has been using over the past several years?

It aligns very well and the 21 initiatives identified in the strategy have been mapped to the BSC strategy map. Some minor adjustments were made to the BSC to fully align the two, but in general, they are very much in step.

ISACA has been referring to its areas of expertise as assurance, security and governance. Are those still target areas?

Yes, ISACA still focuses on the three topic areas, although the association is attempting to take a more holistic view of its content and activities, rather than a siloed approach. ISACA’s new mission statement clearly states that the association’s emphasis is on “information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance.” As such, the three areas of concentration are still present, but may be addressed in slightly different ways.

ISACA has, particularly through ITGI, been pursuing the CXO level. Will that continue?

ISACA is still interested in the CXO level, but from a different angle. Whereas previously the association targeted those individuals as potential members, we now regard them more as “influencers”—the people who weigh heavily in decisions relating to which organizations’ employees can join, which certifications they need, which frameworks they use in-house, etc. They are still very important to ISACA (and ITGI), but in a slightly different way.