In December 2011, ISACA chapter leaders and members of several international volunteer bodies (boards, committees, subcommittees) were invited to participate in an online survey covering 2 primary topics:
- Upcoming demand for guidance for audiences outside ISACA’s traditional constituency
- ISACA’s suitability as a resource for that guidance
The potential audiences (and topics) included in the survey were identified in the strategy evaluation activities ISACA undertook in the latter half of 2011, and the questions focused on a 10-year horizon, in keeping with the Strategy 2022 (S22) nature as an evolutionary enhancement to the existing strategy, which was introduced in 2009.
Survey Methodology | The Questions | Responses | Next Steps
Survey Methodology
On 8 December 2011, an update on strategy activity and a link to the online survey was sent to 3,165 recipients; the survey was closed 31 December 2011. Responses were received from 394 individuals, for a 12.4% response rate. Responses were received from 42 countries; the nations most highly represented (at least 7 responses) were Australia, Belgium, Brazil, Canada, India, Japan, Mexico, Spain, UK and US.
Survey Methodology | The Questions | Responses | Next Steps
The Questions
Eight audiences/topics were identified in the survey:
- Cloud and other outsourced services
- Implementing and optimizing enterprise value from effective governance of information and information systems
- Information systems security for those at the practitioner level
- IT professionals (e.g., solution developers, IT project managers, IT service managers, enterprise architects)
- Data-centric governance and management roles (e.g., chief data officer)
- Operational and regulatory roles related to privacy
- Business professionals outside the IT department who buy (or influence the purchase of) information-related systems (e.g., IT vendor managers or marketing managers requesting CRM)
- Non-IT risk professionals (e.g., those involved in operational or financial risk)
For each of these audiences/topics, survey respondents were asked to indicate their view on demand for practical guidance related to trust in and value from information and information systems in that area over the next 10 years (demand will increase/stay the same/decrease). If they responded that they thought demand would increase, they were asked if they would look to ISACA to be the preferred source of that guidance. If they responded that they would not look to ISACA for that guidance, they were asked to indicate what organizations/entities they considered more appropriate.
The purpose of the questions was to determine areas of growing demand and ISACA’s credibility in those areas, and to identify organizations known for expertise in those areas with whom ISACA may wish to collaborate on future endeavors.
Survey Methodology | The Questions | Responses | Next Steps
Responses
Generally speaking, there was clear indication of increased demand in each area. Responses in the “increased demand” category were in the majority for all 8 questions, ranging from a high of 90 percent for “cloud and other outsourced services” to a low of 57 percent for “business professionals outside the IT department who buy (or influence the purchase of) information-related systems (e.g., IT vendor managers or marketing managers requesting CRM).”
In addition, the majority agreed that ISACA would have something to offer each of these audiences/topics, although perhaps not working alone. There was recognition that addressing all of these areas would require significant resources, therefore it would be more effective to partner with organizations already possessing expertise and credibility in the areas outside ISACA’s traditional field. An example often cited was the need for legal experience/expertise for the privacy constituency.
There was a strong preference that any guidance ISACA might provide should be practical, whether for management or practitioner levels. Research that is too lengthy, academic, theoretical or one-size-fits-all is less useful and not immediately applicable. It was recognized that the most practical guidance may be that which is most selectively focused: to specific professional functions, industries or regions (especially if regulation is a factor).
Respondents also underlined the importance of speed-to-market, if the guidance is to be valuable. Technology and the market change so rapidly that an organization that is volunteer-driven, as ISACA is, may need new approaches to research development to keep up.
The more narrowly focused audiences outlined in these initiatives drew forth the opinion that more opportunities in these areas lie in small to medium enterprises. The potential audiences drawing somewhat less enthusiasm (or less belief in ISACA’s ability to serve them) were, as noted above, business buyers and end users, and also non-IT risk professionals and data-centric roles. However, it was noted that these roles differ considerably in large vs. small/medium organizations, and also in emerging markets as opposed to developed countries. Opportunity in one area may not exist in others.
Survey Methodology | The Questions | Responses | Next Steps
Next Steps
Feedback is still being gathered on these and other topics relating to S22. Those responses will inform the next steps, both in priority and timing.
The S22 recommendations developed during the 2011 evaluation activities also included some operational enhancements that need to be made to allow ISACA to better address its opportunities over the next decade. Many of those improvements are already underway.
Survey Methodology | The Questions | Responses | Next Steps