Current Projects 


Audit/Assurance Programs

ISACA is currently updating the audit/assurance programs for COBIT 5. The first group of programs to be released will be a series of programs for the COBIT 5 processes, based on the generic structure developed in the COBIT 5 for Assurance publication. The new audit/assurance programs will be fully aligned with COBIT 5, and will explicitly reference all seven enablers. The programs will be released by domain.

DevOps Series

DevOps refers to the movement within IT to improve relationships between development and operations. It relies on agile-like development methods, allowing smaller code changes to be released more frequently (e.g., every 5 to 6 days) when compared with traditional development and release management (e.g., with long cycle times). These methods may be especially promising for new web-based applications (e.g., more than legacy applications). The first publication in this series is an overview white paper scheduled to be issued in the second quarter of 2014.

Operational Risk Management/Basel Using COBIT 5

This will provide an update of the existing publication “IT Control Objectives Basel II” to align it with COBIT 5 and related publications. Concepts will be updated to reflect the current state of the technology, challenges, risk and necessary assurance practices. This book is scheduled to be available in first quarter 2015.


The book will describe the importance of protecting credit card and customer data and the role that compliance with the PCI DSS requirements plays in helping organizations develop and implement a security model that ensures the protection of data used for credit card processing. It will provide practical guidance related to the PCI DSS compliance requirements to help members understand how to achieve and maintain compliance with the standard through a robust security program that covers all six domains described in the PCI DSS standard. This book is scheduled to be available in fourth quarter 2014.

Sarbanes-Oxley: Using COBIT 5

This publication updates the 2006 edition of this practical guide for executive management and IT control professionals when evaluating an organization's IT controls required by the US Sarbanes-Oxley Act of 2002. It will provide practical guidance on using COBIT 5 when performing SOX engagements. It is scheduled to be available in third quarter 2014.

Security, Audit and Control Features SAP ERP, 4th Edition

This publication updates the 2009 edition of this practical, how-to guide in the technical and risk management series. It enables assurance, security and risk professionals (both IT and non-IT) to evaluate risks and controls in existing ERP implementations and facilitates the design and building of better practice controls into system upgrades and enhancements. It is scheduled to be available in fourth quarter 2014.