Bob Treadway is a strategy advisor and consulting futurist who, for more than 25 years, has helped organizations and individuals anticipate and take action on what lies ahead. His clients include Gillette, Motorola, ExxonMobil, Berkshire Hathaway, the US Social Security Administration, Syngenta and the US National League of Cities. However, Treadway also enjoys working with small, creative organizations that use innovation and nimbleness to succeed in highly competitive environments. He recently spoke at ISACA’s World Congress in Washington DC, USA, and IT Governance, Risk and Compliance Conference in Orlando, Florida, USA. For those who missed these opportunities to hear him speak and for those who did hear him speak and would like to hear more, Treadway provides some detail here about the IT audit and security professions and their futures.
For most of the year, Treadway lives in Anacortes, Washington, USA, on an island in Puget Sound. The remainder of the year, he lives in and travels from San Diego, California, USA, to work with clients in North America, Europe and Latin America.
What does the future hold for IT auditors and/or security professionals?
They will experience positive upward movement in their organizations if they are willing to be flexible and broaden their expertise. Professionals must readjust their view of control, risk and compliance in this new environment. They must serve both the user and departments across the enterprise and protect the crucial assets of the organization.
There is recognition at top management levels and even at the board level that IT professionals who have a combination of technical and businesssavvy skills need to be in the C-suite, trusted by the board and on track to succeed at the highest levels of the organization. The individuals who make that move will be as competent and well practiced in strategy, leadership, persuasion and competitive positioning as they are in the specialized skills for their profession.
How do you see information management practices in business changing in the short and long term?
I work most often in strategy sessions and top-level management decision-making meetings. I have not conducted one session in the past three years that has not included IT considerations as a key ingredient for future success. I can only see IT management practices gaining more attention, resources and emphasis as we move into the future.
How important is it to IT audit, security, governance and risk management businesses to look to and plan for the future?
It is essential, but it is important to consider more than just the anticipation of IT security threats or new offerings coming from vendors. I believe it is even more important to anticipate how the enterprise will leverage IT and how the IT division must provide even more value to the rest of the enterprise. The most important factor is the human interface.
At ISACA World Congress: INSIGHTS 2011, there was a consistent theme of the human interface that ran through almost all presentations, panels and interviews. One expert after another cited the need to adapt to users, allow independent decisions by individuals and be ready to take advantage of human adoption trends.
How do you see the role of governance of enterprise IT changing in the long term?
The enterprise, leadership and, especially, the user are and will be more in control in the future. They are already, as I have pointed out.
Legislation and regulation will continue to add requirements and considerations for IT governance. In the next decade, we will probably see several events that will cause a new layer of controls and compliance. I would envision the following as having a 50-percent or higher probability before 2020:
What has been your biggest professional or career challenge, and how did you face it?
As a consultant, I am sometimes witness to denial, rigidity and lack of foresight. Creating a forward-looking organization that develops a flexible, robust strategy depends on anticipatory habits at all levels. If top management is unwilling to deal with possibilities and, especially, probabilities, then my work can be unsuccessful.
I occasionally see denial in the C-suite. I have found that when I ask leaders to examine implications, form “stories of the future” and appeal to those with foresight, I can gain some traction. There have been a few times when I was unsuccessful at first only to be invited back after events occurred that pointed out the shortcomings of denial.
I have found that telling the truth as I see it—being completely honest when it comes to foreseeing the future— and backing my conclusions with logic and persuasion are best practices. I believe those are the same best practices to support the needs of IT auditors and security professionals.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2011 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.