Five Questions With... 

Download Article Article in Digital Form


With extensive experience across the Queensland, Australia, public sector, Tony Hayes is the deputy director-general of the Department of Communities, Child Safety and Disability Services in the Queensland Government, Australia. He has worked on various whole of government projects, change management initiatives, task forces and in-line management positions in many departments in the Queensland Government.

For 11 years, Hayes has also held a number of senior appointments with the Certified Practising Accountants of Australia as a member and national chair of the Information Management and Technology Centre of Excellence. In 2003, he was appointed to the Board of ISACA and the IT Governance Institute (ITGI) and has served on ISACA’s Finance Committee and Strategy Advisory Committee.

Hayes is also an adjunct professor and a member of the Business Information Systems Advisory Committee for the School of Business at the University of Queensland.

When not working, Hayes enjoys spending time with his family. His passions include surfing (or anything on the beach for that matter), cooking, gardening and exercise.

With the new challenge as the 2013-14 ISACA international president, Hayes looks forward to working with all board and committee members, chapters and volunteers to begin the delivery of ISACA Strategy 2022 initiatives and ensuring ISACA’s place as the global thought leader promoting trust in and value from information and information systems.


As ISACA’s incoming international president and the deputy director-general of the Department of Communities, Child Safety and Disability Services in the Queensland Government, Australia, how do you see ISACA growing and adapting to the constantly changing marketplace and needs of its constituents over the next year?


Strategy 2022 (S22) provides ISACA with a 10-year aspirational vision for our current and future members, strategic relationships with other associations and enterprises, as well as how we need to continually look at our service delivery going forward.

As a result, S22 provides us with a vision for what I often say are the ‘lights on the hill’. Therefore, implementation of the various strategies, projects and initiatives of S22 will ensure ISACA is well positioned and respected as the global thought-leading organisation that promotes trust in and value from information and information systems.

S22 will not be delivered all at once, as each strategy and initiative has been staged and sequenced over the 10-year period to enable proper consideration of costs and benefits and ensure that decisions are well informed by membership and market needs, particularly as each new year will present new technology challenges and opportunities.


Having recently started your new position as deputy director-general of the Department of Communities, Child Safety and Disability Services, please tell us about your new role and responsibilities. What in your past experience best prepared you for this position?


After having been in the role of associate director-general of the Department of Communities for the last three years, where I was the senior executive responsible for all service delivery for this agency across the state of Queensland, an opportunity presented to take on this time-limited role to lead a number of major service delivery reforms.

My new role as deputy director-general (projects and reform) is a great opportunity to lead a concentrated effort to change our approach to service delivery on a number of fronts. With significant government priorities to address inefficiencies, reduce costs, ensure that services are more contestable with the broader marketplace and position the state for various national reforms in human services, it was very attractive to me to be involved in these leading-edge initiatives.

Critical in the planning and delivery of these reforms is the provision of quality information sourced from a number of IT platforms. Monitoring our progress and achievement of the key elements of the business case, along with strong programme and project management and governance, will be fundamental to success.

Throughout my career I have been involved in many change management and reform initiatives that have seen new business processes and alternative ways of delivering services to clients internal and external to government. My history as an audit executive responsible for IT, operational/efficiency, financial/ compliance and risk audits has been invaluable as a foundation before taking up senior executive roles in corporate and resource management, including oversight over roles equivalent to chief information officer (CIO) and chief financial officer (CFO) in very large enterprises.


What do you see as the biggest risk factors being addressed by IT auditors, governance, risk management or security professionals? How can enterprises protect themselves?


Each of these roles has a common base or foundation— that is, the product produced in almost all instances is advice. So, for me, the biggest risk facing these professionals is not the tools or frameworks or methodologies utilised but rather how much notice the board or senior executives take of this advice. The connection and access to senior executives and the way messages are relayed to senior groups by professionals is critical.

My observation is that this is still a challenge for many enterprises as some senior executives do not understand the enormous benefits and utility that can be obtained by understanding and acting on the advice provided by these professionals. Equally, it is incumbent upon the professionals to deliver their services in a manner that garners confidence, trust and value.

So, in summary, building relationships and delivering a highly professional service that is respected and valued by your enterprise is as important as, or maybe more important than, anything else.


How do you believe the certifications you’ve attained have advanced or enhanced your career? What certifications do you look for when hiring new members of your team?


Being a member of and holding certifications from professional associations such as ISACA have been and continue to be very important to me as I have progressed through the ranks of my audit experience to various senior executive roles. Having up-to-date knowledge of the latest trends, approaches, methods and frameworks always helps to broaden your knowledge base and experience—whether you provide advice or are the recipient of advice and/or the decision maker.

The information and information technology industries worldwide have grown up and matured with their fair share of problems, budget blowouts, time overruns and, in some cases, disasters. However, it must be said that some of the greatest business success stories have also come about through the sound use of information and information technology.

So, for me, it is important that professionals in this area are credible, respected and come with having achieved certain standards and certifications relevant to their professional offering. ISACA credentials and certifications are truly global and are a statement that differentiates true information and information technology professionals from the others.


What has been your biggest workplace or career challenge and how did you face it?


I can reference many significant and complex projects, reforms and change management initiatives, most of which were enabled by information and information technology. However, the biggest challenge facing us all is getting balance in our lives. I often talk to staff and sometimes university graduates about this very important topic.

I am committed to ensuring a constant balance and adjustment among the most important issues in our lives: maintaining personal relationships, particularly family, professional networks and associations; keeping up to date with your body of knowledge, whatever that might be; and having some time for your well-being emotionally and physically.

That said, the most important issue is knowing when those are out of sync and doing something about it. If this is not recognised, eventually something will come unstuck and all of these balancing items will be affected in some way. Getting the balance is not just the province of senior executives, but it is a priority for everyone to ensure that you can deliver as a professional in your chosen area or specialty.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2013 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.