ISACA Journal
Volume 3, 2,014 


The Network 

Rosemary M. Amato, CISA, CMA, CPA, CSSGB 

Rosemary M. Amato is a director for Deloitte based in Amsterdam, The Netherlands. She is the program director for the Global Client Intelligence program and leads a team of professionals located around the world with the responsibility for providing timely, complete and accurate quantitative global client information to those who require it to serve clients with distinction. She has been with Deloitte for almost 17 years and, prior to her current role, led the Global Enterprise Risk Services (ERS) Knowledge Management team. She currently sits on ISACA’s Knowledge Board and cochairs ISACA’s Knowledge Management and Education Committee.

Opinions expressed in this interview are her own and do not represent opinions of Deloitte.

Rosemary M. Amato

On My Desk Right Now

I’m never at my desk. Working virtually, I can be anywhere, but there is always a cup of coffee or tea nearby.

What are Your Three Goals for 2014?

  1. Taking better care of my physical well-being
  2. Taking better care of my mental well-being
  3. Remembering that life has so much to offer and not let it pass you by, but grab it for all it is worth

What's Your Number One Piece of Advice for Other Governance, Risk and Compliance Professionals?

Continue to learn and learn and learn. You will always have opportunities if you never stop learning.

What's Your Favorite Benefit of Your ISACA Membership

Participating on the Knowledge Board and cochairing the Knowledge Management and Education Committee—I can give back while gaining so much knowledge.

What Do You Do When You’re Not at Work?

Read, travel, read, snow ski (when not injured), read, cook, just enjoy life, and read. (See a pattern there?)

Question How do you think the role of the information systems (IS) auditor is changing or has changed?

Answer The role of the IS auditor has definitely changed and I believe it will continue to change. That is just the normal evolution in the workplace. If we do not change, we become stale—outside forces are demanding that we change to keep up with what is happening in the businesses we audit. However, there is one area in which we are not reacting to change enough. We must get involved with regulatory discussions as they are happening and provide input. I believe, in the past, IS auditors would just wait until laws were put into existence, then change audit programs to accommodate the new requirements. As IS auditors, we need to be advocates to make sure the public understands the impact of a new law and not just allow things to be forced upon us. We need to be trusted business advisors both within our business community and the outside world of regulation. I am sure many IS auditors are getting involved in this area, but I do think there is room for improvement.

Question What do you see as the biggest risk factors being addressed by governance, risk management, security or audit professionals? How can organizations protect themselves?

Answer This is a difficult question to answer as risk is so encompassing. It is changing every minute, every hour, every day, and it is so different depending on what country you are in, what industry you are in, and so forth. Right now, everything dealing with the cloud is a big area of focus. But, do we really understand what it means when data are in the cloud? Organizations can protect themselves by doing their research, getting facts, analyzing data and making sure that before they step in to do something, they understand the risk factors and have a risk framework in place to mitigate risk as soon as it is identified. Continued vigilance and awareness are key. You do not know what you do not know, but you can work at trying to know it earlier rather than later.

Question How do you believe the certifications you have attained have advanced or enhanced your career? What certifications do you look for when hiring new members of your team?

Answer Getting my Certified Information Systems Auditor (CISA) certification was definitely a boost to my career, as was achieving the Certified Management Accountant (CMA) certification. Certifications build a professional’s self-confidence and they show the outside world that you have gone that extra step to demonstrate that you are a professional in the area in which you specialize.

Certification helps define a professional. When I interview candidates for my team, I look for certifications in the areas in which they are going to be working. If they say they are a professional, they should be certified in something and be active in the organization that offers the certification.

Question What will be the biggest compliance challenge in 2014? How should it be faced?

Answer Compliance challenges in 2014 will continue to inundate the profession. I think the biggest compliance challenge will be to just understand all the regulations—old, new and those yet to be written into law. We will need to be advocates to make sure regulations are put into law only when they have an objective that can be clearly met and executed, and, more important, are able to be assessed properly for their effectiveness.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.