ISACA Journal
Volume 6, 2,015 


The Network 

Nickson Choo, CISA, CRISC, CFE 

Nickson Choo, CISA, CRISC, CFE, has more than 24 years of corporate and professional experience. He started his career in the internal audit function of a Fortune 1000 insurance company and has more than 12 years of insurance experience working in several life and general insurance companies in various operational positions. He was the president of the ISACA Malaysia Chapter in 2004 and 2006-2008. Choo currently serves on the board of governors of IIA Malaysia and was the chair of the ISACA Membership Growth & Retention Committee from 2012-2015.

What has been, or do you anticipate being, the biggest compliance challenge in 2015? How will you face it?

Cybersecurity. Every business must have a program in place to periodically assess its security posture and continue to invest and upgrade its hardware and technologies to reduce risk in this area.

What is your favorite blog?

Dilbert. It is awfully funny and sometimes seemingly meaningless, and yet it can mean so much.

What is on your desk right now?

  • 3 powerbanks (one can never get enough of them)
  • An external hard disk drive (encrypted of course)
  • My trusted iPhone
  • A tray full of old IT-related magazines

How has social media impacted you professionally?

LinkedIn has helped me to connect with other similar IT professionals, as well as identify and connect with existing and potential clients.

What is your number-one piece of advice for other risk professionals?

Join ISACA and keep yourself updated. The day you stop receiving updates on what is happening in the industry is the day you start becoming obsolete.

What is your favorite benefit of your ISACA membership?

The local chapter networking events. The ISACA Malaysia Chapter has some of the best and most fun networking events around.

What do you do when you are not at work?

When I am not at work, I am kicking up dirt on a golf course somewhere and trying hard to be a better golfer.

Question As a risk and governance professional, how do you believe your background in IT audit has supported and guided your career to date?

Answer I believe my background in IT auditing gave me the foundation to help my clients identify process improvement opportunities and system controls expected within each system. In addition, being an IT auditor and knowing all the risk factors also helped me appreciate the nature of the client business better.

As I have progressed in my career in the risk advisory services, my background has allowed me to better advise and guide my clients toward achieving their business objectives while balancing the costs and benefits of good controls. I have learned that in this world where we are increasingly dependent on technologies to assist us, the principles I have learned from being an IT auditor have allowed me to better assess any given technologies.

Question What do you see as the biggest risk factors being addressed by governance of enterprise IT (GEIT) professionals? How can businesses protect themselves?

Answer One of the biggest risk factors we face is really from the cybersecurity realm. Companies are regularly reacting to threats and cyberattacks. This is especially true in Malaysia and surrounding regions where political sensitivity is at an all-time high within each country and even between countries.1

Other key threats include protection of business information as we have seen leakages of crucial and sensitive documents and communications being published online causing untold embarrassment and public relations nightmares for businesses. Increasingly, companies need guidance and assistance from IT professionals to be able to protect their businesses against such threats without disruption to their operations and business objectives.

Question You first moved up the ranks in IT audit and then transitioned into risk management and governance. For someone new in their professional career or someone looking to make a similar transition, please describe how you have made these changes and adjusted to new roles.

Answer My number-one piece of advice to anyone who wishes to pursue a similar career path is to join ISACA. To be successful in this industry, you need to stay up to date on the latest in the industry and ISACA provides excellent resources in this area. In addition, ISACA certifications are sought after and provide that needed assurance of your skills and knowledge to employers and clients.

I have been a member of ISACA for more than 15 years, and the local chapter has provided me an excellent platform from which to network, interact and exchange ideas with my peers. The continuing professional educations programs in place have been key to developing and enhancing my skills and knowledge in IT audit, risk management and governance.

Question Having begun your career in IS audit, how do you think the role of the IS auditor is changing or has changed? What would be your best piece of advice for IS auditors as they plan their career path and look at the future of IS auditing?

Answer If you are starting off as an IS auditor, I would say that you have made the right choice. This profession is highly sought after and will continue to be in high demand as a result of society’s and businesses’ dependency on technology. An IS audit world will no longer be confined to just auditing a core business system, but will open up to include mobile devices, cloud-based systems, Internet devices and multiple storage sites. Undoubtedly, the required skill sets and expectations of an IS auditor will increase significantly but, of course, the rewards and remuneration will increase proportionately as well.

Question What has been your biggest workplace or career challenge and how did you face it?

Answer I guess the biggest workplace challenge I have faced is the lack of good IT audit resources. Although we have lots of IT graduates each year into the market place, they lack the required skill sets and knowledge required. ISACA is trying to accelerate this process by introducing a model syllabus, forming ISACA student groups and appointing academic advocates at selected universities. All of these efforts will help create graduates who are able to quickly integrate into businesses and help fill the shortage of IT audit resources.


1 Yutim, Haider; “Indonesians Fury Over ‘Fire Your Indonesian Maid’ Ad,” 4 February 2015,


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.