CACS Conferences Prove a Worthy Investment

The Electronic Data Processing Auditors Association (EDPAA) badly wanted to purchase the powerhouse Computer Audit, Control, and Security (CACS) conference in the mid-1980s. Industry pioneer and CACS founder Harold Weiss was ready to step away from running CACS and thought EDPAA was a natural fit to purchase his prized brand.

It was an ideal match, except for one big problem: Weiss wanted US$1 million to sell the conference, and EDPAA did not have anything close to that available. A delicate, slow-moving negotiation ensued between Weiss and Michael Cangemi, who represented EDPAA in the talks as the organization’s vice president of education, and eventually as international president (now called board chair).

“I would always be very polite, tell him we were very interested, tell him it was a wonderful product, and tell him we didn’t have money,” said Cangemi, who noted that fellow past board chairs John Lainhart and Donald Grant also were heavily involved in the acquisition effort. “So, after maybe four or five of those meetings, I went to the board and said, ‘Why don’t we put together a deal where we offer to pay him out of the future earnings of the conference with an earnout?’”

Cangemi also engaged in a bit of flattery, explaining to Weiss that without his continued involvement in the conference, the risk of success was great, using the analogy of buying the New York Yankees baseball franchise without getting the legendary Babe Ruth in the deal. The approach worked. In 1985, with a down payment of approximately $30,000, plus the promise of a share of future conference revenue (more reliable than a percentage of earnings) until reaching $330,000 in total, EDPAA (now ISACA) took ownership of the renowned CACS conference series. It is a maneuver that has stood the test of time.

“We’re still using that name, so you can see the power that came with it,” Cangemi said.

More than 30 years later, as ISACA prepares to celebrate its 50^th anniversary in 2019 at CACS conferences in Asia (which took place in early April), North America (in Anaheim, California, USA from 13-15 May), Africa (19-20 August in Johannesburg, South Africa), South America (26-27 August in Santiago, Chile), Oceania (12-13 September in Auckland, New Zealand) and Europe (16-18 October in Geneva, Switzerland), it is evident that the $30,000 down payment was quite the investment – not that it came easy at the time.

“We wrote the check to [Weiss] for $30,000, and it wiped us out,” Cangemi said. “We were basically putting staff on short weeks and delaying paying bills.”

Despite the considerable short-term sacrifice, Cangemi and his EDPAA colleagues sensed major long-term upside. At the time, the association was involved in a seminar program with the Coopers & Lybrand accounting firm and also had a chapter-led annual conference, but there was no comparing either to the unrivaled educational program that Weiss had created with CACS.

“CACS was extremely valuable because there was no competition like it,” Cangemi said. “Our annual conference at ISACA was more of a gathering of the clans. It was fun, and you had a good conference program, but people took their families, it was at Disney … CACS was one week long, you wore a suit, and you went to get educated.”

After taking control of CACS, EDPAA sought to carry on the rigorous program vetting that previously had been overseen by Weiss, who Cangemi called “a stickler for quality,” known for interviewing prospective conference speakers for hours. EDPAA put in place a CACS program development committee and hired highly regarded professor Ira Weiss (no relation to Harold) to spearhead the program. CACS remained a success through the transition, and the conference – much like the association overall – received a major boost in 2002 with the enactment of the US Sarbanes-Oxley Act, which necessitated more professionals capable of implementing IT controls, and related knowledge offerings.

While the CACS conferences of today still maintain a focus on audit and assurance, the conference program has evolved over the years to reflect the growing demand for knowledge in areas such as information security, emerging technologies and digital transformation. The CACS conference locales, too, have expanded as the organization continues its global growth beyond the US – Mumbai, India; Budapest, Hungary; Bogota, Colombia; Broadbeach, Australia; and Makati, Philippines, are just a sampling of the cities that have welcomed CACS conferences over the past 10 years. CACS conferences have added new components such as high-profile keynote speakers, networking and social events, and robust exhibition halls showcasing the latest industry tools and techniques.

“ISACA’s CACS conferences have a longstanding tradition of equipping attendees with valuable guidance that they can take back to their organizations to better address their major challenges and opportunities,” said Amanda Raible, senior manager of ISACA’s conference and program experience. “It has been exciting to see our conference program continue to build off that strong foundation and find new ways to connect with returning and new attendees alike, all around the world.”

Fittingly in ISACA’s 50^th anniversary year, the 2019 North America CACS conference is taking place just outside Los Angeles, California, USA, where EDPAA was launched in 1969. CACS conferences in 2019 will feature a 50^th anniversary “opening platform,” as well as panel discussions analyzing disruptive technologies over the years and the spectrum of professions that ISACA continues to influence.

Cangemi views the CACS conferences’ staying power with great pride, especially given the patience and persistence involved in striking the original deal.

“It was a huge accomplishment to get that conference,” he said.