As a 2003 CISA recipient and a former honorary secretary of the ISACA Singapore Chapter’s board of directors, I am honored to be selected as the ISACA liaison to the International Organization for Standardization (ISO) Technical Committee 309 – Governance of Organizations.
Having served nearly three years as the chair of the US Technical Advisory Group to ISO Project Committee 278 to help develop, draft and evangelize the ISO 37001 Anti-Bribery Management System Standard, I see this as a wonderful opportunity to not only keep both the ISACA and TC-309 communities informed of significant developments in the world of governance and compliance, but also to help shape and develop newly proposed ISO standards while supporting and strengthening existing ones.
As you may already be aware, TC-309 is focused on standardization in the field of governance relating to aspects of direction, control and accountability of organizations, and is responsible for:
- Developing a newly proposed standard - ISO 37003 guidance for the governance of organizations
- Driving awareness of, supporting and maintaining ISO 37001 anti-bribery management systems – requirements with guidance for use
- Maintaining and enhancing ISO 19600 compliance management systems – guidelines
- Exploring the potential for a new international whistleblowing standard
The symbiotic relationship of COBIT and ISO governance and compliance standards, particularly in the realms of data governance, privacy, security in the cloud and the Internet of Things, likely goes without saying. However, having the opportunity to proactively and positively engage, inform, shape and contribute to this relationship with fellow subject matter experts from 40-plus countries is rare, and I thank ISACA for enabling me to participate in this partnership.
Author’s note: Judd Hesselroth is a Director in Microsoft’s Office of Legal Compliance, where he has focused primarily on anti-corruption programs and ISO 37001 since 2010, and prior to that, internal audit.