agenda Who is ISACA What does ISACA bring to the table INTOSAI ISACA Opportunities Background Who Are We Nonprofit IT Professional membership association founded in 1969 Over 140000 professionals 220 chapters in 180 countries ID: 1043669
Download Presentation The PPT/PDF document "ISACA OVERVIEW June 2015" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. ISACA OVERVIEWJune 2015
2. agendaWho is ISACAWhat does ISACA bring to the tableINTOSAI / ISACA Opportunities
3. BackgroundWho Are We?Nonprofit IT Professional membership association founded in 1969Over 140,000 professionals, 220 chapters in 180 countriesWhat Do We Do? Assist IT leaders - trust in, & value from, information & information systems Provide knowledge, standards, networking, and career development for information systems audit, cyber security, risk and governance professionals.How Do You Know Us?CISACRISCCISMCGEITCOBIT
4. ISACA - strong ties with notable global entitiesAs illustrative examples, ISACA has relationships with:ISO—ISACA holds the highest possible liaison status for three committeesIFAC – Member and serve on Consultative Advisory GroupENISA and NIST—Joint programs and champion of Cybersecurity MonthSFIA – Member of Advisory Council – IT Skills for Information AgeCIONET—A partner on a governance study
5. ISACA - helping shape the futureBuild engagement among all professions.Adapt as professions have growing dependencies.Become more agile and responsive to quick-changing market trends.Utilize market research and insights to ensure needs are being met.
6. ISACA’s multidisciplinary approachOffers tools for all related areas.Understands that Risk, Audit, Governance and Security rely on each other and must be interconnected. No profession stands by itself.
7. Key factors for all focus areas:Remove silos. Develop a strong network of diverse professionals.IT transformation is the new normal.
8. professionals in all focus areas.
9. Focus area: IT audit/assuranceGlobal requirements are fueling the need for more IT audit/assurance guidance and tools. Areas of growth include mandatory audits of an organization’s privacy and cybersecurity policies.Analytics are increasingly viewed as a key enabler of the execution of audit strategy.
10. ISACA Offer: IT audit/assuranceIncrease engagement with leaders in the field. Use data insights to generate new tools for professionals and Audit Committees. Recognize that technology is changing the way auditors plan and execute audits.
11. Future trends: IT audit/assuranceCyber security and privacy are rated as top technology challenges of IT auditors.*Enterprises face significant IT audit staffing and resource challenges.*Audit/IG committees are becoming more engaged in IT audit.*IT audit risk assessments will need to be conducted more frequently.*IT audit reporting structures and audit reports will be improved.**IT Audit Benchmarking Survey, ISACA and Protiviti, 2014
12. Focus area: IT governanceIncreased use of IT has allowed the opportunity for enterprises to be more efficient – also has shown the large need for IT governance.Cloud
13. Future trends: IT governanceThere is a greater need for managing staff “technology information” gaps.IT governance will increasingly need to address risk management and cybersecurity. Accounting standards will continue to converge. Organizations will increasingly establish data governance policies and practices.
14. ISACA Offer: IT governanceFurther guide enterprises on:Increasing transparencyImproving the agility of IT governanceExpanding utility of IT governanceCreating robust value-creation plansDeveloping results-focused milestonesEnsuring disciplined internal controlsCultivate and support COBIT training and usage globally.
15. The Cobit 5 frameworkHelps enterprises to create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource useEnables information and related technology to be governed and managed in a holistic manner for the whole enterprise, taking in the full end-to-end business and functional areas of responsibility, considering the IT-related interests of internal and external stakeholdersPrinciples and enablers are generic and useful for enterprises of all sizes, whether commercial, not-for -profit or in the public sector
16. Cobit 5 Principles
17. Cobit 5 Enablers
18. Governance and managementGovernance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed direction and objectives [EDM]Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives [PBRM]
19. Enterprise benefitsEnterprises and their executives strive to:Maintain quality information to support business decisionsGenerate business value from IT-enabled investments, i.e. achieve strategic goals and realise business benefits through effective and innovative use of ITAchieve operational excellence through reliable and efficient application of technologyMaintain IT-related risk at an acceptable levelOptimise the cost of IT services and technology
20. Focus area: Information and cyber securityDigital technologies are: The backbone of the world economyKey enablers of innovation, freedom and prosperity -and-Trust is the foundation of the digital market—it is now a matter of public safety.
21. Future trends: information and Cyber securityCyberattacks will increase, and will become even more profitable.There will be a continued gap in skilled professionals. Cybersecurity will become exponentially complex.Regulatory and policy bodies must coalesce.Investments in cybersecurity will increase. (But will it actually help?)Effective cybersecurity will be viewed as a competitive edge.
22. ISACA offer: Cyber securityGenerate insights into innovative programs and guidance that are needed and not yet available. Increase collaboration with public and private entities.Develop deeper engagement with potential cybersecurity professionals (students, women, career-changers)
23. csx – a paradigm shiftSkills-Based Training and Performance-Based CertificationsDesigned to help build, test and showcase skills in critical areas of cybersecurity – prove individuals have the ability to do the job from day one.Unlike other certifications available today which test for knowledge in a question and answer format, CSX training and exams are conducted in a live, virtual “cyber lab” environment — providing validation of actual technical skill, ability and performance.Training will be available through leading global training partners, to help professionals build skills needed at each certification level
24. Global Event in North AmericaSAVE THE DATE: October 17 – 21Register at: https://www.isaca.org/cyber-conference/register.html Global event sponsored by ISACA for the cybersecurity community and those seeking current knowledge of cybersecurity threats and defenses and to build or enhance technical cyber skills and capabilities
25. Focus area: IT riskPublic and private sector environment continues to evolve quickly. Heads of State and Agency leads as well boards of directors and executive management teams cannot afford to manage risks casually on a reactive basis, especially with the rapid pace of disruptive innovation and technological development.
26. Future trends: IT riskNeed to increase the risk qualifications of most senior members.Staff will be encouraged to proactively identify and mitigate risk. Operations will need to evolve to address performance and go-to-market risk. Emerging technologies will address global problems and create new capabilities, but also present hard-to-foresee risk.
27. ISACA Offer: IT riskIncrease practical guidance on risk related to new technology.Improve understanding of business risk in addition to technical risk. Develop practical risk-related guidance on Basel III and operational risk.
28. INTOSAi WGITA / Isaca Collaboration SupportGuidance for IT Audit handbooks and standardsCybersecurity developments – IT AuditIT Governance projectRecognition of ISACA certifications, knowledge and frameworksSupport for INTOSAI and ISACA journals
29. INTOSAi WGITA / Isaca Collaboration SupportGrowth through local and regional Chapter events - support as CPE/CPD. Dialogue opportunities with Chapters and regional GRA Committees Two way input and support via websites Training guides and certification areas - CPE/CPD
30. Questions and discussionTHANK YOU!