This year, ISACA celebrates an important milestone "" its 40th anniversary. Over the years, ISACA has evolved with the changing technology landscape and to best meet the needs of its members. Once again, in this important anniversary year, ISACA has announced an evolution of its strategy. In this post, I take a look at the history of ISACA and discuss where it is headed in the future with COBIT 5.0.

ISACA got its start in 1967, when a small group of individuals with similar jobs""auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations""sat down to discuss the need for a centralized source of information and guidance in the field. In 1969, the group formalized, incorporating as the EDP Auditors Association. In 1976, the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.

Today, ISACA's membership""more than 86,000 strong worldwide""is characterized by its diversity. Members live and work in more than 160 countries and cover a variety of professional IT-related positions""to name just a few, IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. ISACA has more than 175 chapters established in over 70 countries worldwide, and those chapters provide members education, resource sharing, advocacy, professional networking and a host of other benefits on a local level.

Its Certified Information Systems Auditor (CISA) certification is recognized globally and has been earned by more than 60,000 professionals since inception. The Certified Information Security Manager (CISM) certification uniquely targets the information security management audience and has been earned by more than 10,000 professionals.

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for IT management created by ISACA and the IT Governance Institute (ITGI) in 1996. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of IT.

COBIT's success as an increasingly accepted set of guidance materials for IT governance has resulted in the creation of a growing family of publications and products designed to assist in the implementation of effective IT governance throughout an enterprise. It has, in effect, enabled the emergence of an ecosystem related to COBIT.

As an influential, established organization, ISACA has grown dramatically over the past decade and expanded far beyond its origins in IS audit. This growth has brought with it a multitude of new products and services, a dramatic increase in constituents, and a secure financial base.

Consequently, ISACA has decided to evolve its strategy.

The vision statement"""Trust in, and value from, information systems"""represents the goal the association aspires to achieve. Because trust and value from information systems are the results of the efforts of ISACA's constituents, the association must provide the tools to help constituents generate those results, as noted in the mission statement.

The mission statement"""For professionals and organizations to be the leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance"""contains in a few words a clear definition of ISACA's target audiences, its products and services, and its areas of professional expertise.

One outcome of the market research that preceded the strategy development was the recognition of the widespread awareness of the COBIT brand. To capitalize on that awareness, much of ISACA's and ITGI's existing intellectual property (IP) will be restructured under the COBIT umbrella.

The planned expansion of the COBIT framework (working title: COBIT 5.0) will provide a complete view on enterprise governance of IT. COBIT 5.0 will integrate the existing ISACA/ITGI frameworks""COBIT, Val IT, Risk IT, Board Briefing, ITAF and BMIS""in order to establish one overarching, common framework for all ISACA/ITGI constituents to improve market acceptance and ease of the framework's adoption.

The COBIT 5.0 scope will cover the governance and management levels, while the supporting product set will cover all applicable levels, including practitioner guidance. COBIT 5.0 will be clear on the concepts of enterprise governance and management of IT and their relative positioning, building from the Taking Governance Forward work; the Evaluate, Direct, Monitor (EDM) approach from ISO38500; and the Plan, Build, Run, Monitor (PBRM) approach from COBIT 4.1; and also support the balancing of the performance and conformance aspects of the enterprise governance of IT.

I look forward to watching the developments as COBIT 5.0 takes shape in the coming months and to continuing to support ISACA as it evolves.




*Image used under Creative Commons License, courtesy of D Sharon Pruitt.