what ISACA needs

Toronto, 2013.11.12

I belong to an IT governance, audit, and security organization called ISACA. It's a fairly useful organization for me in particular because their research and publication arm is by far the best in the field. They also offer a jumbled mess of undistinguished certifications that I've avoided. Today they sent me a survey, and asked my opinion on what they should be doing in the certification space. Here's what I told them:

"ISACA is well positioned to turn the current CGEIT certification into a CIO's designation. This should be a multi-discipline, multi-exam certification that requires a comprehensive study program more similar to the CMA in scope and difficulty - about 2/3 of a master's degree would be about the right level. This should incorporate ISACA's excellent IT governance materials but should also include business management techniques.

Leaders in the field of IT are expected to thoroughly grasp the organization’s use of information. But also the management of: + technical and process projects and “change”; + external parties (supply chain, clients, regulators); + a broad range of technical, strategic, operational, human, and reputation matters.

Technology organizations in fields as diverse as financial, insurance, health, media, and government are coming under greater pressure to improve the availability, security, cost, and compliance profiles for the portfolio of services offered. Among these profiles some common theme emerges, and there is currently nothing out there but the trial-and-error of experience in the field to lead senior IT practitioners. No MBA program in the world comes close to training for the CIO's role.

Just look at ISACA's tag line: Trust in, and value from, information systems. ISACA can do this!"

I'd be happy to be a part of developing such a program. I gave them my name and email address, we'll see if anything comes of it.

leave a comment

By submitting this form you agree to the privacy terms.