Upload
lamnhi
View
224
Download
1
Embed Size (px)
Citation preview
ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT
2013 MORE
ISACA_AnnualReport_FINAL.indd 1 5/14/14 1:01 PM
2 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
At ISACA, MORE is the basis of everything we do.
ISACAHQ
@ISACANews
ISACA (Official)
+ISACA
ISACA HQ
ISACA Knowledge Center:
www.isaca.org/knowledge-center
ISACA_AnnualReport_FINAL.indd 2 5/14/14 1:01 PM
3
“More.” It’s a simple word that, for ISACA® and its constituents, embodies a great deal. We
strive to provide more value to our members, enabling them to offer more benefit to their
enterprises. We accomplish this by keeping a laser focus on delivering thought leadership,
valuable resources and networking opportunities to our diverse constituents worldwide.
2013 was a year of incredible progress. Significant activities were undertaken to provide
the underpinnings that support our strategic direction. To lay this foundation, we clearly
defined who ISACA serves and who we count on to achieve our goals. We also updated
our strategy map and further defined business goals for our three primary areas of
focus: relations, knowledge, and credentialing and career management.
Just as the world is in a constant state of flux, so too does ISACA evolve and transform.
It is not enough to be at the forefront of trends such as big data and the Internet of
Things. We are keenly aware that we must be, and do, more.
That said, one constant is ISACA’s commitment to serving each of our more than
115,000 members and certification holders, who are changing the landscape of IT
audit, governance, security and risk. I thank ISACA’s growing number of members
around the world, who represented the association with their professionalism and
passion. Likewise, I congratulate all who achieved an ISACA certification and recognize
the commitment to excellence displayed by those who maintain their CISA®, CISM®,
CRISC® or CGEIT tm designations.
In this year of significant change, I also want to thank Susan Caldwell for her tireless
service at the helm of ISACA since 1992. Her 21 years in the corner office saw the
association grow in numbers, financial strength and global reputation. Upon her
retirement in October, Ron Hale, Ph.D., CISM, was named acting chief executive officer
and corporate secretary of ISACA and the IT Governance Institute®, bringing with him
more than 20 years of experience in the security field. This was a smooth transition and
we are confident in seamless progress on our goals.
There were many great successes in 2013, and we describe a representative selection
in the following pages. I find inspiration in our people and the activities that promise even
greater adoption of new ideas, deeper pools of knowledge and resources, and increased
opportunities for members to take full advantage of all that is available to them.
In short, the future holds more.
Tony Hayes 2013-2014 International President ISACA and the IT Governance Institute (ITGI®)
TABLE OF CONTENTS
2013 Report 4
ISACA and ITGI
Combined Financial Statements 10
Report of Independent
Certified Public Accountants 11
Audit Committee
Chair’s Letter 17
ISACA Board of Directors/
ITGI Board of Trustees 18
Letter From the International
President and the Acting CEO 19
Board, Committee, Subcommittee
and Task Force Chairs 19
Strategic Alliances and
Relationships 20
Chapters 21
Donors 21
ISACA_AnnualReport_FINAL.indd 3 5/14/14 1:01 PM
4 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
ISACA VISION.Trust in, and value from, information systems
MEMBERSHIP AND CHAPTERS
ISACA membership continued to increase in all regions,
with Latin America and Europe/Africa showing slightly
higher percentage gains. Special attention was given
to growing and retaining members in countries with
large numbers of IT professionals and where there were
opportunities to work with regulatory agencies.
The India Task Force, for example, has successfully
promoted the value of certification and ISACA frameworks
and standards by establishing relationships with top
influencers and employers in the country. A relationship
with the Computer Society of India (CSI) enabled ISACA
participation in CSI annual seminars and articles in the CSI
Journal. Another successful initiative entailed collaboration
with the Reserve Bank of India (RBI), which is responsible
for mandatory banking guidelines. RBI Guidelines Mapping
With COBIT® 5 and a related tool kit were released, and
both groups are actively identifying other activities.
The 2013 Member Needs Assessment Survey yielded
insights that will drive new member benefits. Member
satisfaction with ISACA reached high levels; 85 percent of
ISACA members are very satisfied/satisfied and 87 percent
are very likely/likely to recommend ISACA to a colleague.
The survey also showed that ISACA’s certifications,
standards, the ISACA® Journal, free continuing professional
education (CPE) and other member-only resources are key
drivers of satisfaction, and among the many areas in which
ISACA continues to perform well.
In the spirit of always striving to deliver more, ISACA made significant progress on its ambitious strategy, which was adopted in November 2011. Innovative projects that will build ISACA’s capabilities continued to advance, and several were integrated into ongoing operations.
ISACA’s Strategic Advisory Council identified “first in focus” projects designed to meet the evolving needs of ISACA’s current and future stakeholders. Priority programs include those that address cybersecurity, privacy, full-spectrum career development, expanded COBIT® use and adoption, and emerging business and technology. As noted in the pages of this report, ISACA’s global teams of volunteers continue to move many exciting developments, including our core areas of expertise, forward.
ISACA_AnnualReport_FINAL.indd 4 5/14/14 1:01 PM
ISACA VISION 5
COBIT
COBIT® 5 awareness, adoption and use continued to expand.
Advancements included the design and early development
of the next generation of COBIT online, which will provide
improved access to all COBIT content.
Organizations worldwide recognize how COBIT 5 helps them
protect the quality and integrity of their information so they can
trust it for their decision making and use it to focus on high-
value initiatives.
New COBIT-related publications:
• COBIT® Assessment Programme materials
- Process Assessment Model (PAM): Using COBIT® 5
- Assessor Guide: Using COBIT® 5
- Self-assessment Guide: Using COBIT® 5
• COBIT® 5 for Assurance
• COBIT® 5 for Risk
• COBIT® 5: Enabling Information
There were 21 product licenses for COBIT. COBIT® 4.1, Val IT
2.0, Risk IT and the Business Model for Information Security™
continued to be supported.
COBIT TRAINING
Much was accomplished; teams launched the COBIT 5
Implementation course, COBIT 5 Assessor course, and
the COBIT 5 Certifi ed Assessor program. By year end,
COBIT 5 Foundation certifi cates had been earned by 7,300
individuals, and there were 196 COBIT 5 accredited training
organizations, individuals and affi liates in 43 countries. The
COBIT 5 Certifi ed Assessor program is unique and will allow
experienced and trained COBIT experts to demonstrate
their competency in working with COBIT and performing IT
process-based COBIT assessments.
6%
Europe/Africa 30,545 (7% growth)
Asia 25,107 (6% growth)
Latin America 5,292 (7% growth)
Oceania 3,717 (5% growth)
North America 52,111 (5% growth)
+ Indicates a new chapter formed. Islamabad (Pakistan)Tunis (Tunisia)Santo Domingo (Dominican Republic)
+
+
+
Membership as of year-end 2013
116,772members in
202 chapters in
84 countries
33
chapters with
1,000 members
178 countries
growth
At a time when there was an emerging demand for IT auditors in Turkey, one of my fi rst projects was implementing
COBIT at Yapi Kredi, a large Turkish retail bank, prior to Sarbanes-Oxley. From this project, my career took off and I
have since worked with hundreds of organizations implementing COBIT as a governance solution.
Kaya Kazmirci, CISA, CISM, CISSP, Managing Director, Kazmirci Associates (Turkey)
ME
MB
ER
TA
LK
more than
2013 YEAR AT A GLANCE
ISACA_AnnualReport_FINAL.indd 5 5/14/14 1:01 PM
6 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
RESEARCH
Strengthening ISACA’s reputation as a thought leader, five white
papers covering critical industry topics were published: Big
Data: Impacts and Benefits, Cloud Governance: Questions
Boards of Directors Need to Ask, Privacy and Big Data,
Security as a Service and Generating Value From Big Data
Analytics. In addition, four new books provided strong guidance:
Configuration Management: Using COBIT® 5, Transforming
Cybersecurity: Using COBIT® 5, Responding to Targeted
Cyberattacks and Advanced Persistent Threats: How to
Manage the Risk to Your Business. ISACA also published the
Advanced Persistent Threat Awareness Study Results, a joint
survey with Trend Micro.
PERIODICALS
ISACA’s four periodicals each provide important news for
different readership groups. The @ISACA e-newsletter
provides members timely access to ISACA- and industry-
related news. According to the 2013 ISACA readership
survey, 78 percent of members find @ISACA an added value
to their membership. ExpressLine presents chapter leaders
with unique news and updates related to their roles in the
chapter. COBIT® Focus offers practical articles on real-world
experiences with implementing COBIT.
The ISACA Journal, the association’s flagship periodical, is a
peer-reviewed journal that covers technical, managerial and
business topics. There were more than 43,000 downloads of
the ISACA Journal app.
KNOWLEDGE CENTER
At year end, there were 13,442 Knowledge Center topic
members. In addition to the many topic-based communities
located in the Knowledge Center, ISACA launched exam study
communities for each of the four certifications. The communities
consist of current and past exam registrants and are led by past
top exam scorers. Chapter certification coordinators are also
invited to participate in these communities.
TRANSLATIONS
To better serve members around the world, ISACA’s
translations program continued to grow. Many thanks are
due to the volunteers who contribute their time to ensure
that we have a robust library of translations.
Number of items translated:
Spanish 39 Hebrew 8 Arabic 1
Japanese 34 Portuguese 8 Greek 1
French 29 Dutch 6 Hungarian 1
Korean 28 Polish 6 Lithuanian 1
Italian 23 Romanian 3 Thai 1
Chinese
Simplified
19 Russian 3 Ukrainian 1
Chinese
Traditional
15 Turkish 3
German 10 Slovenian 2
CONFERENCES, EDUCATION AND TRAINING
ISACA continues to offer a portfolio of highly respected training
and education opportunities. The popular monthly webinar
program, which is a free member benefit, included a Young
Professional series and India-specific topics. In addition, three
virtual conferences featured topical talks and the opportunity
for free CPE hours.
Computer Audit, Control and Security (CACS) and Information
Security and Risk Management (ISRM) conferences were again
offered around the world:
• North America CACS—Dallas, Texas, USA
• EuroCACS/ISRM—London, United Kingdom
• Latin America CACS/ISRM—Medellin, Colombia
• Asia-Pacific CACS/ISRM—Singapore
• Oceania CACS—Adelaide, South Australia, Australia
• North America (NA) ISRM—Las Vegas, Nevada, USA
Among other notable presenters, David Pogue, former New
York Times tech reviewer, provided an in-depth look at trends
on the IT horizon at North America CACS. At NA ISRM, Captain
Richard Phillips, who survived a pirate attack on the high seas,
shared his action plan for preparing for unpredictable threats.
The first conference cohosted with the Institute of Internal
Auditors (IIA)—2013 Governance, Risk and Control (GRC)
Conference—received much positive feedback from attendees,
who appreciated the synergies between the organizations.
Onsite training was provided to 25 organizations in seven
countries: The Republic of Trinidad and Tobago, USA, United
Kingdom, Oman, India, Canada and Jamaica.
ISACA Training events were held in Boston, Massachusetts,
USA, and Las Vegas, Nevada, USA.
COBIT 5 training has provided me with the in-depth knowledge, tools and confidence to enable me to effectively
transfer my knowledge of COBIT 5 to colleagues and clients. As a COBIT 5 Accredited Trainer, I am considered
a COBIT 5 subject matter expert by my employer, and am often consulted by colleagues and clients. We have
enhanced our service offerings for clients by integrating the COBIT 5 framework.
Michalis Samiotakis, CISM, CISSP, Assistant Manager, Risk Assurance, PwC (Greece)ME
MB
ER
TA
LK
ISACA_AnnualReport_FINAL.indd 6 5/14/14 1:01 PM
ISACA VISION 7
ISACA Journal
CORPORATE SOCIAL RESPONSIBILITY
ISACA established a corporate social responsibility (CSR)
program to provide a formal, consistent approach to giving
to other nonprofi t organizations dedicated to activities
aligned with ISACA’s mission. The groundwork was laid in
2013 so that the three-year pilot program could offi cially
begin in early 2014.
ISACA’s CSR activities are both fi nancial and nonfi nancial.
Financial donations will be made on the international level
(directly from the international headquarters) and regional/local
level (as identifi ed by chapters, members, volunteers and staff).
In line with ISACA’s existing tradition, fi nancial contributions will
continue to be made to relief agencies in the wake of natural or
man-made disasters in areas where ISACA has members and
certifi cation holders. Nonfi nancial activity will take the form of
work activities undertaken by ISACA staff.
BOOKSTORE
With nearly 550 products available, the Bookstore continues to
be an excellent resource for professionals interested in learning
more about the fi eld.
Overall best sellers:
• CISA® Review Manual 2013
• CISA® Practice Question Database v13 download and CD-ROM
• CISM® Review Manual 2013
• CISA® Review Questions, Answers & Explanations Manual 2013
• CRISC® Review Manual 2013
ISACA best sellers excluding certifi cation study materials:
• COBIT 5
• COBIT® 5 for Information Security
• COBIT® 5 for Assurance
• COBIT® 5 for Risk
• COBIT® 5 for Information Security
ACADEMIC RELATIONS
ISACA further strengthened relations with academia and
experienced a 25 percent growth (to 1,783) in student
members and more than doubled the number of ISACA
Student Groups on campus, including representation in
all regions. Faculty members also showed great interest
in joining ISACA to access teaching resources and meet
student demand, fueling a 23 percent growth (to 661) in
Academic Advocates.
VOLU
ME
3,
2013
WW
W.I
SA
CA
.OR
G
Featured articles:
What Is Big Data and What Does It Have to Do With IT Audit?
Considerations for Ensuring Security of Research Data in a Federally Regulated Environment
IT Security Responsibilities Change When Moving to the Cloud
And more...
Big Data
Featured articles:
What Is Big Data and What Does It Have to Do With IT Audit?
Considerations for Ensuring Security of Research Data in a Federally Regulated Environment
IT Security Responsibilities Change When Moving to the Cloud
And more...
Big Data
VOLU
ME
6,
2013
WW
W.I
SA
CA
.OR
G
Featured articles:
Information Security—Motivator of Corporate Compliance Practice
Security Labeling of IT Services Using a Rating Methodology
An Integrated Risk Assessment Program—A Cliché or a Need?
And more...
Security and Compliance
550products available
9new ISACA titles
23new third party titles
Bookstore
Editorial calendar
Volume 1—Governance and Management of Enterprise IT (GEIT)
Volume 2—Legal and Regulatory Challenges
Volume 3—Big Data
Volume 4—Language of Cybersecurity
Volume 5—Integrated Business Solutions
Volume 6—Security and Compliance
Circulation
102,971nearly
7new languages
5new languages
3new languages
COBIT 5: Enabling Processes COBIT 5: Implementation
The ISACA Knowledge Center is a treasure trove that offers insight to many important areas including information
security, risk management, compliance and assurance. The participants in the forums are experienced professionals
and their collective knowledge is valuable and benefi ts the entire community.
Vaibhav Patkar, CISA, CISM, CGEIT, CRISC, CISSP, Head of Global Risk and Compliance in a multinational outsourcing company (India) M
EM
BE
R T
AL
K
2013 YEAR AT A GLANCE
ISACA_AnnualReport_FINAL.indd 7 5/14/14 1:01 PM
8 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
Developments in ISACA’s new academic program included
new content and delivery formats to serve evolving student
demographics, which now include professionals returning
to school for graduate and doctoral studies as well as
individuals seeking advanced research degrees. The new
program expanded ISACA’s reach into the increasingly diverse
academic world.
MEDIA OUTREACH
ISACA received the Gold Circle Award for New Service/Product
Launch from the American Society of Association Executives
in recognition of the COBIT 5 media relations campaign. More
than 22,000 media stories worldwide referenced ISACA, up
from 17,000 the previous year. The IT Risk/Reward Barometer
gained global attention by exploring attitudes and behaviors
related to key business technology trends, and ISACA leaders
participated in more than 400 interviews for media around
the world, including CIO New Zealand, CNBC, El Universal,
Express Computer, Financial Review, Financial Times, Forbes,
MIS Asia, USA Today and The Wall Street Journal.
ISACA’s social media communities continued to expand in
numbers, networking and influence, with an average growth
rate of 56 percent among Facebook, LinkedIn and Twitter
followers. Visits to ISACA’s web site via social media links
increased by 28 percent.
MARKETING
A new creative platform known as the “More” campaign was
rolled out. The campaign features images and experiences
of ISACA members and focuses on how they have benefited
from ISACA’s global leadership and resources in areas including
certification, membership and conferences/education. The
essence of the campaign is that ISACA helps members
become more prepared, skilled and successful.
In addition, ISACA initiated an independent, representative
benchmarking study in the US to monitor several key
association, certification, product and conference metrics,
such as awareness and satisfaction. This study will help
monitor the progress of ISACA’s strategic portfolio and provide
an outside-looking-in perspective of ISACA.
CERTIFICATION
Earning a certification indicates that a professional has key
knowledge and experience within a profession. Each of
ISACA’s globally recognized certifications addresses a specific
area of expertise:
• Certified Information Systems Auditor® (CISA)—Manage
vulnerabilities, ensure compliance and institute controls
• Certified Information Security Manager® (CISM)—
Oversee, direct and manage information security programs• Certified in the Governance of Enterprise IT® (CGEIT)—
Establish, maintain and manage a framework of governance over IT
• Certified in Risk and Information Systems Control™ (CRISC)—Identify and manage risk through IS controls
Highlights for the year include:• For the first time, ISACA offered a third administration
for its CISA and CISM exams.• CISA, CISM and CGEIT—and for the first time CRISC—
received continued accreditation under the ISO standard ISO/IEC 17024:2003 from the American National Standards Institute (ANSI).
• CRISC won the 2013 SC Award for Best Professional Certification Program.
• CISA, CISM, CGEIT and CRISC were among the highest-paying IT certifications in Foote Partners IT Skills and Certifications Pay Index™ for 1 October 2013- 1 January 2014.
• The 100,000th individual earned CISA certification, since inception.
• The new CGEIT job practice was effective with the June 2013 exam administration.
STANDARDS, GUIDELINES,
AND TOOLS AND TECHNIQUES
ISACA issued 17 IS audit and assurance standards effective
1 November and included them in ITAF: A Professional Practices
Framework for IS Audit, Assurance, 2nd Edition. The
previous 16 standards were withdrawn 31 October. The public
exposure process for 18 supporting guidelines closed on 31
December. The feedback will be addressed and the final versions
are scheduled to be issued in the third quarter of 2014.
The ISACA Journal has been very helpful to my career as a security professional. I am always excited to receive it and
read through every topic. The topics are so practical for our daily uses. Not only that, one Journal cover featured two
scuba divers. I am very passionate in scuba diving and security. I was thrilled to see that someone agrees—there are
similarities between scuba diving and diving into security! Both could be “dangerous” or difficult, but at the same time,
fun to do.
Key Mak, CISM, CISSP, CAP, PMP, Security Plus, lTllv3, ECMp, Security Manager (USA)ME
MB
ER
TA
LK
ISACA_AnnualReport_FINAL.indd 8 5/14/14 1:01 PM
ISACA VISION 9
WEB SITE
ISACA launched a mobile web site to help constituents easily
access content, research and knowledge. New features were
added to ISACA’s web site to improve ease of use and enable
new activities, including a successful rollout of more than
200 chapter leader workspaces to help with networking and
document sharing.
FINANCE
ISACA had another positive year in 2013 from a financial
standpoint thanks to a strong member retention rate,
increasing market support for its professional certifications
and continued effective management of costs. ISACA’s
investment portfolio reported another solid realized/unrealized
gain in 2013. This investment portfolio has allowed ISACA to
position itself for operational sustainability and capitalize on
strategic growth opportunities moving forward.
To maintain its position as a leading global organization,
ISACA has prudently grown its reserves since the early
1990s. These reserves include an operational reserve of
US $32,340,283, which was established to cover 10 months
of operating expenses based on the average for the last three
years, and a strategic reserve of US $39,642,066, which is
being used to invest in strategic growth opportunities and
member benefit objectives in the coming years.
The 2013 audited financial statements for the organization
are presented within this annual report. Looking ahead,
management will continue to monitor key business drivers and
economic conditions and their related impact on operations
and constituents in 2014 and beyond.
While preparing for ISACA certification exams, I gained valuable, world-class knowledge. Now, thanks to ISACA
certifications, my services as consultant and trainer have international demand. My credentials serve as evidence of
my knowledge, continuous education and professional experience.
Juan Carlos Morales, CISA, CISM, CGEIT, CRISC, IT Governance and Risk Management Consultant and Trainer (Guatemala) M
EM
BE
R T
AL
K
CISA CISM CGEIT CRISC
Exam registrants (June, September and December)
more than
18,800more than
5,100more than
1,000more than
1,800
Languages in which exam was available
11 4 1 1
Locationsmore than
260more than
260more than
260more than
260Number from inception to year-end
more than
106,700more than
23,800more than
5,800more than
17,000
Growth of certified professionals
9.4% 12.3% 8.5% 3.8%
isaca.org
235countries
+16%unique visitors
+13%page views
+14%total visits
visitors originated from
increase of
increase of
increase of
2013 YEAR AT A GLANCE
ISACA_AnnualReport_FINAL.indd 9 5/14/14 1:01 PM
10 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
ISACA AND IT GOVERNANCE INSTITUTE
Combined FINANCIALSTATEMENTSAll monetary amounts included in the financial statements are in US dollars.
Certification 40%
Membership 29%
Education 16%
Publications 9%
Interest, dividends, IP use, royalties and other 5%
Contributions and sponsorships 1%
Certification 22%
Membership 20%
Education 18%
Supporting services and administration 17%
Research 14%
Publications 9%
2013 OPERATING REVENUES
2013 OPERATING EXPENSES
ISACA/ITGI HISTORICAL REVENUES
(in millions of US dollars)
2009
2010
2011
2012
2013
50
45
40
35
30
25
20
15
10
5
0
ISACA_AnnualReport_FINAL.indd 10 5/14/14 1:01 PM
FINANCIALS 11
ASSOCIATION AND INSTITUTE COMBINED FINANCIAL STATEMENTS
REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
Board of Directors
ISACA, Inc.
Board of Trustees
IT Governance Institute, Inc.
We have audited the accompanying combined financial statements of ISACA, Inc. and IT Governance Institute, Inc. (together, the
Organization), which comprise the combined statements of financial position as of 31 December 2013 and 2012, and the related
combined statements of activities and cash flows for the years then ended, and the related notes to the financial statements.
Management’s responsibility for the financial statements
Management is responsible for the preparation and fair presentation of these combined financial statements in accordance with
accounting principles generally accepted in the United States of America; this includes the design, implementation and maintenance
of internal control relevant to the preparation and fair presentation of combined financial statements that are free from material
misstatement, whether due to fraud or error.
Auditor’s responsibility
Our responsibility is to express an opinion on these combined financial statements based on our audits. We conducted our audits
in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan
and perform the audit to obtain reasonable assurance about whether the combined financial statements are free from material
misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the combined financial
statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material
misstatement of the combined financial statements, whether due to fraud or error. In making those risk assessments, the auditor
considers internal control relevant to the entity’s preparation and fair presentation of the combined financial statements in order
to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of the entity’s internal control. Accordingly, we express no such opinion. An audit also includes evaluating the
appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as
well as evaluating the overall presentation of the combined financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
Opinion
In our opinion, the combined financial statements referred to above present fairly, in all material respects, the combined financial
position of ISACA, Inc. and IT Governance Institute, Inc. as of 31 December 2013 and 2012, and the results of the combined
changes in their net assets and their cash flows for the years then ended, in accordance with accounting principles generally
accepted in the United States of America.
Chicago, Illinois 3 April 2014
12 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
ASSOCIATION AND INSTITUTE COMBINED FINANCIAL STATEMENTS
COMBINED STATEMENTS OF FINANCIAL POSITION
ISACA, Inc. and IT Governance Institute, Inc.
31 DECEMBER 2013 2012
ASSETS
CURRENT ASSETS
Cash and cash equivalents $ 9,459,488 $ 9,871,562
Investments 75,237,043 67,744,555
Accounts receivable, net 824,533 999,238
Prepaid expenses 1,459,028 1,321,529
Inventory, net 397,378 396,714
Other current assets 181,268 80,434
Total current assets 87,558,738 80,414,032
FIXED ASSETS
Leasehold improvements 808,579 808,579
Furniture and fi xtures 432,173 384,131
Offi ce equipment 185,579 205,131
Computer system 7,978,537 5,733,697
9,404,868 7,131,538
Less accumulated depreciation (5,658,921) (4,636,209)
Net fi xed assets 3,745,947 2,495,329
TOTAL ASSETS $ 91,304,685 $ 82,909,361
LIABILITIES AND NET ASSETS
CURRENT LIABILITIES
Accounts payable $ 7,046,200 $ 5,799,123
Deferred revenues 11,721,845 11,087,184
Other liabilities 554,291 893,807
Total current liabilities 19,322,336 17,780,114
NET ASSETS
Unrestricted
Board designated 32,340,283 30,186,325
Undesignated 39,600,382 34,901,238
Total unrestricted 71,940,665 65,087,563
Temporarily restricted 573 573
Permanently restricted 41,111 41,111
Total net assets 71,982,349 65,129,247
TOTAL LIABILITIES AND NET ASSETS $91,304,685 $82,909,361
COMBINED STATEMENTS OF CASH FLOWS
ISACA, Inc. and IT Governance Institute, Inc.
YEARS ENDED 31 DECEMBER 2013 2012
CASH FLOWS FROM OPERATING ACTIVITIES
Change in net assets $ 6,853,102 $ 7,702,581
Adjustments to reconcile change in net assets to net cash provided by operating activities
Depreciation 1,055,977 992,717
Loss on disposal of equipment 6,389 100
Net realized and unrealized gain on investments (2,933,421) (2,958,565)
Changes in assets and liabilities
Accounts receivable, net 174,705 (203,365)
Prepaid expenses and other current assets
(238,333) (61,173)
Inventory, net (664) 190,779
Accounts payable 1,247,077 753,413
Deferred revenues 634,661 900,533
Other liabilities (339,516) 217,886
Net cash provided by operating activities 6,459,977 7,534,906
CASH FLOWS FROM INVESTING ACTIVITIES
Acquisition of fi xed assets (2,312,984) (851,215)
Proceeds from the sale of investments 18,197,283 25,897,090
Purchase of investments (22,756,350) (30,063,975)
Net cash used in investing activities (6,872,051) (5,018,100)
Net change in cash and cash equivalents (412,074) 2,516,806
Cash and cash equivalents, beginning of year 9,871,562 7,354,756
CASH AND CASH EQUIVALENTS, END OF YEAR $ 9,459,488 $ 9,871,562
ISACA_AnnualReport_FINAL.indd 12 5/14/14 1:01 PM
FINANCIALS 13
ASSOCIATION AND INSTITUTE COMBINED FINANCIAL STATEMENTS
COMBINED STATEMENTS OF ACTIVITIES
ISACA, Inc. and IT Governance Institute, Inc.
YEAR ENDED 31 DECEMBER
2013 2012
UNRESTRICTEDTEMPORARILY RESTRICTED
PERMANENTLY RESTRICTED TOTAL UNRESTRICTED
TEMPORARILY RESTRICTED
PERMANENTLY RESTRICTED TOTAL
OPERATING REVENUES
Membership $13,836,794 $ - $ - $13,836,794 $13,152,411 $ - $ - $13,152,411
Certification 18,867,320 - - 18,867,320 17,056,388 - - 17,056,388
Education 7,416,249 - - 7,416,249 7,262,999 - - 7,262,999
Publications 4,382,553 - - 4,382,553 4,041,991 - - 4,041,991
Contributions and sponsorships 153,623 14,100 - 167,723 150,834 12,500 - 163,334
Interest, dividends, IP use, royalties and other 2,301,790 9 - 2,301,799 1,857,945 9 - 1,857,954
Net assets released from restrictions 14,109 (14,109) - - 22,458 (22,458) - -
Total operating revenues 46,972,438 - - 46,972,438 43,545,026 (9,949) - 43,535,077
OPERATING EXPENSES
PROGRAM SERVICES
Membership 8,391,622 - - 8,391,622 7,560,910 - - 7,560,910
Certification 9,653,545 - - 9,653,545 8,621,194 - - 8,621,194
Education 7,532,511 - - 7,532,511 6,830,190 - - 6,830,190
Publications 3,963,408 - - 3,963,408 3,554,068 - - 3,554,068
Research 6,160,068 - - 6,160,068 5,150,728 - - 5,150,728
Total program services 35,701,154 - - 35,701,154 31,717,090 - - 31,717,090
SUPPORTING SERVICES
Board and administrative 7,341,603 - - 7,341,603 7,068,971 - - 7,068,971
Contributions - disaster relief 10,000 - - 10,000 5,000 - - 5,000
Total supporting services 7,351,603 - - 7,351,603 7,073,971 - - 7,073,971
Total operating expenses 43,052,757 - - 43,052,757 38,791,061 - - 38,791,061
Excess (deficiency)from operations 3,919,681 - - 3,919,681 4,753,965 (9,949) - 4,744,016
OTHER GAINS
Net realized and unrealized gains on investments 2,933,421 - - 2,933,421 2,958,565 - - 2,958,565
CHANGE IN NET ASSETS 6,853,102 - - 6,853,102 7,712,530 (9,949) - 7,702,581
NET ASSETS, BEGINNING OF YEAR 65,087,563 573 41,111 65,129,247 57,375,033 10,522 41,111 57,426,666
NET ASSETS, END OF YEAR $71,940,665 $ 573 $41,111 $71,982,349 $65,087,563 $ 573 $41,111 $65,129,247
ISACA, Inc. and IT Governance Institute, Inc.
NOTE A—OrganizationThe Organization consists of ISACA, Inc. (the Association) and the IT Governance Institute, Inc. (the Institute). The Association’s and the Institute’s fi nancial statements are presented on a combined basis due to a majority of Board members serving both entities and the Association’s economic interest in the Institute. The Organization operates on a global basis, with the majority of revenues and net assets attributable to the Association, the predominant entity within the Organization. The Organization maintains its books and records at its headquarters building located in Rolling Meadows, Illinois, USA.
The Association was incorporated in 1969 under the name Electronic Data Processing Auditors Association, a California (USA) not-for-profi t corporation. In 1993, to refl ect the evolving state of technology, as well as the Association’s expanding constituency base, the name was changed to Information Systems Audit and Control Association, Inc. The Association now presents itself by its acronym, ISACA. With more than 115,000 constituents (ISACA members and non-member certifi cation holders) in more than 180 countries at year-end 2013, ISACA is a leading global provider of knowledge, certifi cations, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. ISACA also administers the globally respected Certifi ed Information Systems Auditor (CISA), Certifi ed Information Security Manager (CISM), Certifi ed in the Governance of Enterprise IT (CGEIT) and Certifi ed in Risk and Information Systems Control (CRISC) designations.
The Association supports development, update and education activities related to COBIT 5, a globally adopted business framework for governing and managing enterprise IT.
The Institute was incorporated in 1976 under the name Electronic Data Processing Auditors Foundation, a California (USA) not-for-profi t corporation. In 1994, its name was changed to Information Systems Audit and Control Foundation, to align with the changed name of the Association, and was changed again in 2003 to IT Governance Institute, Inc. In 2013, ITGI was granted a Type II Supporting Organization status by the IRS, and is a Supporting Organization of the Association. The Institute’s role in the mission it shares with ISACA focuses on provision of knowledge on IT governance and related topics. Through its collaborative development model, the Institute brings global perspectives to critical issues facing enterprise leaders and practitioners in its IT governance responsibilities.
NOTE B—Summary of Signifi cantAccounting PoliciesBASIS OF PRESENTATIONThe combined fi nancial statements include the assets, liabilities, net assets and fi nancial activities of the Organization. Signifi cant intercompany balances have been eliminated in combining the two entities. The Organization has a relationship with ISACA chapters located throughout the world; however, the chapters are not fi scally accountable to the Organization and, accordingly, have not been included in the accompanying combined fi nancial statements.
CASH AND CASH EQUIVALENTSCash and cash equivalents consist primarily of non-interest-bearing deposits with maturity dates of three months or less at the time of purchase to be used for operating purposes. These deposits are carried at cost, which approximates fair value.
INVESTMENTSInvestments, other than money market funds and interest-bearing deposits, are refl ected in the accompanying combined fi nancial statements at fair value according to generally accepted accounting principles (GAAP). GAAP has established a framework for measuring fair value, as well as a fair value hierarchy based on the inputs used to measure fair value.
A fi nancial instrument’s level within the fair value hierarchy is based on the lowest level of any input that is signifi cant to the fair value measurement; however, the determination of what constitutes observable requires signifi cant judgment. The fair value hierarchy is broken down into three levels based on the transparency of inputs as follows:
• Level 1—Quoted prices (unadjusted) in active markets for identical assets or liabilities.
• Level 2—Quoted prices, other than quoted prices included in Level 1, that are observable for the assets or liabilities, either directly or indirectly.
• Level 3—Inputs that are unobservable for the assets or liabilities.
Investment gains and losses include net realized and unrealized gains and losses and are refl ected in the accompanying combined fi nancial statements as other gains, while interest income and dividends are considered operating revenue.
CONCENTRATION OF CREDIT RISKCertain fi nancial instruments, primarily cash and investments, subject the Organization to credit risk. The Organization maintained cash balances (non-interest-bearing) in 2013 at a fi nancial institution in excess of the Federally insured limit; however, the Organization has not experienced any losses in such accounts and believes that it is not exposed to any signifi cant credit risk on cash and cash equivalents. These cash balances were fully federally insured in 2012. With respect to investments, concentration is limited through the diversifi cation of the portfolio. As
of 31 December 2013 and 2012, the Organization maintained 28 percent of its investment balance in one mutual fund, which invests primarily in high-quality money market instruments and short-term fi xed income securities. The fund may also invest in a wide range of non-money market securities, which tend to be less liquid, more volatile and carry greater risk than money market securities.
ACCOUNTS RECEIVABLEAccounts receivable are due within 30 days and are stated at amounts due from customers net of an allowance for doubtful accounts. Accounts outstanding longer than the contractual payment terms are considered past due. The Organization determines its allowance for doubtful accounts by considering a number of factors, including the length of time that trade accounts receivable are past due, the Organization’s loss history, the customer’s current ability to pay its obligation to the Organization, and the condition of the general economy and the industry as a whole. The Organization writes off accounts receivable when they become uncollectible, and payments subsequently received on such receivables are credited to the allowance for doubtful accounts.
INVENTORYInventory consists solely of study aids and other publications printed for the Organization for sale to its members and interested outside parties. Inventory is valued at the lower of cost or market, with cost determined by the average cost method. Provisions for obsolete items are based on estimated future usage as related to quantities of stock on hand.
FIXED ASSETSFixed assets are carried at cost. Depreciation is computed using the straight-line method. The estimated useful lives of the related assets range from two to ten years. Leasehold improvements are amortized using the straight-line method over the shorter of the remaining lease terms or their estimated useful lives. Depreciation expense totaled $1,055,977 and $992,717 for 2013 and 2012, respectively.
NET ASSETSNet assets, revenues, expenses, gains and losses are classifi ed based on the existence or absence of donor-imposed restrictions using the following classifi cations:
• Unrestricted—Represents unrestricted resources available for support of daily operations and contributions received with no donor restriction. The Board may designate certain net assets for a particular function or activity.
• Temporarily restricted—Represents resources for which use has been temporarily restricted by the contributor. When a donor restriction has been satisfi ed by incurred expenses consistent with the designated purpose, temporarily restricted net assets are reclassifi ed to unrestricted net assets for reporting of related expenses.
14 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
NOTES TO COMBINED FINANCIAL STATEMENTS
ISACA_AnnualReport_FINAL.indd 14 5/14/14 1:01 PM
FINANCIALS 15
NOTES TO COMBINED FINANCIAL STATEMENTS
• Permanently restricted—Represents resources that are subject to restrictions of gift instruments requiring that the principal be invested and maintained in perpetuity. The income generated from these funds is classifi ed based on the terms of the gift instruments.
REVENUE RECOGNITIONRevenues received by the Organization consist primarily of annual membership dues and new member fees; examination, annual maintenance fees and other fees for CISA, CISM, CGEIT and CRISC programs; attendance fees for educational conferences; the sale of advertising space; charges for various publications; sponsorships and contributions; and license fees. Membership dues and annual maintenance fees for CISA, CISM, CGEIT and CRISC are recognized as revenue in the applicable period. New member fees are recorded in the period in which the membership application is processed, with chapter membership dues collected by the Association recorded as a liability until remitted to the chapters. The Organization recognizes unrestricted, restricted and endowment contributions in accordance with donor restrictions in the period in which the commitment for support is obtained, with other revenues being recognized in the period in which the goods or services are provided. Unearned dues, fees and subscriptions are classifi ed as deferred revenues.
PROMOTION AND ADVERTISING COSTSPromotion and advertising costs are expensed as incurred. Total promotion and advertising costs were $3,815,618 and $3,672,639 for the years ended 31 December 2013 and 2012, respectively.
USE OF ESTIMATESThe preparation of the combined fi nancial statements in conformity with accounting principles generally accepted in the United States of America requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and the disclosure of contingent assets and liabilities at the date of the combined fi nancial statements, as well as the reported amounts of revenues and expenses during the reporting period. Actual results could differ from those estimates.
RECLASSIFICATIONSCertain classifi cations from 2012 have been changed to conform to the 2013 presentation.
NOTE C—InvestmentsThe following table presents information about the Organization’s investments. Money market funds and interest-bearing deposits are stated at cost. Investments, which are based on quoted market prices in active markets and therefore classifi ed as Level 1, include actively listed mutual funds and exchange-traded funds. Investments at 31 December 2013 and 2012 consisted of the following:
2013 2012
MUTUAL FUNDS
Large cap $ 6,021,438 $ 5,040,158
Mid cap 1,060,133 774,836
Small cap 1,425,836 1,089,070
International 4,298,190 2,862,679
Fixed income 37,648,793 36,589,740
Alternatives 2,941,700 1,582,135
Tactical allocation 1,921,252 1,674,837
REIT 1,368,054 1,319,214
Money market 12,391,871 11,168,167
Total mutual funds 69,077,267 62,100,836
EXCHANGE-TRADED FUNDSLarge cap 3,418,691 2,929,597
Mid cap 328,845 244,581
Small cap 445,603 321,385
International 1,948,164 1,534,217
Fixed income - 613,711
Total exchange-traded funds 6,141,303 5,643,491
Money market/interest-bearing deposits 18,473 228
TOTAL INVESTMENTS $75,237,043 $67,744,555
The components of investment return for the years ended 31 December 2013 and 2012 are as follows:
2013 2012
Interest and dividends $1,757,106 $1,354,083
Net realized and unrealized gain on investments 2,933,421 2,958,565
TOTAL INVESTMENT RETURN $4,690,527 $4,312,648
NOTE D—Accounts ReceivableAccounts receivable consist of the following at 31 December:
2013 2012
Trade receivables $840,548 $1,037,859
Less allowance for doubtful accounts (16,015) (38,621)
ACCOUNTS RECEIVABLE, NET $824,533 $ 999,238
Changes in the Organization’s allowance for doubtful accounts are as follows for the years ended 31 December:
2013 2012
Beginning balance $ 38,621 $ 57,169
Bad debt expense 19,772 19,355
Accounts written off (42,378) (37,903)
ENDING BALANCE $ 16,015 $ 38,621
NOTE E—Board-designated net assets
The Association’s Board of Directors and the Institute’s Board of Trustees designate a portion of the Organization’s unrestricted net assets for contingency purposes in order to protect the Organization against unforeseen global events and economic downturn. The designated amount based on a three-year average of operating expenses, totals $32,340,283 as of 31 December 2013. As of 31 December 2012, the designated amount was $30,186,325. These funds, while designated for the purposes noted above, are categorized within the Organization’s combined fi nancial statements as unrestricted net assets.
NOTE F—Temporarily Restricted Net AssetsTemporarily restricted net assets at 31 December 2013 and 2012 have been restricted by donors for the following purposes:
2013 2012
Research $573 $573
TOTAL $573 $573
NOTE G—Net Assets Released from Restrictions
During 2013 and 2012, net assets were released from restrictions to satisfy the following purposes:
2013 2012
Research $ 3,000 $ 1,000
COBIT 11,100 11,500
Membership - 550
Education - 2,139
Standards - 155
Certifi cation - 100
IS hardware and software - 5,250
Building - 1,755
Endowment appropriation for expenditure 9 9
$14,109 $22,458
NOTE H—Permanently Restricted Net Assets
Permanently restricted net assets are restricted as investments in perpetuity. The Organization’s endowment consists only of donor-restricted endowment funds. Net assets associated with the Organization’s endowment funds are classifi ed and reported based on the existence of donor-imposed restrictions. There are no donor restrictions on the earnings of the Organization’s endowment funds.
The Organization accounts for endowment net assets by preserving the fair value of the original gift as of the gift date of the donor-restricted endowment fund absent explicit donor stipulations to the contrary. As a result, the Organization classifi es the original value of the gifts donated to the permanent endowment as permanently restricted net assets. All earnings on
ISACA_AnnualReport_FINAL.indd 15 5/14/14 1:01 PM
NOTES TO COMBINED FINANCIAL STATEMENTS
the endowment funds are temporarily restricted until appropriated for current-year operating expenses as allowed by the donor.
As of 31 December 2013 and 2012, endowment assets include only those assets of donor-restricted funds that the Organization must hold in perpetuity. The Organization does not have any Board-designated endowment funds. The Organization’s Finance Committee meets on a regular basis to ensure that the objectives of the Organization’s investment policy are being met, and that the investment approach used to meet the objectives is in accordance with the investment policy approved by the Board of Directors. Under this policy, the endowment assets are invested in a manner that is intended to provide adequate liquidity and maximize returns on funds invested. Interest and dividends earned on endowment funds are appropriated for current-year operating expenses.
During 2013 and 2012, the Organization had endowment-related activities as shown in Note H: Chart.
NOTE I—Related-party TransactionsAs a service to the chapters, the Organization includes the amount of individual chapter dues with its annual billing and remits to the chapters amounts collected on their behalf. The balances of $2,220,147 and $2,386,075 at 31 December 2013 and 2012, respectively, are refl ected in accounts payable and represent the unremitted portion of dues collected for individual chapters. During 2013, chapter dues collected and remitted totaled $3,845,704 and $4,011,632, respectively. For 2012, dues collected and remitted totaled $3,570,681 and $3,349,318, respectively.
NOTE J—Leases The Organization has an offi ce facility operating lease through 31 July 2018, which requires monthly payments comprised of rent, property taxes, pro rata share of common operating expenses and insurance. The Organization also rents offi ce equipment under three non-cancelable leases with initial lease terms in excess of one year.
As of 31 December 2013, the minimum future rentals payable under these non-cancelable operating lease commitments as shown in Note J: Chart.
NOTE K—Income TaxesThe Association and the Institute have received favorable determination letters from the Internal Revenue Service stating that they are exempt from federal income taxes under Section 501(a) of the Internal Revenue Code of 1986 (IRC), as organizations described in Sections 501(c)(6) and 501(c)(3), respectively, except for income taxes pertaining to unrelated business income. The Financial Accounting Standards Board issued guidance that requires tax effects from uncertain tax positions to be recognized
in the fi nancial statements only if the position is more likely than not to be sustained if the position were to be challenged by a taxing authority. Management has determined that there are no material uncertain positions that require recognition in the fi nancial statements. Additionally, no provision for income taxes is refl ected in these fi nancial statements, and there is no interest or penalties recognized in the statements of activities or statements of fi nancial position. The tax years ended 2010, 2011, 2012 and 2013 are still open to audit for both federal and state purposes.
NOTE L—Employee Benefi t Plan The Association maintains a defi ned contribution retirement plan for qualifi ed employees. Participation in the plan is optional. The Association will match the fi rst 5 percent contributed by the employee. The Association’s contributions to the plan for the years ended 31 December 2013 and 2012 were $663,584 and $593,186, respectively.
NOTE M—Contribution—Disaster ReliefDuring 2013 and 2012, ISACA chapters, members, CISAs, CISMs, CGEITs and CRISCs were affected by a local disaster. Given the long-time support of these chapters, members and certifi ed individuals, the Association contributed $10,000 in 2013 and $5,000 in 2012 to the American Red Cross on behalf of those affected by the typhoon that devastated the Philippines and those affected by the hurricane that devastated the eastern United States in each of those years, respectively.
NOTE N—Subsequent EventsThe Organization evaluated its 31 December 2013 combined fi nancial statements for subsequent events through 3 April 2014, the date that the combined fi nancial statements were available to be issued. The Organization is not aware of any subsequent events that would require recognition or disclosure in the combined fi nancial statements.
NOTE H: Chart TEMPORARILY RESTRICTED ENDOWMENT
FUNDS
PERMANENTLY RESTRICTED ENDOWMENT
FUNDS
TOTAL ENDOWMENT
FUNDS
Endowment net assets, 1 January 2012 $ - $41,111 $41,111
Interest and dividends 9 - 9
Appropriation of endowment assets for expenditure (9) - (9)
Total change in endowment net assets - - -
Endowment net assets, 31 December 2012 - 41,111 41,111
Interest and dividends 9 - 9
Appropriation of endowment assets for expenditure (9) - (9)
Total change in endowment net assets - - -
ENDOWMENT NET ASSETS, 31 DECEMBER 2013 $ - $41,111 $41,111
NOTE J: Chart YEARS ENDING 31 DECEMBER OFFICE EQUIPMENT FACILITY TOTAL
2014 $6,700 $514,500 $521,200
2015 3,100 525,100 528,200
2016 1,600 535,600 537,200
2017 - 546,100 546,100
2018 - 556,700 556,700
Rent expenses under these leases for the years ended 31 December 2013 and 2012, were $542,302 and $569,096, respectively.
16 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
ISACA_AnnualReport_FINAL.indd 16 5/14/14 1:01 PM
FINANCIALS 17
MANAGEMENT REPORT ON RESPONSIBILITY FOR FINANCIAL REPORTING
AUDIT COMMITTEE CHAIR’S LETTER
The Audit Committee of the Board of Directors/
Trustees (the Board) of ISACA/IT Governance
Institute (the Organization) oversees the
Organization’s fi nancial reporting process
on behalf of the Board, and is composed of
seven independent members. In fulfi lling its responsibility, the
committee recommended to the Board the selection of the
Organization’s independent certifi ed public accountants.
The committee discussed with the independent certifi ed public
accountants the overall scope and specifi c plans for their audit.
The committee also discussed the Organization’s combined
fi nancial statements and the adequacy of its internal controls.
The committee met with the Organization’s independent
certifi ed public accountants, without management present, to
discuss the results of their examination, their evaluation of the
Organization’s internal controls, and the overall quality of the
Organization’s fi nancial reporting.
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC, FACS CPChair, Audit Committee
The management of ISACA/IT Governance Institute (the
“Organization”) has the responsibility for the preparation, integrity
and fair presentation of the accompanying fi nancial statements.
The statements were prepared in accordance with generally
accepted accounting principles applied on a consistent basis
and, as such, include amounts that are based on management’s
best estimates and judgments. Management also prepared the
other information in the annual report and is responsible for its
accuracy and consistency with the fi nancial statements.
The Organization’s fi nancial statements for 2013 have been
audited by Grant Thornton LLP, independent certifi ed public
accountants, elected by the Board of Directors/Trustees (the
Board). Management has made available to Grant Thornton
LLP all of the Organization’s fi nancial records and related data,
as well as the minutes of the Board’s meetings. Management
believes that all representations made to Grant Thornton LLP
during its audit were valid and appropriate.
The Organization maintains a system of internal control that
is designed to provide reasonable assurance to management
and to the Board regarding the preparation and publication of
reliable and accurate fi nancial statements, the effectiveness
and effi ciency of operations, and compliance with applicable
laws and regulations. The system includes a documented
organizational structure and division of responsibility, established
policies and procedures that are communicated throughout
the Organization, and the careful selection, training and
development of personnel. Management also recognizes its
responsibility for fostering a strong ethical climate so that the
Organization’s affairs are conducted according to the highest
standards of personal and corporate conduct.
There are inherent limitations in the effectiveness of any system
of internal control, including the possibility of human error and
the circumvention or overriding of controls. Accordingly, even
an effective internal control system can provide only reasonable
assurance with respect to fi nancial statement preparation.
The Organization evaluates its internal control system in relation
to criteria for effective internal control over fi nancial reporting
described in Internal Control—Integrated Framework, issued by
the Committee of Sponsoring Organizations of the Treadway
Commission, and as of 31 December 2013 the Organization
believes that its system of internal control over fi nancial reporting
met those criteria.
As part of its audit of the Organization’s fi nancial statements,
Grant Thornton LLP assessed the Organization’s internal
accounting controls structure to establish a basis for reliance
thereon in determining the nature, timing and extent of audit
tests to be applied. Management and Grant Thornton LLP
have reviewed the internal control assessment with the Audit
Committee as part of the committee’s acceptance of the
fi nancial statements. The Board, operating through its Audit
Committee, which is composed entirely of members who are
not offi cers or employees of the Organization, provides oversight
to the fi nancial reporting process.
Ron Hale, Ph.D., CISMActing Chief Executive Offi cer
Robert A. MicekChief Financial Offi cer
ISACA_AnnualReport_FINAL.indd 17 5/14/14 1:01 PM
18 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
ISACA BOARD OF DIRECTORS/ITGI BOARD OF TRUSTEES
ISACA TEAMWORK
Tony Hayes CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA International President Australia
R Vittal Raj CISA, CISM, CGEIT, CFE, CIA, CISSP, FCA International Vice President India
Jo Stewart-Rattray CISA, CISM, CGEIT, CRISC, FACS CP Director Australia
Allan Boardman CISA, CISM, CGEIT, CRISC, ACA, CA (SA), CISSP International Vice President UK
Jeff M. Spivey CRISC, CPP International Vice President USA
Gregory Grocholski CISA Immediate Past International President USA
Juan Luis Carselle CISA, CGEIT, CRISC International Vice President Mexico
Marc Vael CISA, CISM, CGEIT, CRISC, CISSP, ITIL International Vice President Belgium
Kenneth L. Vander Wal CISA, CPA Past International President USA
Ramses Gallego CISM, CGEIT, CCSK, CISSP, SCPM Six Sigma Black Belt International Vice President Spain
Christos K. Dimitriadis Ph.D., CISA, CISM, CRISC Director Greece
Ron Hale Ph.D., CISM Secretary USA
Theresa Grafenstine CISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA International Vice President USA
Krysten McCabe CISA Director USA
ISACA_AnnualReport_FINAL.indd 18 5/14/14 1:01 PM
CONTRIBUTORS 19
LETTER FROM THE INTERNATIONAL PRESIDENT AND THE ACTING CEO
It is easy to talk about doing more, but the challenge is to live it and deliver it. To be able to offer more tools and resources to an
expanding array of constituents, ISACA embarked on an ambitious strategic direction just a few years ago. We knew then, just as
we know today, that trust and value have to be the core of everything we do.
The significant progress already made was only possible because of the global collaboration and team spirit that have become
ISACA’s hallmarks. Many members around the world step up and give of their time and expertise every day to ensure that ISACA
continues to provide more to the global business community. We thank you for making time in your busy schedules and sharing your
knowledge, both of which help ensure that ISACA offers benefits beyond today’s expectations.
We also deeply appreciate the passion and integrity exemplified by our staff and our team of volunteer leaders, including those who
serve on the international Board of Directors and Board of Trustees, boards, committees, subcommittees and task forces. You
continue to inspire innovation and help ISACA transform the business landscape.
BOARD, COMMITTEE, SUBCOMMITTEE AND TASK FORCE CHAIRS
Kameswara Rao Namuduri, CISA, CISM Academic Program Subcommittee USA
Ross E. Wescott, CISA Assurance Task Force USA
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC Audit Committee Australia
Todd A. Weinman Career Management Task Force USA
Frank Sundgaard Nielsen, CISA, CGEIT CGEIT Certification Committee Denmark
Michal J. Niezurawski, CISA, CISM, CGEIT, CRISC CGEIT Test Enhancement Subcommittee Poland
Brennan Patrick Baybeck, CISA, CISM, CRISC Chapter Support Committee USA
Bernard J. Battistin, CISA CISA Certification Committee Canada
Matthew Snider, CISA CISA Test Enhancement Subcommittee USA
Erik Philip Friebolin, CISA, CISM, CRISC CISM Certification Committee USA
Clyde Hague, CISM, CRISC CISM Test Enhancement Subcommittee USA
Greet Volders, CGEIT COBIT Enterprise Assessment Task Force Belgium
Anthony P. Noble, CISA COBIT for Assurance Task Force USA
Steven Babb, CGEIT, CRISC COBIT for Risk Task Force UK
Steven De Haes COBIT IRM Task Force Belgium
Robert E Stroud, CGEIT, CRISC COBIT Market Growth Strategy Task Force USA
John Lainhart, CISA, CISM, CGEIT, CRISC COBIT Online Replacement Task Force USA
Miroslaw Kalinski, CISA Communities Committee Poland
Charlie Blanchard, CISA, CISM, CRISC Conference Program Development Subcommittee USA
Allan Boardman, CISA, CISM, CGEIT, CRISC Credentialing and Career Management Board UK
Terry Chrisman, CGEIT, CRISC CRISC Certification Committee USA
Jack Freund, CISA, CISM, CRISC CRISC Test Enhancement Subcommittee USA
Edward G. Schwartz, CISA, CISM Cybersecurity Task Force USA
Jamie Pasfield, CGEIT Emerging Business and Technology Committee UK
Vernon Richard Poole, CISM, CGEIT, CRISC Euro CACS-ISRM Task Force UK
Garry James Barnes, CISA Exam Appeals Task Force Australia
Todd Morgenthaler, CISA External Advocacy Committee USA
Theresa Grafenstine, CISA, CGEIT, CRISC Finance Committee USA
Steven Babb, CGEIT, CRISC Framework Committee UK
Jon W. Singleton Governance Advisory Council Canada
Andrew J. MacLeod, CISA Government and Regulatory Advocacy Committee, Australia
Masatoshi Kajimoto, CISA, CRISC GRA Regional Subcommittee 1-Asia/Pacific Japan
Marcelo Hector Gonzalez, CISA, CRISC GRA Regional Subcommittee 2-Latin America Argentina
Sarbjit S. Sembhi, CISM GRA Regional Subcommittee 3-Europe/Africa UK
Meenu Gupta, CISA, CISM GRA Regional Subcommittee 4-North America USA
Peter J. Fowler, CISM, CGEIT, CRISC GRA Regional Subcommittee 5-Oceania Australia
Phil James Lageschulte, CGEIT Guidance and Practices Committee USA
S.V. Sunder Krishnan, CISA India Growth Initiative Task Force India
Robert E Stroud, CGEIT, CRISC ISO Liaison Subcommittee USA
Christos K. Dimitriadis, CISA, CISM, CRISC Knowledge Board Greece
Rosemary M. Amato, CISA Knowledge Management and Education Committee The Netherlands
Thomas E. Borton, CISA, CISM, CRISC Knowledge Management and Education Committee USA
Osvaldo Lau, CISA, CRISC Latin America CACS-ISRM Task Force USA
Robert C. Newbould, CISA Leadership Development Committee UK
Nickson Wei-Sin Choo, CISA, CRISC Membership Growth and Retention Committee Malaysia
Charlie Blanchard, CISA, CISM, CRISC North America CACS Task Force USA
Thomas E. Borton, CISA, CISM, CRISC North America ISRM Task Force USA
Yves Marcel Le Roux, CISM Privacy Advisory Task Force France
Michael P. Bilger Professional Influence and Advocacy Committee USA
Steven E. Sizemore, CISA Professional Standards and Career Management Committee USA
Horst Karin, CISA, CRISC Publications Subcommittee Canada
Jeff Spivey, CRISC Relations Board USA
Everett C. Johnson Jr. Strategic Advisory Council USA
Hubert Darnell Glover, CRISC Student and Academic Subcommittee USA
Marc Vael, CISA, CISM, CGEIT, CRISC World Congress Program Development Task Force Belgium
Markus Bittner, CISA, CISM, CGEIT, CRISC World Congress Program Development Task Force Germany
Jason Yakencheck, CISA, CISM Young Professionals Subcommittee USA
LEADERSHIP
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA International President 2013-2014 ISACA and the IT Governance Institute
Ron Hale, Ph.D., CISM Acting Chief Executive Officer ISACA and the IT Governance Institute
ISACA_AnnualReport_FINAL.indd 19 5/14/14 1:01 PM
20 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
STRATEGIC ALLIANCES AND RELATIONSHIPS
Each year ISACA engages with organizations from around the
world in order to advocate on behalf of, and to support the
professions that we serve. This includes working with others to:
• Enhance the stature and credibility of ISACA members
and certification holders
• Increase the skills, knowledge and capability of our
members and certification holders
• Provide comment/guidance on significant professional
issues and trends
Throughout 2013, ISACA forged or built upon relationships
with many diverse and prestigious organizations including:
GOVERNMENT, GOVERNMENT SUPPORT AND
STANDARD-SETTING BODIES
• Committee of Sponsoring Organizations of the Treadway
Commission (COSO)
• Department of Public Service and Administration—
Republic of South Africa
• European Network and Information Security Agency (ENISA)
• Federacion Latinoamericana de Bancos (FELABAN)
• Indian Computer Emergency Response Team (CERT-In)
• Institute for Development and Research in Banking
Technology (IDRBT)
• International Organization for Standardization (ISO)
• National Institute of Standards and Technology (NIST)
• Skills Framework for the Information Age (SFIA)
NONPROFIT MEMBERSHIP ORGANIZATIONS
AND FOUNDATIONS
• American Institute of Certified Public Accountants (AICPA)
• ARMA International
• Australian Computer Society (ACS)
• BCS, The Chartered Institute for IT
• Cloud Security Alliance (CSA)
• Cybersecurity Credentials Collaborative (C3)
• EC Council Foundation
• Information Security Forum (ISF)
• Institute of Chartered Accountants in England and Wales
(ICAEW)
• Institute of Cost Accountants of India (ICAI)
• The Institute of Internal Auditors (IIA)
• Institute of Management Accountants (IMA)
• International Association of Privacy Professionals (IAPP)
• International Association of Outsourcing Professionals (IAOP)
• International Federation of Accountants (IFAC)
• International Information Systems Security Certification
Consortium Inc. (ISC)2
• International Professional Practice Partnership (IP3)
• IT Service Management Forum International (itSMFI)
• National Association of Corporate Directors (NACD)
• Open Compliance and Ethics Group (OCEG)
COMMERCIAL PARTNERS, ENTERPRISE
PROGRAM PARTICIPANTS, AND SIGNIFICANT
SPONSORS AND LICENSEES
• APMG-International
• CA Technologies
• Deloitte & Touche LLP
• Hewlett-Packard Company
• IBM
• KPMG LLP
• McAfee, Inc.
• Microsoft Corporation
• Oracle Corporation
• Protiviti, Inc.
• Symantec Corporation
• University of Phoenix
• Zurich Insurance Company Ltd.
ISACA membership provides collegial support across the world, access to a wealth of information and educational
opportunities, as well as the opportunity to play a vital role in your local chapter. I find the networking opportunities
and updates on up-to-the-minute tools and trends are the most valuable parts of ISACA membership.
Elene Anderson, CISA, Information Management Consultant (New Zealand)
ME
MB
ER
TA
LK
RELATIONSHIPS
ISACA_AnnualReport_FINAL.indd 20 5/14/14 1:01 PM
CONTRIBUTORS 21
ASIABahrainDhaka, BangladeshChina Hong Kong Bangalore, India Cochin, India Coimbatore, India Hyderabad, India Kolkata, India Chennai, India Mumbai, India New Delhi, India Pune, India Vijayawada, India Indonesia Fukuoka, JapanNagoya, Japan Osaka, Japan Tokyo, Japan Korea Lebanon Macao Malaysia Muscat, OmanIslamabad, Pakistan Karachi, Pakistan Lahore, Pakistan Manila, Philippines Jeddah, Saudi ArabiaRiyadh, Saudi Arabia Singapore Sri Lanka Taiwan Bangkok, Thailand UAE
CENTRAL/SOUTH AMERICABuenos Aires, ArgentinaMendoza, Argentina La Paz, Bolivia Brasilia, Brazil Rio de Janeiro, Brazil Sao Paulo, Brazil Santiago, Chile Bogota, Colombia San Jose, Costa RicaSanto Domingo,
Dominican RepublicQuito, EcuadorGuatemala City,
Guatemala Guadalajara, Mexico Mexico City, Mexico
Monterrey, Mexico Panama Asuncion, Paraguay Lima, Peru Puerto Rico Montevideo, UruguayVenezuela
EUROPE/AFRICAAustria Belgium Sofia, Bulgaria CroatiaCyprus Czech Republic Denmark Estonia Finland France (Paris) Germany Accra, GhanaAthens, Greece Budapest, Hungary Ireland Tel-Aviv, Israel Milan, Italy Rome, ItalyVenice, Italy Kenya Latvia Lithuania Luxembourg Malta MauritiusNetherlands Abuja, NigeriaIbadan, Nigeria Lagos, Nigeria NorwayKatowice, PolandWarsaw, Poland Lisbon, PortugalMoscow, Russia Romania Slovenia Slovak Republic South Africa Barcelona, Spain Madrid, Spain Valencia, Spain Sweden Switzerland TanzaniaTunis, Tunisia
Ankara, TurkeyIstanbul, Turkey Kampala, UgandaKyiv, Ukraine London, UK Central UK Northern England, UKScotland, UKWinchester, UKLusaka, Zambia NORTH AMERICA
CanadaCalgary, AB Edmonton, AB Vancouver, BC Victoria, BC Winnipeg, MB Atlantic Provinces Ottawa Valley, ON Toronto, ON Montreal, PQ Quebec City, PQ
IslandsBermuda Trinidad & Tobago
Midwestern United StatesCentral Indiana
(Indianapolis)Chicago, IL Illini (Springfield, IL) IllowaIowa (Des Moines) Kentuckiana
(Louisville, KY) Detroit, MI Western Michigan Minnesota Omaha, NE Central Ohio (ColumbusGreater Cincinnati, OHNortheast Ohio
(Cleveland) Northwest Ohio Kettle Moraine, WI
(Milwaukee)
Northeastern United StatesGreater Hartford, CT
Central Maryland (Baltimore)New England New Jersey Central New York
(Syracuse)Hudson Valley, NY
(Albany)New York MetropolitanWestern New York
(Buffalo/Rochester)Harrisburg, PA Philadelphia, PA Pittsburgh, PA Rhode Island National Capital Area, DC
Southeastern United StatesBirmingham, AL Huntsville, ALCentral Florida (Orlando)Jacksonville, FL South FloridaTallahassee, FL West Florida (Tampa) Atlanta, GA Charlotte, NC Research Triangle
(Raleigh, NC)South Carolina Midlands
(Columbia, SC)Memphis, TN Middle Tennessee
(Nashville)Virginia
Southwestern United StatesCentral Arkansas (Little Rock)Denver, CO Baton Rouge, LA Greater New Orleans, LAGreater Kansas City, MOSpringfield, MO St. Louis, MO New Mexico (Albuquerque)Central Oklahoma
(Oklahoma City) Tulsa, OK Austin, TX Greater Houston Area, TXNorth Texas (Dallas) San Antonio/So. Texas
Western United StatesAnchorage, AK Phoenix, AZ Los Angeles, CA Orange County, CA
(Anaheim)Sacramento, CA San Francisco, CA San Diego, CA Silicon Valley, CA
(Sunnyvale)Hawaii (Honolulu) Boise, ID Las Vegas, NV Willamette Valley, OR
(Portland)Utah (Salt Lake City) Mt. Rainier, WA
(Olympia)Puget Sound, WA
(Seattle)
OCEANIAAdelaide, Australia Brisbane, Australia Canberra, Australia Melbourne, Australia Perth, Australia Sydney, Australia Auckland, New ZealandWellington, New ZealandPapua New Guinea
CHAPTERS IN FORMATIONGaborone, BotswanaRegina, Saskatchewan,
CanadaMedellin , ColombiaGuayaquil, EcuadorCairo, EgyptSan Salvador, El SalvadorReykjavik, IcelandAhmedabad, IndiaJaipur, IndiaAbidjan, Ivory CoastAmman, JordanAlmaty, KazakhstanKuwait City, KuwaitBlantyre, MalawiCasablanca, MoroccoDoha, QatarHarare, Zimbabwe
Platinum Susan M. Caldwell Charles Cribaro John Lainhart* Lynn Lawton Akira Matsuo Robert Micek Ronald Riba Ronald Saull Jane Seago Manny Singh Patrick Stachtchenko
Kenneth Vander Wal Daniel Wiechec
Gold Allan Boardman Concepcion Fermin Theresa Grafenstine Gregory Grocholski Ron Hale Shankar Iyer Everett Johnson* Thomas Lamm Robert Parker*
Jeffrey Patubo Hugh Henning Penri-WilliamsSean Stringer Marc Vael Archie Watt
Silver Abdul Hamid Abdullah Kim Ahmer Gary Akin Ali Fathi Al-Sheikh AhmedDavid Applebaum
Renato Aquilino-Pujol Scott Artman Garry James Barnes Mary Begel Dexter Burger Fernando Calvillo Carlos Cazorla Richard Chia Art Christofferson Nancy Cohen Bernard Czaja Helene Demoulin
Patricia Giovanna Diaz ToriShannon Donahue Cassius Downs Stephen John Drew Zea Du Preez Nana Dufu John Leonard Ford Norihisa Fujita Julia Fullerton Luis Enrique Garcia de
Paredes
CHAPTERS
INDIVIDUALS
MEMBERSHIP
DONORS
ISACA_AnnualReport_FINAL.indd 21 5/14/14 1:01 PM
22 ISACA® AND IT GOVERNANCE INSTITUTE® ANNUAL REPORT 2013
INDIVIDUALS (CONTINUED) John Garrett Ashok Ghosh Jennifer Gillespie John Cameron Glover Arvind Shivram Godbole Theodore Grolimund Daniel Hadaway Barry George Hadfield Jen Hajigeorgiou John Ho Chi Michael Jimenez Ghassan Kabbara Masato Kagotani Vijay Karayi Tina Kay Michael Knight Oguz Yetkin Kocabas Emiko Kurihara John Kuyers Chandrasekar Lakshmi VarahanHendrik Jan Land Stephen Lantrip Tak Wa Lau Yong-Seok Lee Patricia Lewis Min Chee Liew Roberto Lopez Escalera R.Claxton Martyr Tim Mason Bryan McAtee Robert Mcfarland Yasushi Miyamoto Anup Mody Gary Murphy Francis Nemia Deborah Oetjen Mecki Oker Carmen Ozores FernandesTrudy Anne Page Andre Pitkowski William Price Daniel Fernando Ramos Sree Krishna RaoDavid George Reinhold Jack Riegel Patrick Rozario Merve Sarac Taishi Sasahara Jose Saucedo Martin Schlaeppi Toshio Shishido Edward Joseph SlusarskiConrad Stanton Jo Stewart-Rattray Robert E Stroud Ramnathan SubramanianJulius Olugbenga SubuloyeStig Jarle Sunde Lennard-Peter Abdun-Nur
Sutherland Ichiro Tabata Hideyuki Tanaka Bernard Chee Kian TangAlexandru Tasca Choon Meng Teo Lisa Toro Terry Trsar Vatsaraman VenkatakrishnanSatya Vithala Karyn Waller Ian Lawrence Webster James Wiechers Brad Wright
Shou-Hsin Mark Wu Mahmoud Yousef Carlos Zamora
Donor Paul Aaron Zoran Abraham Ozioma Reward AbunsangoMark Ackmann Opeyemi Ayodeji AdelusolaAdemola Moruff AdewaleSamson Taiwo AdewumiJayson Agagnier Sanjiv Kumar Agarwala Friday Obukohwo Agillo Mohammad Ahmad Azubike Edward AhubelemHidetsugu Aiko Harun Al Rasyid Oscar Cleophas AlbuquerqueJamal Aldamari Thierry Alexandre Lozina Metodieva AlexievaFaisal Al-Homodi Ilgar Aliyev Bandar Abdulrahman AlkhaleelFaisal Abdulla Al-Kuwari Hikmet Allahverdiyev Raquel Pinto Almeida Ahmed AlMunawes Alwie Alwie Luisito Amper Barry William Anderson Leonce Anthony Roberto Apollonio Mahary Araia Henri Arendsen Makoto Arita Luis Adrian Arroyo Sam Arthur Musafau Ashiru Jerome Athias Yvon Audette Dayo Elliot Babatunde Mohammed Bachiri Christopher Bagot Ajay Bahri Mark Bakarich Lynda Maria Bangham Hamza Moosa Baqer Mourad Baroudi Amadou Oury Barry Aloke Basu Ivonne Beauboeuf Alvin Bedgood Douglas Bencomo Barry Alan Bendel Paul Berkebile Gayle Berkeley Moira Berman Glauco Bertocchi Mohan Bethur Suresh Bhatt Milind Madhav Bhide Jager Singh Bhoohe Denworth Billy Sixten Bjorklund Daniel Blaney Amanda Jane Bluett Khaled Bohsali Benjamin Boi-Doku Charan Kumar BommireddipalliIan Bradbrook Diana Bradshaw Ricardo Bria Wayne Brisson Peter Broad
Juanita Brook Douglas Brown Daniel Brunner Richard Kimble Bryant Adriana Buford Krzysztof Burek Hilda Diane Burgos Mark Alexander Butzke Brendan Patrick Byrne Jose Campos Cynthia Cannaday Juan Luis Carselle David Cato Ruben Dario Chacon AlvaradoWilliam Gerard Champ Adrian Wee Phoy Chan Dave Chappell Steve Chazan Melanie Cheong Douglas Childes Simeon Chirunga Kevin Chua Rajeev Ramchand ChughAdnan Khaliq Chughtai Henny Claessens Robert Clarke Peter Cluck Mark Connelly Philippe Copello Franois Corminboeuf P.J. Corum Carlos Coscollano ArranzBrian Coutanche Omar Crespo Gordon Curtis John Joseph CzaplewskiEmmanuel Kwesi DadzieKarl Dahlberg Deborah Dahlin Aslanbek Daltaev Rodney Owain Davies Peter Day Heraldo de Barros Francisco de la Cruz Reynaldo de la Fuente Donna Degenhart Umberto DeLucilla John Joseph DeMauro James Wayne DeVaul Vahainambi Dhandapani Deborah Dickson Panos Dimitriou Xinhao Ding Udaya Kumar Dintyala Dimonekene Ditutala Satyavan Domb Bohdan Dombchewskyj Kieran Doorley Eduardo De Castro DuarteMichael Dwyer Susumu Eda Roger Eitner Faical El Belghami David Empey Koji Enjo Mary Erlanger Angelo Esposito Agu Ets Gerard Evans Stephen Craig Evans Greg Ugochukwu Ezeilo Dieter Fabritius Hamad Isa Fakhro Jeff Falk Neil Fallow Ahmad Mohammad Faqieh
Will Farmer Nabeel Farooque Alberto Evandro Favero Mark David Fearer Francesc Xavier Fernandez
Cuesta Cherrie Mae Arciaga Ferreria
Chiomento Harry Filowitz David Findling Urs Fischer Kenneth Glenn FitzpatrickJanet Lee Fonseca Joseph Foo Paul Fordiani Gregory Fouquet Barbara-Ann Fox Daniel Bryan Frasier Dan French Masaaki Futagi Ramses Gallego Fredrik Galtung Mary Ellen Gamache Antonio Garcia Eduardo Garcia MartinezAntonio Javier Garcia
Martinez Ashley Gardiner John Generelli Elizabeth Genia Deepu George Niklas Gerdin William Gessner Khristian Gibson Anthony John GilliHubert Darnell Glover Jean-Marc Goeders Julio Golcher David Goodwin Daniel Martin GoraThomas Goss Roger Scott Greenwell Petr Gresl Michael John Grimes Louis Anthony Grippo Stefan Gross Marisol Guasca Jorge Guevara Lopez Jose Gumbau Suresh Gummalam Thomas Hery Gunawan Rajeev Gupta Michael Robert Guthrie Maria Del Carmen GutierrezAntonio Gutierrez SanchezDion Hamilton Lee Ann Harford Michael Hartigan Aris Budiman Hartono Glenn-Edward Willem HarwoodBassam Farid Hassan Elyess Hassine Prachit Hawat Robert Hawk Masahiko Hayakawa Markus Heinen Steven Helwig James Henaghan Marinus Hendriksen Kenneth Henry Jose Francisco Herrera Brian Michael Hickie Frank Artur Hock James Hogan Jennifer Hong Adrian Howe
Miroslav Hruby Cheng Sheng Huang Alejandrina Nelly Huarcaya JunesMichael John Hughes Temple Chiwuike IheanachoFlorin Inte Kester Ewere Irabor Jose Isebia David Taiwo Isiavwe Samuel Chiedozie IsicheiHiromichi Iwakiri Sandeep Jain Babatunde Jaji Charles Janjigian John Jarvis John Erick Jasinski Frank Jelenko Henrik Jensen Thomas Joerger Luciano Johnson Julio Rogelio Jolly MooreGuy Jordan Geogy George Joseph Rohini Joshi Deepak Amrutlal Joshi Anil Madhav Joshi Paul Julias Benjamin Jungbluth Ronald Joseph Jupiter Carlos Justiniano Aasim Mushtaq Kaker Asouma Kamagate Deepak Kamalasanan Samuel Gachie Kamiti Quaye Kandakai Ramzi Kanso Jacqueline Kapres Parikshat Kapur Spiros Karasavvidis Yasushi Kasahara Iftikhar Fazlehussain KathawalaRavi Shankar Balakrishnan
Kavaseri Rich Keesecker David Kerr Rabia Khanfir Masaji Kinpara Yoshihiro Kitsutaka Robert Thomas Klein Terje Klepp Marilynn Elizabeth KlubekPetr Knize Ram Prasad Kodukulla Harvey Richard Koeppel Tajudeen Olasoji Kolawole Felix Lenep Kondon Kentaro Kono Rodger Kraft Roel Kragten Michael Krasny Denis Krauss Harry Arthur Krimkowitz Unni Krishnan Victor Kryshevich Chi Choi Kuok Mathew Kuriakose Masaki Kurihara Pandriya Sistha KusumaStefan Laager Dmitry Lakomkin Jenny Lam Russell Lamosek Patricia Liechty Layfield Richard Lee Peter Leitch
ISACA_AnnualReport_FINAL.indd 22 5/14/14 1:01 PM
CONTRIBUTORS 23
INDIVIDUALS (CONTINUED)
Rudi Lepomme David Less Edward James-Essington LewisKatherine Lidgard Tamara Lilly Tuck Shin Lim Albert Lima Aluca Lindstrom Robert Lluis Kathi Hughes Loftus Clovis Inacio Lopes PereiraJose Maria Lopez SanchezMartyna Lubecka Leon Saul Lukas James Elwyn Lytle Christina MacGregor George Kenneth Madzy Nilanjan Majumdar Eric John Malmgren Paul Jay Malysz Veronica Mancho Kevin Rex Manderson Munyaradzi Takafa MandivenyiJagannadha Rao ManguCharles-Robert ManterfieldPeter Manzo Larry Marks Sergey Martinov Aggrippa Gerald MasamhaIsaac Mast Akihiro Masuko Alfonso Mateluna ConchaMichael Lynn Mather Tsutomu Matsushita David Mcdonald Mayers John Mayor Jacqueline McCaulley Reginald Steven McKee Nick James McLelland Sean McPoland Rudy Meert Ralf Mekelberger Walter Merkt Michael Meyer Christopher John Miles Brian-Liam Baikie Miller Jean Milzi Robert Christopher MinorRobert Scott Mitchell H.L. Mobley Willem Ewoud ModdermanJoanne Molesky John Paul MolinaAlexis Joseph Monaco Jose Moreno Andrades Manuel Moro Earl Moss Adamu Musa Mshelia Martin Mubiru Johannes Mueller Victor Muglia Patrick Murphy Robert John Muscat
Buba Jaffar Mustapha Ralf Mutzke Farit Muzipov Natarajan NagarajanSudeep NairPraveen Nair Chandramohan NarayanTheo Nassiokas Nelly Nauman George Nawara Gomathi Nayagam K. Robert Bradford Nelson Peter Lee Newing Geok Peng Ng David Opul Ngesa Roman Nikitin Takahiro Nishimura Stephen Norkunas Georges Noun Obiageli Lawretta Nwokedi Hazel Nyathi Young Seok Ock Andrew Okada Mufutau Ayinde OlasunkanmiKehinde Peter OlofinmoyinAderinola David-Abiodun
Oloruntoye Chanroutie Omadath-HeetaiBoasiako Omane-Antwi Samuel Christopher OmoikhunuNosa Omoma Kazuo Osugi Venkatachalam P S Robert Pacheco Marie-Grace PagdangananSudha Sri Paladugu David Paolantonio Hyun-Min Park Xenia Ley Parker Michael Parkinson Awtar Singh Parmar Susanna Pau Douglass Peagler Vincent Pearce Pieter Penning Robert Walter Peterson Tajjud-deen Phillipps Carl Phillips Kirsten Pielstrom Dennis Keith Platt Alida Polanco Olguin Horace Poon Sorin Alexandru Popa Mihaela Popescu Andreas Postl Ren Powers Sundaram Prabhu William Prado Ana Prieto-Arbelaez Marin Prisacaru Wagner Roberto PuglieseRajesh Kantesh Purohit Daniel Kofi Quampah Kishor Rabi Basuki Rahmad Susheel Dinkar Raje Subramanian Ramamoorthy
Rafael Ricardo Ramirez Francisco Vicente Ramon-MiraN. Ramu Paul Randazzo Joseph Randolla Raghavendra Rao Stewart Redfield Nijel Redrick Grace Rengifo Gerardo Renzetti Colette Revan Kees Riemens Kim Ries Kathryn Mae Ring Charles Kendall Roberts Luis Fernando Rodriguez MunozFacundo Rojo Gil Miguel Angel Romero ArcasPedro José Romero CuadrosPatricia Aneta Rowe-SealeCristina Ruiz Tafara Ruvando Jodie Maree Ryan Vijayakumar S.R. Khaled Mostafa Safa Milton Eric Sambolin Sylma Sanchez Gilmar Souza Santos Gautam Sarnaik Mugdha Satish Satarkar James Sawyer Sven Schaub Anton Schleibinger Joshua James Schmidt Ekkehard Scholz Daniel Schroeder Robert Schwind Anita Patricia Scott Paul Byron Scott Ravi Kumar SeewoosahaDaniel Seider Carl Madawa Seiyaibo Lakshminarayanan
Ramaswamy SekharipuramJorge Serrano RodriguezAbdulGhaffar Mohammad
Setareh Alexander Setiadji Akbar Mohamed Casim
Shaikh Saeed Sheikh Aravinda Shenoy Makoto Shibata Minoru Shibuya Brent Shirley Takashi Shitamichi Bindu Kamlesh Singh Thomas Sinnott Vadim Sitosenko Peter Smithson Rebecca Ann Snevel David Snyder Gabriel Sofian Folarin Sogeke Jason Aurele Soroko Ibrahima Sow Bjorn Michael Spara
Peter Malcolm Stagoll Mark Stanley Jaroslaw Stawiany Dirk Steuperaert Richard George Stohner Igor Stolbikov Charles Stuart Guillermo Rodriguez SuarezKatsutoshi Sugiyama Hartono Ari Susetyo Leonard Sutton Ganesh Swaminathan Olanrewaju Tiamiyu TaiwoShozo Takeuchi Daniel Talbot Tit Ho Tan Martin Tapia Yoshito Tashiro Aureo Monteiro Tavares da SilvaKenneth Taylor Jeremy Tedes Daniel Teijido Hiroshi Terai Nobuyuki Tetsuka Samuel Nam Lei Tham Stephanie Thomas Tina Thompson Margaret Thorn Andrei Tinca Karen Sands Tinucci Esa Toivonen Scott Tompkins Vanda Lynn Tougas Senol Mahmut Toygar Daniella Traino Mamadou Sidiki Traore James Denis Treacy Eduardo Tsang Hitoko Tsumura Deborah Tucker Kenji Uemoto Martin Unterberger Martin Urban Luis Uria Fumio Utsumi Paul van Domburg Michiel Van Hulsteijn Bartholomeus van LodensteijnLuis Vasquez Enrique Vasquez GranadosHuib Vellekoop Chris Verdonck Sylvain Viau Ronald Allan Viera Jason Edward James ViolaManuel Jose Viscasillas Robert Vitali Jon Voiculescu Julian Andrew Wakim Ichiro Wakita Deborah Lynn Walker Kagiso Shimmy Wantwa Shinichi Watanabe James Roger Webster Winston Washington WeirStefan Andreas Wenzel Robert Philip White
Kanchana Wijayaratne William Wilkerson Christopher Williams Andrew George Wilson Trevor Andre Wood Peter Woods Jens Wudick Li-Jen Lyaw Yang Kevin Jiong Yang Wei Yao Hong Yu Virginia Yue Jason Chee-Mun Yuen Michael Wai-Kee Yung Najeeb Hasan Zaidi Gustavo Mariath Zeidan Beibei Zhan Hong Amberina Zhang Manef Zidi Jacobus Ziere Roman Zillek * Denotes Wasserman Award winner
CHAPTERS
PlatinumGreater Houston ChapterLos Angeles ChapterMerida Chapter (Inactive)
GoldChicago ChapterDetroit ChapterGreater Kansas City ChapterHudson Valley ChapterNational Capital Area ChapterNew York Metropolitan ChapterNorth Texas ChapterSingapore ChapterToronto ChapterVancouver Chapter
SilverAustin ChapterDenver ChapterGreater Cincinnati ChapterGreater Hartford ChapterJacksonville ChapterNew England ChapterNew Jersey ChapterQuebec City ChapterSan Francisco ChapterSouth Carolina Midlands
ChapterTulsa ChapterVirginia ChapterWest Florida ChapterWestern Michigan Chapter
DonorMiddle Tennessee ChapterMontreal ChapterPhiladelphia ChapterPhoenix ChapterRhode Island ChapterSilicon Valley Chapter
ISACA’s conferences and training programs help members keep up to date on business trends and provide the tools
to enhance competency and proficiency. The in-person conferences are extremely valuable because we can interact
face-to-face with others facing similar challenges. I also find great value in chapter events and the free webinars.
Carina K. Wangwe, CISM, CGEIT, Head of Management Information Systems, Social Security Regulatory Authority (Tanzania)
ME
MB
ER
TA
LK
DONORS
ISACA_AnnualReport_FINAL.indd 23 5/14/14 1:01 PM
HISTORY OF ISACA AND ITGI
ISACA’s journey began in 1967, when a small, visionary group of professionals realized that
their work auditing controls for computer systems was becoming increasingly vital to the overall
operational success of their enterprises. Together they discussed the benefits of developing a
centralized source of information and guidance for their growing field. In 1969, the group formalized
and incorporated as the EDP Auditors Association (EDPAA). The organization’s name was changed
to Information Systems Audit and Control Association (ISACA) and it now goes by its acronym only,
to reflect the broad range of professionals it serves.
Now, with more than 115,000 constituents (members and non-member certification holders) in 180
countries, ISACA is a leading global provider of knowledge, certifications, community, advocacy
and education on information systems (IS) assurance and security, governance and management
of enterprise IT (GEIT), and IT-related risk and compliance. The nonprofit, independent ISACA hosts
international conferences, publishes the ISACA® Journal, and develops international IS auditing and
control standards, which help its constituents ensure trust in, and value from, information systems.
It also advances and attests IT and business skills and knowledge through the globally respected
Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®),
Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems
Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based on the
COBIT framework. This helps IT professionals and enterprise leaders fulfill their IT governance and
management responsibilities, particularly in the areas of assurance, security, risk and control, and
deliver value to the business.
Affiliated with ISACA, the IT Governance Institute (ITGI) was created in 1998 as a nonprofit,
independent research entity that provides guidance for the global business community on issues
related to GEIT.
In the years since their inception, ISACA and ITGI have been drivers of value and innovation, and
as a result, have become pace-setting global organizations for IT governance, security, control and
assurance professionals.
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
ISACA PHONE: +1.847.253.1545
ITGI PHONE: +1.847.660.5700
FAX: +1.847.253.1443
isaca.org
itgi.org
ISACA_AnnualReport_FINAL.indd 24 5/14/14 1:01 PM