Embed Size (px)
Citation preview
ISACA Knowledge Center: www.isaca.org/knowledge-center
CONTENTS
Letter From the President
2014 Report
ISACA and ITGI Combined Financial Statements
Report of Independent Certified Public Accountants
Audit Committee Chair’s Letter
ISACA Board of Directors/ ITGI Board of Trustees
Letter From the International President and the CEO
Board, Committee, Subcommittee and Task Force Chairs
Chapters
Donors
4
3
10
11
17
18
19
19
20
21
ISACAHQ @ISACANews ISACA (Official) +ISACA ISACA HQ ASSU
RING
TRU
ST IN
A
DYNA
MIC
ALLY
CHA
NGIN
G DI
GITA
L W
ORLD
.
3
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
At the core of every interaction, whether digital or physical, is trust.
Technology has delivered great benefits and conveniences—many not even
imagined just a few years ago—but at the same time it has required a great
amount of trust in the unknown. This has presented a risk versus reward
tradeoff scenario that will not change in the foreseeable future. Trust in each
other, and in those with whom we interact, continues to be built one brick—or
rather, one click—at a time.
Consider the rise of collaborative consumption. More commonly known as
the “sharing economy,” what was once viewed as odd, misunderstood or
even dangerous has now become mainstream. Who knew that our parents’
insistence that we share our toys with friends and siblings would become
a successful business model? People can now easily reserve a ride in a
stranger’s car or even rent space in their own house. And this all is due to
the growth of trust through technology and knowledge.
While the world continues to evolve, ISACA and its community remain acutely
focused on providing value and building trust. This was evident throughout
2014, which was marked by dynamic change and significant progress.
As the increased use of technology—and need for trust—continued, ISACA
identified the demand for a single, central location where professionals could
find cybersecurity research, guidance, credentialing, mentoring and networking.
Throughout this and all of our activities during the year we continued to
enhance the core of trust across diverse global audiences.
While many of our endeavors made significant impressions globally, we also
made a number of more subtle improvements, including a revamp of our
conference and periodical experiences and progress in nearly every area of the
association. In this report you will read about many of the innovative activities
and accomplishments that ISACA and its stakeholders achieved during 2014.
I trust that you will find it interesting and informative.
ASSU
RING
TRU
ST IN
A
DYNA
MIC
ALLY
CHA
NGIN
G DI
GITA
L W
ORLD
.
Robert E StroudCGEIT, CRISC2014-2015 International President ISACA and the IT Governance Institute (ITGI®)
4
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
ASSURING TRUST IN TIMES OF CHANGEISACA® marked a milestone year in 2014 by reaching its 45th anniversary. While we are extremely proud of
our history and accomplishments, we took this notable year as an opportunity to look forward and position
our organization for future growth.
We live in a world where change is an everyday event. We need to adapt, innovate, lead with vision and create
an impact. And most important, we need to assure trust in everything we do and in every tool and piece of
knowledge we create. This report provides a high-level overview of some of our most significant activities—all
focused on building and sharing trust throughout the year.
Europe/Africa 32,128 members
Asia 25,108 members
Latin America 5,478 members
Oceania 4,016 members
North America 55,315 members
+
+
+
+
+ Indicates a new chapter formed in 2014
Curacao
Gaborone (Botswana)
Medellin (Colombia)
Cairo (Egypt)
Regina, Saskatchewan (Canada)
122,045 members in
185countries
MEM
BER
PROF
ILE
207chapters in
35chapters with
87countries
1,000+members
4% membership growth 81% member retention
North America CACS
Latin America CACS
EuroCACS
Asia-Pacific CACS
Oceania CACS
Information Security and Risk Management (ISRM) Conference
IT Governance, Risk and Control (ITGRC) Conference (an IIA and ISACA collaboration)
+
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
5
CYBERSECURITY NEXUS One of ISACA’s most significant achievements in 2014 was
the launch of Cybersecurity Nexus (CSX™) to help address the
global cybersecurity skills shortage. Among many activities, we
created the Cybersecurity Fundamentals Certificate for those
new to the career, whether they are students, recent graduates
or changing careers.
CSX also obtained global expert insights through a CISO forum
and created CSX liaison positions in our chapters. Cybersecurity
guidance was released, including the Advanced Persistent
Threat (APT) Awareness survey, the European Cybersecurity
series, the CSX webinar channel, and a book, course and
certificate on implementing the US National Institute of
Standards and Technology (NIST) framework using COBIT® 5.
Fast FactsISACA’s Cybersecurity Fundamentals Certificate program was
launched late in the third quarter. In just three months:
• Workshops held in the third and fourth quarters sold out.
• More than 370 certificate exams were purchased.
COBITBuilding on the COBIT 5 framework released in 2012, ISACA
continued to drive recognition and use globally. We rolled out
the online version of COBIT 5, which features a Goals and
RACI Planner Tool and other valuable resources via differing
subscription level options.
Fast FactsCOBIT-related publications released include:
• Audit programs for COBIT 5 process domains• Vendor Management Using COBIT® 5• Relating the COSO Internal Control—Integrated Framework
and COBIT®
• Controls and Assurance in the Cloud: Using COBIT® 5• COBIT® 5 Principles: Where Did They Come From?• Risk Scenarios Using COBIT® 5 for Risk • IT Control Objectives for Sarbanes-Oxley Using COBIT® 5,
3rd Edition
Working with APMG, a global body that accredits training
organizations and manages certification schemes, ISACA
expanded the program of Accredited Training Organizations:
• 66 COBIT Certified Assessor certificates since inception • 16,861 COBIT 5 Foundation certificates since inception • 121 COBIT 5 accredited training organizations• 46 COBIT 5 accredited training individuals
MEMBERSHIP AND CHAPTERSThe 2014 Member Get a Member program grew by more than
25 percent, bringing in 1,261 new members and accounting for
nearly 5 percent of new member growth. Members from 165
chapters participated as recruiters. In addition, the strength of
ISACA’s student and academic communities continued to grow.
All member records are retained at the Information Systems
Audit and Control Association, Inc. headquarters in Rolling
Meadows, Illinois, USA.
Cybersecurity Nexus (CSX) helps address the global need for a skilled cybersecurity workforce. CSX
resources include a wealth of relevant knowledge such as practical training materials, webinars, active
forums and credentials. These are needed for professionals to build a strong, trustworthy competence.
– Vilius Benetis, Ph.D., CISA, CRISC, Chief Executive Officer of NRD CS (Lithuania)
student members (+5%)1,870
57 international student groups (+90%)
Academic Advocates (+16%)770
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
6
STANDARDS AND GUIDELINESISACA issued 18 updated guidelines and released ITAF™:
A Professional Practices Framework for IS Audit/Assurance, 3rd
Edition. ITAF provides a single source for guidance on policies
and procedures, audit and assurance programs,
and developing effective reports.
ACADEMIC RELATIONSCybersecurity and COBIT 5 teaching materials were
developed, including a student book, caselets and
corresponding teaching notes.
CONFERENCES, EDUCATION AND TRAININGKeeping current with knowledge is a lifelong endeavor, and
ISACA assists professionals by providing many options for
advancing their expertise and skills. Through a robust offering
of in-person and online events, professionals can choose
the topics, experience levels and method of learning that
best suit their needs.
Fast Facts• Three sold-out conferences in 2014; 23% attendance growth • 100,000+ webinar and virtual conference registrations • 255% increase in the number of On-Site training events
since 2013• On-Site training took place in Canada, India, Singapore,
the United Kingdom and the US• ISACA Training was offered in 12 locations. • ISACA’s online events program expanded to feature
quarterly webinars for Latin America and Europe/Africa.
CERTIFICATIONProfessionals around the world continued to attain and deliver
trust and value to their organizations and each other by earning
a certification from ISACA.
• Certified Information Systems Auditor® (CISA®)• Certified Information Security Manager® (CISM®)• Certified in the Governance of Enterprise IT® (CGEIT®)• Certified in Risk and Information Systems ControlTM (CRISCTM)
Fast FactsCertification-related achievements:
• The CISA, CISM, CGEIT and CRISC certifications received continued accreditation under the ISO standard ANSI/ISO/IEC 17024 from the American National Standards Institute (ANSI).
• Open badges were offered to ISACA certification holders, enabling them to verify their accomplishments online.
• Originating in 2002, the CISM certification program certified its 25,000th individual.
• ISACA developed job practices for new certifications in cybersecurity and updated the CRISC job practice.
RESEARCHIn addition to the many COBIT-related items released, ISACA
also published A Global Look at IT Audit Best Practices, based
on a joint survey with Protiviti, and hosted the IT Audit Director
Forum, an invitation-only event attended by IT audit directors
from Fortune 500 organizations.
CERT
IFIC
ATIO
N
Certification description
Audit, control, monitor, and assess information
technology and business systems
Oversee, direct and manage information security programs
Establish, maintain and manage a framework of
governance over IT
Identify and manage risk through IS controls
Exam registrants (June, September & December)
more than
17,900more than
5,700more than
900more than
2,500Languages in which exam was available 10 4 1 1Number from inception to year-end
more than
114,100more than
26,900more than
6,300more than
18,200Growth of certified professionals 7% 12.8% 7.5% 5.8%
Through local ISACA chapter activities, I have the opportunity to meet with IT professionals and share
knowledge and experience to continue on my professional journey. In addition, my ISACA certifications
provide me with the knowledge for my job and assure my employer that I have quality professional expertise
and commitment to keep up with industry developments.
– Laura Tse, CISA, CRISC, Director of Operational Risk, financial services company (Hong Kong)
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
7
We chose ISACA for onsite training because we wanted the best COBIT 5 training available. ISACA’s
onsite training allows participants to relax in the comfort of their own working environment, continue
their daily routines with minimal disruption and set their own pace for the course.
– Major Mark McNelis, R SIGNALS, CMgr, MCMI, MBCS, Service Design Strategy, JFC, ISS (United Kingdom)
CAREER MANAGEMENTWork began on a significant change in how we support career
advancement. Cybersecurity was the first topic offered, and in
development are resources for audit and assurance, information
security, enterprise risk management and information
technology governance.
Planning began for a web site for CSX that will host a
beginning-to-end career management system that will offer an
individualized roadmap and guide users through the different
skills and credentials they need to move to the next level.
Planning also began on a video series that will encourage
engagement with ISACA and CSX, as well as programs
for women and students.
STRATEGIC ALLIANCES AND RELATIONSHIPS ISACA engages with diverse, prestigious organizations from
around the world to advocate on behalf of and support the
professions that we serve. The following are significant
efforts from 2014:
• Led cybersecurity awareness efforts through information sharing and engagement with governmental, nonprofit and commercial entities. Participated in European and US Cybersecurity Month, cybersecurity guidance development and fact-gathering workshops, training skills development and certification, and hosted the Global CyberLympics.
• Participated and assisted in the European Commission’s e-Skills initiative. Contributed to the delivery of European Foundational ICT Body of Knowledge and Professionalism.
• Participated with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) with official observer and active participant status, assisting COSO Board on update of Enterprise Risk Management Framework.
• Partnered with the National Association of Corporate Directors (NACD) and KPMG. Participated in development of a video series for boards of directors, to help them better understand how cybersecurity and emerging technologies are impacting business.
• Participated with the International Organization of Supreme Audit Institutions (INTOSAI) with official observer status on the IT Audit Working Group and contributed on global capacity building, knowledge sharing and professional standards.
• Supported International Organization for Standardization (ISO) Standard and Good practice developments. Helped steer, develop and provide guidance on creating international standards of good practice for security, software and systems engineering, IT governance and service management.
PERIODICALSISACA completed a review of all periodicals with a focus
toward improving readership and began redesigns of all
periodicals’ digital formats. COBIT Focus was positioned
as a weekly e-magazine and quarterly e-newsletter, which
improved the online performance significantly—page views
and visits doubled. ISACA® Journal circulation at year-end
was more than 122,000.
Fast FactsISACA Journal editorial calendar:Vol. 1 January/February–Data PrivacyVol. 2 March/April–The IT Audit TransformationVol. 3 May/June–Big DataVol. 4 July/August–Governance and Management of Enterprise IT (GEIT)
Vol. 5 September/October–Mobile DevicesVol. 6 November/December–Cybersecurity
1 in 3 IT security professionals in the US is aware of ISACA’s new Cybersecurity Nexus
(CSX) program. 3
95% of 2014 webinar attendees
indicated the webinar met or exceeded expectations. 2
85% of ISACA members would like to learn more about a career
in cybersecurity.1
CSX
STAT
S
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
8
BOOKSTOREMore than 550 items were available in the ISACA Bookstore.
Bestselling ISACA Titles• CISA® Review Manual 2014• CISM® Review Manual 2014• CISA® Practice Question Database v14 – Web Download
Bestselling ISACA Titles (excluding certification exam prep materials)• COBIT 5 • CSX™ Cybersecurity Fundamentals Study Guide• COBIT® 5 Enabling Processes
TRANSLATIONSAs a global enterprise serving professionals in more than
180 countries, ISACA seeks to make its research, articles,
credentialing programs and other materials available in a
selection of languages. The translations program grew again
in 2014, which enabled a greater number of professionals
and global organizations to benefit from ISACA materials.
Fast Facts• ISACA translated 248 items and publications into 20
non-English languages. • Materials translated included certification exams, study
aids, ISACA Journal articles, COBIT Focus articles and COBIT 5.
• ISACA now offers 50 translated versions of COBIT 5
publications in 16 languages.
MEDIA RELATIONS AND SOCIAL MEDIAISACA supports a proactive media and social media outreach program to help ensure that professionals around the world are aware of our services and products. Global media outlets including CBS News, Fortune, Wall Street Journal’s CIO Journal, CSO, Business Standard (India), CIO Latin America, Financial Times Australia, Red Seguridad (Spain) interviewed ISACA experts and featured ISACA news.
To help support the launch of Cybersecurity Nexus and the Cybersecurity Fundamentals Certificate, ISACA conducted a survey of ISACA student members and found that their interest in cybersecurity careers is strong, but they need further training. Results showed that 88% plan to work in a position that requires some level of cybersecurity knowledge. This, along with other insights, demonstrated a clear need for ISACA leadership in this area.
Fast Facts• 24,000+ global media mentions featuring ISACA• 101 posts in the ISACA Now blog• Twitter (@ISACANews): 28% growth• LinkedIn (ISACA [Official] group): 38% growth• Facebook (ISACAHQ): 56% growth
WEB SITEISACA’s web site continues to be a primary touchpoint and
networking tool for members and other global professionals.
• 38 million total visits • 195 countries from which visitors originated• 107 chapters in the chapter web site hosting program
Through ISACA’s social media platforms, I have developed a worldwide network, which has helped
me gain ideas and solutions for the organizations I serve. I quickly have a connection with global
peers and information.
– Andre Pitkowski, CGEIT, CRISC, CRMA, OCTAVE, Senior GRC Consultant (Brazil)
3.8 millionunique visitors
ONLI
NE
STAT
S
5.9 millionpage views
17,621Knowledge Center topic
members
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
9
CORPORATE SOCIAL RESPONSIBILITYThe Corporate Social Responsibility (CSR) program is one
of ISACA’s ways of giving back and showing support to
organizations that are making a difference. Donations have
been made to both global nonprofit organizations and
charitable causes, as recommended by chapter leaders
and approved by a review committee.
FINANCE2014 was another strong financial year for ISACA thanks to
a solid member retention rate, ongoing market support for its
professional certifications and continued effective management
of its operating costs. Following a change in its target allocations
between its short- and long-term portfolios, ISACA received
increased dividends and capital gains from its investments
which were partially offset by a slight realized/unrealized loss.
These changes resulted in a combined growth in the portfolio.
This investment portfolio has allowed ISACA to position itself
for operational sustainability and capitalize on strategic growth
opportunities moving forward.
As a leading global organization, ISACA continues to manage
its reserves for operating and strategic purposes. ISACA
increased its targeted operational reserve to US $34,922,480
to cover 10 months of average operating expenses for the last
three fiscal years. ISACA also maintains a strategic reserve
that is used to invest in strategic growth and other member
benefit opportunities. During 2014, ISACA invested more
than US $4 million in strategic programs that contributed to
a slight reduction in the strategic reserve, which totaled US
$37,989,825 at the end of the year.
The 2014 audited financial statements for the organization
are presented within this annual report. Looking ahead,
management will continue to monitor key business drivers
and economic conditions and their related impact on
operations and constituents in 2015 and beyond.
SURV
EY S
TATS
1 2014 Membership Needs Survey. Conducted in Q3 2014, this survey is based on a random sampling of 50,000 ISACA members globally and has a +/- 1.5% margin of error at a 95% level of confidence. Research was conducted by Directions Research, Inc., an independent global agency.
2 Based on more than 600 respondents to post-webinar evaluations with a +/- 3.8% margin of error at a 95% level of confidence.3 From the 2014 Wave 2 Market Monitor Survey conducted in October 2014, which is based on online polling in the US of 711 information technology audit, assurance,
security, risk, control, compliance, governance, and service demand and delivery business professionals, as well as college and graduate students studying in those areas. This study has a +/- 4% margin of error at a 95% level of confidence. Research was conducted by Strategy Analytics, Inc., an independent global agency.
As an IT service management consultant and COBIT Certified Assessor, I need to be up to date on the
COBIT framework. This distinction enables customers to know they are working with a proven expert.
– Satish Kini, CRISC, COBIT Certified Assessor, CISSP, ITIL Expert, Managing Consultant of Firstbest Consultants Pvt. Ltd. (India)
88% of ISACA members are very likely/likely to recommend ISACA to their colleagues.1
85% of ISACA members are very satisfied/satisfied with their overall ISACA membership.1
Those aware of ISACA in the US considered it “Critical to
my job role” and a “Leader.” 3
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
10
COMBINED FINANCIAL STATEMENTSAll monetary amounts included in the financial statements are in US dollars.
Certification 21%
Membership 20%
Education 19%
Research 18%
Supporting services & administration 13%
Publications 9%
REIN
FORC
ING
TRUS
T TH
ROUG
H KN
OWLE
DGE
AND
COM
MUN
ITY.
2014 OPERATING REVENUES
Certification 39%
Membership 28%
Education 17%
Publications 9%
Interest, dividends and other 6%
Contributions & sponsorships 1%
2014 OPERATING EXPENSES
2010
2011
2012
2013
2014
ISACA/ITGI HISTORICAL REVENUES
(in millions of US dollars)
10
20
0
30
20
40
50
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
11
REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS
Board of Directors
ISACA, Inc.
Board of Trustees
IT Governance Institute, Inc.
We have audited the accompanying combined financial statements of ISACA, Inc. and IT
Governance Institute, Inc. (collectively, the “Organization”), which comprise the combined statement
of financial position as of 31 December 2014, and the related combined statements of activities and
cash flows for the year then ended, and the related notes to the combined financial statements.
Management’s Responsibility for the Financial StatementsManagement is responsible for the preparation and fair presentation of these combined financial
statements in accordance with accounting principles generally accepted in the United States of
America; this includes the design, implementation, and maintenance of internal control relevant to
the preparation and fair presentation of combined financial statements that are free from material
misstatement, whether due to fraud or error.
Auditor’s ResponsibilityOur responsibility is to express an opinion on these combined financial statements based on
our audit. We conducted our audit in accordance with auditing standards generally accepted
in the United States of America. Those standards require that we plan and perform the audit to
obtain reasonable assurance about whether the combined financial statements are free from
material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and
disclosures in the combined financial statements. The procedures selected depend on the
auditor’s judgment, including the assessment of the risks of material misstatement of the
combined financial statements, whether due to fraud or error. In making those risk assessments,
the auditor considers internal control relevant to the entity’s preparation and fair presentation
of the combined financial statements in order to design audit procedures that are appropriate
in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of
the entity’s internal control. Accordingly, we express no such opinion. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of significant
accounting estimates made by management, as well as evaluating the overall presentation of the
combined financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a
basis for our audit opinion.
Opinion In our opinion, the 2014 combined financial statements referred to above present fairly, in all material
respects, the combined financial position of ISACA, Inc. and IT Governance Institute, Inc. as of 31
December 2014, and the changes in their net assets and their cash flows for the year then ended
in accordance with accounting principles generally accepted in the United States of America.
Prior Year Financial Statements The combined financial statements of ISACA, Inc. and IT Governance Institute, Inc. as of 31
December 2013 were audited by other auditors, whose report dated 3 April 2014 expressed
an unmodified opinion on those statements.
Chicago, Illinois 8 April 2015
REIN
FORC
ING
TRUS
T TH
ROUG
H KN
OWLE
DGE
AND
COM
MUN
ITY.
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
12
COMBINED STATEMENTS OF FINANCIAL POSITIONISACA, Inc. and IT Governance Institute, Inc.
31 DECEMBER 2014 2013
ASSETS
CURRENT ASSETS
Cash and cash equivalents $ 8,160,014 $ 9,459,488
Investments 77,939,578 75,237,043
Accounts receivable, net 1,064,247 824,533
Prepaid expenses 2,198,780 1,459,028
Inventory, net 593,174 397,378
Other current assets 45,492 181,268
Total current assets 90,001,285 87,558,738
FIXED ASSETS
Leasehold improvements 831,217 808,579
Furniture and fixtures 895,944 432,173
Office equipment 247,567 185,579
Computer system 10,241,209 7,978,537
12,215,937 9,404,868
Less accumulated depreciation (7,379,989) (5,658,921)
Net fixed assets 4,835,948 3,745,947
TOTAL ASSETS $ 94,837,233 $ 91,304,685
LIABILITIES AND NET ASSETS
CURRENT LIABILITIES
Accounts payable $ 8,128,157 $ 7,046,200
Deferred revenues 13,158,347 11,721,845
Other liabilities 596,740 554,291
Total current liabilities 21,883,244 19,322,336
COMMITMENTS AND
CONTINGENCIES - -
NET ASSETS
Unrestricted
Board designated 34,922,480 32,340,283
Undesignated 37,989,825 39,600,382
Total unrestricted 72,912,305 71,940,665
Temporarily restricted 573 573
Permanently restricted 41,111 41,111
Total net assets 72,953,989 71,982,349
TOTAL LIABILITIES AND NET ASSETS $ 94,837,233 $ 91,304,685
COMBINED STATEMENTS OF CASH FLOWSISACA, Inc. and IT Governance Institute, Inc.
YEARS ENDED 31 DECEMBER 2014 2013
CASH FLOWS FROM OPERATING ACTIVITIES
Change in net assets $ 971,640 $ 6,853,102
Adjustments to reconcile change in net assets to net cash provided by operating activities
Depreciation 1,721,068 1,055,977
Bad debt 43,203 19,772
Loss on disposal of equipment - 6,389
Net realized and unrealized loss (gain) on investments 358,331 (2,933,421)
Changes in assets and liabilities
Accounts receivable, net (282,917) 154,933
Prepaid expenses and other current assets (603,976) (238,333)
Inventory, net (195,796) (664)
Accounts payable 1,081,957 1,247,077
Deferred revenues 1,436,502 634,661
Other liabilities 42,449 (339,516)
Net cash provided by operating activities 4,572,461 6,459,977
CASH FLOWS FROM INVESTING ACTIVITIES
Acquisition of fixed assets (2,811,069) (2,312,984)
Proceeds from the sale of investments 19,805,310 18,197,283
Purchase of investments (22,866,176) (22,756,350)
Net cash used in investing activities (5,871,935) (6,872,051)
Net change in cash and cash equivalents (1,299,474) (412,074)
Cash and cash equivalents, beginning of year 9,459,488 9,871,562
CASH AND CASH EQUIVALENTS, END OF YEAR $ 8,160,014 $ 9,459,488
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
13
COMBINED STATEMENTS OF ACTIVITIESISACA, Inc. and IT Governance Institute, Inc.
YEAR ENDED 31 DECEMBER
2014 2013
UNRESTRICTEDTEMPORARILY RESTRICTED
PERMANENTLY RESTRICTED TOTAL UNRESTRICTED
TEMPORARILY RESTRICTED
PERMANENTLY RESTRICTED TOTAL
OPERATING REVENUES
Membership $14,393,209 $ - $ - $14,393,209 $ 13,836,794 $ - $ - $13,836,794
Certification 19,708,390 - - 19,708,390 18,867,320 - - 18,867,320
Education 8,548,542 - - 8,548,542 7,416,249 - - 7,416,249
Publications 4,487,118 - - 4,487,118 4,382,553 - - 4,382,553
Contributions and sponsorships 163,597 14,000 - 177,597 153,623 14,100 - 167,723
Interest, dividends and other 3,120,730 9 - 3,120,739 2,301,790 9 - 2,301,799
Net assets released from restrictions 14,009 (14,009) - - 14,109 (14,109) - -
Total operating revenues 50,435,595 - - 50,435,595 46,972,438 - - 46,972,438
OPERATING EXPENSES
PROGRAM SERVICES
Membership 10,041,777 - - 10,041,777 8,391,622 - - 8,391,622
Certification 10,477,018 - - 10,477,018 9,653,545 - - 9,653,545
Education 9,159,949 - - 9,159,949 7,532,511 - - 7,532,511
Publications 4,265,026 - - 4,265,026 3,963,408 - - 3,963,408
Research 8,693,112 - - 8,693,112 6,160,068 - - 6,160,068
Total program services 42,636,882 - - 42,636,882 35,701,154 - - 35,701,154
SUPPORTING SERVICES
Board and administrative 6,468,742 - - 6,468,742 7,341,603 - - 7,341,603
Contributions - disaster relief - - - - 10,000 - - 10,000
Total supporting services 6,468,742 - - 6,468,742 7,351,603 - 7,351,603
Total operating expenses 49,105,624 - - 49,105,624 43,052,757 - - 43,052,757
Excess from operations 1,329,971 - - 1,329,971 3,919,681 - 3,919,681
OTHER LOSSES
Net realized and unrealized (losses) gains on investments (358,331) - - (358,331) 2,933,421 - - 2,933,421
CHANGE IN NET ASSETS 971,640 - - 971,640 6,853,102 - 6,853,102
NET ASSETS, BEGINNING OF YEAR 71,940,665 573 41,111 71,982,349 65,087,563 573 41,111 65,129,247
NET ASSETS, END OF YEAR $72,912,305 $ 573 $41,111 $72,953,989 $ 71,940,665 $ 573 $41,111 $71,982,349
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
14
ISACA, Inc. and IT Governance Institute, Inc.
NOTE 1—OrganizationThe Organization consists of ISACA, Inc. (the “Association”) and the IT Governance Institute, Inc. (the “Institute”). The Association’s and the Institute’s financial statements are presented on a combined basis due to a majority of the Board members serving both entities and the Association’s economic interest in the Institute. The Organization operates on a global basis, with the majority of revenues and net assets attributable to the Association, the predominant entity within the Organization. The Organization maintains its books and records at its headquarters building located in Rolling Meadows, Illinois, USA.
The Association was incorporated in 1969 under the name Electronic Data Processing Auditors Association, a California (USA) not-for-profit corporation. In 1993, to reflect the evolving state of technology, as well as the Association’s expanding constituency base, the name was changed to Information Systems Audit and Control Association, Inc. The Association now presents itself by its acronym, ISACA. With more than 130,000 constituents (Association members and certification holders) in more than 180 countries at year-end 2014, the Association is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (“IS”) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. The Association hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards. The Association also administers the globally respected Certified Information Systems Auditor (“CISA”), Certified Information Security Manager (“CISM”), Certified in the Governance of Enterprise IT (“CGEIT”) and Certified in Risk and Information Systems Control (“CRISC”) designations.
The Association supports development, update and education activities related to COBIT 5, a globally adopted business framework for governing and managing enterprise IT.
The Institute was incorporated in 1976 under the name Electronic Data Processing Auditors Foundation, a California (USA) not-for-profit corporation. In 1994, its name was changed to Information Systems Audit and Control Foundation, to align with the changed name of the Association, and was changed again in 2003 to IT Governance Institute, Inc. In 2013, the Institute was granted a Type II Supporting Organization status by the IRS, and is a Supporting Organization of the Association. The Institute’s role in the mission it shares with the Association focuses on provision of knowledge on IT governance and related topics. Through its collaborative development model, the Institute brings global perspectives to critical issues facing enterprise leaders and practitioners in its IT governance responsibilities.
NOTE 2—Summary of significant accounting policiesBASIS OF PRESENTATIONThe combined financial statements include the assets, liabilities, net assets and financial activities of the Organization. Significant intercompany balances have been eliminated in combining the two entities. The Organization has a relationship with ISACA chapters located throughout the world; however, the chapters are not fiscally accountable to the Organization and, accordingly, have not been included in the accompanying combined financial statements.
CASH AND CASH EQUIVALENTSCash and cash equivalents consist primarily of non-interest-bearing deposits with maturity dates of three months or less at the time of purchase to be used for operating purposes. These deposits are carried at cost, which approximates fair value.
INVESTMENTSInvestments, other than money market funds and interest-bearing deposits, are reflected in the accompanying combined financial statements at fair value according to generally accepted accounting principles (“GAAP”). GAAP has established a framework for measuring fair value, as well as a fair value hierarchy based on the inputs used to measure fair value.
A financial instrument’s level within the fair value hierarchy is based on the lowest level of any input that is significant to the fair value measurement; however, the determination of what constitutes observable requires significant judgment. The fair value hierarchy is broken down into three levels based on the transparency of inputs as follows:
• Level 1—Quoted prices (unadjusted) in active markets for identical assets or liabilities.
• Level 2—Quoted prices, other than quoted prices included in Level 1, that are observable for the assets or liabilities, either directly or indirectly.
• Level 3—Inputs that are unobservable for the assets or liabilities.
Investment gains and losses include net realized and unrealized gains and losses and are reflected in the accompanying combined financial statements as non-operating activities, while interest income and dividends are considered operating revenue.
CONCENTRATION OF CREDIT RISKCertain financial instruments, primarily cash, cash equivalents and investments, subject the Organization to credit risk. The Organization maintained cash balances (non-interest-bearing) in 2014 and 2013 at a financial institution in excess of the federally insured limit; however, the Organization has not experienced any losses in such accounts and believes that it is not exposed to any significant credit risk on cash and cash equivalents. With respect to investments, concentration is limited through the diversification of the portfolio. As of 31 December 2014 and 2013, the Organization maintained 23% and 28%, respectively,
of its investment balance in one mutual fund, which invests primarily in high-quality money market instruments and short-term fixed income securities, diversified across more than 1,000 individual holdings. The fund may also invest in a wide range of non-money market securities, which tend to be less liquid, more volatile and carry greater risk than money market securities, and its investment objective can best be described as conservative income.
ACCOUNTS RECEIVABLEAccounts receivable are due within 30 days and are stated at amounts due from customers net of an allowance for doubtful accounts. Accounts outstanding longer than the contractual payment terms are considered past due. The Organization determines its allowance for doubtful accounts by considering a number of factors, including the length of time that trade accounts receivable are past due, the Organization’s loss history, the customer’s current ability to pay its obligation to the Organization, and the condition of the general economy and the industry as a whole. The Organization writes off accounts receivable when they become uncollectible, and payments subsequently received on such receivables are credited to the allowance for doubtful accounts.
INVENTORYInventory consists solely of study aids and other publications printed for the Organization for sale to its members and interested outside parties. Inventory is valued at the lower of cost or market, with cost determined by the average cost method. Provisions for obsolete items are based on estimated future usage as related to quantities of stock on hand.
FIXED ASSETSFixed assets are carried at cost. Depreciation is computed using the straight-line method. The estimated useful lives of the related assets range from two to ten years. Leasehold improvements are amortized using the straight-line method over the shorter of the lease terms or their estimated useful lives. Depreciation expense totaled $1,721,068 and $1,055,977 for the years ended 31 December 2014 and 2013, respectively.
NET ASSETSNet assets, revenues, expenses, gains and losses are classified based on the existence or absence of donor-imposed restrictions using the following classifications:
• Unrestricted—Represents unrestricted resources available for support of daily operations and contributions received with no donor restriction. The Board may designate certain net assets for a particular function or activity.
• Temporarily restricted—Represents resources for which use has been temporarily restricted by the contributor. When a donor restriction has been satisfied by incurred expenses consistent with the designated purpose, temporarily restricted net assets are reclassified to unrestricted net assets for reporting of related expenses.
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
15
• Permanently restricted—Represents resources that are subject to restrictions of gift instruments requiring that the principal be invested and maintained in perpetuity. The income generated from these funds is classified based on the terms of the gift instruments.
REVENUE RECOGNITIONRevenues received by the Organization consist primarily of annual membership dues and new member fees; examination, annual maintenance fees and other fees for CISA, CISM, CGEIT and CRISC programs; attendance fees for educational conferences; the sale of advertising space; charges for various publications; sponsorships and contributions; and license fees. Membership dues and annual maintenance fees for CISA, CISM, CGEIT and CRISC are recognized as revenue in the applicable period. New member fees are recorded in the period in which the membership application is processed, with chapter membership dues collected by the Association recorded as a liability until remitted to the chapters. The Organization recognizes unrestricted, restricted and endowment contributions in accordance with donor restrictions in the period in which the commitment for support is obtained, with other revenues being recognized in the period in which the goods or services are provided. Unearned dues, fees and subscriptions are classified as deferred revenues.
PROMOTION AND ADVERTISING COSTSPromotion and advertising costs are expensed as incurred. Total promotion and advertising costs were $4,528,259 and $3,815,618 for the years ended 31 December 2014 and 2013, respectively.
USE OF ESTIMATESThe preparation of the combined financial statements in conformity with accounting principles generally accepted in the United States of America requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and the disclosure of contingent assets and liabilities at the date of the combined financial statements, as well as the reported amounts of revenues and expenses during the reporting period. Actual results could differ from those estimates.
NOTE 3—InvestmentsThe following table presents information about the Organization’s investments. Money market funds and interest-bearing deposits are stated at cost. Investments, which are based on quoted market prices in active markets and therefore classified as Level 1, include actively listed mutual funds and exchange-traded funds.
Investments at 31 December 2014 and 2013 consisted of the following:
2014 2013
MUTUAL FUNDS
Large cap $ 6,815,810 $ 6,021,438
Mid cap 1,286,855 1,060,133
Small cap 1,566,458 1,425,836
International 4,827,518 4,298,190
Fixed income 36,809,961 37,648,793
Alternatives 3,305,995 2,941,700
Tactical allocation 2,233,883 1,921,252
REIT 1,926,923 1,368,054
Money market 12,123,950 12,391,871
Total mutual funds 70,897,353 69,077,267
EXCHANGE-TRADED FUNDSLarge cap 3,984,397 3,418,691
Mid cap 418,440 328,845
Small cap 528,259 445,603
International 2,111,129 1,948,164
Total exchange-traded funds 7,042,225 6,141,303
Money market/interest-bearing deposits - 18,473
TOTAL INVESTMENTS $77,939,578 $75,237,043
The components of investment return for the years ended 31 December 2014 and 2013 are as follows:
2014 2013
Interest and dividends $2,541,552 $1,697,629
Net realized and unrealized (loss) gain on investments
(358,331) $2,933,421
TOTAL INVESTMENT RETURN $2,183,221 $4,631,050
NOTE 4—Accounts receivableAccounts receivable consist of the following at 31 December 2014 and 2013:
2014 2013
Trade receivables $1,099,714 $ 840,548
Less allowance for doubtful accounts (35,467) (16,015)
ACCOUNTS RECEIVABLE, NET
$1,064,247 $ 824,533
Changes in the Organization’s allowance for doubtful accounts are as follows for the years ended 31 December 2014 and 2013:
2014 2013
Beginning balance $ 16,015 $ 38,621
Bad debt expense 43,203 19,772
Accounts written off (23,751) (42,378)
ENDING BALANCE $ 35,467 $ 16,015
NOTE 5—Board-designated net assetsThe Association’s Board of Directors and the Institute’s Board of Trustees designate a portion of the Organization’s unrestricted net assets for contingency purposes in order to protect the Organization against unforeseen global events and economic downturn. The designated amount based on a three-year average of operating expenses totals $34,922,480 as of 31 December 2014. As of 31 December 2013, the designated amount was $32,340,283. These funds, while designated for the purposes noted above, are categorized within the Organization’s combined financial statements as unrestricted net assets.
NOTE 6—Temporarily restricted net assetsTemporarily restricted net assets at 31 December 31 2014 and 2013 have been restricted by donors for the following purposes:
2014 2013
Research $573 $573
TOTAL $573 $573
NOTE 7—Net assets released from restrictions During 2014 and 2013, net assets were released from restrictions to satisfy the following purposes:
2014 2013
Research $ 500 $ 3,000
COBIT 13,500 11,100
Endowment appropriation for expenditure 9 9
TOTAL $14,009 $14,109
NOTE 8—Permanently restricted net assets Permanently restricted net assets are restricted as investments in perpetuity. The Organization’s endowment consists only of donor-restricted endowment funds. Net assets associated with the Organization’s endowment funds are classified and reported based on the existence of donor-imposed restrictions. There are no donor restrictions on the earnings of the Organization’s endowment funds.
The Organization accounts for endowment net assets by preserving the fair value of the original gift as of the gift date of the donor-restricted endowment fund absent explicit donor stipulations to the contrary. As a result, the Organization classifies the original value of the gifts donated to the permanent endowment as permanently restricted net assets. All earnings on the endowment funds are temporarily restricted until appropriated for current-year operating expenses as allowed by the donor.
As of 31 December 2014 and 2013, endowment assets include only those assets of donor-restricted funds that the Organization must hold in perpetuity. The Organization does not have any Board-designated
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
16
endowment funds. The Organization’s Finance Committee meets on a regular basis to ensure that the objectives of the Organization’s investment policy are being met, and that the investment approach used to meet the objectives is in accordance with the investment policy approved by the Board of Directors. Under this policy, the endowment assets are invested in a manner that is intended to provide adequate liquidity and maximize returns on funds invested. Interest and dividends earned on endowment funds are appropriated for current-year operating expenses.
During 2014 and 2013, the Organization had endowment-related activities as shown in Note 8:Chart.
NOTE 9—Related-party transactionsAs a service to the chapters, the Organization includes the amount of individual chapter dues with its annual billing and remits to the chapters amounts collected on their behalf. The balances of $2,122,839 and $2,220,147 at 31 December 2014 and 2013, respectively, are reflected in accounts payable and represent the unremitted portion of dues collected for individual chapters. During 2014, chapter dues collected and remitted totaled $4,011,301 and $4,108,609, respectively. For 2013, dues collected and remitted totaled $3,845,704 and $4,011,632, respectively.
NOTE 10—Leases The Organization has an office facility operating lease, which requires monthly payments comprised of rent, property taxes, pro rata share of common operating expenses and insurance. On 21 July 2014, the Organization signed an amendment to the lease agreement, which did not go into effect until 1 April 2015. The lease term, which was set to expire on 31 July 2018, has been extended through 30 November 2022. The Organization also rents office equipment under three non-cancelable capital leases with initial lease terms in excess of one year.
As of 31 December 2014, the minimum future rentals payable for the next five years and thereafter under these non-cancelable lease commitments as shown in Note 10: Chart.
Note 11—Income taxes The Association and the Institute have received favorable determination letters from the Internal Revenue Service stating that they are exempt from federal income taxes under Section 501(a) of the Internal Revenue Code of 1986 (IRC), as organizations described in Sections 501(c)(6) and 501(c)(3), respectively, except for income taxes pertaining to unrelated business income. The Financial Accounting Standards Board issued guidance that requires tax effects from uncertain tax positions to be recognized in the financial statements only if the position is more likely than not to be sustained if the position were to be challenged by a taxing authority. Management has determined that there are no material uncertain positions that require recognition in the financial statements. Additionally, no provision for income taxes
is reflected in these financial statements, and there is no interest or penalties recognized in the statement of activities or statement of financial position. The tax years ended 2011, 2012, 2013 and 2014 are still open to audit for both federal and state purposes.
NOTE 12—Employee benefit planThe Association maintains a defined contribution retirement plan for qualified employees. Participation in the plan is optional. The Association will match the first 5% contributed by the employee. The Association’s contributions to the plan for the years ended 31 December 2014 and 2013 were $727,150 and $612,969, respectively.
NOTE 13—ContributionDuring 2014, no contributions were made to disaster reliefs, however in 2013, ISACA chapters, members, CISAs, CISMs, CGEITs and CRISCs were affected by a local disaster. Given the long-time support of these chapters, members and certified individuals, the Association contributed $10,000 in 2013 to the
American Red Cross on behalf of those affected by the typhoon that devastated the Philippines.
NOTE 14—Subsequent eventsThe Organization evaluated subsequent events through 8 April 2015, the date that the combined financial statements were available to be issued. The Organization is not aware of any subsequent events that would require recognition or disclosure in the combined financial statements.
NOTE 8: Chart TEMPORARILY RESTRICTED ENDOWMENT
FUNDS
PERMANENTLY RESTRICTED ENDOWMENT
FUNDS
TOTAL ENDOWMENT
FUNDS
Endowment net assets, 1 January 2013 $ - $41,111 $41,111
Interest and dividends 9 - 9
Appropriation of endowment assets for expenditure (9) - (9)
Total change in endowment net assets - - -
Endowment net assets, 31 December 2013 - 41,111 41,111
Interest and dividends 9 - 9
Appropriation of endowment assets for expenditure (9) - (9)
Total change in endowment net assets - - -
ENDOWMENT NET ASSETS, 31 DECEMBER 2014 $ - $41,111 $41,111
NOTE 10: Chart YEARS ENDING 31 DECEMBER OFFICE EQUIPMENT FACILITY TOTAL
2015 $ 23,900 $ 574,200 $ 598,100
2016 22,300 634,400 656,700
2017 10,400 646,900 657,300
2018 - 438,300 438,300
2019 - 671,900 671,900
Thereafter - 2,031,500 2,031,500
$ 56,600 $4,997,200 $5,053,800
Rent expenses under these leases for the years ended 31 December 2014 and 2013, were $506,497 and $542,302, respectively.
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
17
AUDIT COMMITTEE CHAIR’S LETTER
The Audit Committee of the Board of
Directors/Trustees (the Board) of ISACA/
IT Governance Institute (the Organization)
oversees the Organization’s financial
reporting process on behalf of the Board,
and is composed of seven independent members. In fulfilling
its responsibility, the committee recommended to the Board
the selection of the Organization’s independent certified
public accountants.
The committee discussed with the independent certified public
accountants the overall scope and specific plans for their audit.
The committee also discussed the Organization’s combined
financial statements and the adequacy of its internal controls.
The committee met with the Organization’s independent
certified public accountants, without management present, to
discuss the results of their examination, their evaluation of the
Organization’s internal controls, and the overall quality of the
Organization’s financial reporting.
Allan Boardman, CISA, CISM, CGEIT, CRISC Chair, Audit Committee
MANAGEMENT REPORT ON RESPONSIBILITY FOR FINANCIAL REPORTING
The management of ISACA/IT Governance Institute (the “Organization”) has the responsibility for the preparation, integrity and fair
presentation of the accompanying financial statements. The statements were prepared in accordance with generally accepted
accounting principles applied on a consistent basis and, as such, include amounts that are based on management’s best estimates
and judgments. Management also prepared the other information in the annual report and is responsible for its accuracy and
consistency with the financial statements.
The Organization’s financial statements for 2014 have been
audited by CohnReznick LLP, independent certified public
accountants, elected by the Board of Directors/Trustees (the
Board). Management has made available to CohnReznick LLP
all of the Organization’s financial records and related data, as
well as the minutes of the Board’s meetings. Management
believes that all representations made to CohnReznick LLP
during its audit were valid and appropriate.
The Organization maintains a system of internal control that
is designed to provide reasonable assurance to management
and to the Board regarding the preparation and publication of
reliable and accurate financial statements, the effectiveness
and efficiency of operations, and compliance with applicable
laws and regulations. The system includes a documented
organizational structure and division of responsibility,
established policies and procedures that are communicated
throughout the Organization, and the careful selection, training
and development of personnel. Management also recognizes
its responsibility for fostering a strong ethical climate so that the
Organization’s affairs are conducted according to the highest
standards of personal and corporate conduct.
There are inherent limitations in the effectiveness of any system
of internal control, including the possibility of human error and
the circumvention or overriding of controls. Accordingly, even
an effective internal control system can provide only reasonable
assurance with respect to financial statement preparation.
The Organization evaluates its internal control system in relation
to criteria for effective internal control over financial reporting
described in Internal Control—Integrated Framework, issued
by the Committee of Sponsoring Organizations of the Treadway
Commission, and as of 31 December 2014 the Organization
believes that its system of internal control over financial
reporting met those criteria.
As part of its audit of the Organization’s financial statements,
CohnReznick LLP assessed the Organization’s internal
accounting controls structure to establish a basis for reliance
thereon in determining the nature, timing and extent of audit
tests to be applied. Management and CohnReznick LLP
have reviewed the internal control assessment with the Audit
Committee as part of the committee’s acceptance of the
financial statements. The Board, operating through its Audit
Committee, which is composed entirely of members who
are not officers or employees of the Organization, provides
oversight to the financial reporting process.
Matthew S. Loeb Chief Executive Officer
Robert A. Micek Chief Financial Officer
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
18
ISACA TEAMWORK
ISACA BOARD OF DIRECTORS/ITGI BOARD OF TRUSTEES
ADVA
NCIN
G TR
UST
VIA
DEDI
CATE
D LE
ADER
SHIP
.
Robert E StroudCGEIT, CRISCInternational PresidentUSA
Steven Babb CGEIT, CRISC, ITIL International Vice President United Kingdom
Garry BarnesCISA, CISM, CGEIT, CRISC, MAICDInternational Vice PresidentAustralia
Rob ClydeCISM International Vice President USA
Ramsés GallegoCISM, CGEIT, CCSK, CISSP, SCPM Six Sigma Black Belt International Vice President Spain
Debbie LewCISA, CRISC Director USA
Frank YamCISA, CCP, CFE, CFSA, CIA, FFA, FHKCS, FHKIoD, FHKITJC Director Hong Kong
Alexander Zapata LenisCISA, CGEIT, CRISC, COBIT Certified Assessor, COBIT 5 Implementation, PMP, ISO 22301 Lead Implementer, ITIL, ISO 27001 Foundations Director Mexico
Tony HayesCGEIT, AFCHSE, CHE, FACS, FCPA, FIIA Immediate Past International President Australia
Gregory GrocholskiCISA Past International President USA
Theresa GrafenstineCISA, CGEIT, CRISC, CIA, CGAP, CGMA, CPA International Vice President USA
Matt LoebCAE Chief Executive Officer Secretary of the Board USA
R Vittal RajCISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, COBIT 5 Foundation Accredited Trainer International Vice President India
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
19
ADVA
NCIN
G TR
UST
VIA
DEDI
CATE
D LE
ADER
SHIP
. LETTER FROM THE INTERNATIONAL PRESIDENT AND THE CEO
In a world that is dynamically changing, trust is the driving force that keeps business and innovation moving forward.
Building and maintaining trust takes time, personal effort and a commitment to listening and action.
These traits are common among our global community of ISACA members who represent a wide spectrum of industries and
enterprises. It is through their actions every day that ISACA continues to explore new pathways and reinforce our position as
a respected and authoritative global leader. We thank you all for the commitment you clearly show to yourself, your employer
and the business community as a whole.
A note of appreciation is also due to our dedicated employees and volunteer leaders, including those who serve on the
international board of directors and board of trustees. The time and expertise that you give to ISACA is valued highly. Together
we make a strong team and together we will continue to build on our strengths and increase our presence worldwide.
BOARD, COMMITTEE, SUBCOMMITTEE AND TASK FORCE CHAIRSMatthew Liotine Academic Program Subcommittee USA
Allan Boardman, CISA, CISM, CGEIT, CRISC Audit Committee UK
Ross E. Wescott, CISA Assurance Task Force USA
Frank K.M. Yam, CISA Certification and Career Management Board Hong Kong
Frank Sundgaard Nielsen, CISA, CGEIT CGEIT Certification Committee Denmark
Michal J. Niezurawski, CISA, CISM, CGEIT, CRISC CGEIT Test Enhancement Subcommittee Poland
Brennan Patrick Baybeck, CISA, CISM, CRISC Chapter Support Committee USA
Bernard J. Battistin, CISA CISA Certification Committee Canada
Dietmar Hinkel, CISA CISA Job Practice Analysis Task Force Germany
David Alan Hendren, CISA, CGEIT, CRISC CISA Test Enhancement Subcommittee USA
Erik Philip Friebolin, CISA, CISM, CRISC CISM Certification Committee USA
Clyde Hague, CISM, CRISC CISM Test Enhancement Subcommittee USA
Greet Volders, CGEIT COBIT Enterprise Assessment Task Force Belgium
John W. Lainhart IV, CISA, CISM, CGEIT, CRISC COBIT Online Replacement Task Force USA
Kent E. Anderson, CISM Cybersecurity Certification Practice Analysis Task Force USA
Edward G. Schwartz, CISA, CISM Cybersecurity Advisory Task Force USA
Miroslaw Kalinski, CISA Communities Committee Poland
Daniel J. Haley, CISA, CGEIT, CRISC Conference Program Development Subcommittee USA
Eduardo Oscar Ritegno, CISA, CRISC CRISC Certification Committee Argentina
Richard Geoffrey Norman, CISA, CISM, CGEIT, CRISC CRISC Test Enhancement Subcommittee UK
Jamie Pasfield, CGEIT Emerging Business and Technology Committee UK
Michael Leung, CISA, CISM, CGEIT, CRISC Enterprise Advocacy Committee Canada
Petrus Albert Christiaans, CISA, CISM, CRISC Finance Committee USA
Sushil Chatterji, CGEIT Framework Committee Singapore
Marios Damianides, CISA, CISM Governance Advisory Council USA
Sarbjit S. Sembhi, CISM Government and Regulatory Advocacy Committee UK
Ji Young Hwang, CISA, CRISC GRA Regional Subcommittee 1-Asia/Pacific Korea
Marcelo Hector Gonzalez, CISA, CRISC GRA Regional Subcommittee 2-Latin America Argentina
Joanna B. Karczewska, CISA GRA Regional Subcommittee 3-Europe/Africa Poland
Meenu Gupta, CISA, CISM GRA Regional Subcommittee 4-North America USA
Peter J. Fowler, CISM, CGEIT, CRISC GRA Regional Subcommittee 5-Oceania Australia
Phil James Lageschulte, CGEIT Guidance and Practices Committee USA
S.V. Sunder Krishnan, CISA India Growth Initiative Task Force India
Kenneth L. Vander Wal, CISA ISACA Nominating Committee USA
Mitra Minai ISO Liaison Subcommittee Australia
Steven Babb, CGEIT, CRISC Knowledge Board UK
Rosemary M. Amato, CISA Knowledge Management and Education Committee Netherlands
Charlie Blanchard, CISA, CISM, CRISC Knowledge Management and Education Committee USA
Robert C. Newbould, CISA Leadership Development Committee UK
Nickson Wei-Sin Choo, CISA, CRISC Membership Growth and Retention Committee Malaysia
Yves Marcel Le Roux, CISM Privacy Guidance Task Force France
Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC Professional Advocacy Committee Australia
Steven E. Sizemore, CISA Professional Standards and Career Management Committee USA
Todd A. Weinman Professional Standards and Career Management Committee USA
Upesh Bhupendra Parekh, CISA Publications Subcommittee India
Theresa Grafenstine, CISA, CGEIT, CRISC Relations Board USA
Emil G. D’Angelo Strategic Advisory Council USA
Hubert Darnell Glover, CRISC Student and Academic Subcommittee USA
Jason Yakencheck, CISA, CISM Young Professionals Subcommittee USA
Robert E StroudCGEIT, CRISC2014-2015 International President ISACA and the IT Governance Institute (ITGI®)
Matthew S. LoebCAEChief Executive OfficerISACA and the IT Governance Institute (ITGI®)
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
20
CHAPTERSASIABahrainDhaka, BangladeshChina Hong Kong Bangalore, India Cochin, India Coimbatore, India Hyderabad, India Kolkata, India Chennai, India Mumbai, India New Delhi, India Pune, India Vijayawada, India Indonesia Fukuoka, JapanNagoya, Japan Osaka, Japan Tokyo, Japan Korea Lebanon Macao Malaysia Muscat, OmanIslamabad, Pakistan Karachi, Pakistan Lahore, Pakistan Manila, Philippines Jeddah, Saudi Arabia Riyadh, Saudi Arabia Singapore Sri Lanka Taiwan Bangkok, Thailand UAE
CENTRAL/SOUTH AMERICABuenos Aires, ArgentinaMendoza, Argentina La Paz, Bolivia Brasilia, Brazil Rio de Janeiro, Brazil Sao Paulo, Brazil Santiago, Chile Bogota, ColombiaMedellín, Colombia San Jose, Costa Rica Santo Domingo,
Dominican RepublicQuito, EcuadorGuatemala City,
GuatemalaGuadalajara, Mexico Mexico City, Mexico Monterrey, Mexico Panama
Asuncion, Paraguay Lima, Peru Puerto Rico Montevideo, Uruguay Venezuela
EUROPE/AFRICAAustria Belgium Gaborone, Botswana Sofia, Bulgaria CroatiaCyprus Czech Republic DenmarkCairo, Egypt Estonia Finland France (Paris) Germany Accra, GhanaAthens, Greece Budapest, Hungary Ireland Tel-Aviv, Israel Milan, Italy Rome, ItalyVenice, Italy Kenya Latvia Lithuania Luxembourg Malta MauritiusNetherlands Abuja, NigeriaIbadan, Nigeria Lagos, Nigeria NorwayKatowice, PolandWarsaw, Poland Lisbon, PortugalMoscow, Russia Romania Slovenia Slovak Republic South Africa Barcelona, Spain Madrid, Spain Valencia, Spain Sweden Switzerland TanzaniaTunis, TunisiaAnkara, TurkeyIstanbul, Turkey
Kampala, UgandaKyiv, Ukraine London, UK Central UK Northern England, UK Scotland, UKWinchester, UKLusaka, Zambia
NORTH AMERICA
CanadaCalgary, AB Edmonton, AB Vancouver, BC Victoria, BC Winnipeg, MB Atlantic Provinces Ottawa Valley, ON Toronto, ON Montreal, PQ Quebec City, PQRegina, SK
IslandsBermuda CuracaoTrinidad & Tobago
Midwestern United StatesCentral Indiana
(Indianapolis)Chicago, IL Illini (Springfield, IL) IllowaIowa (Des Moines) Kentuckiana
(Louisville, KY)Detroit, MI Western Michigan Minnesota Omaha, NE Central Ohio (Columbus)Greater Cincinnati, OH Northeast Ohio
(Cleveland)Northwest Ohio Kettle Moraine, WI
(Milwaukee)
Northeastern United StatesGreater Hartford, CT Central Maryland
(Baltimore)
New England New Jersey Central New York
(Syracuse)Hudson Valley, NY
(Albany)New York Metropolitan Western New York
(Buffalo/Rochester)Harrisburg, PA Philadelphia, PA Pittsburgh, PA Rhode Island National Capital Area, DC
Southeastern United StatesBirmingham, AL Huntsville, ALCentral Florida (Orlando)Jacksonville, FL South FloridaTallahassee, FL West Florida (Tampa) Atlanta, GA Charlotte, NC Research Triangle
(Raleigh, NC)South Carolina
Midlands(Columbia, SC)Memphis, TN Middle Tennessee
(Nashville)Virginia
Southwestern United StatesCentral Arkansas
(Little Rock)Denver, CO Baton Rouge, LA Greater New Orleans, LAGreater Kansas City, MOSpringfield, MO St. Louis, MO New Mexico
(Albuquerque)Central Oklahoma
(Oklahoma City) Tulsa, OK Austin, TX Greater Houston Area, TXNorth Texas (Dallas) San Antonio/So. Texas
Western United StatesAnchorage, AK Phoenix, AZ Los Angeles, CA Orange County, CA
(Anaheim)Sacramento, CA San Francisco, CA San Diego, CA Silicon Valley, CA
(Sunnyvale)Hawaii (Honolulu) Boise, ID Las Vegas, NV Willamette Valley, OR
(Portland)Utah (Salt Lake City) Mt. Rainier, WA (Olympia)Puget Sound, WA
(Seattle)
OCEANIAAdelaide, Australia Brisbane, Australia Canberra, Australia Melbourne, Australia Perth, Australia Sydney, Australia Auckland, New ZealandWellington, New ZealandPapua New Guinea
CHAPTERS IN FORMATIONAhmedabad, IndiaJaipur, IndiaAmman, JordanAlmaty, KazakhstanKuwait City, KuwaitDoha, QatarRosario, ArgentinaBelo Horizonte, BrazilGuayaquil, EcuadorTegucigalpa, HondurasManagua, NicaraguaYerevan, ArmeniaReykjavik, IcelandBelgrade, SerbiaAbidjan, Ivory CoastBlantyre, MalawiCasablanca, MoroccoPort Harcourt, NigeriaHarare, ZimbabweKingston, JamaicaFayetteville, Arkansas,
USA
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
21
DONORSINDIVIDUALS
Platinum Isnaeni Achdiat Jose BoyolCharles CribaroMarios DamianidesJohn LainhartAkira Matsuo Robert MicekJane Seago
Gold Allan Boardman Gregory GrocholskiRon HaleShankar Iyer John KuyersThomas LammRobert Parker Jeffrey PatuboFelix Ramirez Saeed SheikhSean StringerBernard Chee Kian TangKenneth Vander WalArchie Watt
Silver Abdul Hamid AbdullahBryan AckermannBandar Abdulrahman
AlkhaleelAli Fathi Al-Sheikh Ahmed David ApplebaumJim Arnold Scott ArtmanAlfred John Bacon Cheryl BarkerGarry James Barnes Susanna BezoldCharan Kumar
Bommireddipalli Fernando CalvilloRichard ChiaPeter CluckNancy CohenBernard CzajaCraig James DaleboutHelene Demoulin Patricia Giovanna Diaz ToriShannon DonahueStephen John Drew
Luis Enrique Garcia de Paredes
John GarrettAshok GhoshJason GonzalesTheresa Grafenstine Stewart Frank GwynBarry George HadfieldJen HajigeorgiouMarkus Heinen Gerard HopkinsDonna HutchesonOlanrewaju Taofeek IdrisJason IngallsStanley Robert Jarocki Ghassan KabbaraVijay KarayiTina KayEmiko Kurihara Stephen LantripPatricia LewisEdward James-Essington
LewisMin Chee LiewRoberto Lopez Escalera R Chris MartiRobert Mcfarland Gary MurphyRalf Mutzke Francis Nemia Stephen NorkunasAndrew Odendaal Deborah OetjenOmobolaji Gani OladipoJames Patterson Hugh Henning Penri-
Williams Tajjud-deen PhillippsAndre Pitkowski Daniel Fernando RamosVenkataraman Ranganathan Sree Krishna RaoDavid George ReinholdRonald RibaSalomon Rico Charles Kendall Roberts Vijayakumar S.R.Julio SaizJatin SamantMerve SaracJose Saucedo
Joshua James SchmidtUmar Somal Jeff Spivey Conrad StantonHamilton Michael StewartRobert E Stroud Vaclav StverkaRamnathan SubramanianFumiaki Suzuki Chandra Sekaran
SwaminathanIchiro TabataHideyuki TanakaMartin TapiaAlexandru TascaDavid TerpeningDavid ThompsonKaren Sands Tinucci Scott Tompkins Terry TrsarMartin Urban Marc Vael Bartholomeus van
Lodensteijn Prafull VermaKaryn WallerGregory WilliamsRama YenamandraMahmoud Yousef Carlos Zamora
Donor Paul Rudolph AaronZoran Abraham Asha Ann AbrahamVakhtang Abrahamyan Alona AbuegJoan Ackerman Jayson AgagnierSanjiv Kumar AgarwalaRamon AgtarapAfzal Ahad Taisei AkutsuFaisal Al-Homodi Faisal Abdulla Al-KuwariBeverly Allen Dock AllenAhmed AlMunawes Barry William AndersonNgozi Nwamaka Anigbogu-
Nwankwo Kannan Annaswamy
Jay AnthonyMatthew Archibald Henri ArendsenPavel Alekseevich ArkovSam Arthur Musafau AshiruMichael AustinAnna Mmanoko BadimoChristopher BagotAjay BahriGintautas Balciunaitis Vicken Balian Andreas BarattieroDonald O’Gillvray St Philip
Barnett Enrique BarrosoPedro De Jesus BarruziRobert BartonVinod Velji BavaraWilson Baxter Christina Marie BeldingLuis Sean Beltran DoolyDouglas Bencomo Ahmed BengrinaRobert Benjamin Paul Berkebile Gayle BerkeleyKasey Lyn BernardCamilla BernhardtGlauco BertocchiMilind Madhav BhideDenworth BillyDirk BinsStuart Birkett Laszlo Miklos Biro Uwe BischoffSteve Biswanger Sixten BjörklundDaniel BlaneySimon Jakob BliggenstorferJean BlochKhaled BohsaliBenjamin Boi-DokuPeter Borak Glen Boyer Diana BradshawAlexander BrandlAlexandru BranescuRicardo Bria Moises BritoNathan James Burley
Phil Joseph Patrick BurnsMark Alexander Butzke Cynthia CannadayChristine Marie CapezzutoWalter Lee CarterAchmat CassiemVictor Sze-Tin Chan Adrian Wee Phoy ChanSteve ChazanChun-Hung ChengJames CheyneWing Hang Chiu Sandra ChoyceRajeev Ramchand ChughAdnan Khaliq ChughtaiDavid ChupinskyMaxim Chuprunov Melissa CigledyMark CioniRobert ClarkeRonald Harrison ConantPaul ConradieMarlon Dino Cooper Philippe CopelloP. J. CorumBruce Daniel Cox Mihai CristalovGordon CurtisDominic CuscunaJohn Joseph Czaplewski Gokul Chandar D. S.Karl DahlbergDeborah DahlinKishor Jagannath DandekerSabyasachi Dash Clive DavidsWilliam DavidsonRodney Owain DaviesFrancisco Meneses De
Azevedo Reynaldo de la Fuente Donna DegenhartUmberto DeLucilla John Joseph DeMauroJames Wayne DeVaulAnthony DeVitoRalph Philip Dicicco Xinhao DingUdaya Kumar DintyalaTony DjajanaBohdan Dombchewskyj
ISACA’s social media communities provide a fast and straight forward way to stay on top of
technology developments, relevant events and latest insights. As an active member on social media,
I am part of a global network of professionals and industry experts, who collectively shape the future.
– Matthias Kraft, Director of Information Security & Privacy, ENERCON (Germany)
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
22
INDIVIDUALS (CONTINUED)
Jose DonosoZea Du Preez Gert Thomas Du PreezKevin DunphyAlexander DuqueSalih Ali Durul Deshawn Perez EdwardsAhmed GillaniNewman Hugo EmeanaaKoji Enjo Kingson Ubochi EnyingwaMary Erlanger Peter Felix ErnstsohnAndre ErtlJavier Espasa Tomoyasu EtoJohn Kenji Eto Michael FabriDieter Fabritius David Fairman Ahmad Mohammad Faqieh Alberto Evandro FaveroTao FengFrancesc Xavier Fernandez
CuestaRichard FernezCherrie Mae Arciaga Ferreria
ChiomentoUwe Fiedler David FindlingUrs Fischer Kenneth Glenn FitzpatrickPaul Fordiani Joji FortinGregory FouquetYoshio FukasawaKgotso Storkley GaamangweRamses Gallego Fredrik Galtung John Calston GambleEduardo Garcia Martinez Wilhelmus GeijtenbeekJohn GenerelliVincent Graham GennFrank Gerber Niklas GerdinWilliam GessnerKhristian Gibson Gregory Lee Gilbo Anthony John Gilli
David Alwyn Gittens Hubert Darnell Glover Jean-Marc GoedersFernando Gomez AlfonsoDavid Goodwin Thomas GossRoger Scott GreenwellDennis Griffin Stefan GrossMarisol Guasca BarraganJorge Guevara LopezManuel GuillenJose GumbauThomas Hery GunawanTod Gene GuntherMichael Robert GuthrieDaniel Hadaway Aftab Faizy HaiderWalid HalikJan Halvorsroed Husni Loutfi HammoudLars Hansen Derek Hardmon Ashok Nallashivam
HarinarayanJason Harrell Aris Budiman HartonoGlenn-Edward Willem
Harwood Bassam Farid HassanPrachit HawatRobert Bob HawkMasahiko HayakawaMatthew HeislerSteven Robert HeldtMarko HemmesMarinus Hendriksen Mark Henshaw Johan Hermans Jose Francisco HerreraJimmy Heschl Taco Sietze HettemaBrian Michael HickieDonald HoffmanAdrian HoweIsrael Huaccho Valladares Cameron HuebnerMichael John Hughes Trevor HuttonDan Ionescu Jose IsebiaMichael Iseyemi Samuel Chiedozie Isichei
Krasimir Kirilov IvanovJun IwataVenugopal Iyengar Babatunde JajiBrusse Alan JamesJacobus Janse Van
RensburgOlivier JarrarJohn JarvisJohn Erick Jasinski Boza JavornikRoxane Atinuke Jawando
Ajao Henrik Jensen Michael JimenezNelson Rodolfo Jimenez Allan Jagath Monesh
JinadasaThomas JoergerMark Keith JohnsonJohn JohnsonGuy JordanRohini JoshiCarlos Justiniano Eleanor KaiserManish Kakkar William Lynn Kalahar Deepak KamalasananMichael Kamens Jacqueline Kapres Parikshat KapurJunaid Yusuf KaraSpiros Karasavvidis Yasushi KasaharaIftikhar Fazlehussain
KathawalaTomohide KawawakiRich KeeseckerAdugna KelkayGerard KelliherPeter KerrJoseph Jason KinderYoshihiro KitsutakaRobert Thomas KleinTerje KleppChris William Kmosko Linda Charlotte Knight Petr Knize Soichiro KomoriPraseth KongIvo KoppelmaaRodger KraftDenis Krauss
Wayne Carvel KreiselUnni KrishnanWalter Ronald KuketzChi Choi KuokMathew KuriakoseMasaki KuriharaDaniel KurtJon LamRussell LamosekHendrik Jan LandTak Wa LauOlivier LavalGeorge Edward LawlessJacinthia Lawson Peter LeitchLaChelle LeVanTeig Laru LevingstonKatherine LidgardTamara LillyAlbert LimaKu-Chuan LinAnna Maria LindstromJose Maria Lopez SanchezGregory John LotzeFrederick George MackadenGeorge Kenneth MadzyDavid MainvilleNilanjan Majumdar Rohit MalhotraEric John MalmgrenVeronica ManchoMunyaradzi Takafa
MandivenyiCharles-Robert ManterfieldMassimo Vito Angelo
ManzariPeter ManzoSelvakumar MariyappanCresnor Austin Roy MartinPrice Edward Martin Sergey MartinovClaxton MartyrAggrippa Gerald Masamha Isaac MastAlfonso Mateluna Concha Michael Lynn MatherEiichi Matsubara Naohisa MatsumotoBayin MatvenovaAdrian MayersKevin MayhewVickie LaVern McCraySean McDonald
Joseph McginleySean McPoland Rudy Meert Paulo MendezAl-Amin Sadruddin Merchant Jorge Merida MunozJames Meyer Helen MeyerMichael Meyer David Bruce MillerDave James MillierJean MilziRobert Christopher MinorMasami MitsuboriH. L. Mobley Thomas MockbeeWillem Ewoud ModdermanMohamed Ashraff Mohamed
FowzieJoanne Molesky Antonio Campos Monteiro
NetoJose Moreno AndradesYuji Morita Michelle Ann MorrisMichael MorrisseyAdel Ilyas MoubarakAdamu Musa MsheliaSundareswaran MuraliFarit Muzipov Sudeep Nair Praveen Nair Somashekar NallaChandramohan Narayan Arun Kumar NarayanStefan NastasiaVijaya Kumar NavoorGeorge NawaraJoao Souza Neto Geok Peng Ng Chung Hin Ngai Kim Cheok NgeyGertjan NickolsonClare Teresa NugentHazel NyathiBen Simiyu NyongesaYoung Seok OckJohn Tanko Ogazuma Stella Osayi OkohAnthony Oghene OkoloKehinde Peter OlofinmoyinChanroutie Omadath-HeetaiBoasiako Omane-Antwi
My choice for ISACA certifications was inspired by the exponential rise in demand for information security
and risk professionals across all industries. ISACA’s recognition globally is unquestionable and certification
has helped me rise from being a security administrator to a chief security officer.
– Jerry Mulu Kathingo, CISM, CRISC, Chief Security Officer, Alidi Kenya Limited (Africa)
I
SA
CA
® A
ND
IT
GO
VE
RN
AN
CE
IN
ST
ITU
TE
® A
NN
UA
L R
EP
OR
T 2
01
4
23
INDIVIDUALS (CONTINUED)
Nosa Omoma Carmen Ozores Fernandes Juang PanjaitanDavid PaolantonioJanine Marie PappasRichard ParadisSeong-rae ParkXenia Ley Parker Hugh ParkesChien ParkynSean Pascoe Keyur PatelVincent Pearce Jose Maria Pedro Pieter Penning Julian Pereira Richard Wade PhillipsCarl PhillipsKirsten PielstromPatricia PlonchakFrancis Poko Joseph Ponnoly Svetislav Pop TonevSorin Alexandru PopaMihaela PopescuMarlene PortalatinGuillermo PosseAndreas PostlJulio Alejandro Poveda
Suarez Ren PowersWilliam Prado John PremanathAna Prieto-Arbelaez Marin Prisacaru Wagner Roberto PuglieseRajesh Kantesh PurohitHenny Raadschilders Kishor RabiSwami Ramachandran Ramkumar RamachandranSrinivasan RamanRafael Ricardo RamirezFrancisco Vicente Ramon-
MiraAdam RasinskiPaolo RazzaMichael Gerard Redmond Nijel RedrickKostja Reim
Grace RengifoJoseph ReuterGinalda Richardson Jack Riegel Kenneth RobbRita Claire RobertsMarie Ghislaine RobinsonOscar Robledo Luis Fernando Rodriguez
Munoz Juerg RoemerMarc RogersFacundo Rojo GilRafael RoldosWilliam RollingerMichael Romano Pedro José Romero CuadrosPatricia Aneta Rowe-Seale Gareth Luke RowlandsJose Ruiz Babatunde Muhammed
Tajudeen SadikuStella Alexandra Salas
SanchezDiana Salazar Alexander SamarinMilton Eric Sambolin Zacarias SanchezCharles SanderDarline SandlinAnthony SaranchakGautam SarnaikMugdha Satish SatarkarRichard Curtis SaulMikhail SaykovSven SchaubMartin SchlaeppiEkkard Schnedermann Clinton Curtis SchneiderEkkehard ScholzMatthew ScholzRobert SchwindStephen Scola Paul Byron Scott Daniel Seider Adebowale John Seidu Lakshminarayanan
Ramaswamy Sekharipuram
Serge SemeelenChun-Wai SenJorge Serrano Rodriguez
AbdulGhaffar Mohammad Setareh
Shakeel Sayyad ShaikhYen ShanRobert Young ShawDavid SheidlowerMakoto ShibataMitsuhiro ShigematsuCraig Anthony ShorterPablo SilberfichStefano SilvestriThomas SinnottEdward Joseph Slusarski Angus John SmithAnnetta SmithPeter SmithsonSuellen SnellChris Donald SnivelyFolarin SogekeSandeep SokheyHenry Paul SolomonBradley Harold SorensenJesus Rafael Soto ValbuenaIvan Stanchin Jaroslaw Stawiany Achim Michael SteinLorraine StevensRichard George Stohner Igor StolbikovHans Manfred StraussVilvanathan SubramanianRawin SukhpoolPatrick SullivanHartono Ari SusetyoChing Kwong SzeOlanrewaju Tiamiyu TaiwoDaniel TalbotYoshito TashiroKeith Edward Tayloe Tazaki TeruoJeremy TedesHiroshi TeraiMladen TerceljAjit ThankappanTina Thompson Horst TissonEsa ToivonenThomas Gerard TottonDaniella Traino Mamadou Sidiki TraoreRod TroutmanEduardo TsangDeborah Tucker
Giancarlo TuratiMartin UnterbergerLuis UriaPaul van DomburgMichiel Van HulsteijnDiego Fernando Vargas RuizAlejandro Vazquez-Nava Ivo Velkov VelevYashwant Singh VermaSylvain Viau Ronald Allan VieraAlexandre Sieira VilarJuan Guillermo VillaJason Edward James Viola Manuel Jose ViscasillasRobert VitaliWalter Adrian VodebJon VoiculescuOliver Von SalisOleg VorobyovJames Muresia WafulaJulian Andrew WakimIchiro WakitaJohn Joseph Warminski Andrew Watson Gareth Arthur WattersRichard Lawrence Way Jesse Webb Marc Weber Ian Lawrence Webster Esper Boutros WehbeWinston WeirRobert Philip White Kanchana WijayaratneDebra Jene Williams Patricia WinstonAlex WodaTrevor Andre Wood Richard WoodruffGary Woods Peter WoodsShou-Hsin WuJens WudickNaoki YagiKenichi YamashitaLi-Jen Lyaw YangSarkis Aram YaralianPrabhaker Reddy Yasa Rachelle Yayi ParaisoHajime Yoshitake Hong YuJason Chee-Mun YuenRichard John Yulo
Oussama Zaidan Michael ZeppelzauerHong Amberina ZhangManef ZidiDouglas ZiegenfussJacobus Ziere
CHAPTERS
PlatinumGreater Houston ChapterLos Angeles ChapterNational Capital Area
ChapterNew York Metropolitan
Chapter
GoldDenver ChapterDetroit ChapterGreater Kansas City ChapterSilicon Valley ChapterToronto ChapterVirginia Chapter
SilverAtlantic Provinces ChapterCentral Maryland ChapterChina Hong Kong ChapterGreater Cincinnati ChapterGreater Hartford ChapterJacksonville ChapterLagos ChapterMiddle Tennessee ChapterNew England ChapterNew Jersey ChapterQuebec City ChapterSan Francisco ChapterSingapore ChapterSouth Carolina
Midlands ChapterTrinidad & Tobago ChapterVancouver ChapterWest Florida ChapterWestern Michigan Chapter
DonorMinnesota ChapterOttawa Valley ChapterPhiladelphia ChapterRhode Island ChapterSaint Louis ChapterSouth Africa ChapterTokyo Chapter
ISACA’s Cybersecurity Fundamentals Certificate is the first entry level cybersecurity certificate that will feed
into the industry and fill positions. It helps individuals advance their careers. If someone holds this certificate,
I have a good understanding of their cybersecurity knowledge.
– Cheryl Santor, CISA, CISM, CGEIT, CISSP, Information Security Manager, Metropolitan Water District of Southern California (USA)
HISTORY OF ISACA AND ITGI
ISACA’s journey began in 1967, when a small, visionary group of professionals realized that their
work auditing controls for computer systems was increasingly vital to the overall operational
success of their enterprises. Together they recognized the need for a centralized source for
information and guidance for their growing field. In 1969, the group formalized and incorporated
as the EDP Auditors Association (EDPAA). This name was changed to Information Systems Audit
and Control Association (ISACA) in 1994. ISACA now goes by its acronym only, to reflect the broad
range of professionals it serves.
Now, with more than 122,000 members in 185 countries, ISACA is a leading global provider
of knowledge, certifications, community, advocacy and education on information systems (IS)
assurance and security, cybersecurity, governance and management of enterprise IT (GEIT),
and IT-related risk and compliance.
Affiliated with ISACA, the IT Governance Institute (ITGI) was created in 1998 as a nonprofit,
independent research entity that provides guidance for the global business community on issues
related to GEIT.
In the years since their inception, ISACA and ITGI have been drivers of extensive innovation and as
a result, have become pace-setting global organizations for cybersecurity, IT governance, security,
control and assurance professionals.
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
ISACA PHONE: +1.847.253.1545
ITGI PHONE: +1.847.660.5700
FAX: +1.847.253.1443
isaca.org
itgi.org
