Volume 7, 31 March 2011 In This Issue: Report of the Nominating Committee Slate of 2011-2012 Board of Directors New COBIT Case Study: Grupo Bancolombia New COBIT Process Assessment Model: The Market Need and Value Picture Report of the Nominating Committee By Marios Damianides, CISA, CISM, CA, CPA, Nominating Committee Chair The charge of the ISACA Nominating Committee, as described in sections 7.02 and 9.01 of the ISACA bylaws, is to prepare a slate of candidates for the ISACA Board of Directors, for review and approval by the association membership at the Annual Meeting of the Membership. Slate of 2011-2012 Board of Directors ISACA will hold its Annual Meeting on 26 June 2011, at the Gaylord National Hotel and Convention Center, during the World Congress, where it will announce the 2011-2012 Board of Directors. The Nominating Committee submits the following slate as the proposed 2011-2012 Board of Directors. New COBIT Case Study: Grupo Bancolombia Grupo Bancolombia, which was founded in 1875 and is currently the first bank in Colombia for assets and market participation, launched an internal control management system initiative that was sponsored by the group s board of directors.
New COBIT Process Assessment Model: The Market Need and Value Picture As part of the ISACA strategy, a task force was created to determine whether there was a need to provide a formal assessment approach based on the COBIT framework. The task force reviewed common assessment options in use and decided to adopt ISO/IEC 15504, the standard related to process assessment. Report of the Nominating Committee By Marios Damianides, CISA, CISM, CA, CPA, Nominating Committee Chair The charge of the ISACA Nominating Committee, as described in sections 7.02 and 9.01 of the ISACA bylaws, is to prepare a slate of candidates for the ISACA Board of Directors, for review and approval by the association membership at the Annual Meeting of the Membership. The Nominating Committee is chaired by a past international president of ISACA, and its members include two additional past international presidents and three to four members with significant ISACA experience and diverse geographic representation. The committee takes very seriously its obligation to prepare the best possible slate of individuals who will work together as a team to lead the association. Its evaluation of candidates takes into account the intent to reflect the organization s geographic distribution and its professional areas of focus, while also balancing continuity and new viewpoints. The process is managed with attention to detail: the proper information and documentation must be submitted with sufficient detail and backing by the published deadline. Nominations are treated with unbiased consideration, candidates are interviewed, and strict confidentiality is maintained throughout the process. The Governance Advisory Council (GAC) provides oversight to the committee s processes and the committee reports to the Board of Directors and the membership of ISACA. The 2010-2011 Nominating Committee is pleased to present the slate for the 2011-2012 ISACA Board of Directors. As chair of the committee, I affirm that the committee s deliberations were carried out in accordance with the bylaws and good governance principles. 2010-2011 Nominating Committee Members: Marios Damianides, CISA, CISM, CA, CPA, Chair, USA Everett C. Johnson Jr., CPA, USA (past international president) Lynn Lawton, CISA, FBCS CITP, FCA, FIIA, Russia (past international president)
Sushil Chatterji, CGEIT, Singapore Leo Anzola, CISA, CGEIT, Panama Hugh Penri-Williams, CISA, CISM, CGEIT, CRISC, France Garry Barnes, CISA, CISM, CGEIT, Australia Slate of 2011-2012 Board of Directors ISACA will hold its Annual Meeting on 26 June 2011, at the Gaylord National Hotel and Convention Center, in Washington DC, USA, during the World Congress, where it will announce the 2011-2012 Board of Directors. In accordance with the association s bylaws, the Nominating Committee submits the following slate as the proposed 2011-2012 Board of Directors. Kenneth Vander Wal, CISA... International President Niraj Kapasi, CISA... Vice President Christos Dimitriadis, CISA, CISM... Vice President Greg Grocholski, CISA... Vice President Jeff Spivey, CRISC... Vice President Tony Hayes, CGEIT... Vice President Jo Stewart-Rattray, CISA, CISM, CGEIT... Vice President Lynn Lawton, CISA, FBCS CITP, FCA, FIIA... Past International President Emil D Angelo, CISA, CISM... Past International President Included on the agenda will be the president s annual report, the treasurer s report, ratification of significant board actions from the 2010-2011 administrative year and comments from the international president. All ISACA members are invited to attend the Annual Meeting. Visit the World Congress page of the ISACA web site for more information about ISACA s new global conference. New COBIT Case Study: Grupo Bancolombia Grupo Bancolombia, which was founded in 1875 and is currently the first bank in Colombia for assets and market participation, launched an internal control management system initiative that was sponsored by the group s board of directors. Goals of the project included enterprisewide process integration and improved efficiency, profitability, growth, reliability and compliance. Based on the needs of the enterprise, COBIT was seen as the best reference model to use as
a guideline for IT internal control. The full Grupo Bancolombia COBIT case study available on ISACA s web site describes how the financial institution used COBIT to aid in the design, assessment and creation of an internal control system that enabled alignment between business strategic planning and IT strategic planning and provided clarity in roles and responsibilities. In addition to helping the group proactively address internal and external audits and operating risk compliance, COBIT helps the enterprise facilitate a balance between compliance and performance. Visit the Case Studies page of the ISACA web site for this and other case studies by enterprises in a variety of industries. New COBIT Process Assessment Model: The Market Need and Value Picture As part of the ISACA strategy, a task force was created to determine whether there was a need to provide a formal assessment approach based on the COBIT framework. The task force reviewed common assessment options in use and decided to adopt ISO/IEC 15504, the standard related to process assessment. ISO/IEC 15504, sometimes referred to as Software Process Improvement and Capability Determination (SPICE), provides guidance on such topics as the level of evidence required for an assessment and the skills required of competent assessors. The task force recommended that such issues be addressed for a COBIT-based process assessment to improve the rigor and reliability of the results obtained. This included the need for development of a scheme for the training and certification of assessors. The task force conducted a survey to determine the market perspective on the proposed COBIT-based process assessment. In particular, the task force wanted to establish the perceived: 1. Need and value to an enterprise of a process capability assessment based on ISO/IEC 15504-2:2003, using COBIT 4.1 as the process reference model, and performed by trained and certified assessors 2. Need and value an enterprise has (or can foresee) for an enterprise maturity assessment based on ISO/IEC TR 15504-7:2008, using specified COBIT processes that support the achievement of specific business goals or enterprise activities, and performed by trained and certified assessors Almost 1,400 people (members and nonmembers of ISACA) from all parts of the world responded to the survey. Respondents held a variety of positions within their enterprise and
represented many industries. Of note, almost 17 percent of respondents were enterprise executives. The survey found that 88.8 percent agreed that there is a need for, and value in, a rigorous and reliable IT process capability assessment. Additionally, the survey found that 92 percent agreed there is a need for, and value in having, trained and certified assessors to perform the work. The survey also found 77.3 percent perceived a need for, and value in, an enterprise maturity assessment. Currently, work is underway on the development of the Process Assessment Model (PAM), based on COBIT 4.1 and ISO/IEC 15504. This model is expected to be available in the third quarter of 2011. 2011 ISACA. All rights reserved.