Information Systems Audit and Control Association
Encyclopedia
International Federation of Accountants
International Federation of Accountants is the global organization for the accountancy profession. IFAC has 164 member and associates in 124 countries and jurisdictions, representing more than 2.5 million accountants employed in public practice, industry and commerce, government, and academe...
. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.
History
The ISACA was founded in the USA in 1967, when a group of individuals with jobs auditing controls in the computer systems, which were becoming increasingly critical to the operations of their organizations, recognized the need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, employed by the (then) Douglas Aircraft Company, incorporated the entity as the EDP Auditors Association, serving as its founding Chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.111
Current status
ISACA currently serves more than 95,000 constituents (members and professionals holding ISACA certifications) in more than 160 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officerChief information officer
Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...
and internal audit
Internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk...
or. They work in nearly all industry categories. There is a network of ISACA chapters with 170 chapters established in over 160 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.
Major publications
- Standards, Guidelines and Procedures for information systemInformation systemAn information system - or application landscape - is any combination of information technology and people's activities that support operations, management, and decision making. In a very broad sense, the term information system is frequently used to refer to the interaction between people,...
auditing(Guideline co-developed with the International Federation of AccountantsInternational Federation of AccountantsInternational Federation of Accountants is the global organization for the accountancy profession. IFAC has 164 member and associates in 124 countries and jurisdictions, representing more than 2.5 million accountants employed in public practice, industry and commerce, government, and academe...
) - COBITCOBITCOBIT is a framework created by ISACA for information technology management and IT Governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.-Overview:...
- Val ITVal ITVal IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices to support and help executive management and boards...
(Getting best value from IT investments) - Risk ITRisk ITRisk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.Risk IT was published in 2009 by ISACA...
- Information System Control Journal
Certified in Risk and Information Systems Control (CRISC)
Certified in Risk and Information Systems Control (CRISC) is a certificationCertification
Certification refers to the confirmation of certain characteristics of an object, person, or organization. This confirmation is often, but not always, provided by some form of external review, education, assessment, or audit...
for information technology professionals
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
with experience in managing IT risks
IT risk
Information technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
, awarded by ISACA. To gain this certification, candidates must pass a written examination and have at least eight years of information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
or business experience, with a minimum of three years work experience in at least three CRISC domains.
The intent of the certification is to provide a common body of knowledge for information technology / systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls
Control
Control is the ability to purposefully direct, or suppress, change.Control can also refer to:-Literature:*Tinker, Tailor, Soldier, Spy, "Control" was the head of the Circus, a stand-in for MI-6, in the 1974 British spy novel by John le Carré...
, to mitigate IS/IT risks.
The CRISC requires demonstrated knowledge in five functional areas or ‘’Domains’’ of IT risk management
IT risk management
The IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:IT risk management can be considered a component of a wider Enterprise risk management system....
:
- Risk Identification, Assessment and Evaluation
- Risk Response
- Risk MonitoringMonitoringTo monitor or monitoring generally means to be aware of the state of a system. Below are specific examples:* to observe a situation for any changes which may occur over time, using a monitor or measuring device of some sort:...
- Information Systems Control Design and Implementation
- IS Control Monitoring and Maintenance