2011 Annual ReportISACA® and IT Governance Institute®

Information truly has become the currency of the 21st century. New global demands, stringent regulations and risk

scenarios arise every day. Managing risk and maximizing the value of information—supported by technology—

can drive incredible success, but at the same time these activities can generate challenging governance and

management issues throughout all enterprises.

This is what brings many of us together in the ISACA® community. While we are all involved with radically different

enterprises built on unique cultures, goals, business models, industries, locations and sizes, we also experience

many similar problems and achievements. By sharing our knowledge and experiences through many of ISACA’s forums, research,

events and publications, we all contribute to this vast global bank of guidance and good practices.

ISACA’s greatest asset is its vast and varied membership of approximately 100,000 individuals. Together, members and volunteers

with unique perspectives and ideas help support ISACA’s mission in its three focus areas: credentialing, knowledge and relations. In

2011, ISACA accomplished a great deal in these areas. Highlights for the year include the Certified in Risk and Information Systems

Control (CRISC) certification program, which grandfathered more than 15,000 professionals; the three-part COBIT® Assessment

Programme; the COBIT® 5 exposure draft (final version—second quarter of 2012); and completed memoranda of understanding with

prestigious organizations.

Throughout 2011, we saw again and again that our tagline—trust in, and value from, information systems—hits the mark on what we

do and how members and their enterprises benefit from our offerings. Effective enterprises everywhere use knowledge to customize

ways of building trust and generating value to strengthen their core. ISACA is the conduit for this knowledge.

The Latin motto on the coat of arms of the Union of South Africa is Ex Unitate Vires, which touts the unique correlation and

interdependence between unity and strength. For ISACA, the unity of our members, constituents, chapters and all of our enterprises

worldwide is our strength. Please read through the pages of this 2011 annual report and learn how the combined effort of so many

dedicated people has created a diverse, but united, body of work.

Ken Vander Wal, CISA, CPA

International President 2011-2012

ISACA and the IT Governance Institute

President’s Message

ISACA Knowledge Center: www.isaca.org/knowledge-center

Twitter: https://twitter.com/ISACANews

LinkedIn: http://linkd.in/ISACAOfficial

Facebook: www.facebook.com/ISACAHQ

Table of Contents

2011 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

2011 Year at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

ISACA and IT Governance Institute (ITGI)

Combined Financial Statements . . . . . . . . . . . . . . . . . . . . . . . . .7

Report of Independent Certified Public Accountants . . . . . . . . . . . .8

Audit Committee Chair’s Letter . . . . . . . . . . . . . . . . . . . . . . . . . . .16

Management Report on Responsibility for Financial Reporting . . .16

ISACA Board of Directors/ITGI Board of Trustees . . . . . . . . . . . . .17

Letter From the International President and the CEO . . . . . . . . . .17

Board, Committee, Subcommittee and Task Force Chairs . . . . . .18

Chapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

11

MembershipIncreasing responsiveness to member needs and the number of

member touch-point communications yielded the highest

retention rate in 10 years—81 percent in 2011. Growth and

retention initiatives also included the following:

n The eLibrary continued growing, providing members with free

access to a collection of almost all ISACA books, plus more

than 425 third-party books.

n The Career Centre assisted members in job transition during

the challenging global economy. Several new features

facilitated a job-seeker’s presentation to a potential employer.

n 2011 member cards listed, for the first time, the Bronze, Silver,

Gold or Platinum level, recognizing and appreciating long-term

members.

n As a companion to video testimonials on member benefits

released early in the year, a video tutorial for members was

developed. It engaged members in greater interaction on the

ISACA web site by showing them how to navigate and

customize the MyISACA area.

n To expand ISACA’s reach into academia, the qualifications for

Academic Advocates—faculty members who receive

complimentary membership in exchange for using ISACA

resources in the classroom—were revised in line with the

changing educational environment. To help increase the

number of student members, Academic Advocates assisted in

rolling out the pilot Student Representative Grow an ISACA

Network Program, in which students helped recruit their

peers as members.

Many Voices, One Goal ISACA® and IT Governance Institute® I 2011 Report

It is no secret that time does not stand still. As much as it is important to respect the tried,

true and familiar way of doing things, the fact is that we must also proactively assess our

environment and embrace change when appropriate.

During 2011, ISACA reviewed the strategy that we adopted three years earlier. This analysis

encompassed a longer-term view—a 10-year horizon, compared to the three- to five-year window

addressed in 2009. It reinforced our view that the vision identified as part of the previous strategy,

which focused on trust and value in information systems, is as important as ever. Trust and value

are at the core of what our constituents provide to enterprises around the world, and continue to

be critical concepts that bridge all cultures and all languages.

A strategic aspirational view was outlined to guide ISACA’s activities through 2022. It builds on

ISACA’s mission and calls for the pursuit of new opportunities to expand on the value provided to

constituents. All of the supporting initiatives extend ISACA’s global leadership position in educating

and informing individuals and enterprises on the governance and management of information and

information systems. The ISACA/ITGI® Board of Directors/Trustees approved the strategic

aspiration in November 2011. Some of the initiatives began to be addressed immediately,

alongside planning for other activities. Others will be

addressed at various stages during the 10-year

horizon, as ISACA charts its course forward.

Throughout 2011, ISACA undertook a variety of

activities to provide additional benefits and further

serve members and constituents in line with our

goals and strategy.

ISACA MissionFor professionals and organizations, to be the leadingglobal provider of knowledge, certifications,community, advocacy and education on informationsystems assurance and security, enterprisegovernance and management of IT, and IT-related riskand compliance.

ISACA VisionTrust in, and value from, information systems

In May 2011, ISACA held a Global Leadership Conference to support

chapter leaders. More than 240 attended from 166 chapters. ISACA

also held five other chapter leader events, which fostered leadership

development and peer-to-peer learning, in addition to keeping chapter

leaders informed of developments at ISACA international headquarters.

ISACA implemented a redesigned chapter balanced scorecard through

which chapters can maintain their alignment with the strategy of ISACA

international headquarters on an ongoing basis. In addition, a new

chapter formation process was designed to assist the creation of

chapters that are strong, diverse and vibrant in their communities.

CertificationEach of ISACA’s four certifications addresses a different career

direction. Many professionals earn more than one certification to

broaden their scope and help ensure that their career progression is in

line with their goals. According to a report from independent IT

research firm Foote Partners LLC, ISACA’s certifications are earning

top pay premiums. The firm’s research report IT Skills and Certification

Pay Index™ found that the CISA and CISM designations earn some of

the highest pay premiums among the 53 information security

certifications surveyed. The CGEIT credential also earns an above-

average premium.

The type of work that certification holders tend to perform helps clarify

the differences among ISACA’s certifications.

n Certified Information Systems Auditor® (CISA®) certification indicates

that the professional can provide assurance by conducting audits

and assessments of information systems.

n Certified Information Security Manager® (CISM®) certification

indicates that the professional can oversee, direct and manage

information security activities.

n Certified in the Governance of Enterprise IT® (CGEIT®) certification

indicates that the professional can define, establish, maintain and

manage a framework of governance over enterprise IT.

n Certified in Risk and Information Systems Control™ (CRISC™)

certification indicates that the professional can identify, evaluate and

manage risk through the development, implementation and

maintenance of information systems controls.

CISA: Now in its 33rd year, the CISA designation is established as a

leading, globally accepted standard of achievement among information

systems (IS) audit, control and security professionals. CISA reached a

milestone in 2011 when the 90,000th CISA certification was earned.

CISA has received continued accreditation under the International

Organization for Standardization (ISO) standard ANSI/ISO/IEC 17024

from the American National Standards Institute (ANSI).

CISM: Commemorating its ninth year, the CISM designation has

become a highly sought-after credential in the field of information

security.

2

ISACA completed a new CISM job practice in 2011, and the first exam

with the new job practice will be administered in 2012. CISM was

selected as a finalist in the SC Magazine Awards for exemplary

professional leadership in information security. The designation also

was acknowledged in the Professional Award category for Best

Professional Certification Program.

CISM has received continued accreditation under the ISO standard

ANSI/ISO/IEC 17024 from ANSI.

CGEIT: In the four years since its introduction, the CGEIT designation

has helped professionals receive recognition for their skills in advisory

and/or assurance services related to the governance and management

of an enterprise’s information and technology.

CGEIT has received continued accreditation under the ISO standard

ANSI/ISO/IEC 17024 from ANSI.

CRISC: In high demand since its inception, the CRISC certification

recognizes professionals for their knowledge of enterprise risk and

their ability to design, implement, monitor and maintain information

systems controls to mitigate such risk. The first CRISC exam was

held in June 2011.

“Given today’s global workingenvironment, ISACA’s free, onlinecontinuing education options arevery valuable to me and provide aflexible learning environment andalternative for busy professionals.”

Susanna Chiu, CISA, ACA, CICPA, FCPA, Vice President of HK Institute of CertifiedPublic Accountants, Director of Li & Fung Development Limited, China

“ISACA’s certifications maintain a fine balance between businessand technical knowledge. Becoming CISA-certified was a decidingfactor in receiving an early promotion and proved essential during myconsulting career. Becoming a CRISC helped me secure my current

job. There is an expectation that aperson working in the IT securityadvisor role is a CISM, and Iexpect this to become amandate. Becoming CISM-certified will help me retain thiswell-regarded functional role.”

Bob Smart, CISA, CISM, CRISC, Manager, ICT Security, Government of South Australia

3

Conferences, Training and EducationISACA trained more than 3,400 professionals in face-to-face

programs, including conferences, training weeks and onsite programs;

more than 1,000 professionals through ISACA’s eLearning Campus;

and more than 32,000 professionals through virtual programs,

including webinars, e-symposia and virtual conferences.

Conferences were again the destination for many seeking educational

and networking opportunities. The inaugural World Congress:

INSIGHTS event attracted professionals from 30 countries, and the

Computer Audit, Control and Security (CACSSM) conferences,

Information Security and Risk Management (ISRM) conferences, IT

Governance, Risk and Compliance (ITGRC) Conference and Training

Week events delivered practical guidance on hot-button topics.

ISACA also:

n Introduced a webinar series to provide shorter, thought-provoking

educational opportunities at no cost to members. The 12 webinars

held in 2011 attracted more than 9,300 participants.

n Offered six free virtual conferences that attracted more than 9,000

attendees to the live event. This lineup included a virtual conference

targeted to IT professionals in India, which attracted 1,320

registrations.

n Created a training partnership with Deloitte to offer more training

opportunities for members

n Introduced leadership workshops in conjunction with conferences to

help IT professionals who are entering leadership roles

n Created CRISC chapter review training materials to assist chapters

in developing their own CRISC review training

COBITThe COBIT® 5 development team released two COBIT-related

publications as exposure drafts for public comment. After the exposure

period closed, the team evaluated the feedback and worked diligently

to address the observations. The publications were then scheduled to

be published in 2012.

New COBIT-related publications in 2011:

- COBIT® Mapping: Mapping of CMMI for Development V1.2

With COBIT® 4.1

- COBIT® Mapping: Mapping of ISO/IEC 20000 With COBIT® 4.1

- COBIT® Mapping: Overview of International IT Guidance, 3rd Edition

- COBIT® Process Assessment Model (PAM): Using COBIT® 4.1

- COBIT® Assessor Guide: Using COBIT® 4.1

- COBIT® Self-Assessment Guide: Using COBIT® 4.1

Initiatives in progress at year-end:

- COBIT® Controls Collaboration (ISACA Knowledge Center online)

- COBIT® 5

- COBIT® 5: Enabling Processes

- COBIT® 5 Implementation

- COBIT® 5 for Information Security

Published by ISACA and ITGI:

- Global Status Report on the Governance of Enterprise IT

(GEIT)—2011

ResearchISACA developed and released 10 audit programs on topics including

social media, IT tactical management and business continuity

management. Seven white papers were developed, covering topics

such as geolocation, electronic discovery and mobile payments.

In addition, two books were published—Creating a Culture of Security

and IT Control Objectives for Cloud Computing: Controls and

Assurance in the Cloud. ISACA also issued a survey results report titled

Top Business/Technology Issues.

Periodicals ISACA publishes four periodicals, each covering a different aspect of

content important to its readership. Delivered twice a month, the

@ISACA e-newsletter provides members easy and timely access to

ISACA- and industry-related news. It is read regularly by almost

67 percent of members, according to the 2011 ISACA member needs

survey. ExpressLine presents to chapter leaders unique content related

to their roles in the chapter. The quarterly COBIT® Focus e-newsletter

offers COBIT users—and those interested in exploring COBIT—unique

and practical content on real-world experiences with implementing

COBIT.

In addition, @AGlance is a resource for important dates and deadlines

related to education, training, conferences and exams.

“The opportunity to share with other professionals from around theworld at ISACA events increases my real-world knowledge that

can be applied in my everydaywork activities, and helps melearn what other countries aredoing in the IT industry and theguidelines that are beingimplemented globally.”

“COBIT helps us meet ourstrategic and tactical businessgoals and objectives. It alsohelps us bridge silos and showsthe value of taking a holisticview of enterprise IT.”

Bob Frelinger, CGEIT, Program Manager, Oracle Corporation, USA

Osvaldo Lau C., CISA, CRISC, Senior Manager, BDO Consulting, Panama

4

ISACA contributed to a variety of global activities designed to

improve the profession by providing feedback to:

n The Australian Government for its draft exposure Cyber Issues—

Connecting with Confidence

n The International Federation of Accountants/International Auditing

and Accounting Standards Board (IFAC/IAASB) for Assurance

Engagements Other than Audits or Reviews of Historical Financial

Information ISAE 3000

n The IFAC/IAASB for its Strategy and Work Program for 2012-2014

ISACA Web SiteISACA’s web site has grown to be a powerful forum for interactive

communication among the association, its members and other

constituents. Enhancements in 2011 include an improved

Knowledge Center, where participants can engage in discussions

simply by responding to an email message; faster site search

capabilities; and ISACA-branded local web sites for chapters.

FinanceISACA is pleased to report a solid year, as it ended 2011 in a

stronger financial position from the previous year. A very good

member-retention rate, market support for the CRISC certification

and an increased focus on expense control are reflected in the

financial results. In addition, investment in research deliverables

continued and COBIT 5 neared finalization.

However, ISACA’s investment portfolio did not escape the impact of

the financial markets. Although ISACA had an unrealized loss on its

investment portfolio, these investments represent long-term assets

and market recovery is expected to reverse these losses. Even

though the investment portfolio reflected market weakness, solid

operations results covered investment portfolio losses.

Looking forward, management will continue to monitor economic

conditions and their impact on constituents and their operations in

2012. The 2011 audited financial statements for the organization are

presented within this annual report.

“I have benefited from ISACA’snetworking opportunities and the knowledge and expertiseshared by some of the world’sforemost information systemssecurity masters like ISACAJournal authors.”

“ISACA’s Knowledge Center on the web site is my first port of callwhen I am asked to consider a new audit assignment, from SQL

Server, to risk management to IT governance. I would belost without it.”

Ian Cooke, CISA, CGEIT, CFE, CPTS, DipFM, COBIT-F, ITIL-F,IT Audit Manager, Dublin, Ireland

Ehinonmen Philomena Oni, CISA, CRISC, OCA, Head Information Systems (MarketOperations), Power Holding Company of Nigeria Plc (Transmission Sector)

The ISACA® Journal is the association’s flagship publication. Issued six

times per year, it is a peer-reviewed journal that covers technical,

managerial and business topics aimed at enhancing trust in, and value

from, information and information systems. According to the 2011

ISACA member needs survey, 93 percent of ISACA members report

reading at least portions of each issue of the ISACA Journal.

The Journal added an iPhone/iPad app, providing another way to

receive a digital issue in advance of hard copies. By year-end, more

than 10,000 members had downloaded the app.

Quick response (QR) codes were added to the print Journal articles,

giving members easy and quick access to the articles online, where

they can comment on the article and interact with authors and other

members.

Strategic Alliances and AffiliationsISACA believes strongly that there is strength in numbers and

therefore seeks partnerships with other leading organizations. Many

benefits for both partners arise when global organizations join forces,

and plans to expand this robust network of collaboration are

underway.

In 2011, ISACA and ITGI formed varying levels of engagement with

entities including the Committee of Sponsoring Organizations of the

Treadway Commission (COSO), European Network and Information

Security Agency (ENISA), the National Institute of Standards and

Technology (NIST), International Organization for Standardization (ISO)

and the Cloud Security Alliance (CSA).

ISACA also worked with the Skills Framework for the Information Age

(SFIA), The Institute of Internal Auditors (IIA), Association of Certified

Anti-Money Laundering Specialists (ACAMS) and BCS, the Chartered

Institute for IT. In addition, ISACA was involved with the World Lottery

Association (WLA), Cybersecurity Credentials Collaborative (C3),

Institute for Development and Research in Banking Technology

(IDRBT) and the EC-Council. ISACA also participated in affiliations with

HP, IBM, Symantec, Deloitte & Touche LLP and Deloitte Services LP.

5

2011 year at a Glance

Membership and ChaptersMembership at year-end: 103,043, which represents a 5.6% growth from 31 December 2010

New chapters in 2011:Ankara (Turkey) ChapterGuatemala City (Guatemala) ChapterSpringfield (Missouri, USA) ChapterTallahassee (Florida, USA) ChapterVenice (Italy) ChapterWarsaw (Poland) Chapter

Chapters at year-end: 195 in 81 countries

Chapters with membership in excess of 1,000: 27 (20 have membership between 1,000-1,999; five havemembership between 2,000-2,999; two havemembership greater than 3,000)

Certification

Certified Information SystemsAuditor (CISA)Exam registrants (June and December

combined): More than 18,000Languages in which exam was available: 12Locations in which exam was available: 250Certified since inception (1978): More than 90,000

Certified Information Security Manager (CISM)Exam registrants (June and December

combined): More than 4,600Languages in which exam was available: 4Locations in which exam was available: 250Certified since inception (2002): More than 18,000

Certified in the Governance of Enterprise IT (CGEIT)Exam registrants (June and December

combined): More than 1,000Languages in which exam was available: 1Locations in which exam was available: 250Certified since inception (2007): More than 4,900

Certified in Risk and Information Systems Control (CRISC)Exam registrants (June and December

combined): More than 750Languages in which exam was available: 1Locations in which exam was available: 250 Certified since inception (2010): Nearly 16,000

MeMbeRSHIP AT yeAR-end by GeOGRAPHIC AReA

n Indicates a new chapter formed in 2011

n

n

n

n

n

n

Translation Program

ISACA materials translated: 205

Non-English languages into which ISACA materials

were translated: 15

ISACA materials translated: COBIT® 4.1, Risk IT,

certification exams, study materials, ISACA Journal

articles, white papers and more

Academic RelationsAcademic Advocates: 384

Student members: 948

StandardsCode of Professional Ethics revised

ISACA Web SiteUnique visitors: Increased 4.8%

Page views: Increased 24.3%

Average page views: Increased 12.9%

Average time on site: Increased 3.9%

Knowledge Center topic members: More than 8,300

Visits increased 10.3%

Chinese (Simplified): 16Chinese (Traditional): 11Dutch: 11French: 20German: 11Hebrew: 4Italian: 16Japanese: 30Korean: 24Lithuanian: 1Polish: 8Portuguese: 12Slovak: 1Slovenian: 2Spanish: 38

Languages and Number of Items Translated:

Oceania—3,300 (7% growth)

Asia—22,208 (1.1% growth)

Central/South America—4,472(10.9% growth)

Europe/Africa—26,373 (5.2% growth)

North America—46,690(7.5% growth)

2011 year at a Glance continued

6

Conferences and EducationWorld Congress: INSIGHTS 2011 conference site:National Harbor, Maryland, USA

Computer Audit, Control and Security (CACS)conference sites:Asia-Pacific CACSSM—Dubai, UAE EuroCACSSM—Manchester, England, UKLatin America CACSSM—San Juan, Puerto RicoNorth America CACSSM—Las Vegas, Nevada, USAOceania CACSSM—Brisbane, Queensland, Australia

Information Security and Risk ManagementConference sites: Barcelona, Spain; Las Vegas,Nevada, USA; San Juan, Puerto Rico

IT Governance, Risk and Compliance Conference site:Orlando, Florida, USA

Training Week sites: Baltimore, Maryland, USA;Chicago, Illinois, USA; New Orleans, Louisiana, USA;Orlando, Florida, USA; Ottawa, Ontario, Canada;Scottsdale, Arizona, USA; Seattle, Washington, USA

eSymposium events: 11Webinars: 10Virtual conferences: 6COBIT® Foundation certificates awarded: 7,718Accredited COBIT trainers: 76Onsite training days delivered: 40

ISACA 2011 COnFeRenCe LOCATIOnS

n Indicates a 2011 ISACA conference location

n

n

n

n

n

n

n

n

BookstoreBooks added in 2011: 93 titles,including ISACA research projects;CISA, CISM, CGEIT and CRISC studyaids; and books from third-partypublishers (three Chinese Simplified,

71 English, two French, one German, three Italian, sixJapanese and seven Spanish)

Total number of books available: 382

ISACA best sellers:CISA Review Manual 2011CISA Practice Question Database v11 (CD-ROM

and download formats)CISM Review Manual 2011CISA Review Questions, Answers & Explanations

Manual 2011CISM Practice Question Database v11 (CD-ROM and

download formats)*Excluding certification study materials, Security, Auditand Control Features SAP ERP, 3rd Edition, was thetop seller.

ITGI best sellers:COBIT® 4.1 excerptCOBIT® 4.1Board Briefing on IT Governance, 2nd EditionIT Control Objectives for Sarbanes-Oxley: The Role

of IT in the Design and Implementation of Internal Control Over Financial Reporting, 2nd Edition

COBIT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd Edition

Third-party best sellers:How to Complete a Risk Assessment in 5 Days

or LessIT Auditing: Using Controls to Protect Information

Assets, 2nd EditionMobile Application SecurityEnterprise Security for the Executive: Setting the

Tone from the TopA New Auditor’s Guide to Planning, Performing

and Presenting IT Audits

ISACA JournalCirculation at year-end:More than 97,000

Editorial calendar: Volume 1—Virtualization

Security, Challenges and Solutions

Volume 2—Risk Management—What Is Your Capacity?

Volume 3—Data MinersVolume 4—Security in a BoxVolume 5—Governance: Tying Together the

Three Lines of DefenseVolume 6—Emerging and Evolving IT Risk

Intellectual PropertyITGI affiliates: 11 ITGI sponsors: 8 COBIT training material licensees: 119Product licensees: 42

ISACA 2011 TRAInInG WeeK LOCATIOnS

Seattle, Washington

Scottsdale, Arizona

Chicago, Illinois

New Orleans, LouisianaOrlando, Florida

Baltimore, Maryland

Ottawa, Ontario

Interest, dividends, IP use,royalties and other 3%

Contributions andsponsorships 1%

Publications 8%

Education 16%

ISACA and IT Governance InstituteCombined Financial StatementsAll monetary amounts included in the financial statements are in US dollars.

7

2011 Operating Revenues

2011 Operating Expenses

Supporting services and administration 22%

Research 12%

Publications 8%

Education 15%

Membership 20%

Certification 23%

Membership 26%

Certification 46%

ISACA/ITGI Historical Revenues (in millions of US dollars)

45

40

35

30

25

20

15

10

5

2007

2008

2009

2010

2011

8

R E P O R T O F I N D E P E N D E N T C E R T I F I E D P U B L I C A C C O U N T A N T S

Board of Directors

ISACA, Inc.

Board of Trustees

IT Governance Institute, Inc.

We have audited the accompanying combined statements of financial position of ISACA, Inc. and the IT

Governance Institute, Inc. (collectively, the Organization) as of 31 December 2011 and 2010, and the related

combined statements of activities and cash flows for the years then ended. These financial statements are

the responsibility of the Organization’s management. Our responsibility is to express an opinion on these

financial statements based on our audits.

We conducted our audits in accordance with auditing standards generally accepted in the United States of

America as established by the American Institute of Certified Public Accountants. Those standards require

that we plan and perform the audits to obtain reasonable assurance about whether the financial statements

are free of material misstatement. An audit includes consideration of internal control over financial reporting

as a basis for designing audit procedures that are appropriate in the circumstances, but not for the purpose

of expressing an opinion on the effectiveness of the Organization’s internal control over financial reporting.

Accordingly, we express no such opinion. An audit also includes examining, on a test basis, evidence

supporting the amounts and disclosures in the financial statements, assessing the accounting principles

used and significant estimates made by management, as well as evaluating the overall financial statement

presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the combined financial statements referred to above present fairly, in all material respects, the

combined financial position of ISACA, Inc. and the IT Governance Institute, Inc. as of 31 December 2011

and 2010, and the combined changes in their net assets and their combined cash flows for the years then

ended, in conformity with accounting principles generally accepted in the United States of America.

Chicago, Illinois

5 April 2012

9

A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S

Combined Statements of Financial PositionISACA, Inc. and IT Governance Institute, Inc.

31 December 2011 2010

ASSETS

CURRENT ASSETSCash and cash equivalents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 7,354,756 $ 1,182,706Investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60,619,105 59,782,690Accounts receivable, net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 861,553 942,598Prepaid expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,290,173 1,301,230Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587,493 751,470Other current assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50,617 107,293

Total current assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70,763,697 64,067,987

FIXED ASSETSLeasehold improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802,428 772,092Furniture and fixtures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351,026 326,148Office equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182,683 201,496Computer system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4,944,562 4,215,866

6,280,699 5,515,602Less accumulated depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (3,643,768) (3,189,825)

Net fixed assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2,636,931 2,325,777

TOTAL ASSETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $73,400,628 $66,393,764

LIABILITIES AND NET ASSETS

CURRENT LIABILITIES Accounts payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 5,227,945 $ 5,042,492Deferred revenues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10,527,452 9,931,805Other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218,565 204,308

Total current liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15,973,962 15,178,605

NET ASSETSUnrestricted

Board designated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28,678,191 28,185,192Undesignated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28,696,842 22,927,859

Total unrestricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57,375,033 51,113,051

Temporarily restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10,522 60,997Permanently restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41,111 41,111

Total net assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57,426,666 51,215,159

TOTAL LIABILITIES AND NET ASSETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $73,400,628 $66,393,764

The accompanying notes are an integral part of these statements.

10

A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S

Combined Statements of ActivitiesISACA, Inc. and IT Governance Institute, Inc.

OPERATING REVENUESMembership . . . . . . . . . . . . . . $11,890,682 $ - $ - $11,890,682

Certification . . . . . . . . . . . . . . 21,105,666 - - 21,105,666

Education . . . . . . . . . . . . . . . . 7,424,460 - - 7,424,460

Publications . . . . . . . . . . . . . . 3,666,519 - - 3,666,519

Contributions and sponsorships . 173,817 - - 173,817

Interest, dividends, IP use,

royalties and other . . . . . . 1,565,657 9 - 1,565,666

Net assets released from

restrictions . . . . . . . . . . . . 50,484 (50,484) - -

Total operating revenues . . . . . 45,877,285 (50,475) - 45,826,810

OPERATING EXPENSES Program services

Membership . . . . . . . . . . . . . . 7,661,588 - - 7,661,588

Certification . . . . . . . . . . . . . . 8,485,224 - - 8,485,224

Education . . . . . . . . . . . . . . . . 5,802,209 - - 5,802,209

Publications . . . . . . . . . . . . . . 3,041,162 - - 3,041,162

Research . . . . . . . . . . . . . . . . . 4,331,481 - - 4,331,481

Total program services . . . . . . 29,321,664 - - 29,321,664

Supporting services

Board and administrative . . . . 8,489,058 - - 8,489,058

Contributions—Disaster Relief 15,000 - - 15,000

Total supporting services . . . . . 8,504,058 - - 8,504,058

Total operating expenses . . . . . 37,825,722 - - 37,825,722

OTHER GAINS AND LOSSES Net realized and unrealized

gains/(losses) on investments (1,789,581) - - (1,789,581)

CHANGE IN NET ASSETS . . . . . . 6,261,982 (50,475) - 6,211,507

NET ASSETS, beginning of year . . . 51,113,051 60,997 41,111 51,215,159

NET ASSETS, end of year . . . . . . . . $57,375,033 $ 10,522 $ 41,111 $57,426,666

The accompanying notes are an integral part of these statements.

$11,261,989 $ - $ - $11,261,989

17,495,762 - - 17,495,762

6,041,313 - - 6,041,313

3,548,432 - - 3,548,432

130,318 7,000 - 137,318

1,300,058 10 - 1,300,068

7,010 (7,010) - -

39,784,882 - - 39,784,882

7,043,052 - - 7,043,052

8,055,847 - - 8,055,847

5,776,232 - - 5,776,232

2,970,849 - - 2,970,849

4,666,944 - - 4,666,944

28,512,924 - - 28,512,924

6,582,700 - - 6,582,700

- - - -

6,582,700 - - 6,582,700

35,095,624 - - 35,095,624

2,345,596 - - 2,345,596

7,034,854 - - 7,034,854

44,078,197 60,997 41,111 44,180,305

$51,113,051 $60,997 $41,111 $51,215,159

UnrestrictedTemporarilyRestricted

PermanentlyRestricted Total Unrestricted

TemporarilyRestricted

PermanentlyRestricted Total

Years ended 31 December 2011 2010

11

Combined Statements of Cash FlowsISACA, Inc. and IT Governance Institute, Inc.

Years ended 31 December 2011 2010

Cash flows from operating activities Change in net assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 6,211,507 $ 7,034,854Adjustments to reconcile change in net assets to net cash provided by operating activities

Depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793,136 550,395Net realized and unrealized loss (gain) on investments . . . . . . . . . . . . . . . . . . . . . . 1,789,581 (2,345,596)Changes in assets and liabilities

Accounts receivable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81,045 (434,297)Prepaid expenses and other current assets . . . . . . . . . . . . . . . . . . . . . . . . . . 67,733 (77,395)Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163,977 57,110Accounts payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185,453 717,891Deferred revenues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595,647 1,744,806Other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14,257 14,939

Net cash provided by operating activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9,902,336 7,262,707

Cash flows from investing activities Acquisition of fixed assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (1,104,290) (1,632,396)Proceeds from the sale of investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12,367,302 21,988,543

Purchase of investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (14,993,298) (27,500,920)

Net cash used in investing activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (3,730,286) (7,144,773)

NET CHANGE IN CASH AND CASH EQUIVALENTS . . . . . . . . . . . . . . . . . . . 6,172,050 117,934

Cash and cash equivalents, beginning of year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,182,706 1,064,772

Cash and cash equivalents, end of year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 7,354,756 $ 1,182,706

The accompanying notes are an integral part of these statements.

A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S

N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S

Note A—OrganizationThe Organization consists of ISACA, Inc. (the Association) and the IT

Governance Institute, Inc. (the Institute). The Association’s and

Institute’s financial statements are presented on a combined basis due

to a majority of Board members serving both entities and the

Association’s economic interest in the Institute. The Organization

operates on a global basis, with the majority of revenues and net

assets attributable to the Association, the predominant entity within

the Organization. The Organization maintains its books and records at

its headquarters building located in Rolling Meadows, Illinois, USA.

The Association was incorporated in 1969 under the name

Electronic Data Processing Auditors Association, a California (USA)

not-for-profit corporation. In 1993, to reflect the evolving state of

technology, as well as the Association’s expanding constituency base,

the name was changed to Information Systems Audit and Control

Association, Inc. The Association now presents itself by its acronym,

ISACA. With more than 100,000 constituents in 182 countries at

year-end 2011, ISACA is a leading global provider of knowledge,

certifications, community, advocacy and education on IS assurance

and security, enterprise governance of IT, and IT-related risk and

compliance. ISACA sponsors international conferences, publishes the

ISACA® Journal, and develops international IS auditing and control

standards. It also administers the globally respected Certified

Information Systems Auditor (CISA), Certified Information Security

Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT),

and Certified in Risk and Information Systems Control (CRISC)

designations.

The Institute was incorporated in 1976 under the name Electronic

Data Processing Auditors Foundation, a California (USA) not-for-profit

corporation. In 1994, its name was changed to Information Systems

Audit and Control Foundation, to align with the changed name of the

Association, and was changed again in 2003 to IT Governance

Institute, Inc. The Institute’s role in the mission it shares with ISACA

focuses on provision of knowledge through conduct of empirical

research on IT governance and related topics. The Institute performs

research to advance international understanding of good practices to

direct and control an enterprise’s IT. Through its collaborative

development model, the Institute brings global perspectives to critical

issues facing enterprise leaders and practitioners in its IT governance

responsibilities.

The Organization develops and maintains the COBIT, Val IT and

Risk IT frameworks, which help IT professionals and enterprise leaders

fulfill their IT governance responsibilities and deliver value to the

business. In addition, ISACA offers the Business Model for

Information Security (BMIS) and the IT Assurance Framework (ITAF).

Note B—Summary of Significant Accounting PoliciesBasis of PresentationThe combined financial statements include the assets, liabilities, net

assets and financial activities of the Organization. Significant

intercompany balances have been eliminated in combining the two

entities. The Organization has a relationship with ISACA chapters

located throughout the world; however, the chapters are not fiscally

accountable to the Organization and, accordingly, have not been

included in the accompanying combined financial statements.

Cash and Cash EquivalentsCash and cash equivalents consist primarily of non-interest-bearing

deposits to be used for operating purposes. These deposits are

carried at cost, which approximates fair value.

InvestmentsInvestments, other than money market funds, interest-bearing

deposits and certificates of deposit, are reflected in the accompanying

combined financial statements at fair value according to generally

accepted accounting principles (GAAP). GAAP has established a

framework for measuring fair value, as well as a fair value hierarchy

based on the inputs used to measure fair value.

A financial instrument’s level within the fair value hierarchy is based on

the lowest level of any input that is significant to the fair value

measurement; however, the determination of what constitutes

observable requires significant judgment. The fair value hierarchy is

broken down into three levels based on the transparency of inputs as

follows:

• Level 1 - Quoted prices (unadjusted) in active markets for

identical assets or liabilities

• Level 2 - Quoted prices, other than quoted prices included in

Level 1, that are observable for the assets or liabilities, either

directly or indirectly

• Level 3 - Inputs that are unobservable for the assets or liabilities

Investment gains and losses include net realized and unrealized gains

and losses and are reflected in the accompanying combined financial

statements as non-operating activities, while interest income and

dividends are considered operating revenue.

Concentration of Credit RiskCertain financial instruments, primarily cash and investments, subject

the Organization to credit risk. The Organization maintains cash

balances (non-interest bearing) at a financial institution, which for

notes to Combined Financial StatementsISACA, Inc. and IT Governance Institute, Inc.

31 December 2011 and 2010

12

N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S

reclassified to unrestricted net assets for reporting of related

expenses.

• Permanently restricted – Represents resources that are subject to

restrictions of gift instruments requiring that the principal be

invested and maintained in perpetuity. The income generated from

these funds is classified based on the terms of the gift instruments.

Revenue RecognitionRevenues received by the Organization consist primarily of annual

membership dues and new member fees; examination, annual

maintenance fees and other fees for CISA, CISM, CGEIT and CRISC

programs; attendance fees for educational conferences; the sale of

advertising space; charges for various publications; sponsorships and

contributions; and license fees. Membership dues and annual

maintenance fees for CISA, CISM, CGEIT and CRISC are recognized

as revenue in the applicable period. New member fees are recorded

in the period in which the membership application is processed, with

chapter membership dues collected by the Association recorded as a

liability until remitted to the chapters. The Organization recognizes

unrestricted, restricted and endowment contributions in accordance

with donor restrictions in the period in which the commitment for

support is obtained, with other revenues being recognized in the

period in which the goods or services are provided. Unearned dues,

fees and subscriptions are classified as deferred revenues.

Promotion and Advertising CostsPromotion and advertising costs are expensed as incurred. Total

promotion and advertising costs were $3,781,991 and $3,119,695 for

the years ended 31 December 2011 and 2010, respectively.

Use of EstimatesThe preparation of the combined financial statements in conformity

with accounting principles generally accepted in the United States of

America requires management to make estimates and assumptions

that affect the reported amounts of assets and liabilities and the

disclosure of contingent assets and liabilities at the date of the

combined financial statements, as well as the reported amounts of

revenues and expenses during the reporting period. Actual results

could differ from those estimates.

ReclassificationsCertain reclassifications have been made to the 2010 financial

statements to conform to the current-year financial statement

preparation.

Note C—InvestmentsThe following table presents information about the Organization’s

investments. Money market funds and interest-bearing deposits are

stated at cost. Certificates of deposit are stated at cost plus accrued

2011, are fully federally insured. With respect to investments,

concentration is limited through the diversification of the portfolio. As

of 31 December 2011 and 2010, the Organization maintained 23%

and 28%, respectively, of its investment balance in one mutual fund,

which invests primarily in a portfolio of short-term U.S. Treasury and

government agency securities, including repurchase agreements

collateralized fully by U.S. Treasury and government agency securities.

Accounts ReceivableAccounts receivable are due within 30 days and are stated at amounts

due from customers net of an allowance for doubtful accounts.

Accounts outstanding longer than the contractual payment terms are

considered past due. The Organization determines its allowance for

doubtful accounts by considering a number of factors, including the

length of time trade accounts receivable are past due, the

Organization’s loss history, the customer’s current ability to pay its

obligation to the Organization, and the condition of the general

economy and the industry as a whole. The Organization writes off

accounts receivable when they become uncollectible, and payments

subsequently received on such receivables are credited to the

allowance for doubtful accounts.

InventoryInventory consists solely of study aids and other publications printed

for the Organization for sale to its members and interested outside

parties. Inventory is valued at the lower of cost or market, with cost

determined by the average cost method. Provisions for obsolete

items are based on estimated future usage as related to quantities of

stock on hand.

Fixed AssetsFixed assets are carried at cost. Depreciation is computed using the

straight-line method. The estimated useful lives of the related assets

range from two to 10 years. Leasehold improvements are amortized

using the straight-line method over the shorter of the lease terms or

their estimated useful lives. Depreciation expense totaled $793,136

and $550,395 for 2011 and 2010, respectively.

Net AssetsNet assets, revenues, expenses, gains and losses are classified based

on the existence or absence of donor-imposed restrictions using the

following classifications

• Unrestricted – Represents unrestricted resources available for

support of daily operations and contributions received with no

donor restriction. The Board may designate certain net assets for

a particular function or activity.

• Temporarily restricted – Represents resources for which use

has been temporarily restricted by the contributor. When a donor

restriction has been satisfied by incurred expenses consistent

with the designated purpose, temporarily restricted net assets are

13

14

N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S

interest. Investments, which are based on quoted market prices in

active markets and therefore classified as Level 1, include actively listed

mutual funds, exchange traded funds and government debt securities.

Investments at 31 December consisted of the following:

2011 2010

Mutual funds

Large Cap $ 5,057,319 $ 3,755,992

Mid Cap 1,032,427 1,093,067

Small Cap 1,507,677 1,554,422

International 3,105,235 3,439,343

Fixed Income 22,656,968 14,590,767

REIT 1,312,683 1,296,701

Money Market 16,399,890 18,578,457

51,072,199 44,308,749

Exchange Traded Funds

Large Cap 2,954,529 2,792,042

Mid Cap 364,521 371,126

Small Cap 362,539 379,369

International 1,865,948 1,576,118

Fixed Income 3,996,553 3,833,735

9,544,090 8,952,390

Government debt securities - 6,410,556

Certificates of deposit - 100,528

Money market/interest-bearing deposits 2,816 10,467

$60,619,105 $59,782,690

The components of investment income for the years ended 31

December are as follows:

2011 2010

Interest and dividends $ 1,191,836 $ 941,296

Net realized and unrealized (loss)

gain on investments (1,789,581) 2,345,596

$ (597,745) $3,286,892

Note D—Accounts ReceivableAccounts receivable consist of the following at 31 December:

2011 2010

Trade receivables $918,722 $990,720

Less allowance for

doubtful accounts (57,169) (48,122)

Net receivables $861,553 $942,598

Changes in the Association’s allowance for doubtful accounts are as

follows for the years ended 31 December:

2011 2010

Beginning balance $ 48,122 $ 57,802

Bad debt expense 12,065 28,615

Accounts written off (3,018) (38,295)

Ending balance $ 57,169 $ 48,122

Note E—Board-designated Net AssetsThe Association’s Board of Directors and the Institute’s Board of Trustees

designate a portion of the Organization’s unrestricted net assets for

contingency purposes in order to protect the Organization against

unforeseen global events and economic downturn. The designated

amount, based on a three-year average of operating expenses, totals

$28,678,191 as of 31 December 2011. As of 31 December 2010, the

designated amount was $28,185,192. These funds, while designated

for the purposes noted above, are categorized within the Organization’s

combined financial statements as unrestricted net assets.

Note F—Temporarily Restricted Net Assets Temporarily restricted net assets at 31 December 2011 and 2010, have

been restricted by donors for the following purposes:

2011 2010

Research $ 573 $51,048

Membership 550 550

Education 2,139 2,139

Standards 155 155

Certification 100 100

IS hardware and software 5,250 5,250

Building 1,755 1,755

Total $10,522 $60,997

Note G—Net Assets Released from RestrictionsDuring 2011 and 2010, net assets were released from restrictions to

satisfy the following purposes:

2011 2010

Research $50,475 $2,000

COBIT - 5,000

Endowment appropriation

for expenditure 9 10

$50,484 $7,010

Note H—Permanently Restricted Net AssetsPermanently restricted net assets are restricted as investments in

perpetuity. The Organization’s endowment consists only of donor-

restricted endowment funds. Net assets associated with the

Organization’s endowment funds are classified and reported based on

the existence of donor-imposed restrictions. There are no donor

restrictions on the earnings of the Organization’s endowment funds.

The Organization accounts for endowment net assets by preserving

the fair value of the original gift as of the gift date of the donor-restricted

endowment fund absent explicit donor stipulations to the contrary. As

a result, the Organization classifies the original value of the gifts

donated to the permanent endowment as permanently restricted net

assets. All earnings on the endowment funds are temporarily restricted

until appropriated for current-year operating expenses as allowed by

the donor.

15

As of 31 December 2011, the minimum future rentals payable under

these non-cancelable operating lease commitments were as follows:

Years ending 31 December

2012 $29,000 $575,200 $604,200

2013 21,700 590,100 611,800

2014 3,600 589,900 593,500

2015 - 619,700 619,700

2016 - 634,500 634,500

2017 and thereafter - 813,000 813,000

Rent expenses under these leases for the years ended 31 December

2011 and 2010, were $613,423 and $550,577, respectively.

Note K—Income TaxesThe Association and the Institute have received favorable

determination letters from the Internal Revenue Service stating that

they are exempt from Federal income taxes under Section 501(a) of

the Internal Revenue Code as organizations described in Sections

501(c)(6) and 501(c)(3), respectively. However, unrelated business

income is subject to taxation. The tax liability in 2011 and 2010 was

$5,400 and $25,533, respectively. The tax years ended 2008, 2009

and 2010 may still be selected for audit for both Federal and state

purposes based on the Internal Revenue Service statute of limitations.

Note L—Employee Benefit PlanThe Association maintains a defined contribution retirement plan for

qualified employees. Participation in the plan is optional. The

Association will match the first 5% contributed by the employee. The

Association’s contributions to the plan for the years ended 31

December 2011 and 2010, were $553,209 and $511,172,

respectively.

Note M—Contribution—Disaster ReliefDuring the year, ISACA chapters, members, CISAs, CISMs, CGEITs

and CRISCs were affected by two substantial local disasters. Given

the long-time support of these chapters, members and certified

individuals, the Association contributed $5,000 to the Premier’s

Disaster Relief Appeal, a relief and development organization to assist

those affected by extreme flooding in Brisbane, Australia, and $10,000

to the American Red Cross on behalf of those affected with the

earthquake and tsunami that devastated Northeast Japan.

Note N—Subsequent EventsThe Organization evaluated its 31 December 2011 combined financial

statements for subsequent events through 5 April 2012, the date the

combined financial statements were available to be issued. The

Organization is not aware of any subsequent events that would require

recognition or disclosure in the combined financial statements.

N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S

As of 31 December 2011 and 2010, endowment assets include only

those assets of donor-restricted funds that the Organization must hold

in perpetuity. The Organization does not have any Board-designated

endowment funds. The Organization’s Finance Committee meets on a

regular basis to ensure that the objectives of the Organization’s

investment policy are being met and that the investment approach used

to meet the objectives is in accordance with the investment policy

approved by the Board of Directors. Under this policy, the endowment

assets are invested in a manner that is intended to provide adequate

liquidity and maximize returns on funds invested. Interest and dividends

earned on endowment funds are appropriated for current-year

operating expenses.

During 2011 and 2010, the Organization had the following

endowment-related activities:

Endowment net assets,

1 January 2010 $ - $41,111 $41,111

Interest and dividends 10 - 10

Appropriation of endowment assets

for expenditure (10) - (10)

Total change in endowment

net assets - - -

Endowment net assets,

31 December 2010 - 41,111 41,111

Interest and dividends 9 - 9

Appropriation of endowment assets

for expenditure (9) - (9)

Total change in endowment

net assets - - -

Endowment net assets,

31 December 2011 $ - $41,111 $41,111

Note I—Related-party TransactionsAs a service to the chapters, the Organization includes the amount of

individual chapter dues with its annual billing and remits to the chapters

amounts collected on their behalf. The balances of $2,164,712 and

$2,198,847 at 31 December 2011 and 2010, respectively, are reflected

in accounts payable and represent the unremitted portion of dues

collected for individual chapters. During 2011, chapter dues collected

and remitted totaled $3,311,870 and $3,346,005, respectively. For

2010, dues collected and remitted totaled $3,232,655 and $2,796,399,

respectively.

Note J—LeasesThe Organization has an office facilities operating lease through

31 March 2018, which requires monthly payments comprised of rent,

property taxes, pro rata share of common operating expenses and

insurance. The Organization also rents office equipment under three

non-cancelable leases with initial lease terms in excess of one year.

Temporarilyrestricted

endowmentfunds

Permanentlyrestricted

endowmentfunds

Totalendowment

funds

Officeequipment Facilities Total

16

A U D I T C O M M I T T E E C H A I R ’ S L E T T E R

The Audit Committee of the Board of Directors/Trustees (the Board) of

ISACA/IT Governance Institute (the Organization) oversees the

Organization’s financial reporting process on behalf of the Board, and is

composed of six independent members. In fulfilling its responsibility, the

committee recommended to the Board the selection of the

Organization’s independent certified public accountants.

The committee discussed with the independent certified public

accountants the overall scope and specific plans for their audit. The

committee also discussed the Organization’s combined financial

statements and the adequacy of its internal controls.

The committee met with the Organization’s independent certified public

accountants, without management present, to discuss the results of

their examination, their evaluation of the Organization’s internal controls,

and the overall quality of the Organization’s financial reporting.

Ria T. Lucas, CISA, CGEIT

Chair, Audit Committee

The management of ISACA/IT Governance Institute (the Organization)

has the responsibility for the preparation, integrity and fair presentation of

the accompanying financial statements. The statements were prepared

in accordance with generally accepted accounting principles applied on

a consistent basis and, as such, include amounts that are based on

management’s best estimates and judgments. Management also

prepared the other information in the annual report and is responsible for

its accuracy and consistency with the financial statements.

The Organization’s financial statements for 2011 have been audited by

Grant Thornton LLP, independent certified public accountants, elected

by the Board of Directors/Trustees (the Board). Management has made

available to Grant Thornton LLP all of the Organization’s financial records

and related data, as well as the minutes of the Board’s meetings.

Management believes that all representations made to Grant Thornton

LLP during its audit were valid and appropriate.

The Organization maintains a system of internal control that is designed

to provide reasonable assurance to management and to the Board

regarding the preparation and publication of reliable and accurate

financial statements, the effectiveness and efficiency of operations, and

compliance with applicable laws and regulations. The system includes a

documented organizational structure and division of responsibility,

established policies and procedures that are communicated throughout

the Organization, and the careful selection, training and development of

personnel. Management also recognizes its responsibility for fostering a

strong ethical climate so that the Organization’s affairs are conducted

according to the highest standards of personal and corporate conduct.

There are inherent limitations in the effectiveness of any system of

internal control, including the possibility of human error and the

circumvention or overriding of controls. Accordingly, even an effective

internal control system can provide only reasonable assurance with

respect to financial statement preparation.

The Organization evaluates its internal control system in relation to

criteria for effective internal control over financial reporting described in

Internal Control—Integrated Framework, issued by the Committee of

Sponsoring Organizations of the Treadway Commission, and as of 31

December 2011, the Organization believes that its system of internal

control over financial reporting met those criteria.

As part of its audit of the Organization’s financial statements, Grant

Thornton LLP assessed the Organization’s internal accounting controls

structure to establish a basis for reliance thereon in determining the

nature, timing and extent of audit tests to be applied. Management and

Grant Thornton LLP have reviewed the internal control assessment with

the Audit Committee as part of the committee’s acceptance of the

financial statements. The Board, operating through its Audit Committee,

which is composed entirely of members who are not officers or

employees of the Organization, provides oversight to the financial

reporting process.

Susan M. Caldwell

Chief Executive Officer

Neville Rademeyer

Chief Financial Officer

M A N A G E M E N T R E P O R T O N R E S P O N S I B I L I T Y F O R F I N A N C I A L R E P O R T I N G

17

ISACA board of directors/ITGI board of Trustees

Kenneth L. Vander Wal, CISA, CPA

International President

USA

Emil D’Angelo, CISA, CISM

Past International President

USA

Lynn C. Lawton, CISA, FBCS

CITP, FCA, FIIA

Past International President

Russian Federation

Christos K. Dimitriadis, CISA,

CISM, CRISC

International Vice President

Greece

Gregory T. Grocholski, CISA

International Vice President

USA

Tony Hayes, CGEIT, AFCHSE,

CHE, FACS, FCPA, FIIA

International Vice President

Australia

Niraj Kapasi, CISA, FCA

International Vice President

India

Jeff M. Spivey, CRISC, CPP, PSP

International Vice President

USA

Jo Stewart-Rattray, CISA,

CISM, CGEIT, CSEPS

International Vice President

Australia

Allan Boardman, CISA, CISM,

CGEIT, CRISC, CA (SA), CISSP

ISACA Director

UK

Marc Vael, CISA, CISM,

CGEIT, CISSP

ISACA Director

Belgium

Susan M. Caldwell

Secretary

USA

Letter From the International President and the CeO

ISACA and the IT Governance Institute accomplished quite a lot and

embarked on many new initiatives in 2011. But one thing never

changes—the benefits of members around the world sharing their

knowledge and expertise remain paramount. We are passionate about

members having their voices heard. This is, in fact, one of our greatest

strengths and is viewed by members as something they can not

duplicate elsewhere.

Listening to members keeps us in touch with what they face in their

day-to-day challenges. Even so, while we are acutely aware of what is

happening in the current global business environment, we also

continually look forward to ensure that we are on track with the right

strategy for the future. We liken it to the words of Japanese poet

Matsuo Basho, who said, “Do not seek to follow in the footsteps of the

wise. Seek what they sought.”

ISACA’s 2011 accomplishments were possible only because of the

thousands of hours volunteered by our Board of Directors, Board of

Trustees, and other leaders and members around the world. We

appreciate the time you spend on ISACA activities, and we sincerely

thank you.

Ken Vander Wal, CISA, CPA

International President 2011-2012

ISACA and the IT Governance Institute

Susan M. Caldwell

Chief Executive Officer

ISACA and the IT Governance Institute

18

board, Committee, Subcommittee and Task Force Chairs

Krishna Seeburn, CISSP, PMP, CFE, CIAAcademic Program SubcommitteeMauritius

Vatsaraman Venkatakrishnan, CISA, CISM, CGEIT, CRISCAsia-Pacific CACS Program Development Task ForceUAE

Bharat Jethanand Raigangar, CISA, CISM, CGEIT, CRISC,CIA, CICA, CFAPAsia-Pacific CACS Partnering Chapter Task ForceUAE

Ria T. Lucas, CISA, CGEITAudit CommitteeAustralia

Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA,CISSPCGEIT Certification CommitteeUSA

Debra L. Mallette, CISA, CGEIT, CSSBBCGEIT Test Enhancement SubcommitteeUSA

Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA, CISSPCGEIT Job Practice Analysis Task ForceUSA

Patricia K.Y. Goh, CISA, CGEIT, CRISC, CGA, M.Sc.Chapter Support CommitteeCanada

David Yeok Wah Yeung, CISA, CIA, CFECISA Certification CommitteeSingapore

Matthew William Snider, CISA, CISSP, CCENTCISA Test Enhancement SubcommitteeUSA

Garry James Barnes, CISA, CISM, CGEIT, CRISCCISM Certification CommitteeAustralia

Christian Palomino Herrero, CISA, CISM, CGEITCISM Test Enhancement SubcommitteeSpain

Marc Vael, CISA, CISM, CGEIT, CISSPCloud Computing Task Force IIBelgium

Anthony P. Noble, CISACOBIT for Assurance Task ForceUSA

Steven Andrew Babb, CGEIT, CRISCCOBIT for Risk Task ForceUK

Steven De HaesCOBIT IRM Task ForceBelgium

John W. Lainhart IV, CISA, CISM, CGEIT, CRISCCOBIT Online Replacement Task ForceUSA

John W. Lainhart IV, CISA, CISM, CGEIT, CRISCCOBIT 5 Task ForceUSA

Derek J. Oliver, CISA, CISM, CRISC, FBCS, FISM, M InstISPCOBIT 5 Task ForceUK

Maxwell J. Shanahan, CISA, CGEIT, FCPACOBIT Enterprise Certification Task ForceAustralia

Christos K. Dimitriadis, CISA, CISM, CRISCCOBIT Security Task ForceGreece

Theresa Grafenstine, CISA, CGEIT, CRISC, CPA, CIA,CGAP Communities CommitteeUSA

Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA(SA), ACA, CISSP Credentialing BoardUK

Urs Fischer, CISA, CRISC, CIA, CPA (Swiss) CRISC Certification CommitteeSwitzerland

Jack A. Jones, CISA, CISM, CRISC, CISSP CRISC Test Enhancement SubcommitteeUSA

Michael A. Berardi Jr., CISA, CGEIT, CRISC Education and Dissemination CommitteeUSA

Raymond J. Butler, CISA, FIRM, CertIGEuroCACS Conference Task ForceUK

Peter Thompson, CISA, CRISCEuroCACS Conference Task ForceUK

Robert C. Newbould, FCAEuroCACS Partnering Chapter Task ForceUK

Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC, CISSPEuro ISRM Conference Task ForceUSA

Georges Ataya, CISA, CISM, CGEIT, CRISC, CISSPExternal Advocacy CommitteeBelgium

Jeff Spivey, CRISCExternal Advocacy CommitteeUSA

Gregory T. Grocholski, CISAFinance CommitteeUSA

Patrick Stachtchenko, CISA, CGEIT, CAFramework CommitteeFrance

John A. Kuyers, CISA, CPAGovernance Advisory CouncilUSA

Andrew J. MacLeod, CISA, CP, CIA, FCPA, MACSGovernment and Regulatory Advocacy CommitteeAustralia

Masatoshi Kajimoto, CISA, CRISCGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 1Japan

Jorge Garibay Orozco, CISA, CRISC, CISSPGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 2Mexico

Sarbjit S. Sembhi, CISSP-ISSAP, GCIHGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 3UK

Christopher P. Buse, CISA, CPA, CISSP Government and Regulatory Advocacy (GRA) Regional Subcommittee Region 4USA

Scott David Waters, CISA Government and Regulatory Advocacy (GRA) Regional Subcommittee Region 5Australia

Phil James Lageschulte, CGEIT, CPA Guidance and Practices CommitteeUSA

Niraj K. Kapasi, CISA, FCAIndia Growth Initiative Task ForceIndia

Howard Nicholson, CISA, CGEIT, CRISCISO Liaison SubcommitteeAustralia

Marc Vael, CISA, CISM, CGEIT, CISSPKnowledge BoardBelgium

Jon W. Singleton, CISA, FCAKnowledge Management Task ForceCanada

Mario Urena, CISA, CISM, CGEITLatin America CACS Conference Task ForceMexico

Carlos Villamizar, CISA, CISM, CGEIT, CRISCLatin America CACS Conference Task ForceColombia

Miguel Colon Pacheco, CISA, CISM, CRISC, CBMLatin America CACS Partnering Chapter Task ForcePuerto Rico

Jo Stewart-Rattray, CISA, CISM, CGEIT, CSEPSLeadership Development CommitteeAustralia

Carmen Hawkins, CRISC, FCPA, CIA, FIIA (Aust)Membership Growth and Retention CommitteeAustralia

Harshul Joshi, CISA, CISM, CGEIT, CISSP, CCSENorth America CACS Conference Task ForceUSA

Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC, CISSNorth America ISRM Conference Task ForceUSA

James P. Hurley, CISSP North America IT GRC Conference Task ForceUSA

Michael P. Bilger, CGEITProfessional Influence/Advocacy CommitteeUSA

John Ho Chi, CISA, CISM, CFE, CBCP Professional Standards CommitteeSingapore

Horst Karin, CISA, CRISC, CISSP, ITIL, SAPPublications SubcommitteeCanada

Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIARelations BoardAustralia

Everett C. Johnson Jr., CPAStrategic Advisory CouncilUSA

Donna Hutcheson, CISAStudent and Academic SubcommitteeUSA

Michael E. Juergens, CISA, CGEIT, CRISCWorld Congress Program Committee Task ForceUSA

Robert E. Stroud, CGEIT, CRISCWorld Congress Program Committee Task ForceUSA

Isabelita Litonjua Ojeda, CISA, CISM, CRISCYoung Professionals SubcommitteePhilippines

AsiaBahrain

Dhaka, Bangladesh

China Hong Kong

Bangalore, India

Cochin, India

Coimbatore, India

Hyderabad, India

Kolkata, India

Chennai, India

Mumbai, India

New Delhi, India

Pune, India

Vijayawada, India

Indonesia

Nagoya, Japan

Osaka, Japan

Tokyo, Japan

Korea

Lebanon

Macao

Malaysia

Muscat, Oman

Karachi, Pakistan

Lahore, Pakistan

Manila, Philippines

Jeddah, Saudi Arabia

Riyadh, Saudi Arabia

Singapore

Sri Lanka

Taiwan

Bangkok, Thailand

UAE

Central and South AmericaBuenos Aires, Argentina

Mendoza, Argentina

La Paz, Bolivia

Brasilia, Brazil

Rio de Janeiro, Brazil

Sao Paulo, Brazil

Santiago, Chile

Bogota, Colombia

San Jose, Costa Rica

Quito, Ecuador

Guatemala City, Guatemala

Guadalajara, Mexico

Merida, Yucatan, Mexico

Mexico City, Mexico

Monterrey, Mexico

Panama

Asuncion, Paraguay

Lima, Peru

Puerto Rico

Montevideo, Uruguay

Venezuela

Europe/AfricaAustria

Belgium

Sofia, Bulgaria

Croatia

Cyprus

Czech Republic

Denmark

Estonia

Finland

France (Paris)

Germany

Accra, Ghana

Athens, Greece

Budapest, Hungary

Ireland

Tel-Aviv, Israel

Milan, Italy

Rome, Italy

Venice, Italy

Kenya

Latvia

Lithuania

Luxembourg

Malta

Mauritius

Netherlands

Abuja, Nigeria

Lagos, Nigeria

Norway

Warsaw, Poland

Lisbon, Portugal

Moscow, Russia

Romania

Slovenia

Slovak Republic

South Africa

Barcelona, Spain

Madrid, Spain

Valencia, Spain

Sweden

Switzerland

Tanzania

Ankara, Turkey

Istanbul, Turkey

Kampala, Uganda

Kyiv, Ukraine

London, UK

Central UK

Northern England, UK

Scotland, UK

Winchester, UK

North AmericaCanadaCalgary, AB

Edmonton, AB

Vancouver, BC

Victoria, BC

Winnipeg, MB

Atlantic Provinces

Ottawa Valley, ON

Toronto, ON

Montreal, PQ

Quebec City, PQ

IslandsBermuda

Trinidad & Tobago

Midwestern United StatesCentral Indiana

(Indianapolis)

Chicago, IL

Illini (Springfield, IL)

Illowa (Illinois and Iowa)

Iowa (Des Moines)

Kentuckiana (Louisville, KY)

Detroit, MI

Western Michigan

Minnesota

Omaha, NE

Central Ohio (Columbus)

Greater Cincinnati, OH

Northeast Ohio (Cleveland)

Northwest Ohio

Kettle Moraine, WI

(Milwaukee)

Northeastern United StatesGreater Hartford, CT

Central Maryland

(Baltimore)

New England

New Jersey

Central New York

(Syracuse)

Hudson Valley, NY

(Albany)

New York Metropolitan

Western New York

(Buffalo/Rochester)

Harrisburg, PA

Philadelphia, PA

Pittsburgh, PA

Rhode Island

National Capital Area, DC

Southeastern United StatesBirmingham, AL

Central Florida (Orlando)

Jacksonville, FL

South Florida

Tallahassee, FL

West Florida (Tampa)

Atlanta, GA

Charlotte, NC

Research Triangle (Raleigh, NC)

South Carolina Midlands (Columbia, SC)

Memphis, TN

Middle Tennessee (Nashville)

Virginia

Southwestern United StatesCentral Arkansas

(Little Rock)

Denver, CO

Baton Rouge, LA

Greater New Orleans, LA

Greater Kansas City, MO

Springfield, MO

St. Louis, MO

New Mexico (Albuquerque)

Central Oklahoma (Oklahoma City)

Tulsa, OK

Austin, TX

Greater Houston Area, TX

North Texas (Dallas)

San Antonio/So. Texas

Western United StatesAnchorage, AK

Phoenix, AZ

Los Angeles, CA

Orange County, CA (Anaheim)

Sacramento, CA

San Francisco, CA

San Diego, CA

Silicon Valley, CA (Sunnyvale)

Hawaii (Honolulu)

Boise, ID

Las Vegas, NV

Willamette Valley, OR (Portland)

Utah (Salt Lake City)

Mt. Rainier, WA (Olympia)

Puget Sound, WA (Seattle)

OceaniaAdelaide, Australia

Brisbane, Australia

Canberra, Australia

Melbourne, Australia

Perth, Australia

Sydney, Australia

Auckland, New Zealand

Wellington, New Zealand

Papua New Guinea

Chapters in FormationAhmadabad, India

Jaipur, India

Fukuoka City, Japan

Amman, Jordan

Almaty, Kazakhstan

Kuwait City, Kuwait

Islamabad, Pakistan

Doha, Qatar

Rosario, Argentina

Belo Horizonte, Brazil

Santo Domingo, Dominican Republic

Tegucigalpa, Honduras

Yerevan, Armenia

Katowice, Poland

Gijon, Spain

Gaborone, Botswana

Cairo, Egypt

Abidjan, Ivory Coast

Casablanca, Morocco

Ibadan, Nigeria

Tunis, Tunisia

Lusaka, Zambia

Harare, Zimbabwe

Huntsville, Alabama, USA

Chattanooga, Tennessee, USA

19

Chapters

Members

PlatinumSusan M. CaldwellCharles CribaroRobert FrelingerJohn KuyersJohn Lainhart*Lynn LawtonAkira MatsuoNeville RademeyerRonald RibaRobert RousseyRonald SaullJane SeagoBrian SelbyShiina KiyoshiPatrick StachtchenkoKenneth Vander Wal

GoldAllan BoardmanRon HaleEverett JohnsonEmiko KuriharaThomas LammDiane NelsonRobert Parker*Manny SinghSean StringerArchie Watt

SilverAbdul Hamid AbdullahAnjay AgarwalMustafa Mohammed AlHinaiWayne Dennis AllumsJim ArnoldScott ArtmanDayo Elliot BabatundeMark BaggesenGarry BarnesDouglas BencomoPeter BorakJoseph BrownRaymond CatoeRichard ChiaRodney Owain DaviesHelene DemoulinDeb DietzShannon DonahuePeter Mate ErdosiConcepcion FerminChristopher Jason FlynnJustin FolkersNorihisa FujitaJulia FullertonTabitha GalloLuis Enrique Garcia de ParedesEduardo Garcia MartinezJohn GarrettAshok GhoshArvind Shivram GodboleJen HajigeorgiouJames Griffith HarriesMarkus HeinenJason IngallsDavid Taiwo IsiavweShankar IyerGuy JordanVincent KaabungaMasato KagotaniIftikhar Fazlehussain KathawalaTina KayPatrick Michael KilleenOguz Yetkin KocabasChi Choi KuokChandrasekar Lakshmi VarahanPatricia Liechty LayfieldRoberto Lopez EscaleraStacy Mantzaris

Bryan McAteeRobert McfarlandCraig Allan Miller, Sr.Karolyn Anne MillerStephen MinderCharlie Fortich MorazaGilbert Nanema, Jr.Francis NemiaVan Quang NguyenGertjan NickolsonAnthony NobleStephen NorkunasXenia Ley ParkerSean PascoeParag Prabhakar PatkiHugh Henning Penri-WilliamsMartin Perez SanchezAndre PitkowskiDaniel Fernando RamosKim RiesPatrick RozarioAlexander SamarinJose SaucedoHiroharu SawadaKoichi SawamuraToshio ShishidoJon SingletonRoger SouthgateConrad StantonVaclav StverkaRamnathan SubramanianKengo SuzukiChing Kwong SzeTeo Choon MengVijay ThillainathanLon Campbell Thomas, Jr.Terry TrsarMarc VaelVatsaraman VenkatakrishnanPrafull VermaDeborah VohasekJames Muresia WafulaKaryn WallerPaul Chung-Wei WangPeter WersinJames Wiechers

DonorChairuddin IntangZoran AbrahamAnnabelle AbuegShawn AckerAdedayo Adeyinka AdekoyaOlujimi AdekoyaIdowu-thomas AdewumiJayson AgagnierJuan Francisco AguirreFolorunso Ayoola AgunbiadeAsaf Zaki AhmadAzubike Edward AhubelemClement Chris AkpanobongThierry AlexandreFaisal Al-HomodiMaher Al-KhazrajyEnrique Alonso De LeonWael H. Al-RasheedAli Fathi Al-Sheikh AhmedAbdulaziz Ebrahim Husain Al-TerkiHoracio Eduardo Antonelli

MattersonRoberto ApollonioDavid ApplebaumEmma ArakelyanJohn Bosco ArendsHenri ArendsenRussel ArnettMarina AshberyOmar AtabaniAubin Kashoba Kalasa NyanzaJames Edward AveryWilfredo Ayala-Maldonado

Mohammed Bachiri, Sr.Ajay BahriAzamodeen BakshVicken BalianHamza Moosa BaqerCheryl A. BarkerSylvain BaroneMarcos BarradasWayne BarrettRobert BartonAugustono BasukiPeter John BeltonPaul BerkebileGlauco BertocchiSuresh BhattUwe BischoffRudolphus BodewesKhaled BohsaliCharan Kumar BommireddipalliDavid Alan BonewellOscar BouGlen BoyerStephen Patrick BoyleManfred BrabecIan BradbrookKeith Jerome Braddock, Jr.Diana BradshawWayne BrissonPeter BroadWilliam Carl BrownChester ButkiewiczMark Alexander ButzkeChris John ByrneFernando CalvilloCynthia CannadayMario CarbajalJorge CarballeiraMarco CarvajalPaul CaseyCarlos CazorlaWalter Matthew Cekala, Sr.Evan ChanVictor Sze-Tin ChanPing Kei Teric ChanAdrian Wee Phoy ChanSteve ChazanLi-Feng ChenAnthony Charles ChestnutJames CheyneDeepinder Singh ChhabraEmmanuel ChigbuColin ChildesDouglas ChildesSubbarao ChitturiRajeev Ramchand ChughThomas ClarkRobert ClarkeJose Miguel Collantes BellidoMark ConnellyFrancois CorminboeufFederico CorradiCorum P.J.Manuela CostescuBrian CoutanchePaul CoxMihai CristalovJames William CrooksMaria Sabrina Rivera CruzGordon CurtisBernard CzajaEmmanuel Kwesi DadzieKarl DahlbergKareen DaleyMark D'AndreaSabyasachi DashWilliam DavidsonUmberto DeLucillaJohn Bernard DempseyRichard Micheal DennyMarc DessagneSydney Morgan Diamond

Eloisa Diaz-InsuaLawrence DillonXinhao DingJose Luis DinizUdaya Kumar DintyalaRuedi DoebeliRichard Donahue, Sr.Raymond Lourens Du PlessisSalih Ali DurulSusumu EdaDavid Ronald EkinsFaical El BelghamiRobert EllestadSean EllisSaifeldeen Nazlawi

Mohammed El-ShaikhEduard EmdeKiyoshi EndohViviane EngelJohn EnglishMary ErlangerAndre ErtlCesar Vengco EstebanTomoyasu Eto Joseph EwegbejeDieter FabritiusRichard FernezGavin Bryan FerreiroCherrie Mae Arciaga

Ferreria ChiomentoUwe FiedlerLuis Figueroa, Jr.Guy FilomenaDavid FindlingMicha FischerKenneth Glenn FitzpatrickFrancesc Flores GonzalezGregory FouquetMichael John Ernest FrederickDan FrenchTodd FriedmanYoshio FukasawaPamela Susan FuscoAndre GagnonRamses GallegoFredrik GaltungWilhelmus GeijtenbeekJohn Generelli, Jr.Rebecca Jo GentryYalcin GerekWilliam GessnerBen GillettAnthony John GilliHubert Darnell GloverJulio GolcherShaun GolledgeVictor GolubevJason GonzalesAjit Vasant GoreLudo GoubertJuan Carlos GraciaRoger Scott GreenwellPetr GreslGerd Karl GrimbergerGerald Walter GrindlerLouis Anthony GrippoStefan GrossKlaus-Peter GrosserPeter R. GuentertRene Humberto

Guerrero LojanoJose GumbauRuchi GuptaMaria Del Carmen GutierrezJoseph HachemDaniel HadawayBarry HaggeDan HaleyRami HamadehLars HansenYonosuke Harada

Jason HarrellAnita HarrisNicholas HartMichael HartiganFerdinand Quinten HartmanAris Budiman HartonoGlenn-Edward Willem HarwoodRawle HasmataliBassam Farid HassanRobert Bob HawkMasahiko Hayakawa Christoph HellwigMarinus HendriksenJohan HermansErnest David HernandezAngela HlavkaWilliam Michael HoffmanGail HoggTomoe HoshiAdrian HoweMiroslav HrubyDonna HutchesonSermet Sancer IlgazFlorin InteJose IsebiaTakashi IshijimaHiromichi IwakiriLakshminarayanan IyengarPer Wal Jacobsen, Sr.Barbara JamesSteven JanssenMichael JimenezAnne-Marie JoannetteThomas JoergerAllen Andrew JonesJaison JoseJosekutty Joseph

KaniyamparambilAnil Madhav JoshiCarlos JustinianoGhassan KabbaraWilliam Lynn KalaharKanaka-Rao KalimikondaSamuel Gachie KamitiNiraj KapasiJacqueline KapresSpiros KarasavvidisArun Dwarkaprasad KarwaRavi Shankar

Balakrishnan KavaseriKawawaki TomohideRich KeeseckerAsad Zaman KhanRabia Khanfir, Sr.Rickey KiddTim KippsYoshihiro KitsutakaMarilynn Elizabeth KlubekAart KnoopHiroki KomatsubaraGregory Gerard KovalRodger KraftDenis KraussWayne Carvel KreiselHarry Arthur KrimkowitzUnni KrishnanRaymond KrygsmanAjay KumbleVladimir KuznetsovPierre KwakuStefan LaagerLabelle LouisDmitry LakomkinJenny LamRichard LarsonTak Wa LauDavid LauLee Frederick LaubachGeorge Edward Lawless, IIIColm Noel LawlorChienchung Lee

Contributors

20 *Denotes Wasserman Award winner

James LeeJason LeeFrank LeefJean-Marc Alexandre LegrandKenneth LeisslerPeter LeitchAndreas LeitzbachLuis Diego LeonSok Man LeongChristopher LettermanBorut LikarAlbert LimaNeil LindholmRobert LluisOliver Anthony LohriGregory John LotzeHermenegildo Franco LuhetaDwight Cooper LupardusHelen Woon-Yee MaGeorge Kenneth MadzyRuka MakinoRohit MalhotraPaul Jay MalyszVeronica ManchoJagannadha Rao ManguCharles-Robert ManterfieldMassimo Vito Angelo ManzariFabiana Leticia MargesRegina MarrowDavid MartinezSergey MartinovIsaac MastEiichi MatsubaraKay MatsumotoRobin Charles MattadeenAdrian MayersJohn MayorStephen John McCallumJacqueline McCaulleyMichael MccrainMicky Lee McCullochJoseph McginleyJoel Andrew McLeanSean McPolandPavit MekmokDouglas MelvilleAlfonso MendezJorge Merida MunozMichael MeyerThomas Miller, Jr.Young-Nam MinThomas MitchellMasami MitsuboriKouichi MitsuiHideo MiuraTokujiro MizutaniTomomi MizutaniThomas Mockbee, IIIWillem Ewoud ModdermanAnup ModyZoltan MohosJohn Paul MolinaFabiano MonachesiGeorge Benjamin MontgomeryAnita MooreArmanda MooreYuji MoritaMichelle Ann MorrisMounir MostafaAdel Ilyas MoubarakAdamu Musa MsheliaHeloisa Helena MullerSundareswaran MuralGary MurphyShawn Patrick MurrayRobert John MuscatNatarajan NagarajanPraveen NairSudeep NairChandramohan Narayan

Tomas NegronPhilip Bartolo NestelChung Hin Harry NgaiEsperant Mbuli NgongoPatricia Warden NieblingTeddy NielsenKittikarn NitiwanakunHazel NyathiYoung Seok OckAlexander OesterleAndrew OkadaBayo OladeleAbiodun Olurotimi OladimejiAlbert OlafssonTaiwo OlalereDerek John OliverChanroutie Omadath-HeetaiBoasiako Omane-AntwiJohn OttNoureddine OudghiriMarie-Grace PagdangananSumit PalMassimo PandolfiJohn PaoDavid PaolantonioEvangelos PapaefthymiouHugh ParkesMichael ParkinsonHetal Manilal PatelSusanna PauJose Maria PedroManuel Lucas PelaezJorge Eduardo PerezAntonio PerrottaViorel Petre PetrovTheodore Kassor PhelpsKirsten PielstromAlan J. PilgrimSergio PiñonWallace C. PittAlida Polanco OlguinHorace H.C. PoonIfeoluwa Tobi PopoolaRoberto Porras LeonMarlene PortalatinAndreas PostlMarjan PotocnikSigit PramadiDesikan Venkatesh PrasadKeith Douglas PriceWagner Roberto PuglieseRajesh Kantesh PurohitVimal P. PurohitGraham QuiggKishor RabiStanley J. RaeRamkumar RamachandranBrad RamburFrancisco Vicente Ramon-MiraVenkataraman RanganathanSree Krishna RaoParesh RathodShashi RawatPaolo Razza, Sr.Sam ReddenDavid George ReinholdGerardo RenzettiColette RevanSalomon RicoJack RiegelTimothy James RiffelJulius Milton RilesDennis Ray RisingerDavid RobertsJohn RodenbikerIker RodriguezLuis Fernando Rodriguez MunozRoy Smith RossmanAngelo RoussosCristina RuizJodie Maree Ryan

Vijayakumar S.R.Noam SaboStella Alexandra SalasBlase Salvatore, IIMilton Eric SambolinMohammad SamiSylma SanchezZacarias SanchezKadathur Bikshandeswaran

SankaranAnthony SaranchakTaishi SasaharaDonald Sauer, Jr.Mikhail Georgiev SaykovMartin SchlaeppiJoshua James SchmidtVolker SchorattiHorst SchweitzerRobert SchwindChristodoulos SeferisLakshminarayanan

Ramaswamy SekharipuramAbdulGhaffar

Mohammad SetarehYen ShanMakoto ShibataMinoru ShibuyaBrent ShirleyWilliam ShorrockSudhakar SiddegowdaPablo Silberfich, Sr.Michael Hugh, Piers SimDavid SimpsonThomas SinnottEdward Joseph SlusarskiPeter SmithsonDavid SnyderFolarin SogekeNaoto SomaInSu SongJayant SonsurkarIbrahima SowThomas Heaton SpittersJeff SpiveySrikanth SreedharanSwastic SrihariIvan StanchinJaroslaw StawianyGreer William P Stevenson, Sr.LeRoy StewartRichard George A. Stohner, IIIHans Manfred StraussLarry Stuart, Jr.Julius Olugbenga SubuloyeKatsutoshi SugiyamaDudung Suryana, Sr.Hartono Ari SusetyoSteffen SutterSajid SyedJussubo Nuno TaiboDaniel TalbotKim Hwee TanHideyuki TanakaAmeliana Tanjaya TanujayaKeith Edward TayloePeter Francis TaylorKenneth TaylorTazaki TeruoDaniel TeijidoJeri Teller-KanzlerHiroshi TeraiMladen TerceljDavid Terpening, Jr.Ajit ThankappanTina ThompsonMargaret ThornKerry ThorneHermann Tischendorf, IIITompkins Scott R.Javier TornerLisa Toro

Daniella TrainoDuyen Nha TranMamadou Sidiki TraoreJames Denis TreacyEduardo Ng TsangHanson TsuiSergey TsvetukhinDeborah TuckerGiancarlo TuratiMartin UnterbergerMarcel van DijkPaul van DomburgKaren Serena Van HorneBartholomeus

van Lodensteijn, Jr.Steve VanArsdaleEnrique Vasquez GranadosM.L. VenkataramanChris VerdonckMajor Sylvain ViauJanis VilimsJason Edward James ViolaManuel Jose ViscasillasRobert VitaliJon VoiculescuNebo VujnovicWakim Julian AndrewEric WalkerHoyt Warren, Jr.Marc WeberIan Lawrence WebsterEsper Boutros WehbeWinston Washington WeirRobert Philip WhiteRolston WiltshireDavid Wan Ying WongAndrew Yeun Fai WongShou-Hsin Mark WuJens WudickTakumi YabukiYukihiro YanagiLi-Jen Lyaw YangSarkis Aram YaralianAkira YazakiSomagarn YordmaneeYu HongKam YuenMichael Wai-Kee YungTeresa Zarza CaballeroStacey Edward ZeiglerPeter ZielkeRoman ZillekGuenter Zimmek

Chapters

PlatinumLondon Chapter National Capital Area Chapter New England Chapter

GoldBirmingham Chapter Charlotte Chapter Chicago Chapter Detroit ChapterHouston ChapterKansas City ChapterLos Angeles ChapterNew Jersey ChapterNew York Metropolitan ChapterNorth Texas ChapterSacramento Chapter

SilverAtlantic Provinces ChapterAustin ChapterCentral Maryland ChapterChina Hong Kong ChapterCincinnati ChapterDenver Chapter

Greater Hartford ChapterQuebec City ChapterSan Francisco ChapterSao Paulo ChapterSouth Carolina Midlands ChapterTulsa Chapter

DonorOttawa Valley ChapterRhode Island ChapterSingapore ChapterVancouver ChapterVirginia Chapter

Corporate Donors and Sponsors

ASIS International Rapid7Dell Secure WorksCitrixIntel/McAfeeCo3 SystemsCourion CorporationDeloitteErnst & YoungGRC SolutionsRegis UniversityHewlett-Packard Jefferson WellsMicrosoftOracle CorporationLewis UniversityProject RX ProtivitiQualysSOAProjectsSymantec TruArxIBM Corporacion Sidif Del CaribeVanguard Integrity

Professionals Inc.

Affiliates

Information Security ForumInstitute of Management

Accountants Inc. ISACA chapters ITGI FranceITGI JapanNorwich UniversityOpen Compliance and

Ethics Group Socitum Performance

Management GroupSolvay Brussels School of

Economics and ManagementStrategic Technology

Management Institute of the National University of Singapore

University of Antwerp Management School

21

3701 Algonquin Road, Suite 1010

Rolling Meadows, IL 60008 USA

ISACA Phone: +1.847.253.1545

ITGI Phone: +1.847.660.5700

Fax: +1.847.253.1443

info@isaca.org

info@itgi.org

www.isaca.org

www.itgi.org

History of ISACA and ITGI

ISACA’s journey began nearly 46 years ago, in 1967, when a small, but visionary, group of

professionals realized that their work auditing controls for computer systems was

becoming increasingly vital to the overall operational success of their enterprises. Together

they discussed the benefits of developing a centralized source of information and guidance

for their growing field. In 1969, the group formalized and incorporated as the EDP Auditors

Association (EDPAA). The organization’s name was changed to Information Systems Audit

and Control Association (ISACA) in 1994. ISACA now goes by its acronym only, to reflect

the broad range of professionals it serves.

Now, with 100,000 members in 182 countries, ISACA is a leading global provider of

knowledge, certifications, community, advocacy and education on information systems (IS)

assurance and security, enterprise governance and management of IT, and IT-related risk

and compliance. The nonprofit, independent ISACA hosts international conferences,

publishes the ISACA® Journal, and develops international IS auditing and control

standards, which help its constituents ensure trust in, and value from, information systems.

It also advances and attests IT skills and knowledge through the globally respected

Certified Information Systems Auditor® (CISA®), Certified Information Security Manager®

(CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and

Information Systems Control™ (CRISC™) designations.

ISACA continually updates and expands the practical guidance and product family based

on the COBIT framework. This helps IT professionals and enterprise leaders fulfill their IT

governance and management responsibilities, particularly in the areas of assurance,

security, risk and control, and deliver value to the business.

Affiliated with ISACA, the IT Governance Institute (ITGI) was created in 1998 as a nonprofit,

independent research entity that provides guidance for the global business community on

issues related to the enterprise governance of IT assets.

In the years since their inception, ISACA and ITGI have been drivers of extensive

innovation and as a result, have become pace-setting global organizations for IT

governance, security, control and assurance professionals.