2011 annual report - isaca
TRANSCRIPT
Information truly has become the currency of the 21st century. New global demands, stringent regulations and risk
scenarios arise every day. Managing risk and maximizing the value of information—supported by technology—
can drive incredible success, but at the same time these activities can generate challenging governance and
management issues throughout all enterprises.
This is what brings many of us together in the ISACA® community. While we are all involved with radically different
enterprises built on unique cultures, goals, business models, industries, locations and sizes, we also experience
many similar problems and achievements. By sharing our knowledge and experiences through many of ISACA’s forums, research,
events and publications, we all contribute to this vast global bank of guidance and good practices.
ISACA’s greatest asset is its vast and varied membership of approximately 100,000 individuals. Together, members and volunteers
with unique perspectives and ideas help support ISACA’s mission in its three focus areas: credentialing, knowledge and relations. In
2011, ISACA accomplished a great deal in these areas. Highlights for the year include the Certified in Risk and Information Systems
Control (CRISC) certification program, which grandfathered more than 15,000 professionals; the three-part COBIT® Assessment
Programme; the COBIT® 5 exposure draft (final version—second quarter of 2012); and completed memoranda of understanding with
prestigious organizations.
Throughout 2011, we saw again and again that our tagline—trust in, and value from, information systems—hits the mark on what we
do and how members and their enterprises benefit from our offerings. Effective enterprises everywhere use knowledge to customize
ways of building trust and generating value to strengthen their core. ISACA is the conduit for this knowledge.
The Latin motto on the coat of arms of the Union of South Africa is Ex Unitate Vires, which touts the unique correlation and
interdependence between unity and strength. For ISACA, the unity of our members, constituents, chapters and all of our enterprises
worldwide is our strength. Please read through the pages of this 2011 annual report and learn how the combined effort of so many
dedicated people has created a diverse, but united, body of work.
Ken Vander Wal, CISA, CPA
International President 2011-2012
ISACA and the IT Governance Institute
President’s Message
ISACA Knowledge Center: www.isaca.org/knowledge-center
Twitter: https://twitter.com/ISACANews
LinkedIn: http://linkd.in/ISACAOfficial
Facebook: www.facebook.com/ISACAHQ
Table of Contents
2011 Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
2011 Year at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
ISACA and IT Governance Institute (ITGI)
Combined Financial Statements . . . . . . . . . . . . . . . . . . . . . . . . .7
Report of Independent Certified Public Accountants . . . . . . . . . . . .8
Audit Committee Chair’s Letter . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Management Report on Responsibility for Financial Reporting . . .16
ISACA Board of Directors/ITGI Board of Trustees . . . . . . . . . . . . .17
Letter From the International President and the CEO . . . . . . . . . .17
Board, Committee, Subcommittee and Task Force Chairs . . . . . .18
Chapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
11
MembershipIncreasing responsiveness to member needs and the number of
member touch-point communications yielded the highest
retention rate in 10 years—81 percent in 2011. Growth and
retention initiatives also included the following:
n The eLibrary continued growing, providing members with free
access to a collection of almost all ISACA books, plus more
than 425 third-party books.
n The Career Centre assisted members in job transition during
the challenging global economy. Several new features
facilitated a job-seeker’s presentation to a potential employer.
n 2011 member cards listed, for the first time, the Bronze, Silver,
Gold or Platinum level, recognizing and appreciating long-term
members.
n As a companion to video testimonials on member benefits
released early in the year, a video tutorial for members was
developed. It engaged members in greater interaction on the
ISACA web site by showing them how to navigate and
customize the MyISACA area.
n To expand ISACA’s reach into academia, the qualifications for
Academic Advocates—faculty members who receive
complimentary membership in exchange for using ISACA
resources in the classroom—were revised in line with the
changing educational environment. To help increase the
number of student members, Academic Advocates assisted in
rolling out the pilot Student Representative Grow an ISACA
Network Program, in which students helped recruit their
peers as members.
Many Voices, One Goal ISACA® and IT Governance Institute® I 2011 Report
It is no secret that time does not stand still. As much as it is important to respect the tried,
true and familiar way of doing things, the fact is that we must also proactively assess our
environment and embrace change when appropriate.
During 2011, ISACA reviewed the strategy that we adopted three years earlier. This analysis
encompassed a longer-term view—a 10-year horizon, compared to the three- to five-year window
addressed in 2009. It reinforced our view that the vision identified as part of the previous strategy,
which focused on trust and value in information systems, is as important as ever. Trust and value
are at the core of what our constituents provide to enterprises around the world, and continue to
be critical concepts that bridge all cultures and all languages.
A strategic aspirational view was outlined to guide ISACA’s activities through 2022. It builds on
ISACA’s mission and calls for the pursuit of new opportunities to expand on the value provided to
constituents. All of the supporting initiatives extend ISACA’s global leadership position in educating
and informing individuals and enterprises on the governance and management of information and
information systems. The ISACA/ITGI® Board of Directors/Trustees approved the strategic
aspiration in November 2011. Some of the initiatives began to be addressed immediately,
alongside planning for other activities. Others will be
addressed at various stages during the 10-year
horizon, as ISACA charts its course forward.
Throughout 2011, ISACA undertook a variety of
activities to provide additional benefits and further
serve members and constituents in line with our
goals and strategy.
ISACA MissionFor professionals and organizations, to be the leadingglobal provider of knowledge, certifications,community, advocacy and education on informationsystems assurance and security, enterprisegovernance and management of IT, and IT-related riskand compliance.
ISACA VisionTrust in, and value from, information systems
In May 2011, ISACA held a Global Leadership Conference to support
chapter leaders. More than 240 attended from 166 chapters. ISACA
also held five other chapter leader events, which fostered leadership
development and peer-to-peer learning, in addition to keeping chapter
leaders informed of developments at ISACA international headquarters.
ISACA implemented a redesigned chapter balanced scorecard through
which chapters can maintain their alignment with the strategy of ISACA
international headquarters on an ongoing basis. In addition, a new
chapter formation process was designed to assist the creation of
chapters that are strong, diverse and vibrant in their communities.
CertificationEach of ISACA’s four certifications addresses a different career
direction. Many professionals earn more than one certification to
broaden their scope and help ensure that their career progression is in
line with their goals. According to a report from independent IT
research firm Foote Partners LLC, ISACA’s certifications are earning
top pay premiums. The firm’s research report IT Skills and Certification
Pay Index™ found that the CISA and CISM designations earn some of
the highest pay premiums among the 53 information security
certifications surveyed. The CGEIT credential also earns an above-
average premium.
The type of work that certification holders tend to perform helps clarify
the differences among ISACA’s certifications.
n Certified Information Systems Auditor® (CISA®) certification indicates
that the professional can provide assurance by conducting audits
and assessments of information systems.
n Certified Information Security Manager® (CISM®) certification
indicates that the professional can oversee, direct and manage
information security activities.
n Certified in the Governance of Enterprise IT® (CGEIT®) certification
indicates that the professional can define, establish, maintain and
manage a framework of governance over enterprise IT.
n Certified in Risk and Information Systems Control™ (CRISC™)
certification indicates that the professional can identify, evaluate and
manage risk through the development, implementation and
maintenance of information systems controls.
CISA: Now in its 33rd year, the CISA designation is established as a
leading, globally accepted standard of achievement among information
systems (IS) audit, control and security professionals. CISA reached a
milestone in 2011 when the 90,000th CISA certification was earned.
CISA has received continued accreditation under the International
Organization for Standardization (ISO) standard ANSI/ISO/IEC 17024
from the American National Standards Institute (ANSI).
CISM: Commemorating its ninth year, the CISM designation has
become a highly sought-after credential in the field of information
security.
2
ISACA completed a new CISM job practice in 2011, and the first exam
with the new job practice will be administered in 2012. CISM was
selected as a finalist in the SC Magazine Awards for exemplary
professional leadership in information security. The designation also
was acknowledged in the Professional Award category for Best
Professional Certification Program.
CISM has received continued accreditation under the ISO standard
ANSI/ISO/IEC 17024 from ANSI.
CGEIT: In the four years since its introduction, the CGEIT designation
has helped professionals receive recognition for their skills in advisory
and/or assurance services related to the governance and management
of an enterprise’s information and technology.
CGEIT has received continued accreditation under the ISO standard
ANSI/ISO/IEC 17024 from ANSI.
CRISC: In high demand since its inception, the CRISC certification
recognizes professionals for their knowledge of enterprise risk and
their ability to design, implement, monitor and maintain information
systems controls to mitigate such risk. The first CRISC exam was
held in June 2011.
“Given today’s global workingenvironment, ISACA’s free, onlinecontinuing education options arevery valuable to me and provide aflexible learning environment andalternative for busy professionals.”
Susanna Chiu, CISA, ACA, CICPA, FCPA, Vice President of HK Institute of CertifiedPublic Accountants, Director of Li & Fung Development Limited, China
“ISACA’s certifications maintain a fine balance between businessand technical knowledge. Becoming CISA-certified was a decidingfactor in receiving an early promotion and proved essential during myconsulting career. Becoming a CRISC helped me secure my current
job. There is an expectation that aperson working in the IT securityadvisor role is a CISM, and Iexpect this to become amandate. Becoming CISM-certified will help me retain thiswell-regarded functional role.”
Bob Smart, CISA, CISM, CRISC, Manager, ICT Security, Government of South Australia
3
Conferences, Training and EducationISACA trained more than 3,400 professionals in face-to-face
programs, including conferences, training weeks and onsite programs;
more than 1,000 professionals through ISACA’s eLearning Campus;
and more than 32,000 professionals through virtual programs,
including webinars, e-symposia and virtual conferences.
Conferences were again the destination for many seeking educational
and networking opportunities. The inaugural World Congress:
INSIGHTS event attracted professionals from 30 countries, and the
Computer Audit, Control and Security (CACSSM) conferences,
Information Security and Risk Management (ISRM) conferences, IT
Governance, Risk and Compliance (ITGRC) Conference and Training
Week events delivered practical guidance on hot-button topics.
ISACA also:
n Introduced a webinar series to provide shorter, thought-provoking
educational opportunities at no cost to members. The 12 webinars
held in 2011 attracted more than 9,300 participants.
n Offered six free virtual conferences that attracted more than 9,000
attendees to the live event. This lineup included a virtual conference
targeted to IT professionals in India, which attracted 1,320
registrations.
n Created a training partnership with Deloitte to offer more training
opportunities for members
n Introduced leadership workshops in conjunction with conferences to
help IT professionals who are entering leadership roles
n Created CRISC chapter review training materials to assist chapters
in developing their own CRISC review training
COBITThe COBIT® 5 development team released two COBIT-related
publications as exposure drafts for public comment. After the exposure
period closed, the team evaluated the feedback and worked diligently
to address the observations. The publications were then scheduled to
be published in 2012.
New COBIT-related publications in 2011:
- COBIT® Mapping: Mapping of CMMI for Development V1.2
With COBIT® 4.1
- COBIT® Mapping: Mapping of ISO/IEC 20000 With COBIT® 4.1
- COBIT® Mapping: Overview of International IT Guidance, 3rd Edition
- COBIT® Process Assessment Model (PAM): Using COBIT® 4.1
- COBIT® Assessor Guide: Using COBIT® 4.1
- COBIT® Self-Assessment Guide: Using COBIT® 4.1
Initiatives in progress at year-end:
- COBIT® Controls Collaboration (ISACA Knowledge Center online)
- COBIT® 5
- COBIT® 5: Enabling Processes
- COBIT® 5 Implementation
- COBIT® 5 for Information Security
Published by ISACA and ITGI:
- Global Status Report on the Governance of Enterprise IT
(GEIT)—2011
ResearchISACA developed and released 10 audit programs on topics including
social media, IT tactical management and business continuity
management. Seven white papers were developed, covering topics
such as geolocation, electronic discovery and mobile payments.
In addition, two books were published—Creating a Culture of Security
and IT Control Objectives for Cloud Computing: Controls and
Assurance in the Cloud. ISACA also issued a survey results report titled
Top Business/Technology Issues.
Periodicals ISACA publishes four periodicals, each covering a different aspect of
content important to its readership. Delivered twice a month, the
@ISACA e-newsletter provides members easy and timely access to
ISACA- and industry-related news. It is read regularly by almost
67 percent of members, according to the 2011 ISACA member needs
survey. ExpressLine presents to chapter leaders unique content related
to their roles in the chapter. The quarterly COBIT® Focus e-newsletter
offers COBIT users—and those interested in exploring COBIT—unique
and practical content on real-world experiences with implementing
COBIT.
In addition, @AGlance is a resource for important dates and deadlines
related to education, training, conferences and exams.
“The opportunity to share with other professionals from around theworld at ISACA events increases my real-world knowledge that
can be applied in my everydaywork activities, and helps melearn what other countries aredoing in the IT industry and theguidelines that are beingimplemented globally.”
“COBIT helps us meet ourstrategic and tactical businessgoals and objectives. It alsohelps us bridge silos and showsthe value of taking a holisticview of enterprise IT.”
Bob Frelinger, CGEIT, Program Manager, Oracle Corporation, USA
Osvaldo Lau C., CISA, CRISC, Senior Manager, BDO Consulting, Panama
4
ISACA contributed to a variety of global activities designed to
improve the profession by providing feedback to:
n The Australian Government for its draft exposure Cyber Issues—
Connecting with Confidence
n The International Federation of Accountants/International Auditing
and Accounting Standards Board (IFAC/IAASB) for Assurance
Engagements Other than Audits or Reviews of Historical Financial
Information ISAE 3000
n The IFAC/IAASB for its Strategy and Work Program for 2012-2014
ISACA Web SiteISACA’s web site has grown to be a powerful forum for interactive
communication among the association, its members and other
constituents. Enhancements in 2011 include an improved
Knowledge Center, where participants can engage in discussions
simply by responding to an email message; faster site search
capabilities; and ISACA-branded local web sites for chapters.
FinanceISACA is pleased to report a solid year, as it ended 2011 in a
stronger financial position from the previous year. A very good
member-retention rate, market support for the CRISC certification
and an increased focus on expense control are reflected in the
financial results. In addition, investment in research deliverables
continued and COBIT 5 neared finalization.
However, ISACA’s investment portfolio did not escape the impact of
the financial markets. Although ISACA had an unrealized loss on its
investment portfolio, these investments represent long-term assets
and market recovery is expected to reverse these losses. Even
though the investment portfolio reflected market weakness, solid
operations results covered investment portfolio losses.
Looking forward, management will continue to monitor economic
conditions and their impact on constituents and their operations in
2012. The 2011 audited financial statements for the organization are
presented within this annual report.
“I have benefited from ISACA’snetworking opportunities and the knowledge and expertiseshared by some of the world’sforemost information systemssecurity masters like ISACAJournal authors.”
“ISACA’s Knowledge Center on the web site is my first port of callwhen I am asked to consider a new audit assignment, from SQL
Server, to risk management to IT governance. I would belost without it.”
Ian Cooke, CISA, CGEIT, CFE, CPTS, DipFM, COBIT-F, ITIL-F,IT Audit Manager, Dublin, Ireland
Ehinonmen Philomena Oni, CISA, CRISC, OCA, Head Information Systems (MarketOperations), Power Holding Company of Nigeria Plc (Transmission Sector)
The ISACA® Journal is the association’s flagship publication. Issued six
times per year, it is a peer-reviewed journal that covers technical,
managerial and business topics aimed at enhancing trust in, and value
from, information and information systems. According to the 2011
ISACA member needs survey, 93 percent of ISACA members report
reading at least portions of each issue of the ISACA Journal.
The Journal added an iPhone/iPad app, providing another way to
receive a digital issue in advance of hard copies. By year-end, more
than 10,000 members had downloaded the app.
Quick response (QR) codes were added to the print Journal articles,
giving members easy and quick access to the articles online, where
they can comment on the article and interact with authors and other
members.
Strategic Alliances and AffiliationsISACA believes strongly that there is strength in numbers and
therefore seeks partnerships with other leading organizations. Many
benefits for both partners arise when global organizations join forces,
and plans to expand this robust network of collaboration are
underway.
In 2011, ISACA and ITGI formed varying levels of engagement with
entities including the Committee of Sponsoring Organizations of the
Treadway Commission (COSO), European Network and Information
Security Agency (ENISA), the National Institute of Standards and
Technology (NIST), International Organization for Standardization (ISO)
and the Cloud Security Alliance (CSA).
ISACA also worked with the Skills Framework for the Information Age
(SFIA), The Institute of Internal Auditors (IIA), Association of Certified
Anti-Money Laundering Specialists (ACAMS) and BCS, the Chartered
Institute for IT. In addition, ISACA was involved with the World Lottery
Association (WLA), Cybersecurity Credentials Collaborative (C3),
Institute for Development and Research in Banking Technology
(IDRBT) and the EC-Council. ISACA also participated in affiliations with
HP, IBM, Symantec, Deloitte & Touche LLP and Deloitte Services LP.
5
2011 year at a Glance
Membership and ChaptersMembership at year-end: 103,043, which represents a 5.6% growth from 31 December 2010
New chapters in 2011:Ankara (Turkey) ChapterGuatemala City (Guatemala) ChapterSpringfield (Missouri, USA) ChapterTallahassee (Florida, USA) ChapterVenice (Italy) ChapterWarsaw (Poland) Chapter
Chapters at year-end: 195 in 81 countries
Chapters with membership in excess of 1,000: 27 (20 have membership between 1,000-1,999; five havemembership between 2,000-2,999; two havemembership greater than 3,000)
Certification
Certified Information SystemsAuditor (CISA)Exam registrants (June and December
combined): More than 18,000Languages in which exam was available: 12Locations in which exam was available: 250Certified since inception (1978): More than 90,000
Certified Information Security Manager (CISM)Exam registrants (June and December
combined): More than 4,600Languages in which exam was available: 4Locations in which exam was available: 250Certified since inception (2002): More than 18,000
Certified in the Governance of Enterprise IT (CGEIT)Exam registrants (June and December
combined): More than 1,000Languages in which exam was available: 1Locations in which exam was available: 250Certified since inception (2007): More than 4,900
Certified in Risk and Information Systems Control (CRISC)Exam registrants (June and December
combined): More than 750Languages in which exam was available: 1Locations in which exam was available: 250 Certified since inception (2010): Nearly 16,000
MeMbeRSHIP AT yeAR-end by GeOGRAPHIC AReA
n Indicates a new chapter formed in 2011
n
n
n
n
n
n
Translation Program
ISACA materials translated: 205
Non-English languages into which ISACA materials
were translated: 15
ISACA materials translated: COBIT® 4.1, Risk IT,
certification exams, study materials, ISACA Journal
articles, white papers and more
Academic RelationsAcademic Advocates: 384
Student members: 948
StandardsCode of Professional Ethics revised
ISACA Web SiteUnique visitors: Increased 4.8%
Page views: Increased 24.3%
Average page views: Increased 12.9%
Average time on site: Increased 3.9%
Knowledge Center topic members: More than 8,300
Visits increased 10.3%
Chinese (Simplified): 16Chinese (Traditional): 11Dutch: 11French: 20German: 11Hebrew: 4Italian: 16Japanese: 30Korean: 24Lithuanian: 1Polish: 8Portuguese: 12Slovak: 1Slovenian: 2Spanish: 38
Languages and Number of Items Translated:
Oceania—3,300 (7% growth)
Asia—22,208 (1.1% growth)
Central/South America—4,472(10.9% growth)
Europe/Africa—26,373 (5.2% growth)
North America—46,690(7.5% growth)
2011 year at a Glance continued
6
Conferences and EducationWorld Congress: INSIGHTS 2011 conference site:National Harbor, Maryland, USA
Computer Audit, Control and Security (CACS)conference sites:Asia-Pacific CACSSM—Dubai, UAE EuroCACSSM—Manchester, England, UKLatin America CACSSM—San Juan, Puerto RicoNorth America CACSSM—Las Vegas, Nevada, USAOceania CACSSM—Brisbane, Queensland, Australia
Information Security and Risk ManagementConference sites: Barcelona, Spain; Las Vegas,Nevada, USA; San Juan, Puerto Rico
IT Governance, Risk and Compliance Conference site:Orlando, Florida, USA
Training Week sites: Baltimore, Maryland, USA;Chicago, Illinois, USA; New Orleans, Louisiana, USA;Orlando, Florida, USA; Ottawa, Ontario, Canada;Scottsdale, Arizona, USA; Seattle, Washington, USA
eSymposium events: 11Webinars: 10Virtual conferences: 6COBIT® Foundation certificates awarded: 7,718Accredited COBIT trainers: 76Onsite training days delivered: 40
ISACA 2011 COnFeRenCe LOCATIOnS
n Indicates a 2011 ISACA conference location
n
n
n
n
n
n
n
n
BookstoreBooks added in 2011: 93 titles,including ISACA research projects;CISA, CISM, CGEIT and CRISC studyaids; and books from third-partypublishers (three Chinese Simplified,
71 English, two French, one German, three Italian, sixJapanese and seven Spanish)
Total number of books available: 382
ISACA best sellers:CISA Review Manual 2011CISA Practice Question Database v11 (CD-ROM
and download formats)CISM Review Manual 2011CISA Review Questions, Answers & Explanations
Manual 2011CISM Practice Question Database v11 (CD-ROM and
download formats)*Excluding certification study materials, Security, Auditand Control Features SAP ERP, 3rd Edition, was thetop seller.
ITGI best sellers:COBIT® 4.1 excerptCOBIT® 4.1Board Briefing on IT Governance, 2nd EditionIT Control Objectives for Sarbanes-Oxley: The Role
of IT in the Design and Implementation of Internal Control Over Financial Reporting, 2nd Edition
COBIT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd Edition
Third-party best sellers:How to Complete a Risk Assessment in 5 Days
or LessIT Auditing: Using Controls to Protect Information
Assets, 2nd EditionMobile Application SecurityEnterprise Security for the Executive: Setting the
Tone from the TopA New Auditor’s Guide to Planning, Performing
and Presenting IT Audits
ISACA JournalCirculation at year-end:More than 97,000
Editorial calendar: Volume 1—Virtualization
Security, Challenges and Solutions
Volume 2—Risk Management—What Is Your Capacity?
Volume 3—Data MinersVolume 4—Security in a BoxVolume 5—Governance: Tying Together the
Three Lines of DefenseVolume 6—Emerging and Evolving IT Risk
Intellectual PropertyITGI affiliates: 11 ITGI sponsors: 8 COBIT training material licensees: 119Product licensees: 42
ISACA 2011 TRAInInG WeeK LOCATIOnS
Seattle, Washington
Scottsdale, Arizona
Chicago, Illinois
New Orleans, LouisianaOrlando, Florida
Baltimore, Maryland
Ottawa, Ontario
Interest, dividends, IP use,royalties and other 3%
Contributions andsponsorships 1%
Publications 8%
Education 16%
ISACA and IT Governance InstituteCombined Financial StatementsAll monetary amounts included in the financial statements are in US dollars.
7
2011 Operating Revenues
2011 Operating Expenses
Supporting services and administration 22%
Research 12%
Publications 8%
Education 15%
Membership 20%
Certification 23%
Membership 26%
Certification 46%
ISACA/ITGI Historical Revenues (in millions of US dollars)
45
40
35
30
25
20
15
10
5
2007
2008
2009
2010
2011
8
R E P O R T O F I N D E P E N D E N T C E R T I F I E D P U B L I C A C C O U N T A N T S
Board of Directors
ISACA, Inc.
Board of Trustees
IT Governance Institute, Inc.
We have audited the accompanying combined statements of financial position of ISACA, Inc. and the IT
Governance Institute, Inc. (collectively, the Organization) as of 31 December 2011 and 2010, and the related
combined statements of activities and cash flows for the years then ended. These financial statements are
the responsibility of the Organization’s management. Our responsibility is to express an opinion on these
financial statements based on our audits.
We conducted our audits in accordance with auditing standards generally accepted in the United States of
America as established by the American Institute of Certified Public Accountants. Those standards require
that we plan and perform the audits to obtain reasonable assurance about whether the financial statements
are free of material misstatement. An audit includes consideration of internal control over financial reporting
as a basis for designing audit procedures that are appropriate in the circumstances, but not for the purpose
of expressing an opinion on the effectiveness of the Organization’s internal control over financial reporting.
Accordingly, we express no such opinion. An audit also includes examining, on a test basis, evidence
supporting the amounts and disclosures in the financial statements, assessing the accounting principles
used and significant estimates made by management, as well as evaluating the overall financial statement
presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, the combined financial statements referred to above present fairly, in all material respects, the
combined financial position of ISACA, Inc. and the IT Governance Institute, Inc. as of 31 December 2011
and 2010, and the combined changes in their net assets and their combined cash flows for the years then
ended, in conformity with accounting principles generally accepted in the United States of America.
Chicago, Illinois
5 April 2012
9
A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S
Combined Statements of Financial PositionISACA, Inc. and IT Governance Institute, Inc.
31 December 2011 2010
ASSETS
CURRENT ASSETSCash and cash equivalents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 7,354,756 $ 1,182,706Investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60,619,105 59,782,690Accounts receivable, net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 861,553 942,598Prepaid expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,290,173 1,301,230Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587,493 751,470Other current assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50,617 107,293
Total current assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70,763,697 64,067,987
FIXED ASSETSLeasehold improvements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802,428 772,092Furniture and fixtures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351,026 326,148Office equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182,683 201,496Computer system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4,944,562 4,215,866
6,280,699 5,515,602Less accumulated depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (3,643,768) (3,189,825)
Net fixed assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2,636,931 2,325,777
TOTAL ASSETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $73,400,628 $66,393,764
LIABILITIES AND NET ASSETS
CURRENT LIABILITIES Accounts payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 5,227,945 $ 5,042,492Deferred revenues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10,527,452 9,931,805Other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218,565 204,308
Total current liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15,973,962 15,178,605
NET ASSETSUnrestricted
Board designated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28,678,191 28,185,192Undesignated . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28,696,842 22,927,859
Total unrestricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57,375,033 51,113,051
Temporarily restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10,522 60,997Permanently restricted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41,111 41,111
Total net assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57,426,666 51,215,159
TOTAL LIABILITIES AND NET ASSETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $73,400,628 $66,393,764
The accompanying notes are an integral part of these statements.
10
A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S
Combined Statements of ActivitiesISACA, Inc. and IT Governance Institute, Inc.
OPERATING REVENUESMembership . . . . . . . . . . . . . . $11,890,682 $ - $ - $11,890,682
Certification . . . . . . . . . . . . . . 21,105,666 - - 21,105,666
Education . . . . . . . . . . . . . . . . 7,424,460 - - 7,424,460
Publications . . . . . . . . . . . . . . 3,666,519 - - 3,666,519
Contributions and sponsorships . 173,817 - - 173,817
Interest, dividends, IP use,
royalties and other . . . . . . 1,565,657 9 - 1,565,666
Net assets released from
restrictions . . . . . . . . . . . . 50,484 (50,484) - -
Total operating revenues . . . . . 45,877,285 (50,475) - 45,826,810
OPERATING EXPENSES Program services
Membership . . . . . . . . . . . . . . 7,661,588 - - 7,661,588
Certification . . . . . . . . . . . . . . 8,485,224 - - 8,485,224
Education . . . . . . . . . . . . . . . . 5,802,209 - - 5,802,209
Publications . . . . . . . . . . . . . . 3,041,162 - - 3,041,162
Research . . . . . . . . . . . . . . . . . 4,331,481 - - 4,331,481
Total program services . . . . . . 29,321,664 - - 29,321,664
Supporting services
Board and administrative . . . . 8,489,058 - - 8,489,058
Contributions—Disaster Relief 15,000 - - 15,000
Total supporting services . . . . . 8,504,058 - - 8,504,058
Total operating expenses . . . . . 37,825,722 - - 37,825,722
OTHER GAINS AND LOSSES Net realized and unrealized
gains/(losses) on investments (1,789,581) - - (1,789,581)
CHANGE IN NET ASSETS . . . . . . 6,261,982 (50,475) - 6,211,507
NET ASSETS, beginning of year . . . 51,113,051 60,997 41,111 51,215,159
NET ASSETS, end of year . . . . . . . . $57,375,033 $ 10,522 $ 41,111 $57,426,666
The accompanying notes are an integral part of these statements.
$11,261,989 $ - $ - $11,261,989
17,495,762 - - 17,495,762
6,041,313 - - 6,041,313
3,548,432 - - 3,548,432
130,318 7,000 - 137,318
1,300,058 10 - 1,300,068
7,010 (7,010) - -
39,784,882 - - 39,784,882
7,043,052 - - 7,043,052
8,055,847 - - 8,055,847
5,776,232 - - 5,776,232
2,970,849 - - 2,970,849
4,666,944 - - 4,666,944
28,512,924 - - 28,512,924
6,582,700 - - 6,582,700
- - - -
6,582,700 - - 6,582,700
35,095,624 - - 35,095,624
2,345,596 - - 2,345,596
7,034,854 - - 7,034,854
44,078,197 60,997 41,111 44,180,305
$51,113,051 $60,997 $41,111 $51,215,159
UnrestrictedTemporarilyRestricted
PermanentlyRestricted Total Unrestricted
TemporarilyRestricted
PermanentlyRestricted Total
Years ended 31 December 2011 2010
11
Combined Statements of Cash FlowsISACA, Inc. and IT Governance Institute, Inc.
Years ended 31 December 2011 2010
Cash flows from operating activities Change in net assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 6,211,507 $ 7,034,854Adjustments to reconcile change in net assets to net cash provided by operating activities
Depreciation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793,136 550,395Net realized and unrealized loss (gain) on investments . . . . . . . . . . . . . . . . . . . . . . 1,789,581 (2,345,596)Changes in assets and liabilities
Accounts receivable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81,045 (434,297)Prepaid expenses and other current assets . . . . . . . . . . . . . . . . . . . . . . . . . . 67,733 (77,395)Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163,977 57,110Accounts payable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185,453 717,891Deferred revenues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595,647 1,744,806Other liabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14,257 14,939
Net cash provided by operating activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9,902,336 7,262,707
Cash flows from investing activities Acquisition of fixed assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (1,104,290) (1,632,396)Proceeds from the sale of investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12,367,302 21,988,543
Purchase of investments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (14,993,298) (27,500,920)
Net cash used in investing activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (3,730,286) (7,144,773)
NET CHANGE IN CASH AND CASH EQUIVALENTS . . . . . . . . . . . . . . . . . . . 6,172,050 117,934
Cash and cash equivalents, beginning of year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1,182,706 1,064,772
Cash and cash equivalents, end of year . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ 7,354,756 $ 1,182,706
The accompanying notes are an integral part of these statements.
A S S O C I A T I O N A N D I N S T I T U T E C O M B I N E D F I N A N C I A L S T A T E M E N T S
N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S
Note A—OrganizationThe Organization consists of ISACA, Inc. (the Association) and the IT
Governance Institute, Inc. (the Institute). The Association’s and
Institute’s financial statements are presented on a combined basis due
to a majority of Board members serving both entities and the
Association’s economic interest in the Institute. The Organization
operates on a global basis, with the majority of revenues and net
assets attributable to the Association, the predominant entity within
the Organization. The Organization maintains its books and records at
its headquarters building located in Rolling Meadows, Illinois, USA.
The Association was incorporated in 1969 under the name
Electronic Data Processing Auditors Association, a California (USA)
not-for-profit corporation. In 1993, to reflect the evolving state of
technology, as well as the Association’s expanding constituency base,
the name was changed to Information Systems Audit and Control
Association, Inc. The Association now presents itself by its acronym,
ISACA. With more than 100,000 constituents in 182 countries at
year-end 2011, ISACA is a leading global provider of knowledge,
certifications, community, advocacy and education on IS assurance
and security, enterprise governance of IT, and IT-related risk and
compliance. ISACA sponsors international conferences, publishes the
ISACA® Journal, and develops international IS auditing and control
standards. It also administers the globally respected Certified
Information Systems Auditor (CISA), Certified Information Security
Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT),
and Certified in Risk and Information Systems Control (CRISC)
designations.
The Institute was incorporated in 1976 under the name Electronic
Data Processing Auditors Foundation, a California (USA) not-for-profit
corporation. In 1994, its name was changed to Information Systems
Audit and Control Foundation, to align with the changed name of the
Association, and was changed again in 2003 to IT Governance
Institute, Inc. The Institute’s role in the mission it shares with ISACA
focuses on provision of knowledge through conduct of empirical
research on IT governance and related topics. The Institute performs
research to advance international understanding of good practices to
direct and control an enterprise’s IT. Through its collaborative
development model, the Institute brings global perspectives to critical
issues facing enterprise leaders and practitioners in its IT governance
responsibilities.
The Organization develops and maintains the COBIT, Val IT and
Risk IT frameworks, which help IT professionals and enterprise leaders
fulfill their IT governance responsibilities and deliver value to the
business. In addition, ISACA offers the Business Model for
Information Security (BMIS) and the IT Assurance Framework (ITAF).
Note B—Summary of Significant Accounting PoliciesBasis of PresentationThe combined financial statements include the assets, liabilities, net
assets and financial activities of the Organization. Significant
intercompany balances have been eliminated in combining the two
entities. The Organization has a relationship with ISACA chapters
located throughout the world; however, the chapters are not fiscally
accountable to the Organization and, accordingly, have not been
included in the accompanying combined financial statements.
Cash and Cash EquivalentsCash and cash equivalents consist primarily of non-interest-bearing
deposits to be used for operating purposes. These deposits are
carried at cost, which approximates fair value.
InvestmentsInvestments, other than money market funds, interest-bearing
deposits and certificates of deposit, are reflected in the accompanying
combined financial statements at fair value according to generally
accepted accounting principles (GAAP). GAAP has established a
framework for measuring fair value, as well as a fair value hierarchy
based on the inputs used to measure fair value.
A financial instrument’s level within the fair value hierarchy is based on
the lowest level of any input that is significant to the fair value
measurement; however, the determination of what constitutes
observable requires significant judgment. The fair value hierarchy is
broken down into three levels based on the transparency of inputs as
follows:
• Level 1 - Quoted prices (unadjusted) in active markets for
identical assets or liabilities
• Level 2 - Quoted prices, other than quoted prices included in
Level 1, that are observable for the assets or liabilities, either
directly or indirectly
• Level 3 - Inputs that are unobservable for the assets or liabilities
Investment gains and losses include net realized and unrealized gains
and losses and are reflected in the accompanying combined financial
statements as non-operating activities, while interest income and
dividends are considered operating revenue.
Concentration of Credit RiskCertain financial instruments, primarily cash and investments, subject
the Organization to credit risk. The Organization maintains cash
balances (non-interest bearing) at a financial institution, which for
notes to Combined Financial StatementsISACA, Inc. and IT Governance Institute, Inc.
31 December 2011 and 2010
12
N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S
reclassified to unrestricted net assets for reporting of related
expenses.
• Permanently restricted – Represents resources that are subject to
restrictions of gift instruments requiring that the principal be
invested and maintained in perpetuity. The income generated from
these funds is classified based on the terms of the gift instruments.
Revenue RecognitionRevenues received by the Organization consist primarily of annual
membership dues and new member fees; examination, annual
maintenance fees and other fees for CISA, CISM, CGEIT and CRISC
programs; attendance fees for educational conferences; the sale of
advertising space; charges for various publications; sponsorships and
contributions; and license fees. Membership dues and annual
maintenance fees for CISA, CISM, CGEIT and CRISC are recognized
as revenue in the applicable period. New member fees are recorded
in the period in which the membership application is processed, with
chapter membership dues collected by the Association recorded as a
liability until remitted to the chapters. The Organization recognizes
unrestricted, restricted and endowment contributions in accordance
with donor restrictions in the period in which the commitment for
support is obtained, with other revenues being recognized in the
period in which the goods or services are provided. Unearned dues,
fees and subscriptions are classified as deferred revenues.
Promotion and Advertising CostsPromotion and advertising costs are expensed as incurred. Total
promotion and advertising costs were $3,781,991 and $3,119,695 for
the years ended 31 December 2011 and 2010, respectively.
Use of EstimatesThe preparation of the combined financial statements in conformity
with accounting principles generally accepted in the United States of
America requires management to make estimates and assumptions
that affect the reported amounts of assets and liabilities and the
disclosure of contingent assets and liabilities at the date of the
combined financial statements, as well as the reported amounts of
revenues and expenses during the reporting period. Actual results
could differ from those estimates.
ReclassificationsCertain reclassifications have been made to the 2010 financial
statements to conform to the current-year financial statement
preparation.
Note C—InvestmentsThe following table presents information about the Organization’s
investments. Money market funds and interest-bearing deposits are
stated at cost. Certificates of deposit are stated at cost plus accrued
2011, are fully federally insured. With respect to investments,
concentration is limited through the diversification of the portfolio. As
of 31 December 2011 and 2010, the Organization maintained 23%
and 28%, respectively, of its investment balance in one mutual fund,
which invests primarily in a portfolio of short-term U.S. Treasury and
government agency securities, including repurchase agreements
collateralized fully by U.S. Treasury and government agency securities.
Accounts ReceivableAccounts receivable are due within 30 days and are stated at amounts
due from customers net of an allowance for doubtful accounts.
Accounts outstanding longer than the contractual payment terms are
considered past due. The Organization determines its allowance for
doubtful accounts by considering a number of factors, including the
length of time trade accounts receivable are past due, the
Organization’s loss history, the customer’s current ability to pay its
obligation to the Organization, and the condition of the general
economy and the industry as a whole. The Organization writes off
accounts receivable when they become uncollectible, and payments
subsequently received on such receivables are credited to the
allowance for doubtful accounts.
InventoryInventory consists solely of study aids and other publications printed
for the Organization for sale to its members and interested outside
parties. Inventory is valued at the lower of cost or market, with cost
determined by the average cost method. Provisions for obsolete
items are based on estimated future usage as related to quantities of
stock on hand.
Fixed AssetsFixed assets are carried at cost. Depreciation is computed using the
straight-line method. The estimated useful lives of the related assets
range from two to 10 years. Leasehold improvements are amortized
using the straight-line method over the shorter of the lease terms or
their estimated useful lives. Depreciation expense totaled $793,136
and $550,395 for 2011 and 2010, respectively.
Net AssetsNet assets, revenues, expenses, gains and losses are classified based
on the existence or absence of donor-imposed restrictions using the
following classifications
• Unrestricted – Represents unrestricted resources available for
support of daily operations and contributions received with no
donor restriction. The Board may designate certain net assets for
a particular function or activity.
• Temporarily restricted – Represents resources for which use
has been temporarily restricted by the contributor. When a donor
restriction has been satisfied by incurred expenses consistent
with the designated purpose, temporarily restricted net assets are
13
14
N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S
interest. Investments, which are based on quoted market prices in
active markets and therefore classified as Level 1, include actively listed
mutual funds, exchange traded funds and government debt securities.
Investments at 31 December consisted of the following:
2011 2010
Mutual funds
Large Cap $ 5,057,319 $ 3,755,992
Mid Cap 1,032,427 1,093,067
Small Cap 1,507,677 1,554,422
International 3,105,235 3,439,343
Fixed Income 22,656,968 14,590,767
REIT 1,312,683 1,296,701
Money Market 16,399,890 18,578,457
51,072,199 44,308,749
Exchange Traded Funds
Large Cap 2,954,529 2,792,042
Mid Cap 364,521 371,126
Small Cap 362,539 379,369
International 1,865,948 1,576,118
Fixed Income 3,996,553 3,833,735
9,544,090 8,952,390
Government debt securities - 6,410,556
Certificates of deposit - 100,528
Money market/interest-bearing deposits 2,816 10,467
$60,619,105 $59,782,690
The components of investment income for the years ended 31
December are as follows:
2011 2010
Interest and dividends $ 1,191,836 $ 941,296
Net realized and unrealized (loss)
gain on investments (1,789,581) 2,345,596
$ (597,745) $3,286,892
Note D—Accounts ReceivableAccounts receivable consist of the following at 31 December:
2011 2010
Trade receivables $918,722 $990,720
Less allowance for
doubtful accounts (57,169) (48,122)
Net receivables $861,553 $942,598
Changes in the Association’s allowance for doubtful accounts are as
follows for the years ended 31 December:
2011 2010
Beginning balance $ 48,122 $ 57,802
Bad debt expense 12,065 28,615
Accounts written off (3,018) (38,295)
Ending balance $ 57,169 $ 48,122
Note E—Board-designated Net AssetsThe Association’s Board of Directors and the Institute’s Board of Trustees
designate a portion of the Organization’s unrestricted net assets for
contingency purposes in order to protect the Organization against
unforeseen global events and economic downturn. The designated
amount, based on a three-year average of operating expenses, totals
$28,678,191 as of 31 December 2011. As of 31 December 2010, the
designated amount was $28,185,192. These funds, while designated
for the purposes noted above, are categorized within the Organization’s
combined financial statements as unrestricted net assets.
Note F—Temporarily Restricted Net Assets Temporarily restricted net assets at 31 December 2011 and 2010, have
been restricted by donors for the following purposes:
2011 2010
Research $ 573 $51,048
Membership 550 550
Education 2,139 2,139
Standards 155 155
Certification 100 100
IS hardware and software 5,250 5,250
Building 1,755 1,755
Total $10,522 $60,997
Note G—Net Assets Released from RestrictionsDuring 2011 and 2010, net assets were released from restrictions to
satisfy the following purposes:
2011 2010
Research $50,475 $2,000
COBIT - 5,000
Endowment appropriation
for expenditure 9 10
$50,484 $7,010
Note H—Permanently Restricted Net AssetsPermanently restricted net assets are restricted as investments in
perpetuity. The Organization’s endowment consists only of donor-
restricted endowment funds. Net assets associated with the
Organization’s endowment funds are classified and reported based on
the existence of donor-imposed restrictions. There are no donor
restrictions on the earnings of the Organization’s endowment funds.
The Organization accounts for endowment net assets by preserving
the fair value of the original gift as of the gift date of the donor-restricted
endowment fund absent explicit donor stipulations to the contrary. As
a result, the Organization classifies the original value of the gifts
donated to the permanent endowment as permanently restricted net
assets. All earnings on the endowment funds are temporarily restricted
until appropriated for current-year operating expenses as allowed by
the donor.
15
As of 31 December 2011, the minimum future rentals payable under
these non-cancelable operating lease commitments were as follows:
Years ending 31 December
2012 $29,000 $575,200 $604,200
2013 21,700 590,100 611,800
2014 3,600 589,900 593,500
2015 - 619,700 619,700
2016 - 634,500 634,500
2017 and thereafter - 813,000 813,000
Rent expenses under these leases for the years ended 31 December
2011 and 2010, were $613,423 and $550,577, respectively.
Note K—Income TaxesThe Association and the Institute have received favorable
determination letters from the Internal Revenue Service stating that
they are exempt from Federal income taxes under Section 501(a) of
the Internal Revenue Code as organizations described in Sections
501(c)(6) and 501(c)(3), respectively. However, unrelated business
income is subject to taxation. The tax liability in 2011 and 2010 was
$5,400 and $25,533, respectively. The tax years ended 2008, 2009
and 2010 may still be selected for audit for both Federal and state
purposes based on the Internal Revenue Service statute of limitations.
Note L—Employee Benefit PlanThe Association maintains a defined contribution retirement plan for
qualified employees. Participation in the plan is optional. The
Association will match the first 5% contributed by the employee. The
Association’s contributions to the plan for the years ended 31
December 2011 and 2010, were $553,209 and $511,172,
respectively.
Note M—Contribution—Disaster ReliefDuring the year, ISACA chapters, members, CISAs, CISMs, CGEITs
and CRISCs were affected by two substantial local disasters. Given
the long-time support of these chapters, members and certified
individuals, the Association contributed $5,000 to the Premier’s
Disaster Relief Appeal, a relief and development organization to assist
those affected by extreme flooding in Brisbane, Australia, and $10,000
to the American Red Cross on behalf of those affected with the
earthquake and tsunami that devastated Northeast Japan.
Note N—Subsequent EventsThe Organization evaluated its 31 December 2011 combined financial
statements for subsequent events through 5 April 2012, the date the
combined financial statements were available to be issued. The
Organization is not aware of any subsequent events that would require
recognition or disclosure in the combined financial statements.
N O T E S T O C O M B I N E D F I N A N C I A L S T A T E M E N T S
As of 31 December 2011 and 2010, endowment assets include only
those assets of donor-restricted funds that the Organization must hold
in perpetuity. The Organization does not have any Board-designated
endowment funds. The Organization’s Finance Committee meets on a
regular basis to ensure that the objectives of the Organization’s
investment policy are being met and that the investment approach used
to meet the objectives is in accordance with the investment policy
approved by the Board of Directors. Under this policy, the endowment
assets are invested in a manner that is intended to provide adequate
liquidity and maximize returns on funds invested. Interest and dividends
earned on endowment funds are appropriated for current-year
operating expenses.
During 2011 and 2010, the Organization had the following
endowment-related activities:
Endowment net assets,
1 January 2010 $ - $41,111 $41,111
Interest and dividends 10 - 10
Appropriation of endowment assets
for expenditure (10) - (10)
Total change in endowment
net assets - - -
Endowment net assets,
31 December 2010 - 41,111 41,111
Interest and dividends 9 - 9
Appropriation of endowment assets
for expenditure (9) - (9)
Total change in endowment
net assets - - -
Endowment net assets,
31 December 2011 $ - $41,111 $41,111
Note I—Related-party TransactionsAs a service to the chapters, the Organization includes the amount of
individual chapter dues with its annual billing and remits to the chapters
amounts collected on their behalf. The balances of $2,164,712 and
$2,198,847 at 31 December 2011 and 2010, respectively, are reflected
in accounts payable and represent the unremitted portion of dues
collected for individual chapters. During 2011, chapter dues collected
and remitted totaled $3,311,870 and $3,346,005, respectively. For
2010, dues collected and remitted totaled $3,232,655 and $2,796,399,
respectively.
Note J—LeasesThe Organization has an office facilities operating lease through
31 March 2018, which requires monthly payments comprised of rent,
property taxes, pro rata share of common operating expenses and
insurance. The Organization also rents office equipment under three
non-cancelable leases with initial lease terms in excess of one year.
Temporarilyrestricted
endowmentfunds
Permanentlyrestricted
endowmentfunds
Totalendowment
funds
Officeequipment Facilities Total
16
A U D I T C O M M I T T E E C H A I R ’ S L E T T E R
The Audit Committee of the Board of Directors/Trustees (the Board) of
ISACA/IT Governance Institute (the Organization) oversees the
Organization’s financial reporting process on behalf of the Board, and is
composed of six independent members. In fulfilling its responsibility, the
committee recommended to the Board the selection of the
Organization’s independent certified public accountants.
The committee discussed with the independent certified public
accountants the overall scope and specific plans for their audit. The
committee also discussed the Organization’s combined financial
statements and the adequacy of its internal controls.
The committee met with the Organization’s independent certified public
accountants, without management present, to discuss the results of
their examination, their evaluation of the Organization’s internal controls,
and the overall quality of the Organization’s financial reporting.
Ria T. Lucas, CISA, CGEIT
Chair, Audit Committee
The management of ISACA/IT Governance Institute (the Organization)
has the responsibility for the preparation, integrity and fair presentation of
the accompanying financial statements. The statements were prepared
in accordance with generally accepted accounting principles applied on
a consistent basis and, as such, include amounts that are based on
management’s best estimates and judgments. Management also
prepared the other information in the annual report and is responsible for
its accuracy and consistency with the financial statements.
The Organization’s financial statements for 2011 have been audited by
Grant Thornton LLP, independent certified public accountants, elected
by the Board of Directors/Trustees (the Board). Management has made
available to Grant Thornton LLP all of the Organization’s financial records
and related data, as well as the minutes of the Board’s meetings.
Management believes that all representations made to Grant Thornton
LLP during its audit were valid and appropriate.
The Organization maintains a system of internal control that is designed
to provide reasonable assurance to management and to the Board
regarding the preparation and publication of reliable and accurate
financial statements, the effectiveness and efficiency of operations, and
compliance with applicable laws and regulations. The system includes a
documented organizational structure and division of responsibility,
established policies and procedures that are communicated throughout
the Organization, and the careful selection, training and development of
personnel. Management also recognizes its responsibility for fostering a
strong ethical climate so that the Organization’s affairs are conducted
according to the highest standards of personal and corporate conduct.
There are inherent limitations in the effectiveness of any system of
internal control, including the possibility of human error and the
circumvention or overriding of controls. Accordingly, even an effective
internal control system can provide only reasonable assurance with
respect to financial statement preparation.
The Organization evaluates its internal control system in relation to
criteria for effective internal control over financial reporting described in
Internal Control—Integrated Framework, issued by the Committee of
Sponsoring Organizations of the Treadway Commission, and as of 31
December 2011, the Organization believes that its system of internal
control over financial reporting met those criteria.
As part of its audit of the Organization’s financial statements, Grant
Thornton LLP assessed the Organization’s internal accounting controls
structure to establish a basis for reliance thereon in determining the
nature, timing and extent of audit tests to be applied. Management and
Grant Thornton LLP have reviewed the internal control assessment with
the Audit Committee as part of the committee’s acceptance of the
financial statements. The Board, operating through its Audit Committee,
which is composed entirely of members who are not officers or
employees of the Organization, provides oversight to the financial
reporting process.
Susan M. Caldwell
Chief Executive Officer
Neville Rademeyer
Chief Financial Officer
M A N A G E M E N T R E P O R T O N R E S P O N S I B I L I T Y F O R F I N A N C I A L R E P O R T I N G
17
ISACA board of directors/ITGI board of Trustees
Kenneth L. Vander Wal, CISA, CPA
International President
USA
Emil D’Angelo, CISA, CISM
Past International President
USA
Lynn C. Lawton, CISA, FBCS
CITP, FCA, FIIA
Past International President
Russian Federation
Christos K. Dimitriadis, CISA,
CISM, CRISC
International Vice President
Greece
Gregory T. Grocholski, CISA
International Vice President
USA
Tony Hayes, CGEIT, AFCHSE,
CHE, FACS, FCPA, FIIA
International Vice President
Australia
Niraj Kapasi, CISA, FCA
International Vice President
India
Jeff M. Spivey, CRISC, CPP, PSP
International Vice President
USA
Jo Stewart-Rattray, CISA,
CISM, CGEIT, CSEPS
International Vice President
Australia
Allan Boardman, CISA, CISM,
CGEIT, CRISC, CA (SA), CISSP
ISACA Director
UK
Marc Vael, CISA, CISM,
CGEIT, CISSP
ISACA Director
Belgium
Susan M. Caldwell
Secretary
USA
Letter From the International President and the CeO
ISACA and the IT Governance Institute accomplished quite a lot and
embarked on many new initiatives in 2011. But one thing never
changes—the benefits of members around the world sharing their
knowledge and expertise remain paramount. We are passionate about
members having their voices heard. This is, in fact, one of our greatest
strengths and is viewed by members as something they can not
duplicate elsewhere.
Listening to members keeps us in touch with what they face in their
day-to-day challenges. Even so, while we are acutely aware of what is
happening in the current global business environment, we also
continually look forward to ensure that we are on track with the right
strategy for the future. We liken it to the words of Japanese poet
Matsuo Basho, who said, “Do not seek to follow in the footsteps of the
wise. Seek what they sought.”
ISACA’s 2011 accomplishments were possible only because of the
thousands of hours volunteered by our Board of Directors, Board of
Trustees, and other leaders and members around the world. We
appreciate the time you spend on ISACA activities, and we sincerely
thank you.
Ken Vander Wal, CISA, CPA
International President 2011-2012
ISACA and the IT Governance Institute
Susan M. Caldwell
Chief Executive Officer
ISACA and the IT Governance Institute
18
board, Committee, Subcommittee and Task Force Chairs
Krishna Seeburn, CISSP, PMP, CFE, CIAAcademic Program SubcommitteeMauritius
Vatsaraman Venkatakrishnan, CISA, CISM, CGEIT, CRISCAsia-Pacific CACS Program Development Task ForceUAE
Bharat Jethanand Raigangar, CISA, CISM, CGEIT, CRISC,CIA, CICA, CFAPAsia-Pacific CACS Partnering Chapter Task ForceUAE
Ria T. Lucas, CISA, CGEITAudit CommitteeAustralia
Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA,CISSPCGEIT Certification CommitteeUSA
Debra L. Mallette, CISA, CGEIT, CSSBBCGEIT Test Enhancement SubcommitteeUSA
Kathleen Ann Mullin, CISA, CISM, CGEIT, CRISC, CIA, CISSPCGEIT Job Practice Analysis Task ForceUSA
Patricia K.Y. Goh, CISA, CGEIT, CRISC, CGA, M.Sc.Chapter Support CommitteeCanada
David Yeok Wah Yeung, CISA, CIA, CFECISA Certification CommitteeSingapore
Matthew William Snider, CISA, CISSP, CCENTCISA Test Enhancement SubcommitteeUSA
Garry James Barnes, CISA, CISM, CGEIT, CRISCCISM Certification CommitteeAustralia
Christian Palomino Herrero, CISA, CISM, CGEITCISM Test Enhancement SubcommitteeSpain
Marc Vael, CISA, CISM, CGEIT, CISSPCloud Computing Task Force IIBelgium
Anthony P. Noble, CISACOBIT for Assurance Task ForceUSA
Steven Andrew Babb, CGEIT, CRISCCOBIT for Risk Task ForceUK
Steven De HaesCOBIT IRM Task ForceBelgium
John W. Lainhart IV, CISA, CISM, CGEIT, CRISCCOBIT Online Replacement Task ForceUSA
John W. Lainhart IV, CISA, CISM, CGEIT, CRISCCOBIT 5 Task ForceUSA
Derek J. Oliver, CISA, CISM, CRISC, FBCS, FISM, M InstISPCOBIT 5 Task ForceUK
Maxwell J. Shanahan, CISA, CGEIT, FCPACOBIT Enterprise Certification Task ForceAustralia
Christos K. Dimitriadis, CISA, CISM, CRISCCOBIT Security Task ForceGreece
Theresa Grafenstine, CISA, CGEIT, CRISC, CPA, CIA,CGAP Communities CommitteeUSA
Allan Neville Boardman, CISA, CISM, CGEIT, CRISC, CA(SA), ACA, CISSP Credentialing BoardUK
Urs Fischer, CISA, CRISC, CIA, CPA (Swiss) CRISC Certification CommitteeSwitzerland
Jack A. Jones, CISA, CISM, CRISC, CISSP CRISC Test Enhancement SubcommitteeUSA
Michael A. Berardi Jr., CISA, CGEIT, CRISC Education and Dissemination CommitteeUSA
Raymond J. Butler, CISA, FIRM, CertIGEuroCACS Conference Task ForceUK
Peter Thompson, CISA, CRISCEuroCACS Conference Task ForceUK
Robert C. Newbould, FCAEuroCACS Partnering Chapter Task ForceUK
Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC, CISSPEuro ISRM Conference Task ForceUSA
Georges Ataya, CISA, CISM, CGEIT, CRISC, CISSPExternal Advocacy CommitteeBelgium
Jeff Spivey, CRISCExternal Advocacy CommitteeUSA
Gregory T. Grocholski, CISAFinance CommitteeUSA
Patrick Stachtchenko, CISA, CGEIT, CAFramework CommitteeFrance
John A. Kuyers, CISA, CPAGovernance Advisory CouncilUSA
Andrew J. MacLeod, CISA, CP, CIA, FCPA, MACSGovernment and Regulatory Advocacy CommitteeAustralia
Masatoshi Kajimoto, CISA, CRISCGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 1Japan
Jorge Garibay Orozco, CISA, CRISC, CISSPGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 2Mexico
Sarbjit S. Sembhi, CISSP-ISSAP, GCIHGovernment and Regulatory Advocacy (GRA) Regional Subcommittee Region 3UK
Christopher P. Buse, CISA, CPA, CISSP Government and Regulatory Advocacy (GRA) Regional Subcommittee Region 4USA
Scott David Waters, CISA Government and Regulatory Advocacy (GRA) Regional Subcommittee Region 5Australia
Phil James Lageschulte, CGEIT, CPA Guidance and Practices CommitteeUSA
Niraj K. Kapasi, CISA, FCAIndia Growth Initiative Task ForceIndia
Howard Nicholson, CISA, CGEIT, CRISCISO Liaison SubcommitteeAustralia
Marc Vael, CISA, CISM, CGEIT, CISSPKnowledge BoardBelgium
Jon W. Singleton, CISA, FCAKnowledge Management Task ForceCanada
Mario Urena, CISA, CISM, CGEITLatin America CACS Conference Task ForceMexico
Carlos Villamizar, CISA, CISM, CGEIT, CRISCLatin America CACS Conference Task ForceColombia
Miguel Colon Pacheco, CISA, CISM, CRISC, CBMLatin America CACS Partnering Chapter Task ForcePuerto Rico
Jo Stewart-Rattray, CISA, CISM, CGEIT, CSEPSLeadership Development CommitteeAustralia
Carmen Hawkins, CRISC, FCPA, CIA, FIIA (Aust)Membership Growth and Retention CommitteeAustralia
Harshul Joshi, CISA, CISM, CGEIT, CISSP, CCSENorth America CACS Conference Task ForceUSA
Todd J. Fitzgerald, CISA, CISM, CGEIT, CRISC, CISSNorth America ISRM Conference Task ForceUSA
James P. Hurley, CISSP North America IT GRC Conference Task ForceUSA
Michael P. Bilger, CGEITProfessional Influence/Advocacy CommitteeUSA
John Ho Chi, CISA, CISM, CFE, CBCP Professional Standards CommitteeSingapore
Horst Karin, CISA, CRISC, CISSP, ITIL, SAPPublications SubcommitteeCanada
Tony Hayes, CGEIT, AFCHSE, CHE, FACS, FCPA, FIIARelations BoardAustralia
Everett C. Johnson Jr., CPAStrategic Advisory CouncilUSA
Donna Hutcheson, CISAStudent and Academic SubcommitteeUSA
Michael E. Juergens, CISA, CGEIT, CRISCWorld Congress Program Committee Task ForceUSA
Robert E. Stroud, CGEIT, CRISCWorld Congress Program Committee Task ForceUSA
Isabelita Litonjua Ojeda, CISA, CISM, CRISCYoung Professionals SubcommitteePhilippines
AsiaBahrain
Dhaka, Bangladesh
China Hong Kong
Bangalore, India
Cochin, India
Coimbatore, India
Hyderabad, India
Kolkata, India
Chennai, India
Mumbai, India
New Delhi, India
Pune, India
Vijayawada, India
Indonesia
Nagoya, Japan
Osaka, Japan
Tokyo, Japan
Korea
Lebanon
Macao
Malaysia
Muscat, Oman
Karachi, Pakistan
Lahore, Pakistan
Manila, Philippines
Jeddah, Saudi Arabia
Riyadh, Saudi Arabia
Singapore
Sri Lanka
Taiwan
Bangkok, Thailand
UAE
Central and South AmericaBuenos Aires, Argentina
Mendoza, Argentina
La Paz, Bolivia
Brasilia, Brazil
Rio de Janeiro, Brazil
Sao Paulo, Brazil
Santiago, Chile
Bogota, Colombia
San Jose, Costa Rica
Quito, Ecuador
Guatemala City, Guatemala
Guadalajara, Mexico
Merida, Yucatan, Mexico
Mexico City, Mexico
Monterrey, Mexico
Panama
Asuncion, Paraguay
Lima, Peru
Puerto Rico
Montevideo, Uruguay
Venezuela
Europe/AfricaAustria
Belgium
Sofia, Bulgaria
Croatia
Cyprus
Czech Republic
Denmark
Estonia
Finland
France (Paris)
Germany
Accra, Ghana
Athens, Greece
Budapest, Hungary
Ireland
Tel-Aviv, Israel
Milan, Italy
Rome, Italy
Venice, Italy
Kenya
Latvia
Lithuania
Luxembourg
Malta
Mauritius
Netherlands
Abuja, Nigeria
Lagos, Nigeria
Norway
Warsaw, Poland
Lisbon, Portugal
Moscow, Russia
Romania
Slovenia
Slovak Republic
South Africa
Barcelona, Spain
Madrid, Spain
Valencia, Spain
Sweden
Switzerland
Tanzania
Ankara, Turkey
Istanbul, Turkey
Kampala, Uganda
Kyiv, Ukraine
London, UK
Central UK
Northern England, UK
Scotland, UK
Winchester, UK
North AmericaCanadaCalgary, AB
Edmonton, AB
Vancouver, BC
Victoria, BC
Winnipeg, MB
Atlantic Provinces
Ottawa Valley, ON
Toronto, ON
Montreal, PQ
Quebec City, PQ
IslandsBermuda
Trinidad & Tobago
Midwestern United StatesCentral Indiana
(Indianapolis)
Chicago, IL
Illini (Springfield, IL)
Illowa (Illinois and Iowa)
Iowa (Des Moines)
Kentuckiana (Louisville, KY)
Detroit, MI
Western Michigan
Minnesota
Omaha, NE
Central Ohio (Columbus)
Greater Cincinnati, OH
Northeast Ohio (Cleveland)
Northwest Ohio
Kettle Moraine, WI
(Milwaukee)
Northeastern United StatesGreater Hartford, CT
Central Maryland
(Baltimore)
New England
New Jersey
Central New York
(Syracuse)
Hudson Valley, NY
(Albany)
New York Metropolitan
Western New York
(Buffalo/Rochester)
Harrisburg, PA
Philadelphia, PA
Pittsburgh, PA
Rhode Island
National Capital Area, DC
Southeastern United StatesBirmingham, AL
Central Florida (Orlando)
Jacksonville, FL
South Florida
Tallahassee, FL
West Florida (Tampa)
Atlanta, GA
Charlotte, NC
Research Triangle (Raleigh, NC)
South Carolina Midlands (Columbia, SC)
Memphis, TN
Middle Tennessee (Nashville)
Virginia
Southwestern United StatesCentral Arkansas
(Little Rock)
Denver, CO
Baton Rouge, LA
Greater New Orleans, LA
Greater Kansas City, MO
Springfield, MO
St. Louis, MO
New Mexico (Albuquerque)
Central Oklahoma (Oklahoma City)
Tulsa, OK
Austin, TX
Greater Houston Area, TX
North Texas (Dallas)
San Antonio/So. Texas
Western United StatesAnchorage, AK
Phoenix, AZ
Los Angeles, CA
Orange County, CA (Anaheim)
Sacramento, CA
San Francisco, CA
San Diego, CA
Silicon Valley, CA (Sunnyvale)
Hawaii (Honolulu)
Boise, ID
Las Vegas, NV
Willamette Valley, OR (Portland)
Utah (Salt Lake City)
Mt. Rainier, WA (Olympia)
Puget Sound, WA (Seattle)
OceaniaAdelaide, Australia
Brisbane, Australia
Canberra, Australia
Melbourne, Australia
Perth, Australia
Sydney, Australia
Auckland, New Zealand
Wellington, New Zealand
Papua New Guinea
Chapters in FormationAhmadabad, India
Jaipur, India
Fukuoka City, Japan
Amman, Jordan
Almaty, Kazakhstan
Kuwait City, Kuwait
Islamabad, Pakistan
Doha, Qatar
Rosario, Argentina
Belo Horizonte, Brazil
Santo Domingo, Dominican Republic
Tegucigalpa, Honduras
Yerevan, Armenia
Katowice, Poland
Gijon, Spain
Gaborone, Botswana
Cairo, Egypt
Abidjan, Ivory Coast
Casablanca, Morocco
Ibadan, Nigeria
Tunis, Tunisia
Lusaka, Zambia
Harare, Zimbabwe
Huntsville, Alabama, USA
Chattanooga, Tennessee, USA
19
Chapters
Members
PlatinumSusan M. CaldwellCharles CribaroRobert FrelingerJohn KuyersJohn Lainhart*Lynn LawtonAkira MatsuoNeville RademeyerRonald RibaRobert RousseyRonald SaullJane SeagoBrian SelbyShiina KiyoshiPatrick StachtchenkoKenneth Vander Wal
GoldAllan BoardmanRon HaleEverett JohnsonEmiko KuriharaThomas LammDiane NelsonRobert Parker*Manny SinghSean StringerArchie Watt
SilverAbdul Hamid AbdullahAnjay AgarwalMustafa Mohammed AlHinaiWayne Dennis AllumsJim ArnoldScott ArtmanDayo Elliot BabatundeMark BaggesenGarry BarnesDouglas BencomoPeter BorakJoseph BrownRaymond CatoeRichard ChiaRodney Owain DaviesHelene DemoulinDeb DietzShannon DonahuePeter Mate ErdosiConcepcion FerminChristopher Jason FlynnJustin FolkersNorihisa FujitaJulia FullertonTabitha GalloLuis Enrique Garcia de ParedesEduardo Garcia MartinezJohn GarrettAshok GhoshArvind Shivram GodboleJen HajigeorgiouJames Griffith HarriesMarkus HeinenJason IngallsDavid Taiwo IsiavweShankar IyerGuy JordanVincent KaabungaMasato KagotaniIftikhar Fazlehussain KathawalaTina KayPatrick Michael KilleenOguz Yetkin KocabasChi Choi KuokChandrasekar Lakshmi VarahanPatricia Liechty LayfieldRoberto Lopez EscaleraStacy Mantzaris
Bryan McAteeRobert McfarlandCraig Allan Miller, Sr.Karolyn Anne MillerStephen MinderCharlie Fortich MorazaGilbert Nanema, Jr.Francis NemiaVan Quang NguyenGertjan NickolsonAnthony NobleStephen NorkunasXenia Ley ParkerSean PascoeParag Prabhakar PatkiHugh Henning Penri-WilliamsMartin Perez SanchezAndre PitkowskiDaniel Fernando RamosKim RiesPatrick RozarioAlexander SamarinJose SaucedoHiroharu SawadaKoichi SawamuraToshio ShishidoJon SingletonRoger SouthgateConrad StantonVaclav StverkaRamnathan SubramanianKengo SuzukiChing Kwong SzeTeo Choon MengVijay ThillainathanLon Campbell Thomas, Jr.Terry TrsarMarc VaelVatsaraman VenkatakrishnanPrafull VermaDeborah VohasekJames Muresia WafulaKaryn WallerPaul Chung-Wei WangPeter WersinJames Wiechers
DonorChairuddin IntangZoran AbrahamAnnabelle AbuegShawn AckerAdedayo Adeyinka AdekoyaOlujimi AdekoyaIdowu-thomas AdewumiJayson AgagnierJuan Francisco AguirreFolorunso Ayoola AgunbiadeAsaf Zaki AhmadAzubike Edward AhubelemClement Chris AkpanobongThierry AlexandreFaisal Al-HomodiMaher Al-KhazrajyEnrique Alonso De LeonWael H. Al-RasheedAli Fathi Al-Sheikh AhmedAbdulaziz Ebrahim Husain Al-TerkiHoracio Eduardo Antonelli
MattersonRoberto ApollonioDavid ApplebaumEmma ArakelyanJohn Bosco ArendsHenri ArendsenRussel ArnettMarina AshberyOmar AtabaniAubin Kashoba Kalasa NyanzaJames Edward AveryWilfredo Ayala-Maldonado
Mohammed Bachiri, Sr.Ajay BahriAzamodeen BakshVicken BalianHamza Moosa BaqerCheryl A. BarkerSylvain BaroneMarcos BarradasWayne BarrettRobert BartonAugustono BasukiPeter John BeltonPaul BerkebileGlauco BertocchiSuresh BhattUwe BischoffRudolphus BodewesKhaled BohsaliCharan Kumar BommireddipalliDavid Alan BonewellOscar BouGlen BoyerStephen Patrick BoyleManfred BrabecIan BradbrookKeith Jerome Braddock, Jr.Diana BradshawWayne BrissonPeter BroadWilliam Carl BrownChester ButkiewiczMark Alexander ButzkeChris John ByrneFernando CalvilloCynthia CannadayMario CarbajalJorge CarballeiraMarco CarvajalPaul CaseyCarlos CazorlaWalter Matthew Cekala, Sr.Evan ChanVictor Sze-Tin ChanPing Kei Teric ChanAdrian Wee Phoy ChanSteve ChazanLi-Feng ChenAnthony Charles ChestnutJames CheyneDeepinder Singh ChhabraEmmanuel ChigbuColin ChildesDouglas ChildesSubbarao ChitturiRajeev Ramchand ChughThomas ClarkRobert ClarkeJose Miguel Collantes BellidoMark ConnellyFrancois CorminboeufFederico CorradiCorum P.J.Manuela CostescuBrian CoutanchePaul CoxMihai CristalovJames William CrooksMaria Sabrina Rivera CruzGordon CurtisBernard CzajaEmmanuel Kwesi DadzieKarl DahlbergKareen DaleyMark D'AndreaSabyasachi DashWilliam DavidsonUmberto DeLucillaJohn Bernard DempseyRichard Micheal DennyMarc DessagneSydney Morgan Diamond
Eloisa Diaz-InsuaLawrence DillonXinhao DingJose Luis DinizUdaya Kumar DintyalaRuedi DoebeliRichard Donahue, Sr.Raymond Lourens Du PlessisSalih Ali DurulSusumu EdaDavid Ronald EkinsFaical El BelghamiRobert EllestadSean EllisSaifeldeen Nazlawi
Mohammed El-ShaikhEduard EmdeKiyoshi EndohViviane EngelJohn EnglishMary ErlangerAndre ErtlCesar Vengco EstebanTomoyasu Eto Joseph EwegbejeDieter FabritiusRichard FernezGavin Bryan FerreiroCherrie Mae Arciaga
Ferreria ChiomentoUwe FiedlerLuis Figueroa, Jr.Guy FilomenaDavid FindlingMicha FischerKenneth Glenn FitzpatrickFrancesc Flores GonzalezGregory FouquetMichael John Ernest FrederickDan FrenchTodd FriedmanYoshio FukasawaPamela Susan FuscoAndre GagnonRamses GallegoFredrik GaltungWilhelmus GeijtenbeekJohn Generelli, Jr.Rebecca Jo GentryYalcin GerekWilliam GessnerBen GillettAnthony John GilliHubert Darnell GloverJulio GolcherShaun GolledgeVictor GolubevJason GonzalesAjit Vasant GoreLudo GoubertJuan Carlos GraciaRoger Scott GreenwellPetr GreslGerd Karl GrimbergerGerald Walter GrindlerLouis Anthony GrippoStefan GrossKlaus-Peter GrosserPeter R. GuentertRene Humberto
Guerrero LojanoJose GumbauRuchi GuptaMaria Del Carmen GutierrezJoseph HachemDaniel HadawayBarry HaggeDan HaleyRami HamadehLars HansenYonosuke Harada
Jason HarrellAnita HarrisNicholas HartMichael HartiganFerdinand Quinten HartmanAris Budiman HartonoGlenn-Edward Willem HarwoodRawle HasmataliBassam Farid HassanRobert Bob HawkMasahiko Hayakawa Christoph HellwigMarinus HendriksenJohan HermansErnest David HernandezAngela HlavkaWilliam Michael HoffmanGail HoggTomoe HoshiAdrian HoweMiroslav HrubyDonna HutchesonSermet Sancer IlgazFlorin InteJose IsebiaTakashi IshijimaHiromichi IwakiriLakshminarayanan IyengarPer Wal Jacobsen, Sr.Barbara JamesSteven JanssenMichael JimenezAnne-Marie JoannetteThomas JoergerAllen Andrew JonesJaison JoseJosekutty Joseph
KaniyamparambilAnil Madhav JoshiCarlos JustinianoGhassan KabbaraWilliam Lynn KalaharKanaka-Rao KalimikondaSamuel Gachie KamitiNiraj KapasiJacqueline KapresSpiros KarasavvidisArun Dwarkaprasad KarwaRavi Shankar
Balakrishnan KavaseriKawawaki TomohideRich KeeseckerAsad Zaman KhanRabia Khanfir, Sr.Rickey KiddTim KippsYoshihiro KitsutakaMarilynn Elizabeth KlubekAart KnoopHiroki KomatsubaraGregory Gerard KovalRodger KraftDenis KraussWayne Carvel KreiselHarry Arthur KrimkowitzUnni KrishnanRaymond KrygsmanAjay KumbleVladimir KuznetsovPierre KwakuStefan LaagerLabelle LouisDmitry LakomkinJenny LamRichard LarsonTak Wa LauDavid LauLee Frederick LaubachGeorge Edward Lawless, IIIColm Noel LawlorChienchung Lee
Contributors
20 *Denotes Wasserman Award winner
James LeeJason LeeFrank LeefJean-Marc Alexandre LegrandKenneth LeisslerPeter LeitchAndreas LeitzbachLuis Diego LeonSok Man LeongChristopher LettermanBorut LikarAlbert LimaNeil LindholmRobert LluisOliver Anthony LohriGregory John LotzeHermenegildo Franco LuhetaDwight Cooper LupardusHelen Woon-Yee MaGeorge Kenneth MadzyRuka MakinoRohit MalhotraPaul Jay MalyszVeronica ManchoJagannadha Rao ManguCharles-Robert ManterfieldMassimo Vito Angelo ManzariFabiana Leticia MargesRegina MarrowDavid MartinezSergey MartinovIsaac MastEiichi MatsubaraKay MatsumotoRobin Charles MattadeenAdrian MayersJohn MayorStephen John McCallumJacqueline McCaulleyMichael MccrainMicky Lee McCullochJoseph McginleyJoel Andrew McLeanSean McPolandPavit MekmokDouglas MelvilleAlfonso MendezJorge Merida MunozMichael MeyerThomas Miller, Jr.Young-Nam MinThomas MitchellMasami MitsuboriKouichi MitsuiHideo MiuraTokujiro MizutaniTomomi MizutaniThomas Mockbee, IIIWillem Ewoud ModdermanAnup ModyZoltan MohosJohn Paul MolinaFabiano MonachesiGeorge Benjamin MontgomeryAnita MooreArmanda MooreYuji MoritaMichelle Ann MorrisMounir MostafaAdel Ilyas MoubarakAdamu Musa MsheliaHeloisa Helena MullerSundareswaran MuralGary MurphyShawn Patrick MurrayRobert John MuscatNatarajan NagarajanPraveen NairSudeep NairChandramohan Narayan
Tomas NegronPhilip Bartolo NestelChung Hin Harry NgaiEsperant Mbuli NgongoPatricia Warden NieblingTeddy NielsenKittikarn NitiwanakunHazel NyathiYoung Seok OckAlexander OesterleAndrew OkadaBayo OladeleAbiodun Olurotimi OladimejiAlbert OlafssonTaiwo OlalereDerek John OliverChanroutie Omadath-HeetaiBoasiako Omane-AntwiJohn OttNoureddine OudghiriMarie-Grace PagdangananSumit PalMassimo PandolfiJohn PaoDavid PaolantonioEvangelos PapaefthymiouHugh ParkesMichael ParkinsonHetal Manilal PatelSusanna PauJose Maria PedroManuel Lucas PelaezJorge Eduardo PerezAntonio PerrottaViorel Petre PetrovTheodore Kassor PhelpsKirsten PielstromAlan J. PilgrimSergio PiñonWallace C. PittAlida Polanco OlguinHorace H.C. PoonIfeoluwa Tobi PopoolaRoberto Porras LeonMarlene PortalatinAndreas PostlMarjan PotocnikSigit PramadiDesikan Venkatesh PrasadKeith Douglas PriceWagner Roberto PuglieseRajesh Kantesh PurohitVimal P. PurohitGraham QuiggKishor RabiStanley J. RaeRamkumar RamachandranBrad RamburFrancisco Vicente Ramon-MiraVenkataraman RanganathanSree Krishna RaoParesh RathodShashi RawatPaolo Razza, Sr.Sam ReddenDavid George ReinholdGerardo RenzettiColette RevanSalomon RicoJack RiegelTimothy James RiffelJulius Milton RilesDennis Ray RisingerDavid RobertsJohn RodenbikerIker RodriguezLuis Fernando Rodriguez MunozRoy Smith RossmanAngelo RoussosCristina RuizJodie Maree Ryan
Vijayakumar S.R.Noam SaboStella Alexandra SalasBlase Salvatore, IIMilton Eric SambolinMohammad SamiSylma SanchezZacarias SanchezKadathur Bikshandeswaran
SankaranAnthony SaranchakTaishi SasaharaDonald Sauer, Jr.Mikhail Georgiev SaykovMartin SchlaeppiJoshua James SchmidtVolker SchorattiHorst SchweitzerRobert SchwindChristodoulos SeferisLakshminarayanan
Ramaswamy SekharipuramAbdulGhaffar
Mohammad SetarehYen ShanMakoto ShibataMinoru ShibuyaBrent ShirleyWilliam ShorrockSudhakar SiddegowdaPablo Silberfich, Sr.Michael Hugh, Piers SimDavid SimpsonThomas SinnottEdward Joseph SlusarskiPeter SmithsonDavid SnyderFolarin SogekeNaoto SomaInSu SongJayant SonsurkarIbrahima SowThomas Heaton SpittersJeff SpiveySrikanth SreedharanSwastic SrihariIvan StanchinJaroslaw StawianyGreer William P Stevenson, Sr.LeRoy StewartRichard George A. Stohner, IIIHans Manfred StraussLarry Stuart, Jr.Julius Olugbenga SubuloyeKatsutoshi SugiyamaDudung Suryana, Sr.Hartono Ari SusetyoSteffen SutterSajid SyedJussubo Nuno TaiboDaniel TalbotKim Hwee TanHideyuki TanakaAmeliana Tanjaya TanujayaKeith Edward TayloePeter Francis TaylorKenneth TaylorTazaki TeruoDaniel TeijidoJeri Teller-KanzlerHiroshi TeraiMladen TerceljDavid Terpening, Jr.Ajit ThankappanTina ThompsonMargaret ThornKerry ThorneHermann Tischendorf, IIITompkins Scott R.Javier TornerLisa Toro
Daniella TrainoDuyen Nha TranMamadou Sidiki TraoreJames Denis TreacyEduardo Ng TsangHanson TsuiSergey TsvetukhinDeborah TuckerGiancarlo TuratiMartin UnterbergerMarcel van DijkPaul van DomburgKaren Serena Van HorneBartholomeus
van Lodensteijn, Jr.Steve VanArsdaleEnrique Vasquez GranadosM.L. VenkataramanChris VerdonckMajor Sylvain ViauJanis VilimsJason Edward James ViolaManuel Jose ViscasillasRobert VitaliJon VoiculescuNebo VujnovicWakim Julian AndrewEric WalkerHoyt Warren, Jr.Marc WeberIan Lawrence WebsterEsper Boutros WehbeWinston Washington WeirRobert Philip WhiteRolston WiltshireDavid Wan Ying WongAndrew Yeun Fai WongShou-Hsin Mark WuJens WudickTakumi YabukiYukihiro YanagiLi-Jen Lyaw YangSarkis Aram YaralianAkira YazakiSomagarn YordmaneeYu HongKam YuenMichael Wai-Kee YungTeresa Zarza CaballeroStacey Edward ZeiglerPeter ZielkeRoman ZillekGuenter Zimmek
Chapters
PlatinumLondon Chapter National Capital Area Chapter New England Chapter
GoldBirmingham Chapter Charlotte Chapter Chicago Chapter Detroit ChapterHouston ChapterKansas City ChapterLos Angeles ChapterNew Jersey ChapterNew York Metropolitan ChapterNorth Texas ChapterSacramento Chapter
SilverAtlantic Provinces ChapterAustin ChapterCentral Maryland ChapterChina Hong Kong ChapterCincinnati ChapterDenver Chapter
Greater Hartford ChapterQuebec City ChapterSan Francisco ChapterSao Paulo ChapterSouth Carolina Midlands ChapterTulsa Chapter
DonorOttawa Valley ChapterRhode Island ChapterSingapore ChapterVancouver ChapterVirginia Chapter
Corporate Donors and Sponsors
ASIS International Rapid7Dell Secure WorksCitrixIntel/McAfeeCo3 SystemsCourion CorporationDeloitteErnst & YoungGRC SolutionsRegis UniversityHewlett-Packard Jefferson WellsMicrosoftOracle CorporationLewis UniversityProject RX ProtivitiQualysSOAProjectsSymantec TruArxIBM Corporacion Sidif Del CaribeVanguard Integrity
Professionals Inc.
Affiliates
Information Security ForumInstitute of Management
Accountants Inc. ISACA chapters ITGI FranceITGI JapanNorwich UniversityOpen Compliance and
Ethics Group Socitum Performance
Management GroupSolvay Brussels School of
Economics and ManagementStrategic Technology
Management Institute of the National University of Singapore
University of Antwerp Management School
21
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
ISACA Phone: +1.847.253.1545
ITGI Phone: +1.847.660.5700
Fax: +1.847.253.1443
www.isaca.org
www.itgi.org
History of ISACA and ITGI
ISACA’s journey began nearly 46 years ago, in 1967, when a small, but visionary, group of
professionals realized that their work auditing controls for computer systems was
becoming increasingly vital to the overall operational success of their enterprises. Together
they discussed the benefits of developing a centralized source of information and guidance
for their growing field. In 1969, the group formalized and incorporated as the EDP Auditors
Association (EDPAA). The organization’s name was changed to Information Systems Audit
and Control Association (ISACA) in 1994. ISACA now goes by its acronym only, to reflect
the broad range of professionals it serves.
Now, with 100,000 members in 182 countries, ISACA is a leading global provider of
knowledge, certifications, community, advocacy and education on information systems (IS)
assurance and security, enterprise governance and management of IT, and IT-related risk
and compliance. The nonprofit, independent ISACA hosts international conferences,
publishes the ISACA® Journal, and develops international IS auditing and control
standards, which help its constituents ensure trust in, and value from, information systems.
It also advances and attests IT skills and knowledge through the globally respected
Certified Information Systems Auditor® (CISA®), Certified Information Security Manager®
(CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and
Information Systems Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based
on the COBIT framework. This helps IT professionals and enterprise leaders fulfill their IT
governance and management responsibilities, particularly in the areas of assurance,
security, risk and control, and deliver value to the business.
Affiliated with ISACA, the IT Governance Institute (ITGI) was created in 1998 as a nonprofit,
independent research entity that provides guidance for the global business community on
issues related to the enterprise governance of IT assets.
In the years since their inception, ISACA and ITGI have been drivers of extensive
innovation and as a result, have become pace-setting global organizations for IT
governance, security, control and assurance professionals.