Does ISACA offer value to its real members?

ISACA's membership is - reportedly - no longer dominated by security and audit folks. ISACA has a new constituency: the general IT practitioner. Supposedly ISACA wants to align its culture with that new audience, and COBIT 5 is built to be useful in all contexts.

So why aren't we seeing any change? Read the ISACA journal, go to events... the security and audit themes predominate.

I know it takes a long time to change culture but its five years now since ISACA first talked about this.

I blogged about it a year ago

Will ISACA ever shed the audit-and-security culture and embrace a more general IT practitioner orientation as promised by Lynn Lawton four years ago now?
Can COBIT ever be more than a sideshow if they don't? No.
I've been a COBIT fan-boy for those four years, predicting a big future for it. I've bet on the horse but the damn thing hasn't even started to run - it is still in the gates.

These were the comments in response

Marcus
Couldn't agree more. I've also been a Cobit fan for years, but to be honest it seems to go nowhere. Isaca is still an audit/security organization. Worst, those out there who do talk about and work with IT governance don't seem to care about or even know Cobit. And when they do, they don't seem to bother marketing it. Maybe it has something to do with the fact that Cobit is completely ignored by its own target clients. ITIL was successful because it was embraced by IT Managers and practitioners who were desperately looking for a way to "put things in order" at an operational level. But at a more strategic level, nobody seems to care

Aale Roos
I left ISACA because of their marketing. Expensive, glossy paper publications about auditing and security started piling on my desk unread. Tons of boring emails. They put all the money and effort in pushing uninteresting stuff to their poor members. The cost of printing and mailing those magazines to me in Finland surely cost more than my membership fee.

Peter Suba
On a more general level, how do we (is it possible to) get the attention of the people who can make a difference in the way IT is directed and managed? COBIT is not the only framework that CIOs and business leaders (mostly) don't appreciate. ITIL V3 / 2011 has included the strategy publication, but even Service Design (and large parts of Service Transition) are ignored / not implemented, certainly not understood to contain value for top IT management and business folks. Architecture? TOGAF etc - usually an arcane art and very static, little real connection with business design in reality.
COBIT is just more an eyesore because it specifically tries to bridge this gap so the fact its largely ignored by the (supposed) target audience makes it more obvious. But I feel there is still a lot to do to make that "IT-Business alignment" happen.
I don't think IT is alone in this, BTW (although as this is our profession, this hurts most for us). Other functions such as HR is complaining about this for decades. Is this lack of structural integration between the "generic business" and the specialised areas such as IT always going to be something to work on? I have a suspicion it will be... Just because of entropy, we'll just need to work on it to avoid opening up that divide further, but won't ever fully close it.

Marcus
Wat Aale said is totally true. If you are into audit or security, volume of ISACA material sent to a member is astonishing. But if you are into governance, it is just a waste of money and the majority of it just goes to trash can without even been read.

Cary King
I left ISACA for two reasons.
First, yes, ISACA is almost totally focused on Security and Audit.
And, second, after passing the CGEIT exam, I found that my more than 30 years of experience in IT simply didn't count with them because I hadn't been IT auditor or security person. Even those years I spent as a CPA before getting into IT, and my Law practice, and being Director of Finance for a large IT provider - didn't qualify me.

Has anything changed in the past year? I think not.

I may have to put my money on a different horse.

Syndicate content