ISACA's strategy and missed opportunity

is ISACA missing its window of opportunity to own the IT practices space? To be THE body of knowledge, the one ring to rule them all...

I've been critical of ISACA for not living up to their 2009 opportunity to appeal to all IT management practitioners. ISACA has pointed out to me their 2012 strategic shift which I somehow missed, ignored or forgot. The joys of advancing age :(

By 2022, ISACA should become the foremost global organization on the topic of trust in and value from information and information systems, providing constituents with distinctive knowledge and services. ISACA must also provide an expanded set of offerings to help constituents and others enhance the governance and management of information and information systems assets in order to enhance trust in and capture optimal value from IS investments.

That new strategy focuses on the "trust" bit:

Our strategic aspirational view focuses on our global leadership in educating, training and informing professionals and enterprises in the area of trust in information and information systems. We will continue to research and create the knowledge that our core constituents need to succeed in the coming decade and beyond, plus we will reach out to other professionals who may find value in our practical education on building trust within their domains.

...which in practical terms means audit, security, risk, and governance. For more evidence of this, see the COBIT 5 publications to date.

These are fine ideals, and I can understand the desire to not have too grand an ambition for the organisation. But this is a strategy for the next ten years, which in this industry is a lifetime. It's a shame that ISACA doesn't broaden it's target zone to include all IT practices. There is a glimmer of hope for a wider scope in "value from..." and "management of...", but somehow ISACA has decided the most important issue in IT right now is cybersecurity, which to me shows a pretty skewed population they are talking to. As ISACA's 2013 strategy map says, ISACA is for:

Those with professional focus in areas of information and practices related to IT/IS governance, management, security, assurance or risk

(Note the word "management" almost lost in there - another glimmer of hope).

The itSMF is sinking into obscurity and dysfunction. Nobody else is emerging to own the space of IT management and IT practices. Many initiatives exist, including USMBOK, MOF, and lately The Open Group's IT4IT, but none has the mindshare, credibility, and supporting world-wide infrastructure of COBIT.

The world is crying out for one answer, one point of reference, one ring to rule them all. COBIT 5 covers almost all the practices of IT (here's my bigger picture). It is a short step to be that one body of knowledge. Instead ISACA chooses to retreat back into its comfort zone.


Syndicate content