My recent visit to ISACAâ€™s international headquarters was just a month after the release of COBIT 5. It brought back some fond memories. COBIT 5 actually has roots that extend more than 40 years back to a group of 25 professionals who met in Los Angeles, California, USA, for the first time in January 1972 and reorganized the EDP (Electronic Data Processing) Auditors Association (EDPAA), now known as ISACA. The association had previously been incorporated in 1969, but operated in an informal manner. Meetings were held irregularly, were partly social, and provided little if any formal professional activities such as training, publications or research.
In the January 1972 meeting we elected a slate of officers (Gene Frank as president and myself as executive vice president) and established regular meetings, dues and a formalized organizational process. Soon after, we developed the first issue of The EDP Auditor Journal (which is now known as ISACA Journal).
During 1972 and 1973 we discussed how our new organization could contribute to the newly emerging profession of EDP auditing. Voila! Why not a set of standards? Better yet, a set of control objectives; something that would not say how to do it, but rather outline from an organizational perspective what system of controls should be established and what should be included.
As one of my first acts as president in 1973, I established a Standards Committee to begin formal work on a document called Control Objectives. Our first meeting was held in November in Los Angeles, and we decided to present an outline of Control Objectives at the 2nd National Conference in Chicago, IllinoisÂ in June 1974. We did just that.
Just as COBIT 5 has expanded the purpose and direction from the original Control Objectives, ISACA too has come a long way. But its driving force is still the same: Â it provides guidance that helps professionals address real, practical issues and challenges. As before, imagination, patience and intelligence are key ingredients to doing well at our jobs.
Many comments that I made in my 8 June 1973 speech when accepting the position of president of EDPAAÂ still ring true. I tried to impress upon attendees that there is no uniform measure of riskâ€”risk acceptable in one company might be intolerable in another. In addition, risk assessment is not our only functionâ€”we have to be able to apprise management of opportunities to improve systems, thereby maximizing the companyâ€™s return on its investment in EDP.
When I emerged from the elevator at the international headquarters recently, my remarks from nearly four decades ago were reaffirmed. On the wall across from me were words that echo my 1973 speech:Â ISACAâ€™s current taglineâ€”Trust in, and value from, information systems.
If I were to give a similar speech today, my closing comments from 39 years ago would remain unchangedâ€”except for the name of the association, of course:
I believe that the EDP Auditors Association has something to offerâ€”to ourselves, both individually and collectivelyâ€”to our respective companies, to the jobs we have and the work we perform, and to other professional groups that are genuinely interested in improving our business and professional community.
The rewards for our efforts? Henry Ward Beecher said, â€˜There never was a person who did anything worth doing who did not receive more than he gave.â€™
And so, I invite you to join me in continuing to build our association.
Howard â€œBudâ€ Friedman
Past International President, ISACA, 1973-1974
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click on the ISACA Now link in the blue box on the left.
View full post on ISACA Now: Posts