Q&A: Allan Boardman
The chair of ISACA's Credentialing Board talks about the organization's Certified in Risk and Information Systems Control certification.
What does a certification in risk and information systems control cover? CRISC is for professionals who have experience in developing effective controls to manage IT risk. They are the individuals in an enterprise who provide guidance to management on the impact of risk and its effect on business operations and the overall health of the enterprise. They are also responsible for communicating the risk to others throughout the business by establishing a common language for the enterprise.
CRISC, which is based on independent market research and the input of subject-matter experts around the world, is designed to help meet the rising demand for professionals who understand business risk and have the technical knowledge to help achieve effective controls. CRISC-certified professionals have the tools and knowledge to develop a common perspective and language for IT risk within an enterprise.
How does certifying help fill an IT skills gap? Certification provides the enterprise with the confidence that those holding certifications share a similar level of experience and knowledge. Certification can help hiring managers more quickly categorize job candidates by skill level, which is especially important in areas where there are skills gaps or high-growth areas with a large volume of job applicants, not all of whom are equally qualified.
The CRISC professional is able to provide value to an organization by providing insight from an overall organizational perspective on both IT risk and control. The CRISC certification is recognition of that skill and knowledge.
What sort of background is helpful for this type of certification? The CRISC credential is for those who are experienced in both risk and control. The areas of the job practice cover five domains: Risk identification, assessment and evaluation; risk response; risk monitoring; information systems control design and implementation; and IS control monitoring and maintenance.
Experience is required to become certified. Individuals need verified evidence of at least three years of work experience in three of the domains for risk management and IS control.
How might this training and certification help a person understand IT risk management as it applies to overall business process? The focus of the CRISC certification is on the IT risk professional gaining the tools and knowledge to evaluate the enterprise as a whole. Effective enterprise risk management requires an integrated and holistic approach. The first three domains that CRISC focuses on -- risk identification, assessment and evaluation; risk response; and risk monitoring -- provide the framework, from an organizational perspective, for managing and mitigating IT risk across business processes and technology. In addition, CRISC gives risk professionals a common language for communicating within IT and with the greater enterprise about risk. Based on the input from the CRISC professional, enterprises are then able to make effective risk-based decisions and prioritize efforts and resources to those areas that are most at risk.
Silicon Alley Surging
A study called "New Tech City" makes the case that New York is becoming an important hub of the digital economy. The report, from the Center for an Urban Future, notes that, while there is no way to know how many digital startups have been formed in the city, 486 that were founded in the past five years have received angel, seed or venture capital funding. The report's authors estimate that the actual number of technology startups is well above 1,000. Overall, Silicon Alley is still well behind Silicon Valley as a center of technology entrepreneurship, but New York has surpassed Boston as the No. 2 tech hub in the country.
One metric that shows the rise in prominence for technology in the city is employment growth, with IT growth outstripping the average for the city and many of its traditional economic mainstays. Similarly, a comparison of venture capital activity in New York and other U.S. technology centers offers a sense of the area's economic vitality.
New York Job Growth, 2007-12
IT vs. other sectors
- IT: 28.7%
- City average: 3.6%
- Broadcasting: 0.4%
- Securities industry: -5.9%
- Legal services: -7%
- Publishing: -15.8%
- Manufacturing: -29.5%
Growth in Venture Capital Deals by Region,
- New York: 32%
- U.S. average: -11%
- Silicon Valley -1%
- Los Angeles/Orange County: -8%
- New England: -14%
- Texas: -17%
- San Diego: -38%
Source: The Center for an Urban Future's "New Tech City" report, May 2012
More Career Watch columns
- Career Watch: Pay was down for CS grads last year, but IT workers find that money isn't everything
- Career Watch: In-demand skills for 2014
- Career Watch: On job satisfaction, CIOs' perceptions may be skewed
- Career Watch: Paying lip service to work/life balance
- Career Watch: In IT, you don't have to be a star
- Career Watch: IT pros say they're smarter than the boss
- Career Watch: Where job interviews are really tough
- Career Watch: IT professionals assess the IT profession
- Career Watch: QA engineers are just about the happiest workers of all
- Career Watch: Mentoring, from both sides
Read more about Management in Computerworld's Management Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- The CIO's Guide to Enterprise Mobility Management (EMM) This guide will help those making an EMM platform decision make the best choice for their organization.
- Yankee Group: BlackBerry Results Refute Rumors of its Demise Yankee Group: BlackBerry® is stronger than the press makes it out to be.
- Your New EMM Platform: How to Streamline the Migration Smartphone migration can be resource-intensive and challenging. Find out how outsourcing the process can save significant time and money.
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing... All Management White Papers | Webcasts