Q&A: Allan Boardman
The chair of ISACA's Credentialing Board talks about the organization's Certified in Risk and Information Systems Control certification.
What does a certification in risk and information systems control cover? CRISC is for professionals who have experience in developing effective controls to manage IT risk. They are the individuals in an enterprise who provide guidance to management on the impact of risk and its effect on business operations and the overall health of the enterprise. They are also responsible for communicating the risk to others throughout the business by establishing a common language for the enterprise.
CRISC, which is based on independent market research and the input of subject-matter experts around the world, is designed to help meet the rising demand for professionals who understand business risk and have the technical knowledge to help achieve effective controls. CRISC-certified professionals have the tools and knowledge to develop a common perspective and language for IT risk within an enterprise.
How does certifying help fill an IT skills gap? Certification provides the enterprise with the confidence that those holding certifications share a similar level of experience and knowledge. Certification can help hiring managers more quickly categorize job candidates by skill level, which is especially important in areas where there are skills gaps or high-growth areas with a large volume of job applicants, not all of whom are equally qualified.
The CRISC professional is able to provide value to an organization by providing insight from an overall organizational perspective on both IT risk and control. The CRISC certification is recognition of that skill and knowledge.
What sort of background is helpful for this type of certification? The CRISC credential is for those who are experienced in both risk and control. The areas of the job practice cover five domains: Risk identification, assessment and evaluation; risk response; risk monitoring; information systems control design and implementation; and IS control monitoring and maintenance.
Experience is required to become certified. Individuals need verified evidence of at least three years of work experience in three of the domains for risk management and IS control.
How might this training and certification help a person understand IT risk management as it applies to overall business process? The focus of the CRISC certification is on the IT risk professional gaining the tools and knowledge to evaluate the enterprise as a whole. Effective enterprise risk management requires an integrated and holistic approach. The first three domains that CRISC focuses on -- risk identification, assessment and evaluation; risk response; and risk monitoring -- provide the framework, from an organizational perspective, for managing and mitigating IT risk across business processes and technology. In addition, CRISC gives risk professionals a common language for communicating within IT and with the greater enterprise about risk. Based on the input from the CRISC professional, enterprises are then able to make effective risk-based decisions and prioritize efforts and resources to those areas that are most at risk.
Silicon Alley Surging
A study called "New Tech City" makes the case that New York is becoming an important hub of the digital economy. The report, from the Center for an Urban Future, notes that, while there is no way to know how many digital startups have been formed in the city, 486 that were founded in the past five years have received angel, seed or venture capital funding. The report's authors estimate that the actual number of technology startups is well above 1,000. Overall, Silicon Alley is still well behind Silicon Valley as a center of technology entrepreneurship, but New York has surpassed Boston as the No. 2 tech hub in the country.
One metric that shows the rise in prominence for technology in the city is employment growth, with IT growth outstripping the average for the city and many of its traditional economic mainstays. Similarly, a comparison of venture capital activity in New York and other U.S. technology centers offers a sense of the area's economic vitality.
New York Job Growth, 2007-12
IT vs. other sectors
- IT: 28.7%
- City average: 3.6%
- Broadcasting: 0.4%
- Securities industry: -5.9%
- Legal services: -7%
- Publishing: -15.8%
- Manufacturing: -29.5%
Growth in Venture Capital Deals by Region,
- New York: 32%
- U.S. average: -11%
- Silicon Valley -1%
- Los Angeles/Orange County: -8%
- New England: -14%
- Texas: -17%
- San Diego: -38%
Source: The Center for an Urban Future's "New Tech City" report, May 2012
More Career Watch columns
- Career Watch: Getting the bottom line into your resume
- Career Watch: How IT can be influential
- Career Watch: Crunching the BLS jobs figures
- Career Watch: Who's the best-paid CIO in the land?
- Career Watch: Top perks for IT jobs
- Career Watch: The rise of people architecture
- Career Watch: Pay was down for CS grads last year, but IT workers find that money isn't everything
- Career Watch: In-demand skills for 2014
- Career Watch: On job satisfaction, CIOs' perceptions may be skewed
- Career Watch: Paying lip service to work/life balance
Read more about Management in Computerworld's Management Topic Center.
- Maintain Less. Create More. Spend less on maintenance and spend more time creating with Red Hat Enterprise Linux. Read on to learn how Red Hat can help...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- AIIM Trendscape: The New Mobile Reality This AIIM Trendscape report shares data, expert opinions, and a unique perspective on the impact of cloud and mobility in the enterprise, surfacing...
- Empowering Your Mobile Workers A modern mobile IT strategy is no longer an option, it is an absolute necessity. Here's how some of the nation's most progressive...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Management White Papers | Webcasts