Q&A: Allan Boardman
The chair of ISACA's Credentialing Board talks about the organization's Certified in Risk and Information Systems Control certification.
What does a certification in risk and information systems control cover? CRISC is for professionals who have experience in developing effective controls to manage IT risk. They are the individuals in an enterprise who provide guidance to management on the impact of risk and its effect on business operations and the overall health of the enterprise. They are also responsible for communicating the risk to others throughout the business by establishing a common language for the enterprise.
CRISC, which is based on independent market research and the input of subject-matter experts around the world, is designed to help meet the rising demand for professionals who understand business risk and have the technical knowledge to help achieve effective controls. CRISC-certified professionals have the tools and knowledge to develop a common perspective and language for IT risk within an enterprise.
How does certifying help fill an IT skills gap? Certification provides the enterprise with the confidence that those holding certifications share a similar level of experience and knowledge. Certification can help hiring managers more quickly categorize job candidates by skill level, which is especially important in areas where there are skills gaps or high-growth areas with a large volume of job applicants, not all of whom are equally qualified.
The CRISC professional is able to provide value to an organization by providing insight from an overall organizational perspective on both IT risk and control. The CRISC certification is recognition of that skill and knowledge.
What sort of background is helpful for this type of certification? The CRISC credential is for those who are experienced in both risk and control. The areas of the job practice cover five domains: Risk identification, assessment and evaluation; risk response; risk monitoring; information systems control design and implementation; and IS control monitoring and maintenance.
Experience is required to become certified. Individuals need verified evidence of at least three years of work experience in three of the domains for risk management and IS control.
How might this training and certification help a person understand IT risk management as it applies to overall business process? The focus of the CRISC certification is on the IT risk professional gaining the tools and knowledge to evaluate the enterprise as a whole. Effective enterprise risk management requires an integrated and holistic approach. The first three domains that CRISC focuses on -- risk identification, assessment and evaluation; risk response; and risk monitoring -- provide the framework, from an organizational perspective, for managing and mitigating IT risk across business processes and technology. In addition, CRISC gives risk professionals a common language for communicating within IT and with the greater enterprise about risk. Based on the input from the CRISC professional, enterprises are then able to make effective risk-based decisions and prioritize efforts and resources to those areas that are most at risk.
Silicon Alley Surging
A study called "New Tech City" makes the case that New York is becoming an important hub of the digital economy. The report, from the Center for an Urban Future, notes that, while there is no way to know how many digital startups have been formed in the city, 486 that were founded in the past five years have received angel, seed or venture capital funding. The report's authors estimate that the actual number of technology startups is well above 1,000. Overall, Silicon Alley is still well behind Silicon Valley as a center of technology entrepreneurship, but New York has surpassed Boston as the No. 2 tech hub in the country.
One metric that shows the rise in prominence for technology in the city is employment growth, with IT growth outstripping the average for the city and many of its traditional economic mainstays. Similarly, a comparison of venture capital activity in New York and other U.S. technology centers offers a sense of the area's economic vitality.
New York Job Growth, 2007-12
IT vs. other sectors
- IT: 28.7%
- City average: 3.6%
- Broadcasting: 0.4%
- Securities industry: -5.9%
- Legal services: -7%
- Publishing: -15.8%
- Manufacturing: -29.5%
Growth in Venture Capital Deals by Region,
- New York: 32%
- U.S. average: -11%
- Silicon Valley -1%
- Los Angeles/Orange County: -8%
- New England: -14%
- Texas: -17%
- San Diego: -38%
Source: The Center for an Urban Future's "New Tech City" report, May 2012
More Career Watch columns
- Career Watch: Top perks for IT jobs
- Career Watch: The rise of people architecture
- Career Watch: Pay was down for CS grads last year, but IT workers find that money isn't everything
- Career Watch: In-demand skills for 2014
- Career Watch: On job satisfaction, CIOs' perceptions may be skewed
- Career Watch: Paying lip service to work/life balance
- Career Watch: In IT, you don't have to be a star
- Career Watch: IT pros say they're smarter than the boss
- Career Watch: Where job interviews are really tough
- Career Watch: IT professionals assess the IT profession
Read more about Management in Computerworld's Management Topic Center.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Education/Training White Papers | Webcasts