ISACA is an international professional association focused on IT Governance. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.[1][2]


ISACA logo

ISACA originated in United States in 1967,[1] when a group of individuals working on auditing controls in computer systems started to become increasingly critical of the operations of their organizations. They identified a need for a centralized source of information and guidance in the field. In 1969, Stuart Tyrnauer, an employee of the (then) Douglas Aircraft Company, incorporated the group as the EDP Auditors Association (EDPAA).[3] Tyrnauer served as the body's founding chairman for the first three years. In 1976 the association formed an education foundation to undertake large-scale research efforts to expand the knowledge of and value accorded to the fields of governance and control of information technology.

The association became the Information Systems Audit and Control Association in 1994.[4]

By 2008 the organization had dropped its long title and branded itself as ISACA.[5]

Current status

ISACA currently serves more than 110,000 constituents (members and professionals holding ISACA certifications) in more than 180 countries. The job titles of members are such as IS auditor, consultant, educator, IS security professional, regulator, chief information officer and internal auditor. They work in nearly all industry categories. There is a network of ISACA chapters with more than 200 chapters established in over 180 countries. Chapters provide education, resource sharing, advocacy, networking and other benefits.

Major publications


Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is a certification for information technology professionals with experience in managing IT risks, awarded by ISACA. To gain this certification, candidates must pass a written examination and have a minimum of three years work experience in at least three CRISC domains.[10]

The intent of the certification is to provide a common body of knowledge for information technology/systems risk management, and to recognize the knowledge of enterprise and IT risk that a wide range of IT and Business practitioners have acquired, as well as the capability to: design, implement and maintain information system (IS) controls, to mitigate IS/IT risks.

The CRISC requires demonstrated knowledge in five functional areas or ‘domains’ of IT risk management:[11]

See also


  1. 1 2 Archived 2 October 2007 at the Wayback Machine.
  2. Vacca, John (2009). Computer and Information Security Handbook. Morgan Kaufmann Publications. Elsevier Inc. p. 600. ISBN 978-0-12-374354-1.
  3. Katsikas, Sokratis K. (2000). "A Postgraduate Programme on Information and Communication Systems Security". In Qing, Sihan; Eloff, Jan H. P. Information Security for Global Information Infrastructures. IFIP Advances in Information and Communication Technology. 47. Springer. p. 50. ISBN 9780792379140. Retrieved 2013-05-23. [...] the Information Systems Audit and Control Association (ISACA - formerly EDPAA) [...]
  4. Gleim, Irvin N.; Hillison, William A.; Irwin, Grady M. (June 1995). Auditing & systems: objective questions and explanations. 1. 6 (6 ed.). Gainesville, Florida: Accounting Publications. p. 37. ISBN 9780917537745. Retrieved 2013-05-24. In 1994, the association changed its name to the Information Systems Audit and Control Association.
  5. Verschoor, Curtis C. (2008). Audit Committee Essentials. John Wiley & Sons. p. 205. ISBN 9780470337073. Retrieved 2013-05-24. [...] ISACA - previously known as the Information Systems Audit and Control Association [...]
  6. Archived 16 July 2011 at the Wayback Machine.
  7. "Security, Audit and Control Features SAP ERP, 4th Edition". Retrieved 2015-11-03.
  8. "Security, Audit and Control Features SAP ERP, 4th Edition - Review". ERPScan. 2015-09-17. Retrieved 2015-11-03.
  9. "How to Become CRISC Certified: 2015". Retrieved 2015-11-03.
  10. Archived 19 June 2011 at the Wayback Machine.
This article is issued from Wikipedia - version of the 11/15/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.