ISACA Bylaws change 2015

Rumblings of dissent over ISACA internal governance? Say it ain't so.

I might be a bit late to the party in commenting on the current ISACA bylaws changes. Members are currently voting and it closes in a couple of days. Naturally you can't change your vote now, but if what follows troubles you, you can make a noise.

It took me a while to be convinced that there might be an issue here. I guess part of that resistance was because one expects the organisation which is the proponent of best practice governance would be the ones to execute best practice governance themselves. Historically that seems to have been the case: I have praised ISACA in the past.

But it would appear that there may be an issue with the current bylaws changes proposed by ISACA. I have looked at the issues and I now feel that they are valid enough that we should talk about them.

First, detailed procedural issues with the proposed bylaw changes have been raised which we could talk about for ages. Many of them seem like quite small details to me but there is a fundamental one that is troubling. This is the fact that voting is a unitary yes-no approval of all of the proposed changes to the bylaws instead of voting on each change individually. This is a mechanism which the USA government seems to like in order to smuggle through all sorts of strange provisions in a wider bill. You'd think that an organisation like ISACA would know better than that.

Second, and much more of a concern, is the possible consequences of the changes.

One that is troubling to me is that the CEO of the ISACA organisation is now to be a voting director on the Board. Potentially the situation arises of having a President and CEO in the same person. As somebody who worked for an organisation which has been found in the courts to have acted in a criminal manner and whose CEO is I think still in jail, I know the problems stemmed from the fundamental of having the Chairman and CEO in the same person. This is something that is popular in the United States but is seen in a negative light in most countries. COBIT 5 is clear on the distinction between governance and management. Making the CEO an active director muddies that. [correction: "the CEO is excluded from also becoming the International President (Section 5.12: "At no time shall the CEO of the Corporation serve as an elected officer"]

Of equal concern is the provisions to reduce the quorum needed to make decisions and generally the reduction in the levels of control over the board. Especially since the changes are "providing the Board with the ability to make strategic investments", presumably with the millions of dollars ISACA holds in cash. I for one don't want the Board unilaterally deciding how to spend all that money without consulting the membership.

I'm not sure what to make of "the requirement that the three immediate past presidents be members of the Board, an increase from two in the current Bylaws; an increase in the maximum number of Vice Presidents that may sit on the Board from seven to nine; the addition of a minimum number of five and maximum number of twenty-five total seats on the ISACA Board of Directors". On one hand, the presence of past-presidents creates continuity and stability of direction. On the other hand, a tight little club could easily control the organisation. With 3 past-presidents and nine vice-presidents out of a maximum 25 members, all of whom are nominated by a fairly opaque Nominating Committee, that's potentially a dominant group.

Finally, there is the small matter of the "creation of a non-voting class of member". I believe the scope of this is unspecified. As someone living on the last rock on the planet I feel a certain vulnerability to the possibility that a cabal of North American members could decide that foreigners have much too much influence over the directions of the organisation, for example. Not that the USA ever exhibits xenophobic tendencies of course.

I'm not saying that there is specifically anything wrong with the current direction of ISACA (other than criticisms already made by me), nor anything but the best intentions in the proposed changes. But it troubles me that there is some dissent in this of all organisations. (Yes, some of the push-back is coming from Kiwis).

I do urge all ISACA members to take a good close look at the proposed changes and talk to others about them. Don't treat them as just a formality to tick the box. Make sure that you've thought about what you do before you do so. Sorry about the late notice - I hope we can have some useful discussion about this.

ISACA is a successful organisation that should remain that way. It needs to maintain its integral ties to the membership rather than the corporate organisation, and focus on delivering value to its membership and stewardship of the COBIT body of knowledge.

Syndicate content