This site has been retired. It is now a static archive. Some links may not work. Find Rob at TealUnicorn.com

ISACA Bylaws change 2015

Submitted by skeptic on Wed, 2015-06-03 21:37

Share this post with

Rumblings of dissent over ISACA internal governance? Say it ain't so.

I might be a bit late to the party in commenting on the current ISACA bylaws changes. Members are currently voting and it closes in a couple of days. Naturally you can't change your vote now, but if what follows troubles you, you can make a noise.

It took me a while to be convinced that there might be an issue here. I guess part of that resistance was because one expects the organisation which is the proponent of best practice governance would be the ones to execute best practice governance themselves. Historically that seems to have been the case: I have praised ISACA in the past.

But it would appear that there may be an issue with the current bylaws changes proposed by ISACA. I have looked at the issues and I now feel that they are valid enough that we should talk about them.

First, detailed procedural issues with the proposed bylaw changes have been raised which we could talk about for ages. Many of them seem like quite small details to me but there is a fundamental one that is troubling. This is the fact that voting is a unitary yes-no approval of all of the proposed changes to the bylaws instead of voting on each change individually. This is a mechanism which the USA government seems to like in order to smuggle through all sorts of strange provisions in a wider bill. You'd think that an organisation like ISACA would know better than that.

Second, and much more of a concern, is the possible consequences of the changes.

One that is troubling to me is that the CEO of the ISACA organisation is now to be a voting director on the Board. Potentially the situation arises of having a President and CEO in the same person. As somebody who worked for an organisation which has been found in the courts to have acted in a criminal manner and whose CEO is I think still in jail, I know the problems stemmed from the fundamental of having the Chairman and CEO in the same person. This is something that is popular in the United States but is seen in a negative light in most countries. COBIT 5 is clear on the distinction between governance and management. Making the CEO an active director muddies that. [correction: "the CEO is excluded from also becoming the International President (Section 5.12: "At no time shall the CEO of the Corporation serve as an elected officer"]

Of equal concern is the provisions to reduce the quorum needed to make decisions and generally the reduction in the levels of control over the board. Especially since the changes are "providing the Board with the ability to make strategic investments", presumably with the millions of dollars ISACA holds in cash. I for one don't want the Board unilaterally deciding how to spend all that money without consulting the membership.

I'm not sure what to make of "the requirement that the three immediate past presidents be members of the Board, an increase from two in the current Bylaws; an increase in the maximum number of Vice Presidents that may sit on the Board from seven to nine; the addition of a minimum number of five and maximum number of twenty-five total seats on the ISACA Board of Directors". On one hand, the presence of past-presidents creates continuity and stability of direction. On the other hand, a tight little club could easily control the organisation. With 3 past-presidents and nine vice-presidents out of a maximum 25 members, all of whom are nominated by a fairly opaque Nominating Committee, that's potentially a dominant group.

Finally, there is the small matter of the "creation of a non-voting class of member". I believe the scope of this is unspecified. As someone living on the last rock on the planet I feel a certain vulnerability to the possibility that a cabal of North American members could decide that foreigners have much too much influence over the directions of the organisation, for example. Not that the USA ever exhibits xenophobic tendencies of course.

I'm not saying that there is specifically anything wrong with the current direction of ISACA (other than criticisms already made by me), nor anything but the best intentions in the proposed changes. But it troubles me that there is some dissent in this of all organisations. (Yes, some of the push-back is coming from Kiwis).

I do urge all ISACA members to take a good close look at the proposed changes and talk to others about them. Don't treat them as just a formality to tick the box. Make sure that you've thought about what you do before you do so. Sorry about the late notice - I hope we can have some useful discussion about this.

ISACA is a successful organisation that should remain that way. It needs to maintain its integral ties to the membership rather than the corporate organisation, and focus on delivering value to its membership and stewardship of the COBIT body of knowledge.

"The IT Skeptic™", "The Skeptical Informer™", "The IT Swami™", "Chokey the Chimp™" and "BOKKED™" are trademarks of Two Hills Ltd.
ITIL® is a Registered Trade Mark of AXELOS Limited
PRINCE2® is a Registered Trade Mark of AXELOS Limited
M_o_R® is a Registered Trade Mark of AXELOS Limited
P3O® is a Registered Trade Mark of AXELOS Limited
MSP® is a Registered Trade Mark of AXELOS Limited
P3M3® is a Registered Trade Mark of AXELOS Limited
MoV® is a Registered Trade Mark of AXELOS Limited
MoP® is a Registered Trade Mark of AXELOS Limited
ITIL® is registered in the U.S. Patent and Trademark Office.
ITIL Live™ is a trademark of TSO, The Stationery Office.
prISM® is a registered trademark of itSMF International Inc.
COBIT® is a Registered Trade Mark of the Information Systems Audit and Control Association and the IT Governance Institute.
Microsoft® is a Registered Trade Mark of Microsoft Corp. in the United States and/or other countries.
USMBOK™ is a trademarks of the SM101.
CMM® and CMMI® are Registered Trade Marks of Carnegie Mellon University.
ISO® is a Registered Trade Mark of the International Organisation for Standardisation.
KCS was developed by the Consortium for Service Innovation™, www.serviceinnovation.org The KCS Academy, KCS and Adaptive Organization are service marks of the Consortium for Service Innovation™.
DevOps isn't a trademark of anyone.
Except where indicated otherwise, all contents of this site are © Copyright Two Hills Ltd www.twohills.co.nz.

Except where indicated otherwise, the text on this page by Two Hills Ltd is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
Content must be attributed to "© Copyright Two Hills Ltd www.twohills.co.nz by Rob England, The IT Skeptic" plus the URL of the source material.
RSS feeds may be used without permission. Permission is granted for anyone to link to this site.
By accessing or viewing this site, you are deemed to have agreed to the Terms and Conditions and to our Privacy Policy.
The contents of this site are unmoderated submissions from authenticated and unauthenticated users. As such they cannot and do not represent the views of Two Hills Ltd.
Use of any trademarks on this website is not intended in any way to infringe on the rights of the trademark holder.
This site is developed, maintained and hosted by Two Hills Ltd

Made in New Zealand by Rob England