In this interview Rob discusses the value and themes in the ISACA World Congress, INSIGHTS 2012; COBIT value; COBIT and Enterprise Architecture / IVI-IF CMF; what’s new in COBIT 5; current disruptive technologies; new innovations in the next five years; opportunities for IT professionals and businesses; controversial topics; CIO versus CTO agendas; board governance and top concerns; itSMF and work on ITIL; top recommended resources; career lessons; the future of professionalism and certifications; and much more.
Robert E. Stroud, CGEIT, CRISC, is a member of ISACA's Strategic Advisory Council, a past international Vice President of ISACA and Chair of ISACA's World Congress INSIGHTS 2012. He is also Vice President of Strategy and Innovation, and service management and governance evangelist at CA Technologies.
Stroud spent more than 15 years in the finance industry successfully managing multiple initiatives in both the IT and retail banking sectors related to IT service management and process governance.
He joined CA from the Australian computer security company, Cybec, where he held several management positions and was responsible for the company's successful global expansion, including entry into the North American market.
Stroud also serves on the itSMF International Board as Treasurer and Director of Audit, Standards and Compliance and leads the itSMF ISO liaisons to multiple working groups.
To listen to the interview, click on this MP3 file link
Interview Time Index (MM:SS) and Topic
What is your role for the ISACA World Congress Insights 2012?
"....As chair the key aspect is to put the right industry thought and topic leaders together so that we can develop strategies for effective integration of the business and technology, and to help the attendees grow in their understanding of the industry and to drive organizations forward...."
In your role as chair what are your five top challenges?
"....Being inspiring....Being innovative....Getting the right speakers....Getting on people's calendars....Delivering a platform and an opportunity for attendees to think about how to be innovative...."
How did the ISACA World Congress evolve?
"....ISACA has been in existence for 41 years and for many years we've had an international conference, a gathering of membership from all over the globe. We decided to evolve the international conference into an event that would be designed for both business and IT (where the technology meets IT) and to go outside the normal realm of risk assurance and security professionals and to help them elevate their craft and vocation to the next level...."
What are the themes for Insights 2012?
"....The future starts today....Keeping an eye on tomorrow....The risks of failing to innovate....Creating a culture of intentional innovation....Information as a business integrator....Solving crime and threats that are coming....Emerging regulations....COBIT lounge...."
Can you quickly profile COBIT and the value?
"....As it has evolved through its framework COBIT is now a business framework for enterprise governance of IT. We hope it will provide a framework for an organization to start with so that they can take their business goals and objectives and drive them into their IT goals and objectives, and ensure that their IT delivery is constantly meeting the business requirements from a process and a legal perspective, regulation, and what the organization requires from a culture perspective...."
How much overlap do you see then between COBIT and Enterprise Architecture?
"....COBIT actually aligns very well with Enterprise Architecture. One of the things that we've identified in COBIT is that Enterprise Architecture is a fundamental aspect of delivery of effective business enablement leveraging technology...."
There's a new kid on the block from the Innovation Value Institute (IVI) — the Capability Maturity Framework (CMF); is there any integration or some kind of synchronicity with IVI and the CMF?
"....With COBIT 5 we've moved to and adopted the ISO standard for process assessment models. What we've done is align each COBIT process with the ISO model so we have an assessable implementation of COBIT going forward....We are very synchronized and you will be able to align it quite well with those various frameworks that look at capabilities and maturity, and it won't really matter where those models come from...."
We've just had a series of questions and answers in terms of COBIT and that itself adds a lot of a value that's being delivered at Insight 2012. Let's broaden that: if you were to segment the attendees by their profiles and job roles, who should attend and what additional value will they receive by profiles and job roles?
"....Security professionals. Security is a hot topic at the moment and you would notice that topics like privacy and protection of information and leveraging effective use of our information are key and hot topics....Assurance professionals. We will be hosting a panel among a number of sessions where we will be talking about assurance topics and various aspects there....Risk professionals. They are going to have an opportunity to attend a number of sessions to discuss risk, risk profiles, mitigation or risk acceptance or how to leverage that....We do expect and we did last year have a sprinkling of C-level executives who are non-IT attend and we are going to show them a lot of the future. Mobility is absolutely exploding globally and attendees will have a great opportunity to discuss this with industry experts and leaders. Another area is operational practice and certain techniques as well....One of the key differentiators of this event is this ability to actually interact with the industry expert rather than be lectured at...."
What five measures will demonstrate success at INSIGHTS 2012?
"....That attendees gain valuable insight at the event.....Repeat attendance....That the attendance is high and at the right number. We are looking to target an appropriate number of industry leaders to come and meet us there....That people will be entertained....That people will walk away with key knowledge that they can take and use...."
What about the future for the World Congress?
"....One of the key things about the World Congress is that we get people from all over the world and different cultures blend together to give a different perspective of how technology is being used....The event is going to continue to move globally. The other future of Insights is that you are going to see more introduction of technology within sessions and more technology interaction going forward, but we don't want to forget that the audience will have direct access to the industry leaders who are available and that interaction is a key aspect...."
How will you measure success on ISACA's Strategic Advisory Council?
"....ISACA's Strategic Advisory Council provides insight, knowledge and research back to the board of directors to assist the board in making strategic decisions for ISACA moving forward....Hopefully we give good input and the outcome of that is successful industry standards, best practices and frameworks that the membership can ultimately use and are very effective. I think it's hard to put a series of measures on it but it's clearly about contributing and giving back to the industry, and one of the things I enjoy about ISACA in general is this opportunity to give back...."
In your past role of International Vice President of ISACA, what surprised you?
"....The interest in things like industry frameworks and standards....That we've seen governance grow as a practice and an area of interest....That at many organizations where I speak which are using the ISACA framework, but they are not aware of it....As I visit ISACA chapters, the acceptance and comradeship – I felt like I was part of a family wherever I travelled...."
Robert describes some of his roles with itSMF and some outcomes from serving in those roles.
"....These industry bodies allow us to give back to the industry so we can drive value to the organization, industry and to the profession...."
Can you detail your prior industry executive roles and some shareable lessons you learned from each role that the audience will find valuable?
"....One of the roles I had in the industry was being involved in security for some time. A key lesson I learned which has continued on is that effective education is a key, and you need to embrace technology that moves forward and not be scared of it, and then educate....An interesting role that I've had is in strategy and innovation. A key aspect is to really understand the business, the business need and the business opportunity for those areas where we can truly grow business opportunities....To be a good industry professional we really need to get back to basic relationships with the business....The other thing I've learned in my career - operations, security, innovation – you've really got to be prepared to change. You've got to be prepared to innovate, re-educate, re-learn, adjust your skillset...."
What are the top resources that you use?
"....The social networking environment....Tools like Bing or Google....Establishing a serious hypothesis and then running a path to a select group of individuals in the industry....Going to an event like Insight and taking the opportunity to actually converse with my peers....Reading blogs, websites, Harvard Business Review....Nothing beats sitting down at a roundtable of industry experts and luminaries...."
What are some disruptive technologies that you see on the horizon and how will they have impact?
"....This whole concept of mobility is so disruptive to the status quo of IT and we really haven't pushed the boundaries of it at all yet....The consumerization of IT....In the last year we've been talking about cloud computing as disruptive technology. Personally cloud computing for me is just another form of capability delivery....Another area of disruption is legislation and regulation. We've seen that recently in the discussion about privacy where you might have an app on your device and what information is being shared....Another disruptive technology is where embedded technology starts to communicate - more intelligence and more interconnected....These types of capabilities are going to change the way we act which will result in cultural changes...."
What specific challenges and opportunities should IT practitioners and businesses embrace today and in the future?
"....The key aspect is what does your organization structure look like so you are delivering the maximum value and that goes back to culture - organizational culture and organizational change....In the adoption of change we're going to be moving more to incremental change that happens more rapidly, it's smaller and easier to be consumed. We have to deliver capability in line with the human psyche and the human capability to learn....Another concept we're going to be seeing going forward is this concept of crowd-sourcing innovation...."
What innovations should we be watching for in the next five years?
"....Concerns about privacy....The ability for us to communicate in a language of choice and the person who is receiving the voice, text, email will actually read the data in their own language....Regulations....Devices that we use more eco-friendly...."
In all the areas in which you work are there two areas that you consider highly controversial?
"....The battle of do we give the business control to determine their own applications usage and systems or not....Consumer devices being brought in by IT....Another area of controversy right now is a cultural one of how do we deal with this new workforce that is coming about? I have a Y-Generation son and he will work just as hard as I but his work practices are different...."
What are your thoughts on computing as a recognized profession with demonstrated professional development, adherence to a code of ethics, and recognized non-licensing based credentials?
[See http://www.ipthree.org and the Global Industry Council, http://www.ipthree.org/about-ip3/global-advisory-council]
"....As a whole we need to ensure that the IT professionals have the appropriate skillset, have the appropriate certification, and more importantly have the appropriate knowledge, and that gets back to the issue that employers need to understand that in order to get the maximum value out of their employees, they need to ensure that their employees' skillsets are maintained and they are given the opportunity to do ongoing education and learning...."
Please share your deep insights - a candid discussion on emerging technologies and that is CIO versus CTO. Areas to consider would be: technology to grow revenue versus technology to increase efficiencies, the impact of business driving the technology decisions, technology perspectives from the customer's point of view, are CIOs becoming the Chief Innovation Officers. What are your thoughts on that?
"....I think we are going to be seeing clear definition or delineation between the CIO and CTO roles. Chief Technology Officer I believe is somebody who understands technology issues, but at the same time is going to have a skillset that is linked to understanding business needs and drivers, and effectively can mesh the business needs and drivers with technology capabilities available in the industry and then can give advice and direct how to execute on that....Chief Innovation Officer is looking to drive value back to the business. To look for innovative solutions and partner with the business in driving innovation....I think that going forward we will see both exist...."
This question is about governance and board insights and some of the discussions that could occur between board members. For example, what would be the Board's top concerns as it relates to the integration of technology and business, who do Board members rely on within the organization, what's the issue about deploying an IT governance program, innovation and its impact on the organization's future success, and preparing the work force for the future. What are your thoughts on board-level discussion on some of these issues?
"....You've got to separate governance from management. Management is about execution of the tasks that are being directed, continuation of control, to ensure effectiveness and efficiency of the systems that deliver capability....Governance is really about evaluating, directing and monitoring....The reality of it is as we move forward, I believe that boards are going to become more interested, and I think the boards are more looking for briefing from people like the Chief Innovation Officers and CTO's on technology capabilities, and become more conversant with opportunities that are out there for them to take advantage of...."