Our organization is the local chapter affiliate of an international body of Information Governance Professionals known as ISACA (Previously known 
as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves). With a membership of over four hundred members locally, we are classified as a large sized chapter.

ISACA Malaysia Chapter was established way back in November 1984. Our first President was none other than the Auditor General himself at that time, the honorable Tan Sri Ahmad Noordin bin Hj Zakaria.

Since then, a few presidents have served the association faithfully. For a list of the current Board of President, Vice President, Secretary, Treasurer, Directors, visit our Board of Directors page.

ISACA Announces A New Certification: Certified in Risk and Information Systems Control (CRISC)

ISACA, a global association of 86,000 IT audit, risk, governance and security professionals, is responding to market demand by introducing a new risk-related certification. The Certified in Risk and Information Systems Control (CRISC) designation is for IT professionals who identify and manage risks through the development, implementation and maintenance of information systems (IS) controls. These professionals help enterprises accomplish business objectives such as effective and efficient operations, reliable financial reporting, and compliance with regulatory requirements.

A grandfathering program, through which experienced professionals can earn the certification without passing an exam, will open in April 2010. The first CRISC exam will be administered in 2011.

CRISC recognizes IT professionals with skills and abilities related to:

• Risk identification, assessment and evaluation
• Risk response
• Risk monitoring
• IS control design and implementation
• IS control monitoring and maintenance

Requirements for CRISC Certification
The CRISC designation is awarded to those individuals with an interest in business and technology risk management as well as the development and implementation of IS controls who have met and continue to meet the following requirements regarding:

1. Successful completion of the CRISC examination
   The examination is open to all individuals who have an interest in business and technology risk management as well as the development and implementation of IS controls. All are encouraged to work toward and take the examination. Successful examination candidates will be sent all information required to apply for certification with their notification of a passing score. For a more detailed description of the exam see the CRISC certification job practice (Available soon).
   
   The CRISC examination will be offered twice a year, starting in 2011.
2. Information systems auditing, control or security experience
   A minimum of 3 years of work experience performing the tasks described in the CRISC job practice is required for certification. There will be no substitutions or experience waivers.
   
   Experience must have been gained within the 10-year period preceding the application date for certification or within five years from the date of initially passing the examination. Retaking and passing the examination will be required if the application for certification is not submitted within five years from the passing date of the examination. All experience must be verified independently with employers.
3. Adherence to the Code of Professional Ethics
   Members of ISACA and/or holders of the CRISC designation agree to a Code of Professional Ethics to guide professional and personal conduct.
4. Adherence to the continuing professional education program
   The objectives of the continuing education program are to:

• Maintain an individual's competency by requiring the update of existing knowledge and skills in the areas of risk and information systems control.
• Provide a means to differentiate between qualified CRISCs and those who have not met the requirements for continuation of their certification
• Provide a mechanism for monitoring risk and information systems control professionals' maintenance of their competency
• Aid top management in developing sound risk and information systems control functions by providing criteria for personnel selection and development

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period. Upon completing the requirements for initial certification, the CRISC will be provided with the CPE policy booklet for detailed criteria to be used in developing a personal CPE program.

CRISC complements ISACA’s three existing certifications:

1. Certified Information Systems Auditor (CISA) is designed for IT professionals who perform independent reviews of control design and operational effectiveness. More than 70,000 professionals have earned the CISA designation since inception
2. Certified Information Security Manager (CISM) is for individuals who manage, design, oversee and/or assess an enterprise’s information security, including the identification and management of information security risks. It has been earned by more than 12,000 professionals since it was launched in 2002.
3. Certified in the Governance of Enterprise IT (CGEIT) is for IT and business professionals who have a significant management, advisory or assurance role relating to the governance of IT, including risk management; It has been earned by more than 4,000 professionals since it was developed in 2006.

For more information about ISACA International, visit their website at www.isacamalaysia.org