April 2014 - COSO and COBIT, ISACA Strategy 2022


Part One: COSO and COBIT

The Committee of Sponsoring Organizations (COSO) first released its internal control framework in 1992. One of the shortcomings of the 1992 COSO framework was a lack of content on Information technology (IT) and IT controls. This was subsequently addressed in its 2013 release. COBIT was first released in 1996 and focused on the audit of IT controls. There were multiple COBIT releases after that to the point where COBIT 5 was released in 2012 and focuses on the governance of enterprise IT. This session will explore the two frameworks and how they complement each other. Organizations that have migrated or are in the process of migrating to COSO 2013 will find COBIT 5 to be a valuable resource.

Part Two: ISACA Strategy 2022

In 2009 the ISACA Board of Directors adopted a three-year strategy that yielded some significant benefits to ISACA members. The initiatives resulting from the strategy were designed to position ISACA to grow, adapt, deliver and position itself as the leading global organization providing knowledge, education, certifications, and membership on information technology (IT) governance, risk and assurance of information systems, while maximizing the value of those systems. Three years later ISACA revisited Strategy 1 findings to ensure continued relevance and give the organization an even sharper focus. Accordingly, the ISACA Board of Directors approved Strategy 2, taking a longer 5-10 year view and creating a more definitive, aspirational profile for the organization. The updated, ten-year strategy became known as S2022 or S22. This session will discuss S22, its current status and the long term benefits to ISACA members.


Ken Vander Wal, CPA, CISA

Ken is a past international president of ISACA and the IT Governance Institute (ITGI). He continues to serve on the boards of both organizations. Ken was a national partner with Ernst & Young until he retired, where he was responsible for the firm’s IT quality and risk management program, as well as its IT SOX compliance and third-party reporting services. With more than 40 years of IT experience, he has understanding of multiple areas of information systems in a variety of industries, including IT auditing and assurance, systems security, quality assurance, systems development, systems programming, and project management.

Before joining Ernst & Young in 1979, Ken worked at the Pentagon, where he developed systems to support the Department of Army staff, and for a computer software company in a systems technical support role.

After retiring from Ernst & Young he joined the Health Information Trust Alliance (HITRUST) where he serves as its chief compliance officer. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF) that can be used by any and all organizations that create, access, store or exchange personal health and financial information.

Ken received his bachelor of arts in mathematics from the University of Iowa and his MBA in information technology from George Washington University, Washington, DC.


Presentation material for this event is not available for posting online at this time.