ISACA

https://www.isaca.org

ISACA is a global professional association dedicated to advancing digital trust through information technology governance, auditing, risk management, and cybersecurity. Established in 1969, its mission is to empower members throughout their careers by providing comprehensive knowledge, skills, credentials, and access to a global community, preparing them to meet challenges and drive innovation. The organization's headquarters are located in Schaumburg, Illinois, U.S..

ISACA serves individuals and organizations globally who prioritize trust across IT audit and assurance, information and cybersecurity, governance, risk management, compliance, privacy, and emerging technologies. Key offerings include a portfolio of professional certifications such as CISA, CISM, CRISC, CGEIT, CDPSE, and newer credentials like Certified Cybersecurity Operations Analyst (CCOA) and Advanced in AI Audit (AAIA). The association also develops and maintains frameworks like COBIT, publishes research and guidance, offers training programs, and hosts international conferences, fostering a worldwide network through its numerous local chapters..

In recent developments, ISACA has placed a significant focus on artificial intelligence, introducing new AI-related certifications and conducting research on the technology's impact on privacy and cybersecurity. The organization's 2025-2026 Board of Directors is led by Chair John De Santis and CEO Erik Prusch. With over 185,000 members across more than 180 countries and nearly 230 chapters, ISACA maintains a strong global presence, continually adapting its resources and initiatives to address the evolving technological landscape and workforce needs, including expanding scholarship programs through the ISACA Foundation.

Latest updates

ISACA Launches AI Risk Certification Amid Growing Control Gap

Event summary

  • ISACA has introduced the Advanced in AI Risk (AAIR) certification, targeting IT risk professionals.
  • The AAIR credential focuses on AI risk governance, lifecycle management, and program management.
  • Prerequisites include existing risk management experience and one of 25 prerequisite certifications.
  • ISACA also recently launched the ISACA Advanced in AI Audit (AAIA) and ISACA Advanced in AI Security Management (AAISM) credentials.
  • ISACA has over 185,000 members across 190 countries and nearly 230 chapters.

The big picture

The launch of AAIR underscores a growing disconnect between the rapid adoption of AI and the ability of organizations to manage the associated risks. This signals a rising demand for specialized expertise and a potential shift towards formalized AI risk governance frameworks. ISACA’s move positions them as a key player in the emerging market for AI risk management training and certification, a market likely to grow as AI becomes more pervasive across industries.

What we're watching

Adoption Pace
The speed at which organizations integrate the AAIR certification into their AI risk management frameworks will indicate the severity of the perceived skills gap.
Competitive Landscape
Other professional bodies will likely respond to ISACA’s move, potentially creating a fragmented market for AI risk training and certification.
Regulatory Impact
Increased regulatory scrutiny of AI risk will likely drive demand for specialized certifications like AAIR, but could also introduce compliance burdens for participating organizations.

ISACA Foundation Scholarships Expand, Targeting Underrepresented Tech Talent

Event summary

  • The ISACA Foundation is expanding its scholarship program to increase access to IT audit and cybersecurity careers.
  • Over $1.4 million in scholarships have been awarded to over 800 students since 2022.
  • In 2025, 53% of scholarship recipients identified as women, and five students presented at a professional conference.
  • The program now operates in 29 countries and has 11 new ISACA chapter partners.
  • The ISACA Foundation received a Power of Associations Gold Award in 2023 for increasing access to cybersecurity degrees.

The big picture

ISACA's expanded scholarship program reflects the growing urgency to address the cybersecurity skills shortage and promote diversity within the tech sector. By investing in future talent, ISACA aims to bolster the digital trust ecosystem and mitigate risks associated with a lack of qualified professionals. This initiative aligns with broader industry efforts to create a more inclusive and resilient technology workforce.

What we're watching

Talent Pipeline
The success of ISACA’s initiative hinges on its ability to translate scholarship recipients into a sustainable pipeline of qualified professionals for the cybersecurity industry, which faces a persistent skills gap.
Partnership Scale
Whether ISACA can maintain the momentum of its chapter and corporate partnerships will be crucial for expanding the scholarship program’s reach and impact, particularly in emerging markets.
Funding Sustainability
The long-term viability of the scholarship program depends on securing consistent funding from corporate sponsors and potentially diversifying revenue streams beyond existing partnerships.

AI Security Lags: Most Firms Lack Shutdown Response Plans

Event summary

  • ISACA’s 2026 AI Pulse Poll surveyed over 3,400 digital trust professionals globally.
  • 56% of respondents stated they do not know how quickly they could halt an AI system in a security incident.
  • Only 36% of organizations require human approval for most AI-generated actions.
  • A significant 32% of respondents believe their board/executives would be responsible if an AI system caused harm.

The big picture

The findings highlight a critical disconnect between the rapid adoption of AI and the maturity of governance and security practices. This gap creates substantial operational and legal risk for organizations, particularly as AI becomes more deeply integrated into core business processes and decision-making. The lack of clarity around accountability and incident response underscores a systemic challenge in managing the emerging risks associated with AI deployment.

What we're watching

Governance Dynamics
The shift in perceived responsibility for AI-related harm, with boards and executives increasingly seen as accountable, suggests a broader governance overhaul is likely to be required across organizations.
Regulatory Headwinds
The lack of clear disclosure requirements around AI usage and the uncertainty surrounding incident response will likely draw increased scrutiny from regulators, potentially leading to stricter compliance mandates.
Execution Risk
The inability to rapidly shut down AI systems in a security incident exposes organizations to significant operational and reputational risk, which will necessitate investment in automated response capabilities and robust incident management processes.

ISACA Conference Signals Growing Focus on AI Governance and Cybersecurity

Event summary

  • ISACA’s 2026 North America Conference will be held in Las Vegas, NV, from May 6-8, 2026, with both in-person and virtual attendance options.
  • The conference will focus on IT audit, risk management, governance, cybersecurity, privacy, and emerging technologies, including AI governance and digital identity.
  • Registration costs US$1,545 - US$2,045 for members and US$1,645 - US$2,045 for non-members, with workshops ranging from US$950 to US$1,200.
  • Keynote speakers include Shelly Palmer, Theresa Payton, and Shola Richards, addressing AI, cybersecurity, and resilience strategies.

The big picture

The ISACA conference underscores the escalating importance of governance and risk management in the face of rapid technological advancements, particularly in AI. With a global membership of 195,000+, ISACA's focus reflects a broader industry shift towards proactive risk mitigation and ethical technology deployment. The inclusion of workshops and certifications signals a move towards standardized training and credentialing in these critical areas.

What we're watching

Governance Dynamics
Increased scrutiny of AI governance practices will likely accelerate the adoption of frameworks and standards beyond those currently offered by ISACA, potentially impacting their market share.
Regulatory Headwinds
The emphasis on privacy by design and human-centric compliance suggests growing regulatory pressure, which could force organizations to invest more heavily in compliance solutions and training.
Execution Risk
The continued reliance on in-person and virtual formats, alongside pre-conference workshops, presents logistical and operational challenges that could impact attendee satisfaction and overall event success.

ISACA Updates Audit Framework to Address AI, Digital Trust

Event summary

  • ISACA released the 5th edition of its IT Audit Framework (ITAF) on February 26, 2026.
  • The update incorporates terminology, examples, and scope changes to address emerging technologies like cloud computing, AI/ML, and business automation.
  • ITAF provides standards for IT audit and assurance professionals, covering ethics, responsibilities, and audit practices.
  • The framework includes an updated ITAF Companion Performance Guidelines 2208 for audit sampling.
  • Mary Carmichael, Executive Advisor at Momentum Technology, led the development of the 5th edition.

The big picture

The update to ITAF signals a growing recognition of the need for specialized audit practices in an environment increasingly dominated by AI and cloud technologies. With over 195,000 members globally, ISACA’s framework carries significant weight in shaping IT audit standards and influencing organizational practices. The emphasis on digital trust reflects a broader shift towards greater accountability and transparency in the use of technology, particularly as regulatory scrutiny intensifies.

What we're watching

Adoption Rate
The speed at which audit teams adopt the new framework will indicate the industry’s responsiveness to evolving digital trust concerns and the perceived value of ISACA’s guidance.
AI Governance
How effectively the framework’s AI audit guidance is implemented will shape the broader landscape of AI governance and accountability within organizations.
Competitive Response
Other standards bodies may react to ISACA’s enhanced framework, potentially leading to a consolidation or fragmentation of IT audit best practices.

ISACA Expands 2026 Event Slate Amid Rising Digital Trust Demands

Event summary

  • ISACA will host four flagship events in 2026: North America (Las Vegas, May 6-8), GRC (San Diego, August 17-19, co-hosted with IIA), Europe (Munich, October 7-9), and a Virtual Conference (December 1-3).
  • The organization offers a range of virtual learning opportunities, including student summits, webinars, summits, workshops focused on Advanced AI certifications, and a Member-Experience Leadership Series.
  • ISACA boasts a global community of 195,000+ members across 190 countries and 230 chapters.
  • Customized corporate training programs are available, tailored for IT assurance, security, governance, and risk management professionals.

The big picture

ISACA’s expanded 2026 event schedule reflects the growing importance of digital trust and cybersecurity in a rapidly evolving technological landscape. The organization's focus on governance, risk, and compliance aligns with increasing regulatory scrutiny and corporate responsibility. With a large global membership base, ISACA is positioned to capitalize on the demand for specialized training and certifications, but must navigate the competitive landscape of professional development providers.

What we're watching

Governance Dynamics
The co-hosting of the GRC Conference with the IIA signals a deepening convergence of internal audit and broader governance practices, potentially creating new service offerings and competitive pressures.
Certification Demand
The focus on Advanced AI certifications through virtual workshops suggests ISACA anticipates significant demand for specialized training, and its success will depend on the perceived value and rigor of these credentials.
Regional Expansion
The continued expansion of events across North America, Europe, and the potential for future expansion into Asia-Pacific will be a key indicator of ISACA’s ability to maintain relevance in diverse regulatory and cultural contexts.

ISACA Awards Highlight Cybersecurity, Governance Leaders

Event summary

  • ISACA is recognizing six technology professionals and chapters with its 2026 Global Achievement Awards and Hall of Fame induction.
  • Mercy Omollo (ISUZU East Africa) received the ISACA Technology for Humanity Award for bridging cybersecurity access and promoting tech education.
  • Pongpisit Wuttidittachotti (Thailand) won the ISACA Educational Excellence Award for contributions to GRC and cybersecurity education.
  • Sushila Nair (Cybernetic, LLC) received the ISACA Inspirational Leadership Award for contributions to cybersecurity advancement and chapter development.
  • Voting for the ISACA Eugene Frank Founders Award, the highest recognition for an ISACA member, is open until February 15, 2026.

The big picture

ISACA's awards program serves as a bellwether for the evolving priorities within the IT audit, risk, governance, privacy, and cybersecurity fields. The recognition of individuals and chapters underscores the growing importance of these disciplines in a rapidly changing digital landscape, particularly as organizations grapple with increased cyber threats and regulatory pressures. The emphasis on education and leadership suggests a strategic shift towards building a more resilient and knowledgeable workforce.

What we're watching

Regional Focus
The awards highlight a growing emphasis on cybersecurity and governance in emerging markets like Kenya and Thailand, suggesting increased investment and regulatory scrutiny in those regions.
Volunteer Engagement
The recognition of chapter leadership and volunteer efforts indicates the importance of community building and peer-to-peer learning within the cybersecurity and governance professional landscape.
Skills Gap
The focus on educational excellence and leadership underscores the ongoing need to address the cybersecurity skills gap and cultivate the next generation of professionals.

Privacy Budgets Squeeze Teams as Stress Levels Surge

Event summary

  • ISACA's 'State of Privacy 2026' survey found 65% of privacy professionals report increased stress compared to five years ago.
  • Privacy team sizes have shrunk significantly, with the median staff size dropping from eight in 2025 to five in 2026.
  • Nearly half (43%) of privacy professionals report their privacy budget is underfunded, and 50% anticipate a decrease in the next 12 months.
  • Organizations are increasingly concerned about managing risks associated with new technologies (52%) and lack of competent resources (43%).

The big picture

The ISACA report highlights a growing disconnect between the escalating complexity of data privacy regulations and the resources allocated to manage them. This trend, if unchecked, could lead to a systemic weakening of privacy programs across industries, increasing the likelihood of data breaches and regulatory penalties. The shift towards AI in privacy functions, while promising, also introduces new risks related to algorithmic bias and data security.

What we're watching

Governance Dynamics
The trend of shrinking privacy teams and budget cuts suggests a potential governance failure, as organizations may be underinvesting in a critical risk area, potentially exposing them to increased regulatory scrutiny and financial penalties.
Regulatory Headwinds
The increasing complexity of international legal and regulatory landscapes, coupled with a lack of understanding of privacy obligations, will likely accelerate the need for specialized expertise and potentially lead to more frequent compliance failures.
Execution Risk
The reliance on contract employees and training non-privacy staff to fill skills gaps introduces execution risk, as these resources may lack the depth of experience needed to effectively address increasingly sophisticated privacy threats.
CID: 598