Career Insights with Allan Boardman

The Business Case for Certifications

In the wake of widely published corporate frauds, scandals and information security incidents, organizations recognize that proper governance of information systems is essential to survival in today's ever-changing digital world. It is therefore not surprising that senior business executives are increasingly looking to their information security, risk management and governance staff to adopt a more professional approach to their work to ensure that risks are mitigated and value is achieved from information systems.

So, how do the people assigned with helping organizations ensure trust in and value from information systems go about demonstrating their professionalism? A key part is to show that they have the right people with the right skills and experience in place. With the complexity of information systems, increased risk, and the need for compliance, it is more important than ever that organizations recruit and retain employees who can take a comprehensive view of information systems, including their trust and value relationships to organizational success.

This is where certifications come in. Certifications can provide the assurance that certified individuals have the necessary knowledge, skills and experience in key areas such as information security, risk management, audit and governance. It is important that organisations hire staff with the appropriate certifications, as well as create an environment for existing staff to train for and attain such certifications.

When I first arrived in the UK 30 years ago, that I was a Chartered Accountant (CA), significantly improved my job prospects. In addition, the international recognition of this designation helped me secure job offers in three different countries.

So, what criteria should individuals look for in certifications? Global focus, reach and coverage, including a common body of knowledge, are important. My friend is moving to a new job in Hong Kong, where he has never been before, and I am sure that his globally recognized Certified Information Systems Auditor (CISA) credential made a big difference in him landing the job.

Also, Bob Smart, an ISACA member from Australia, found ISACA's CISA credential to be a critical addition to his resume. "Most top-tier professional services organizations in Australia expect IT consultants to achieve CISA status before being promoted to senior ranks. As a result, becoming a CISA was an important step in my career, said Smart. "I am confident that having the CISA credential helped me with at least one promotion, and my co-workers found value in achieving the CISA certification as well. Each of my former team members at PwC is either a CISA or has passed the exam and is awaiting certification."

Organizations employing certification holders also benefit. It demonstrates to the outside world that the organisations have invested in professionals who possess demonstrated knowledge and skills in the key areas of information security, risk management, audit and governance.

"I believe that having the CISA and CRISC credentials helped me secure my new job as ICT security manager at Shared Services of South Australia, a state government agency that is a large provider of business and ICT services to government agencies," Smart says. "The certifications were a clear differentiator that helped me stand out from other candidates. The executive I report to recognized that my credentials provide me with a breadth of knowledge, and he also supported me in registering for the June Certified Information Security Manager (CISM) exam."

Again, in an increasingly regulated world, regulators and assessors across the globe take a keen interest in understanding the professional skills and experience profiles, including certifications, of staff who work in risk, security and assurance functions.

There is also an increasing need worldwide for individuals to hold certain certifications as prerequisites to obtaining a particular position, or as requirements to perform a certain type of assessment. As employers increasingly realize the importance of information risk management, security, audit and governance, they look to certifications to identify prospective employees with experience and expertise in these fields.

So what is in it for the individual? (This is an important question for me, as I've pursued seven different certifications!) It is important to recognise that, just as good college grades do not guarantee a job, a certification is no guarantee that you will land the job you are after. However, it can get you past the initial screening process and allow you to get your foot in the door. It may even be the deciding factor in the later or final stages of the interview. It demonstrates to your prospective employer that you have the necessary skills and that you take your professional development seriously. Membership in a professional association is also excellent proof that the individual is keeping up to date with the fast-changing technological world. By supporting a professional membership and certification, your enterprise can be certain that it is receiving a solid return on its investment.

When you work long and hard to earn a certification, it's good to know that you might receive benefits and recognition after you have accomplished your goal. In addition, to providing the satisfaction of achieving a difficult endeavour, many people say that earning a certification has increased their professional credibility, enabled them to add more value to their employers and helped them get a promotion. Achieving a reputable certification can have a positive effect on an individual's career and earnings potential. Passing an exam and earning a certification can be a time-consuming activity, but this investment in yourself and your professional advancement can bring plenty of rewards.

Allan Boardman is the information risk manager at a major financial institution in the UK, and a director at ISACA.

About the Author

Allan Boardman

Allan Boardman

International Vice President, ISACA

Boardman began his career with Deloitte in Cape Town, South Africa, and has more than 30 years of experience in IT audit, risk, security and consultancy roles at companies such as JPMorgan, Goldman Sachs, KPMG, PricewaterhouseCoopers, Marks and Spencer and the London Stock Exchange. He is a past president of the ISACA London Chapter and has served on the British Computer Society's Information Risk Management and Audit Committee. He has also served on and chaired ISACA's CISM Certification Committee and the Leadership Development Committee. He currently chairs ISACA's Credentialing Board and is a member of the association's Strategic Advisory Council.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.