“The professional association providing leadership in information systems and technologies.” What is the Value of IT Certification? John Boufford, I.S.P., National President Guy Belleperche, I.S.P., CIPS Ottawa President January 29, 2007 Professional Practice in Computing (CSI2911) SITE, University of Ottawa

“The professional association providing leadership in information systems and technologies.” Agenda What is a Professional We Need Better Systems How Do We Get There CIPS Will Be Important in Making It Happen

“The professional association providing leadership in information systems and technologies.” Elements of an IT Professional Designation Database AdminSoftware Develop.Quality AssuranceIT AuditNetwork Mgmt. Other Project Mgmt.Service Mgmt. IT Security … Core IT Body of Knowledge Domain Knowledge Choice of Specializations Code of Ethics & Standards of Practice Legislation Professional Designation (I.S.P.)

“The professional association providing leadership in information systems and technologies.” Agenda What is Professional Certification We Need Better Systems How Do We Get There CIPS Will Be Important in Making It Happen

“The professional association providing leadership in information systems and technologies.” Business & Social Need for Better Systems Errors Need to Be Reduced Reliability Needs to Increase Security/Privacy Must Improve

“The professional association providing leadership in information systems and technologies.” Errors Need to Be Reduced Software failures illustrate importance of professionalism –The Hartwell Group identified 20 recent high profile glitches –61 + million people affected –$30 + million financial impacts –Non-quantifiable program impacts such as lost business, privacy, reputation, project delays, additional medical tests, etc. –Potential Life/Death impacts Failures can be broadly viewed as insufficient IT governance

“The professional association providing leadership in information systems and technologies.” IT Regulatory Compliance Regulatory Compliance –Sarbanes-Oxley (SOX) –C-SOX (Proposed) –Privacy Legislation All have an impact on IT –See following example

“The professional association providing leadership in information systems and technologies.” Catalyst for Projects Certification of Disclosure in Issuers' Annual and Interim Filings (DCAP) Multilateral Instrument Certification of Internal Controls over Financial Reporting (ICOFR) Multilateral Instrument AuditContinuous Disclosure CommitteesObligations Multilateral Instrument National Instrument Canadian PublicIndependence Rules Accountability Board CICA/Provincial Institutes' Rules of Profession Conduct CSA Auditor Oversight National Instrument Others Investor Confidence Rules Example: Regulatory Requirements

“The professional association providing leadership in information systems and technologies.” Infrastructure General Computer Controls General Application Controls Financial Reporting Underwriting Disbursements Treasury Other Level 2 General Computer Controls Change & Configuration Management Network Administration Security Administration Data Center Operations Database Administration O/S Administration Level 3 I.S. Projects Business Projects Automated Application Controls Data Validation, Edit Checks & Output Reconciliations Interface Controls End User Security General Application Controls System Development Change Control Data Recovery Database Management Programmer Security Impact to Enterprise IS Projects Level 1

“The professional association providing leadership in information systems and technologies.” Comments on Regulatory Compliance CIO Sign-off Before CEO Legal Implications Audits are “negative assurances” Audit practices will permeate all IT audits Certified Professionals Are Better Able to Provide the Process Assurances to Allow CIO Sign-off

“The professional association providing leadership in information systems and technologies.” How Do We Get There? Trusted IT Professionals Professionals Who Manage Risk Use of Proven Best Practices

“The professional association providing leadership in information systems and technologies.” Technical Competence is “Table Stakes” Trust –Trusted Competence Mastery of the Core BOK Professional Experience Best Practices –Trusted Intentions Code of Ethics Trusted IT Professionals

“The professional association providing leadership in information systems and technologies.” Professionalism Innovation and Creativity Accountability Knowledge Development About CIPS: Values

“The professional association providing leadership in information systems and technologies.” CIPS Addresses Business Issues By: Certifying/Recertifying individual practitioners Accrediting academic institutions Adopting standards of practice Advocating on behalf of the profession Offering professional development Working with other IT and engineering bodies Disciplining where appropriate

“The professional association providing leadership in information systems and technologies.” Certification: General Info Certification is not vendor specific About 1500 I.S.P. holders across Canada Provincially-administered National Standard –Recognized by statute in 6 provinces as a self-regulating profession –Canadian Information Processing Society of Ontario Act, 1998,c.Pr5 Mutual recognition with other countries

“The professional association providing leadership in information systems and technologies.” International Recognition –Mutual Recognition Agreements Harmonization of Professional Certifications GATS Negotiations

“The professional association providing leadership in information systems and technologies.” Computer Specialists Under General Agreement on Trade in Services (GATS) Canadian “Offer” for "Information and Communications Technology Professionals" Category Includes: –“A License Or Designation Equivalent To The Information Systems Professional - ISP Designation Obtained From The Canadian Information Processing Society Or From A Mutually Recognized Foreign Accreditation Body” Currently An Offer – Not A Commitment

“The professional association providing leadership in information systems and technologies.” Protection of the public Professional credibility Personal integrity and competence Enhanced customer confidence Enhanced professional profile Increased value to employer Certification: Goals

“The professional association providing leadership in information systems and technologies.” CIPS Will Be Important in Making This Happen Code of Ethics Body of Knowledge Best IT Practices Risk Management Standard

“The professional association providing leadership in information systems and technologies.” Code of Ethics Guiding Document for Professional Practice Widely Reviewed and Endorsed Standard for Discipline

“The professional association providing leadership in information systems and technologies.” The Ethical Imperatives I will place my client's interest above my own and nothing will be above the public interest. –I will fairly describe my level of competence and deliver to the claimed level of competence. –I will protect all private or confidential information that I obtain from clients or colleagues. –I will be impartial in giving advice and fully disclose any potential conflicts of interest. –I will work to advance my profession and actively support my professional colleagues.

“The professional association providing leadership in information systems and technologies.” Privacy Commissioner’s Comments “The Office of the Privacy Commissioner of Canada supports the work of IT professionals in setting a Code of Ethics for their profession. The leadership demonstrated by CIPS is to be applauded and emulated. By incorporating privacy protection as a core element of its ethical framework, CIPS not only demonstrates that IT professionals are an integral part of the value chain of their organizations by ensuring that systems – and the information assets they contain are protected against abuse and misuse;... By up-holding the highest standards and putting in place mechanisms for greater professional accountability, IT professionals, through their own ethical conduct and unique expertise, will become important architects of privacy protection in systems and applications.” Jennifer Stoddart -Privacy Commissioner

“The professional association providing leadership in information systems and technologies.” CIPS Will Be Important in Making This Happen Code of Ethics Body of Knowledge Best IT Practices Risk Management Standard

“The professional association providing leadership in information systems and technologies.” Body of Knowledge Adopted the BCS Syllabus Moving Towards to Body of Knowledge Similar to Computer Science Graduate –Not Necessarily Obtained in Degree Program –Alternate Paths to Demonstrate Mastery of BOK

“The professional association providing leadership in information systems and technologies.” CIPS Will Be Important in Making This Happen Code of Ethics Body of Knowledge Best IT Practices Risk Management Standard

“The professional association providing leadership in information systems and technologies.” Best IT Practices – The Future Adopting Best Practices that Will Provide More Rigour to IT Activities –Mandatory vs. Recommended vs. Best Practices –International Standards Linked to I.S.P. Professional Practice Requirements

“The professional association providing leadership in information systems and technologies.” CIPS Will Be Important in Making This Happen Code of Ethics Body of Knowledge Best IT Practices Risk Management Standard

“The professional association providing leadership in information systems and technologies.” Risk Management Standard Emerging Standard of Practice : –All professional assignments must begin with a risk assessment, and risk management must be practiced throughout professional assignments. –Approved in Principle By National Board in April 2006 –SOP Is Now Under Development

“The professional association providing leadership in information systems and technologies.” Summary Business Risks Are Ever-Present CIPS Helps Organizations Manage Risk –CIPS Offers The Only Professional IT Certification In Canada That Is Recognized By Statute –Professional Certification That Embodies Technical Competence AND Professionalism –Discipline –Accreditation Of Educational Institutions –Standards Of Practice Are Emerging –Leads To Highly Professional Workforce And Lower Business Risk Trusted Competence Trusted Intentions

“The professional association providing leadership in information systems and technologies.” “When you’re through changing… you’re through.” Will Rogers

“The professional association providing leadership in information systems and technologies”