IT Professional societies have struggled to identify a meaningful Body of Knowledge that should be mastered by all IT Professionals. The two leading US societies for IT Professionals, the ACM and the IEEE-CS, cooperated in the development of a major Computing Curriculum Report (CC2005). This report provides a useful graphical view of the “Problem Space of Computing”. They developed a two-dimensional model, with a theoretical-to-applied horizontal dimension, and five vertical areas of concentration. It was represented as:

The Council of European Professional Informatics Societies, CEPIS, recently completed an extensive review of professional ICT certifications (Survey of Certification Schemes for IT Professionals across Europe towards Harmonisation). They identified 62 providers of certification, 617 types of certification, with millions of issued certifications. The vast majority of these certification schemes focus on vendor-specific information, knowledge, and experience.

I view myself as an IT Professional. To me, that means that I have a basic, professional obligation to the trustworthy in whatever IT work I undertake.

I was the one who recommended that CIPS (www.cips.ca) accept risk management as a basic IT professional responsibility. I chaired the Task Force that developed the CIPS Risk Management Practice Guideline. This is my explanation for why risk management is important for all professionals, and especially for IT professionals. It’s also an explanation of why this is the right time to add an explicit concern for risk management to the IT professional’s agenda.