Listen to this Post
When Silence Undermines Trust: What the ISACA London e-Vote Controversy Means for Digital Governance
As a lifelong ISACA member, former International Board Director, Past President of the ISACA London Chapter, and multi-award recipient, I have always supported ISACA’s mission to uphold excellence, ethics, and, most recently, to champion Digital Trust as a foundational pillar for the profession. That’s why the events surrounding the recent Extraordinary General Meeting (EGM) of the London Chapter are so concerning—not just for me, but for all who value transparency, accountability, and responsible governance.
Raising Serious Concerns: Met With Silence
On 3 and 17 April 2025, I formally raised concerns via email to the ISACA London Chapter (ILC) Board and ISACA Global regarding the limited audit scope of the Chapter’s recently implemented e-voting system, which was first used during the 13 March 2025 EGM.
This system was adopted amid unresolved governance issues following the highly contentious AGM on 31 July 2024, which was marked by disruptions, procedural disputes, and the rejection of the proposed Board slate. In this already fragile context, the rollout of a new digital voting system, without robust consultation or transparency, should have been a matter of careful scrutiny.
Instead, three weeks passed without a single response—no acknowledgment, no engagement, no accountability.
Only after escalating the matter to the ISACA Global Board of Directors did a reply arrive—curiously, not from the Chapter Board directly, but through an administrative email sent on their behalf. The reply included the following statements:
“The audit scope reflects the relevant questions raised by a small minority of members and was agreed with ISACA Global.”
“To maintain audit independence, the external firm we engaged to conduct the audit will decide who is interviewed.”
“As with all members, you’ll be kept informed of the outcome of the audit through Chapter communications.”
A Conflict Between Chapter Actions and Global Expectations
The disconnection between the Chapter’s response and ISACA’s global messaging is stark.
At the March 13 EGM, during a Q&A session, the International Chair of ISACA stated his expectation that the audit would cover data protection concerns raised by members prior to the meeting.
But now we’re told the audit scope excludes those concerns—under the justification that it reflects only the “relevant questions raised by a small minority.”
This raises serious governance questions:
- Was the International Chair misinformed or bypassed?
- Was there a communication breakdown between the Chapter and Global leadership?
- Or is this a case of selectively ignoring inconvenient issues?
In any scenario, the result is the same: a loss of trust among members and a public contradiction of ISACA’s own leadership statements.
Digital Trust Cannot Be Performed. It Must Be Practice
ISACA defines Digital Trust as confidence in the integrity of relationships, systems, and processes. It’s a powerful concept. But it must begin internally.
We cannot advocate for trustworthy systems while tolerating:
- E-voting platforms with no secondary authentication, reliant solely on membership numbers.
- A lack of vote confirmation or audit trail for members.
- Third-party data sharing without transparent consent mechanisms.
- Silence in response to legitimate stakeholder concerns.
To dismiss these issues as the worries of a “small minority” is not just inaccurate—it is dangerous for an organization built on the principles of audit, risk, and control.
Why Every Member Should Pay Attention
ISACA is home to over 180,000 members in 188 countries, with more than 225 chapters. The London Chapter alone represents over 5,500 professionals, making it the largest globally.
What happens here sets a precedent. If one chapter can downplay security flaws, evade oversight, and silence dissent, what message does that send to the rest of the community? To our stakeholders? To future volunteers and leaders?
When an organization known for defining governance standards fails to apply those same standards internally, its global credibility is at risk.
What Comes Next: Risks and Predictions
If these issues remain unaddressed, ISACA may face broader organizational and reputational risks:
1. Erosion of Member Trust
Delayed responses and selective audit practices may prompt long-standing members to disengage or resign. A continued lack of transparency could deter future volunteers and weaken chapter cohesion.
2. Regulatory and Legal Exposure
The sharing of personal data with a third-party voting firm—without clear, informed consent—could be viewed as a violation of the UK GDPR. If challenged, the legal and financial implications could be significant.
3. Increased Media and Industry Scrutiny
As ISACA champions Digital Trust globally, this case may attract external attention from privacy advocates, regulators, and cybersecurity media. Any inconsistency between ISACA’s public messaging and internal practices could damage its leadership status in the industry.
4. Pressure for Broader Reform
Should the situation escalate, it could prompt a wider review of ISACA’s chapter governance model, voting processes, and internal audit practices. This could bring about long-overdue improvements—or expose deeper structural issues.
5. Impact on Partnerships and Certifications
If Digital Trust becomes a contested concept within ISACA, it may affect partnerships with other organizations, diminish the perceived integrity of certifications like CDPSE and CISA, and reduce trust in ISACA’s advisory role to governments and enterprises.
A Call to Action
This message is not shared lightly, nor is it intended to criticize for its own sake. It’s written out of deep respect for ISACA’s mission—and concern that the organization is drifting from the values that built its success.
I urge:
- ISACA Global to act decisively to ensure transparency and independent oversight of the audit process.
- The London Chapter Board to re-engage with its membership and broaden the scope of its governance review.
- Every member and chapter to reflect on what this situation signals—and what standards we expect from those who lead.
If ISACA is to remain a global voice for Digital Trust, it must live that trust every day—especially when it’s difficult, especially when it’s challenged.
Digital Trust begins at home.
We can’t afford to ignore that.
Important Clarification: Allegations, Not Conclusions
Before continuing, let me be clear: the issues raised here are allegations, not proven facts. They are serious concerns voiced by members—including myself—that demand proper investigation.
At the time of writing, the ISACA London Chapter has remained silent on key questions, and ISACA Global has yet to meaningfully respond. This ongoing lack of engagement only heightens the perception that legitimate concerns are being dismissed or ignored.
These allegations deserve an open and independent review—not because guilt is presumed, but because transparency, accountability, and trust require it.
#ISACA #DigitalTrust #Governance #Privacy #Audit #Accountability #Ethics #ProfessionalIntegrity #LondonChapter #EGM #Cybersecurity
References:
Reported By:
https://www.infosecurity-magazine.com/news/isaca-london-chapter-evoting/
Extra Source Hub:
https://www.facebook.com
Wikipedia
Undercode AI
Image Source:
istock
