Seven days ago, I retired. OK, it was more like semi-retired because here I still am blogging, preparing for a presentation tomorrow to the IIA–Russia annual conference, and mentoring/training a variety of practitioners. 

Recently, two of the Big Four accounting firms released reports that address the increasing importance of the CIO. PwC published their 5th Annual Digital IQ Survey and Deloitte issued an Audit Committee Brief on the topic of “Understanding the CFO and CIO Dynamic.”

There are some risks that the board has to own, assess, and respond as needed. One of those is whether the CEO has too little or too much power. Too little, and the CEO will probably not be effective as a leader. Too much, and there is a danger that the personal interests and influence of the CEO will overwhelm the voices and perhaps the interests of the rest of the executive team, the board, and the investors. 

In the U.K., internal auditors are represented by the Chartered Institute of Internal Auditors (an institution that is now 60 years old, was granted a Royal Charter in 2010, and is affiliated with the Global Institute of Internal Auditors). A committee, chaired by Roger Marshall and including audit committee chairmen, CAEs, and prominent academics (such as my good friend, Professor Andrew Chambers), has published draft recommendations to the UK Institute (C-IIA) Effective Internal Audit in the Financial Services Sector that are open for comment. Although aimed at financial services, organizations in all industries should take note.

A report from the consulting firm, McKinsey & Company, shares valuable insights on the topic of “How ‘social intelligence’ can drive decisions." 

Those of you who follow me on Twitter and LinkedIn may have seen some of the terrible customer service experiences I suffered over the last month. This post is not a rant about those companies. It is an opportunity to reflect on the damage such experiences, each of which is a “little thing,” can cause to organizations — and what those organizations need to do. 

There are some interesting discussions on LinkedIn (including this one and this one) and elsewhere about the value of internal audit and even calculating a return on investment in internal audit. 

 This is not an easy task. Why, because deficiencies in IT General Controls (ITGC) are not directly linked to the risk of a material error in the financial statements.

OK, I am more than a little biased. But the IIA’s GAIT Methodology has been not only proven in practice but widely acknowledged as a valuable way to identify the right key IT General Controls (ITGC) for an effective SOX program. As a practice guide, it is strongly recommended guidance by the IIA.

It is very unfortunate that Protiviti, who was one of the leaders and great contributors to the development of IIA guidance on IT General Controls and SOX, has gone so wrong in their Guide to the Sarbanes-Oxley Act: IT Risks and Controls (Second Edition).