Got an email last week about an update to the Decisions Matter ad campaign the CICA has been running for the designation:

The Decisions Matter ad campaign is aimed at shifting the tradi­tional perception of the CA desig­nation and promoting CAs as business leaders and key decision-makers in every organi­zation. The campaign is very different from what we’ve done in the past. It is more assertive in estab­lishing CAs as the leading business profes­sionals and, in its origi­nality, has been specif­i­cally designed to break through the media clutter.

I like the direction in which this strategy is taking us. For one, it is vocation agnostic, in that it doesn’t focus on CAs in public practice more than those in industry. And I like the attention that “decisions” are receiving, but I think that execution needs to be empha­sized as well. Making the right decision is great, but acting on it is critical.

As a CA you have an important role to play in supporting this campaign. You can promote the CAs’ reputation as business leaders with a few simple steps:

• Include your CA desig­nation on business cards and other communications;
• Ensure your profes­sional network knows you are a CA. This includes the organi­za­tions you volunteer with;
• When making presen­ta­tions, discuss how your CA training has powered your achievements;
• In inter­views, introduce yourself as a CA; and
• Talk about the Decisions Matter campaign with your family, friends and business contacts.

No mention of starting a blog and estab­lishing your online brand in concert with the CA desig­nation, but you can’t win ‘em all I guess. If there’s one area that the CICA has thus far completely ignored it’s the social media space. Excuse me though, it’s time to ring the family and discuss this campaign with them, that’ll really promote our reputation!

My recom­men­dation is to follow up the Decisions Matter campaign with something more focused on executing great ideas/decisions. Advising is valuable, deciding is important, but executing is key. What do you think of the campaign’s message and how it’s positioning CAs?

Earlier this week I watched a webinar put on by the Audit Director Round­table, a great resource for internal auditors, titled Enter­prise Risk Audit Planning.

If you follow me on Twitter, you might have seen this:

@neilmcintyre: IT problems for Audit Director Round­table delay the start of the Enter­prise Risk Audit Planning webinar

The problem was that the large group attempting to log in to the presen­tation were jamming the confer­encing phone system. It was sorted out within 10 minutes of the scheduled start time. Good problem to have, really.

I was intro­duced to ADR when I joined the world of internal audit in May 2008 and have been taking advantage of the site’s features ever since, such as case studies, internal control question­naire (ICQ) templates, audit department bench­marking tools and example audit work plans.

Today’s webinar was valuable to me because it focused on how five companies’ internal audit groups are dealing with the challenge of providing assurance over strategic risk. This is a topic that I have championed in my capacity as an internal auditor, and the companies in the webinar were actually walking the walk.

Some of the highlights:

• One group enabled management to better identify and assess complete risk infor­mation by devel­oping a tool that required them to drill down from higher level risks to their lower level compo­nents. What I liked in particular about the tool was that it discouraged the tendency to choose medium likelihood and medium impact (what they called “midpointing” although I’d never heard the term) by making those assess­ments lead to a “signf­icant” rating.
• Another group credited management for its efforts in identi­fying processes which were well-controlled versus those that were less well-controlled, by tailoring the assurance strategy to the former. Simply the act of identi­fying a poorly-controlled process would spur management to implement the necessary controls, at which point the process would migrate to the well-controlled side.
• Yet another group maps the principal risks identified at a high level to each applicable business process to ensure adequate coverage. Internal audit focuses on the processes involved in executing on the strategic prior­ities, to provide assurance that those risks are well-controlled.

I enjoyed the webinar because it took what can be a challenging theoretical problem and showed examples where leading internal audit groups are concretely addressing the concerns of management over the key risks driving the perfor­mance of the business.

How are you imple­menting practices like these to provide assurance over the risks that primarily drive enter­prise value?

That’s the recom­men­dation from the Institute of Chartered Accoun­tants of India (ICAI), as reported by The India Express:

“In the high-powered committee report on Satyam scam, we have proposed that internal audit should be outsourced and not be in house so that there is more indepen­dence. If the auditor is from the organ­i­sation, it is as good as being an employee of the organ­i­sation and the chances of remaining unbiased decline. Market regulator Sebi through clause 49 and the corporate affairs ministry through the Companies Law should make it mandatory that the internal auditor should be from outside the organ­i­sation,” ICAI president Amarjit Chopra told The Indian Express.

I can’t really argue with the logic, but the feasi­bility of the idea is fair game. The logistics of putting this into place is giving me a headache, and it does seem like an overre­action to a single instance of fraud.

The voice of reason comes from the director of KPMG in India:

“More important [than outsourcing] is the commu­ni­cation between head the of internal audit and CEO or chairman of audit committee. The success depends more on how freely and directly the internal auditor can discuss the short­comings in a firm with the CEO of audit committee.”

Boards should be ensuring that the lines of commu­ni­cation between the Chief Audit Executive and the Audit Committee are direct and commu­ni­ca­tions frequent and frank. That applies even if IA is outsourced as well.

I blogged a while ago about the Satyam scandal.

In Q4 last year, Microsoft announced through its Inter­op­er­ability @ Microsoft blog that it was planning to open up its propri­etary PST email format used by Outlook.

The data in .pst files has been acces­sible through the Messaging API (MAPI) and Outlook Object Model (two things of which my under­standing is minimal at best), but only if the user has Outlook installed:

In order to facil­itate inter­op­er­ability and enable customers and vendors to access the data in .pst files on a variety of platforms, we will be releasing documen­tation for the .pst file format. This will allow devel­opers to read, create, and inter­op­erate with the data in .pst files in server and client scenarios using the programming language and platform of their choice. The technical documen­tation will detail how the data is stored, along with guidance for accessing that data from other software appli­ca­tions. It also will highlight the structure of the .pst file, provide details like how to navigate the folder hierarchy, and explain how to access the individual data objects and properties.

The documen­tation will be released under Microsoft’s Open Speci­fi­cation Promise, which means that it is protected against patent claims. Other Microsoft Office formats, such as the XML-based .docx and .xlsx, and the older binary formats .doc and .xls, are covered under this promise.

This seems like a big win for users of Microsoft Outlook. Along with CodePlex, which hosts open source projects, it seems like Microsoft is slowly opening things up and making life easier for their customers. It certainly has the potential to make it easier for customers to leave the Outlook platform. From GigaOM:

In the past, if someone was moving from Outlook/Exchange to Gmail or any other platform, there was a pretty tedious process of exporting pieces of data from Outlook into various formats before moving over to the new platform. Basically, once you didn’t have Outlook, that .pst was a useless brick of data. Now in that case you’ll be able to take that .pst file with you and if other apps/platforms build readers, they will be able access that data. So migration to other platforms is a valid use case where there’s some benefit.

Some more ideas as to the reasons why Microsoft is making this change were floated on ZDnet a day after the announcement:

[Rob Helm, an analyst with Direc­tions on Microsoft,] added that he believed Microsoft is trying to wean large customers from storing mail in .PST files or file systems “because doing that makes it hard for organi­za­tions to back up all their e-mail, enforce e-mail retention policies, and locate relevant e-mails during legal discovery.”

Not just retention, but perhaps helping organi­za­tions mine their email data for knowledge which can all too frequently be lost forever if an employee leaves the company? Here’s an idea: How about a tool that will gather infor­mation from emails dating back years and populate a wiki automat­i­cally for new employees?

[Rob Sanfilippo, another Direc­tions on Microsoft analyst] added that .PSTs “are used most frequently for archiving purposes and Exchange Server 2010 includes a new server-based Personal Archive feature that gives users a separate mailbox to use for archiving on the server instead of using a PST.” He said this gives weight to the afore­men­tioned idea that Microsoft is trying to help organi­za­tions get users off PSTs and onto server storage.”

Then, in February of this year, the promised documen­tation was released on the MSDN website. Finally, about a month ago, two open source tools that make use of the documen­tation were released on CodePlex:

• The PST Data Structure View Tool is a graphical tool allowing the devel­opers to browse the internal data struc­tures of a PST file. The primary goal of this tool is to assist people who are learning .pst format and help them to better under­stand the documentation.
• The PST File Format SDK is a cross platform C++ library for reading .pst files that can be incor­po­rated into solutions that run on top of the .pst file format. The capability to write data to .pst files is part of the roadmap will be added to the SDK.

The project has seen some exciting progress, which is good news for organi­za­tions that use Outlook. And as you might know, data visual­ization used to enhance under­standing is a favourite topic of mine!

What risk do these devel­op­ments address within Outlook’d organi­za­tions? Knowledge/information management is critical to so many companies. The use, retention and (hopefully) reuse of knowledge developed by employees and stored in email conver­sa­tions within Outlook will be enhanced through this openness.

Has your organi­zation taken these devel­op­ments into account in your audits of knowledge/information management and strategy?

BusinessDay, a South African business news website, published a recent article refer­encing an E&Y study involving “more than 100 industry analysts from more than 20 disciplines”:

Organ­i­sa­tions need to break out of the compliance cocoon and evolve into a fully fledged leadership role that delivers real value to the business. In the current economic climate, the biggest risk for most companies is not a failure to meet compliance require­ments, but a failure to meet strategic targets.

The study also assessed last year’s top 10 business risks. In it, the analysts ranked the after­shocks of the credit crunch and the deepening global recession as the most important business risks, displacing regulation and compliance from the top spot.

Still more evidence that the Internal Audit profession demands an expanding skill set and well-rounded people with experience in more varied aspects of business. Auditors are going to have to continue to push themselves outside of their comfort zone in order to provide the greater value that share­holders require of the function.

How does your IA department stack up?