July 30, 2007
and a retort to John Dvorak….
Today, I’m reliably informed, is the 5th birthday of the Sarbanes Oxley Act, so at the risk of scaring off yet more readers, some more SOX musings.
I stumbled across some interesting research (and several rantings) on SOX over the weekend. Sad, I know, that I spent Sunday night trawling through Academic Journals, but trust me, it beats German TV.
Have a look at this paper by Robert Prentice, “Sarbanes-Oxley: The Evidence Regarding the Impact of Section 404” . He is the Ed & Molly Smith Centennial Professor of Business Law, McCombs School of Business, University of Texas at Austin. I’m going to quote extensively from the paper here, so please excuse the rather long extracts. I tried to summarise it, but I found it pretty much without a wasted word. The paper links to many other research papers, and is an excellent launch pad to examine SOX via the facts, rather than soapbox rhetoric.
I’m hoping that you would be inclined to take this research seriously than the recent rantings of John Dvorak on SOX. (tip Audittrail blog for the link)
John knows his stuff on technology; I would not presume to challenge him on operating system innards, but frankly his piece on SOX, is not, how shall I put it politely, his best work.
After 5 years in operation, it is time that commentators, tech or otherwise looked at the emprical evidence, rather than relying on heresay.
I’m not saying SOX is perfect, and I have serious concerns about the continued high cost of audit fees. The law continues to require fine-tuning, and the recent changes to the PCAOB are timely, if not overdue.
Firstly, given the recent options backdating scandals in John’s “valley” I’d urge him to read section 409. The backdating scandals cost shareholders roughly 100 billion dollars at the low end of estimations see Gennaro Bernile et al. Section 409 makes this sort of large scale fraud much harder to commit, and makes it far less lucrative. This alone is enough to cover the cost of the SOX implementations for ages.
As we are reminising, please think back to 2002 and remember the state of the market.
As Prentice notes,
When SOX was passed, the stock markets were nearly in a free fall. From 2000 market peaks, the Dow Jones Industrial Average had dropped 25%, the S&P 500 had declined more than 40% and NASDAQ had plummeted more than 70%.52 Investor confidence in the capital markets was at record lows, causing average trading volume to drop 54%. The lack of confidence stemmed not from worries that Congress would legislate, as conservative pundits have asserted, but from that fact that 84% of the investing public believed that corporate wrongdoing was widespread rather than isolated. Professor Paredes noted at the time that “restoring [investor] confidence might be the most important thing that the SEC and Congress can do, just as it was the top priority during the crisis of confidence following the 1929 stock market crash.”
Indeed, Lord and Benoit’s post-SOX study showed that over a two-year period, there was a 27.67% increase in the average share prices for companies that had effective internal controls in both years, a 25.74% increase in average stock price for companies that had ineffective SOX 404 controls in year one but effective controls in year two, but a 5.75% decrease in average stock prices of companies that reported ineffective Sox 404 controls in both years.
..consider that in October 2002, “the dark days when the market was most nervous about the quality of financial reporting,”65 credit spreads for investment grade companies were 2.5 percentage points over Treasury rate whereas by 2006 that spread had shrunk to .85%. The managing director of Moody’s Investors Services has stated that not all of that shrinkage can be “attribute[d] to 404, but if only 10 percent of that reduction is due to 404, put those numbers in your calculator and you get a benefit that is absolutely enormous.
Prentice then goes on to look at Improving Corporate Governance,Liquidity (see also this paper), financial reporting, fraud detection and deterrence, the impact on the competitiveness of US security markets. It is a through paper, and if you are even vaguely interested in compliance it is a must read.
He concludes by noting
Faith in U.S. capital markets has been substantially restored following the bursting of the dot-com bubble and the exposure of a scandalous corporate culture at many major corporations. Sarbanes-Oxley and its Section 404 helped enable that resurrection.
The commonly perceived burdens of SOX 404, including implementation costs and impact on U.S. capital markets, are real but have been overstated while its real benefits are often overlooked. Considerable empirical academic evidence indicates that SOX 404 has improved the accuracy of financial reporting, improved liquidity and corporate governance, and helped disclose some frauds and discourage others.
That said, it is impossible at this point in time to accurately weigh SOX’s total benefits against its total costs. None of the scores of academic studies cited in this article purports to settle definitively the question of whether SOX in general or Section 404 in particular have been, on balance, beneficial. Therefore, what must continue to occur is a careful, reasoned study of SOX’s provisions and their impact.
While there is substantial reason to believe that SOX has improved the economy and brought various concrete benefits to the capital markets, if its detractors succeed commercial actors in the U.S. will ultimately view SOX, and especially Section 404, as illegitimate. This eventuality would blunt SOX’s positive impact upon beliefs, norms, and practices in the U.S. capital markets and its potential to create and sustain a culture of compliance and integrity will be seriously damaged. If that happens, it becomes much more likely that SOX’s costs will ultimately exceed its benefits than if SOX 404 is viewed as a legitimate, though somewhat flawed, attempt to restore integrity to the U.S. capital markets. And the current evidence indicates that is much closer to the truth.
John Dvorak also goes about the supposed capital flight:
Thus they jump onto the London stock exchange or become Canadian corporations, maybe even Swiss corporations. They’ll do anything to pick up the extra 4% profit not to mention the advantage of avoiding the SOX paperwork and the worries about missteps.
This defies both logic and the facts. Firstly it assumes there is no cost of compliance or regulation elsewhere. Secondly, there is little evidence for significant “jumping” due to SOX costs. See this post here. and this paper here.
And to show that this blog isnt just a SAP GRC flag waving exercise, I’ll quote again from an SAP GRC competitor, Approva, whose recent survey of CEO’s points to an entirely different reality from Dvorak’s vague “…blame Sarbanes-Oxley and so does everyone else in the valley” point.
Despite widespread media coverage that public companies are begging for a reprieve from SOX, Approva’s survey found that 83 percent believe the Sarbanes-Oxley Act ha had an overall positive impact on their companies. And 63 percent believe SOX has been successful in preventing corporate fraud. Seventy percent of respondents believe that investments in SOX compliance will provide benefits beyond compliance alone.
The time for vague blah blah on SOX is so over. To repeat Prentice’s words… what must continue to occur is a careful, reasoned study of SOX’s provisions and their impact.
July 30, 2007
Over on Techcrunch there is one of those blogsphere spats going on about Podtech. I’ve no idea about Podtech’s financing, its business model, or who said what, when. I’m the first to admit that 2.0 funding and revenue models are mysterious, I mean how on earth do you value Facebook anyway?)
I visit Podtech most days and find it very useful, so I thought I’d spend a moment jumping to their defence by rebutting the comment El Guapo left over on Techcrunch.
OK, I just went and looked at podtech.net. Wow, its horrible. Actually, I’m not even sure what it is or what they are trying to accomplish. Who wants to watch videos about IBM SOA conferences? I say queue up the dead pool…
I want to watch videos about IBM. For anyone working in the software industry, and who hopes to sell any software to any sort of enterprise ought to understand what IBM are up to. Scoble’s interview with Mike Moran is a must watch for anyone in software marketing. It touches on the cluetrain, search and the death of the brochure. (Dennis agrees)
[podtech content=http://media1.podtech.net/media/2007/07/PID_012043/Podtech_InternetStrategy_IBM.flv&postURL=http://www.podtech.net/home/3712/talking-with-an-ibm-distinguished-engineer-about-marketing &totalTime=889000&breadcrumb=4970f5a1a5164ea1a39f304e36843798]
If you’d like to glimpse into how large corporations are using Second Life and Business Game Simulation, then watch James Governor’s chat with Sandy Carter
[podtech content=http://media1.podtech.net/media/2007/07/PID_012033/Podtech_ibm_sandy_carter_soa_education.flv&postURL=http://www.podtech.net/home/3703/sandy-carter-on-ibm-soa-education-bpm-games-and-the-soa-business-catalog &totalTime=434000&breadcrumb=f6d95752796b4263a2d297c45a011679]
Also I watched James talking with Robert Le Blanc (interesting bits on IP), and Ali Arsanjani on snowballs and fractals. Putting a human face to SOA is goodness.
El Guapo, you might find this boring, but I don’t. Keep it coming Podtech, and I’ll keep watching.
Technorati tags: podtech
(disclaimer: James is a mate)
July 27, 2007
Posted by Thomas Otter under IT Related
This week I was involved a long and intensive presales process. I had the easy bit, kicking off the day and wrapping things up at the end. The SAP UK team did a fabulous job of demoing the complex reality that is payroll and core HR for an organisation with well over 100,000 employees.
I finished the session with a peek into some of SAP’s collaborative developments. Widgets, Adobe based front ends, IBM SAP integration, the SAP Harmony project…
It took me all of two minutes to get the widgets demo and the Yahoo! engine installed and working (thanks Ilja and Denis). (screenprint from my desktop this morning)
This is simple goodness from the imagineering team. If you want to learn more about the Widgets, head over to SDN. This provides a good intro, and places them neatly in an “enterprise” context. (thanks also to Abesh) Widgets is an example of how SDN plays a key role in distributing product knowledge; with SAP employees, partners and customers sharing tips and advice. It allows a more rapid adoption and provides better feedback into the development process.
There is a huge potential for lightweight process consumption in an ERP context. The Widget is a great starting point, but I expect to see a lot more in this direction. Also have a look at Eventus. Social media and other 2.0 technology is impacting ERP at a much faster rate than I’d expected. Dennis and Hugh take note.
SAP’s collaboration with Adobe is a great proof point for how things have changed here over the last decade or so. 10 years ago if we had seen the need for a better forms handling tool we would have taken a bunch of physics graduates and a dark room, and two years later they would have emerged blinking into the daylight with a new tool. Instead, we’ve realised that Adobe know really stuff about forms and building lightweight applications, so it makes a whole lot more sense to work with them, rather than reinvent stuff ourselves. Combining Adobe forms and SAP has made a big impact on HR administrative processes, so this isn’t just about nifty reports. It goes a lot deeper than that.
For my little session, Matt Zeller from Adobe was really helpful. I twittered him, and within a couple of hours he had sent me a cool prototype HR scenario. (not yet bloggable, but it is sweet!)
Recently on Starship Enterprisey radio Craig and I spoke with Dan McWeeney, mainly about SAP-Adobe integration. Have a listen. It looks as if I will be at teched this year, so I will get to learn a lot more about this stuff. There is an explosion of frontend innovation going on at the moment. Much to learn. I’ll be at this session for sure, and the Demo Jam of course.
July 20, 2007
Posted by Thomas Otter under enterprise2.0
RFPs are often huge documents with literally thousands of questions that buyers inflicit on software vendors in order to assess the relative strengths and weakness of the product. They are a modern form of water torture to fill in, and some of them should be against the Geneva convention.
I thought that will my current role I had managed to avoid the joys of RFP response, but somehow I found myself manoevered into working on one at the moment. Damn.
Actually it is one of the better ones I’ve seen in a while. But there are at least 8 of us working on it at once. It is a real pain emailing it around, as it is now too big for the mail system. Versioning is a nightmare. Invariably something is missing, like a screen print or a reference story, and it is a huge scramble to find it.
There must be a better way.
WIki to the rescue? You give access to the team members, people could dump useful materials into the wiki, and then a gardener could craft it into a response, progress reports and so on could all be driven via the wiki, easy to allow management visibility, last minute pricing changes etc updates via RSS and so on. It would also be an easy way to drive reuse.
I try and avoid working on RFPs, but if I find myseld dragged kicking and screaming to one I’ll insist that we respond via the wiki.
Surely it would be even better to give the customer access to the wiki too. This would enable them to access your responses, ask questions, get clarification, and you could easily provide access to much richer materials such as click through demos, reference videos and so on. It would help create transparency between the buyer, partner and software vendor.
Alternatively, the buyer could set up a wiki page, and ask the vendor to fill in responses there. This would help with comparing responses, and responding to vendor queries. It would also give the buyer a living document when starting the post evaluation project, rather than an expensive doorstop.
I’ve not done much research on this, but If anyone has any template ideas or guidelines, please let me know. Perhaps the wiki vendors already offer this sort of template, if not then perhaps they could?
Technorati tags: wiki
, software sales
July 19, 2007
Posted by Thomas Otter under Cycling related
Leave a Comment
thanks to Christine’s flickr stream.
First South African tour de France Stage Winner.
I hope he wins the green jersey!
The next time I rent a car with my own money it will be from Avis.
The next time I buy a fridge it will be from the Barlowworld group
The next time I buy an earthmoving vehicle it will be from CAT
BTW. If you would like to see a rather odd SAP – Tour de France connection have a look at this post.
Technorati tags: Tour de France
July 17, 2007
Posted by Thomas Otter under Law
, life in general
Facebook is indeed taking the world by storm. Apparently growing 6% a week in the UK, and now with 30 million users world wide. I’m gradually finding myself using it more, not just to play with, but as useful business tool.
But there are more implications to Facebook than meets the eye.
Denise Howell from ZDNET makes a good starting point to explore some of the legal implications of Facebook, (and in fairness, other social media tools)
Firstly, from an employment law perspective I’d urge you to have a look at George’s series of posts.
Employers using Facebook to for background checking-
More on using facebook et al. in recruiting and hiring (Part II)
Employers Using Facebook for Background Checking, Part III
Sobering stuff, both as an employee and employer. Any UK or German law bloggers fancy transposing that into something relevant for this side of the pond? Perhaps someone from Allen and Overy?
Secondly, one of the UK’s leading computer law academics has picked up on the privacy and data protection law implications that Facebook creates. Lilian writes:
My colleague Ian Brown of Blogzilla reports on an interesting post on why Facebook may be violating European privacy law.
The article reveals that creating an “exploit” in FaceBook – ie hacking the privacy of unsuspecting users – is trivially easy. All you have to do is use Advanced Search and you can search across controversial (and in European DP language, “sensitive”) pieces of data such as Religion and Sexuality in apparently unlimited numbers of profiles. This is true even if the user has taken steps to protect the privacy of their data (see below). As Ian comments this is a security failure on FB’s part, which should have been trivially easy to fix in their code.
She goes on
Do we need a legal solution? Is there a case for extension of DP law to cover the setting of defaults on social network sites? Should privacy not be the default, by law (perhaps with some exceptions to preserve functionality, such as name and network) and openness the opt-out, rather than the reverse? Maybe. Maybe all that is needed is an Industry Code of Practice combined with some upping of awareness of the issue. However with the number of people – especially young pre-employment proto-citizens – involved in web 2.0 sites rising by the minute, this really does seem an issue which is not merely knee jerk alarmism and should not be swept under the carpet. First year students may not care now about spilling their sexuality and contacts to the world: they may when they are older, wiser and looking for employment :)
It is good to see that Facebook is registered in the EU safe Harbour, but wonder if anyone from the DP authorities has looked at Facebook’s architecture, because as is noted above, the processing of sensitive data is likely to be in contravention of the Directive. I question the safety of the safe harbor model too, but that would be a long rant…
When the architects of Facebook began to code away in their Harvard Dorm room they may not have even been aware of the EU Data Protection Directive and the nuances of its various national level implementations, and even if they had it would been unlikely that they would have architected the legal principles into the application. There is little market pressure to do so. There are limited guidelines even if you wanted to, and it would have just added complexity to the application and slowed its adoption.
Yet sometimes the law exists to protect us from ourselves. Like seat belts and traffic regulations. As more and more of our lives and socialising move online, then those that build and run the applications need to take greater heed of the law. And the law will need to take greater heed of the online world.
BTW. Harvard is home to some of the best research on internet law, check out the Berkmann Center It led me Rebbeca’s blog and then to this video. about facebook. Make up your own mind…
I sense another chapter brewing.
July 16, 2007
Posted by Thomas Otter under SAP
I’m on a big simplicity riff at the moment. We need to get a lot better at doing the simple stuff at SAP, hence my interest in design and UI, and my rantings about over-enterrpiseyness complexity.
Today though, I’m going to point to a big, complex project.
On the 25th July I’ll be listening to this webex.
Transforming the United States Postal Service
Date: July 25, 2007
Time: 2:00 p.m. ET / 11:00 a.m. PT
Register today: http://www.1105info.com/hypwwpj_sonoosxx.html
Join FCW and SAP for this 60-minute webinar with guest speaker Steve Monteith, Executive Director, Human Capital Enterprise, United States Postal Service
Hear first hand how the U.S. Postal Service is transforming its human capital management processes and technologies to enhance services and productivity while maintaining a sharp focus on employee needs. By combining SAP system solutions with highly trained human resource personnel working in a shared service environment that is supported by an integrated technology infrastructure, the Postal Service is reducing administrative costs, significantly strengthening data management capabilities and improving overall efficiencies. Learn how this endeavor will ensure ongoing high quality, employee-centered personnel services well into the future.
Driving change in an organisation of this size and complexity is a daunting task. US Postal has 700,000 employees, 7 million customers a day and operating revenue of 68,5 billion dollars.
The lion’s share of this success should go to USPS. Andrew, I guess this is one of those correct but bland uses of INATT
The next someone says, “I don’t think SAP can cope with our organisation’s complexity levels”, I’ll point them to this recording. (Assuming of course that my colleagues in marketing put it somewhere where I can find it)
Michael, this may interest you too.
Next Page »