Happy Birthday SOX.

and a retort to John Dvorak….

Today, I’m reliably informed, is the 5th birthday of the Sarbanes Oxley Act, so at the risk of scaring off yet more readers,  some more SOX  musings. 

I stumbled across some interesting research (and several rantings) on SOX over the weekend. Sad, I know, that I spent Sunday night trawling through Academic Journals, but trust me, it beats German TV.

Have a look at this paper by Robert Prentice,  “Sarbanes-Oxley: The Evidence Regarding the Impact of Section 404” .    He is the Ed & Molly Smith Centennial Professor of Business Law, McCombs School of Business, University of Texas at Austin. I’m going to quote extensively from the paper here, so please excuse the rather long extracts. I tried to summarise it, but I found it pretty much without a wasted word. The paper links to many other research papers, and is an excellent launch pad to examine SOX via the facts, rather than soapbox rhetoric.

I’m hoping that you would be inclined to take this research seriously than the recent rantings of John Dvorak on SOX. (tip Audittrail blog for the link)

John knows his stuff on technology;  I would not presume to challenge him on operating system innards,  but frankly his piece on SOX, is not, how shall I put it politely,  his best work.

After 5 years in operation, it is time that commentators, tech or otherwise looked at the emprical evidence, rather than relying on heresay.

I’m not saying SOX is perfect, and I have serious concerns about the continued high cost of audit fees. The law continues to require fine-tuning, and the recent changes to the PCAOB are timely, if not overdue.

Firstly, given the recent options backdating scandals in John’s “valley” I’d urge him to read section 409. The backdating scandals cost shareholders roughly 100 billion dollars at the low end of estimations see Gennaro Bernile et al.  Section 409 makes this sort of large scale fraud much harder to commit, and makes it far less lucrative. This alone is enough to cover the cost of the SOX implementations for ages. 

As we are reminising, please think back to 2002 and remember the state of the market.

As Prentice notes,

When SOX was passed, the stock markets were nearly in a free fall. From 2000 market peaks, the Dow Jones Industrial Average had dropped 25%, the S&P 500 had declined more than 40% and NASDAQ had plummeted more than 70%.52 Investor confidence in the capital markets was at record lows, causing average trading volume to drop 54%. The lack of confidence stemmed not from worries that Congress would legislate, as conservative pundits have asserted, but from that fact that 84% of the investing public believed that corporate wrongdoing was widespread rather than isolated. Professor Paredes noted at the time that “restoring [investor] confidence might be the most important thing that the SEC and Congress can do, just as it was the top priority during the crisis of confidence following the 1929 stock market crash.”


Indeed, Lord and Benoit’s post-SOX study showed that over a two-year period, there was a 27.67% increase in the average share prices for companies that had effective internal controls in both years, a 25.74% increase in average stock price for companies that had ineffective SOX 404 controls in year one but effective controls in year two, but a 5.75% decrease in average stock prices of companies that reported ineffective Sox 404 controls in both years.

and further

..consider that in October 2002, “the dark days when the market was most nervous about the quality of financial reporting,”65 credit spreads for investment grade companies were 2.5 percentage points over Treasury rate whereas by 2006 that spread had shrunk to .85%. The managing director of Moody’s Investors Services has stated that not all of that shrinkage can be “attribute[d] to 404, but if only 10 percent of that reduction is due to 404, put those numbers in your calculator and you get a benefit that is absolutely enormous.

Prentice then goes on to look at  Improving Corporate Governance,Liquidity (see also this paper),  financial reporting, fraud detection and deterrence, the impact on the competitiveness of US security markets.  It is a through paper, and if you are even vaguely interested in compliance it is a must read.

He concludes by noting

Faith in U.S. capital markets has been substantially restored following the bursting of the dot-com bubble and the exposure of a scandalous corporate culture at many major corporations. Sarbanes-Oxley and its Section 404 helped enable that resurrection.

The commonly perceived burdens of SOX 404, including implementation costs and impact on U.S. capital markets, are real but have been overstated while its real benefits are often overlooked. Considerable empirical academic evidence indicates that SOX 404 has improved the accuracy of financial reporting, improved liquidity and corporate governance, and helped disclose some frauds and discourage others.
That said, it is impossible at this point in time to accurately weigh SOX’s total benefits against its total costs. None of the scores of academic studies cited in this article purports to settle definitively the question of whether SOX in general or Section 404 in particular have been, on balance, beneficial. Therefore, what must continue to occur is a careful, reasoned study of SOX’s provisions and their impact.

While there is substantial reason to believe that SOX has improved the economy and brought various concrete benefits to the capital markets, if its detractors succeed commercial actors in the U.S. will ultimately view SOX, and especially Section 404, as illegitimate. This eventuality would blunt SOX’s positive impact upon beliefs, norms, and practices in the U.S. capital markets and its potential to create and sustain a culture of compliance and integrity will be seriously damaged. If that happens, it becomes much more likely that SOX’s costs will ultimately exceed its benefits than if SOX 404 is viewed as a legitimate, though somewhat flawed, attempt to restore integrity to the U.S. capital markets. And the current evidence indicates that is much closer to the truth.


John Dvorak also goes about the supposed capital flight:

Thus they jump onto the London stock exchange or become Canadian corporations, maybe even Swiss corporations. They’ll do anything to pick up the extra 4% profit not to mention the advantage of avoiding the SOX paperwork and the worries about missteps.

This defies both logic and the facts. Firstly it assumes there is no cost of compliance or regulation elsewhere. Secondly, there is little evidence for significant “jumping”  due to SOX costs.  See this post here.  and this paper here. 

And to show that this blog isnt just a SAP GRC flag waving exercise, I’ll quote again from an SAP GRC competitor, Approva, whose recent survey of CEO’s points to an entirely different reality from  Dvorak’s vague “…blame Sarbanes-Oxley and so does everyone else in the valley” point.

Despite widespread media coverage that public companies are begging for a reprieve from SOX, Approva’s survey found that 83 percent believe the Sarbanes-Oxley Act ha had an overall positive impact on their companies. And 63 percent believe SOX has been successful in preventing corporate fraud. Seventy percent of respondents believe that investments in SOX compliance will provide benefits beyond compliance alone.

The time for vague blah blah on SOX is so over. To repeat Prentice’s words… what must continue to occur is a careful, reasoned study of SOX’s provisions and their impact. 

Technorati tags: , , ,


Podtech’s relevance?

Over on Techcrunch there is one of those blogsphere spats going on about Podtech.  I’ve no idea about Podtech’s financing,  its business model, or who said what, when.  I’m the first to admit that 2.0 funding and revenue models are mysterious, I mean how on earth do you value Facebook anyway?) 

I visit Podtech most days and find it very useful, so I thought I’d spend a moment jumping to their defence by rebutting the comment  El Guapo left over on Techcrunch.

El Guapo

OK, I just went and looked at podtech.net. Wow, its horrible. Actually, I’m not even sure what it is or what they are trying to accomplish. Who wants to watch videos about IBM SOA conferences? I say queue up the dead pool…

I want to watch videos about IBM. For anyone working in the software industry, and who hopes to sell any software to any sort of enterprise ought to understand what IBM are up to.  Scoble’s interview with Mike Moran is a must watch for anyone in software marketing. It touches on the cluetrain, search and  the death of the brochure.  (Dennis agrees)

[podtech content=http://media1.podtech.net/media/2007/07/PID_012043/Podtech_InternetStrategy_IBM.flv&postURL=http://www.podtech.net/home/3712/talking-with-an-ibm-distinguished-engineer-about-marketing &totalTime=889000&breadcrumb=4970f5a1a5164ea1a39f304e36843798]


If you’d like  to glimpse into how large corporations are using Second Life and Business Game Simulation, then watch James Governor’s chat with Sandy Carter 

[podtech content=http://media1.podtech.net/media/2007/07/PID_012033/Podtech_ibm_sandy_carter_soa_education.flv&postURL=http://www.podtech.net/home/3703/sandy-carter-on-ibm-soa-education-bpm-games-and-the-soa-business-catalog &totalTime=434000&breadcrumb=f6d95752796b4263a2d297c45a011679]


Also I  watched James talking with  Robert Le Blanc (interesting bits on IP), and Ali Arsanjani on snowballs and fractals.  Putting a human face to SOA is goodness.

El Guapo, you might find this boring, but I don’t. Keep it coming Podtech, and I’ll keep watching.

Technorati tags: , , ,

 (disclaimer: James is a mate)

The wonderful widget, awesome Adobe and a payroll demo.

This week I was involved a long and intensive presales process. I had the easy bit, kicking off the day and wrapping things up at the end. The SAP UK team did a fabulous job of demoing the complex reality that is payroll and core HR for an organisation with well over 100,000 employees.

I finished the session with a peek into some of SAP’s collaborative developments. Widgets, Adobe based front ends, IBM SAP integration, the SAP Harmony project…

It took me all of two minutes to get the widgets demo  and the Yahoo! engine installed and working (thanks Ilja and Denis). (screenprint from my desktop this morning)


This is simple goodness from the imagineering team. If you want to learn more about the Widgets, head over to SDN.  This provides a good intro, and places them neatly in an “enterprise” context. (thanks also to Abesh) Widgets is an example of how SDN plays a key role in distributing product knowledge;  with SAP employees, partners and customers sharing tips and advice. It allows a more rapid adoption and provides better feedback into the development process.

There is a huge potential for lightweight process consumption in an ERP context. The Widget is a great starting point, but I expect to see a lot more in this direction. Also have a look at Eventus. Social media and other 2.0 technology is impacting ERP at a much faster rate than I’d expected. Dennis and Hugh take note.

SAP’s collaboration with Adobe is a great proof point for how things have changed here over the last decade or so. 10 years ago if we had seen the need for a better forms handling tool we would have taken a bunch of physics graduates and a dark room, and two years later they would have emerged blinking into the daylight with a new tool.  Instead, we’ve realised that Adobe know really stuff about forms and building lightweight applications, so it makes a whole lot more sense to work with them, rather than reinvent stuff ourselves. Combining Adobe forms and SAP has made a big impact on HR administrative processes, so this isn’t just about nifty reports. It goes a lot deeper than that.

For my little session,  Matt Zeller from Adobe was really helpful. I twittered him, and within a couple of hours he had sent me a cool prototype HR scenario. (not yet bloggable, but it is sweet!)

Recently on Starship Enterprisey radio Craig and I spoke with Dan McWeeney, mainly about SAP-Adobe integration. Have a listen. It looks as if I will be at teched this year, so I will get to learn a lot more about this stuff. There is an explosion of frontend innovation going on at the moment. Much to learn. I’ll be at this session for sure, and the Demo Jam of course.

Technorati tags: , , ,

Wikis and RFPs

RFPs are often huge documents with literally thousands of questions that buyers inflicit on software vendors in order to assess the relative strengths and weakness of the product. They are a modern form of water torture to fill in, and some of them should be against the Geneva convention. 

I thought that will my current role I had managed to avoid the joys of RFP response, but somehow I found myself manoevered into working on one at the moment. Damn.

Actually it is one of the better ones I’ve seen in a while.  But there are at least 8 of us working on it at once.  It is a real pain emailing it around, as it is now too big for the mail system. Versioning is a nightmare. Invariably something is missing, like a screen print or a reference story, and it is a huge scramble to find it.

There must be a better way.

WIki to the rescue?  You give access to the team members, people could dump useful materials into the wiki, and then a gardener could craft it into a response, progress reports and so on could all be driven via the wiki, easy to allow management visibility, last minute pricing changes etc updates via RSS and so on.  It would also be an easy way to drive reuse.

I try and avoid working on RFPs, but if I find myseld dragged kicking and screaming to one I’ll insist that we respond via the wiki.

Surely it would  be even better to give the customer access to the wiki too. This would enable them to access your responses, ask questions, get clarification,  and you could easily provide access to much richer materials such as click through demos, reference videos and so on. It would help create transparency between the buyer, partner and software vendor.

Alternatively, the buyer could set up a wiki page, and ask the vendor to fill in responses there. This would help with comparing responses, and responding to vendor queries. It would also give the buyer a living document when starting the post evaluation project, rather than an expensive doorstop.

I’ve not done much research on this, but If anyone has any template ideas or guidelines, please let me know. Perhaps the wiki vendors already offer this sort of template, if not then perhaps they could? 


Technorati tags: , ,

Well done Robbie Hunter

Tour de France 2007, Prologue

thanks to Christine’s flickr stream.


First South African tour de France Stage Winner. 

I hope he wins the green jersey!

The next time I rent a car with my own money it will be from Avis.

The next time I buy a fridge it will be from the Barlowworld group

The next time I buy an earthmoving vehicle it will be from CAT


BTW. If you would like to see a rather odd SAP – Tour de France connection have a look at this post.



Technorati tags:

Facebook and the law

Facebook is indeed taking the world by storm. Apparently growing 6% a week in the UK, and now with 30 million users world wide.  I’m gradually finding myself using it more, not just to play with, but as useful business tool.

But there are more implications to Facebook than meets the eye.

Denise Howell  from ZDNET makes a good starting point to explore some of the legal implications of Facebook, (and in fairness, other social media tools)

Firstly, from an employment law perspective I’d urge you to have a look at George’s series of posts.

Employers using Facebook to for background checking-

More on using facebook et al. in recruiting and hiring (Part II)

Employers Using Facebook for Background Checking, Part III

Sobering stuff, both as an employee and employer.  Any UK or German law bloggers fancy transposing that into something relevant for this side of the pond?  Perhaps someone from Allen and Overy?

Secondly, one of the UK’s leading computer law academics has picked up on the privacy and data protection law implications that Facebook creates. Lilian writes:

My colleague Ian Brown of Blogzilla reports on an interesting post on why Facebook may be violating European privacy law.

The article reveals that creating an “exploit” in FaceBook – ie hacking the privacy of unsuspecting users – is trivially easy. All you have to do is use Advanced Search and you can search across controversial (and in European DP language, “sensitive”) pieces of data such as Religion and Sexuality in apparently unlimited numbers of profiles. This is true even if the user has taken steps to protect the privacy of their data (see below). As Ian comments this is a security failure on FB’s part, which should have been trivially easy to fix in their code.

She goes on

Do we need a legal solution? Is there a case for extension of DP law to cover the setting of defaults on social network sites? Should privacy not be the default, by law (perhaps with some exceptions to preserve functionality, such as name and network) and openness the opt-out, rather than the reverse? Maybe. Maybe all that is needed is an Industry Code of Practice combined with some upping of awareness of the issue. However with the number of people – especially young pre-employment proto-citizens – involved in web 2.0 sites rising by the minute, this really does seem an issue which is not merely knee jerk alarmism and should not be swept under the carpet. First year students may not care now about spilling their sexuality and contacts to the world: they may when they are older, wiser and looking for employment 🙂

It is good to see that Facebook is registered in the EU safe Harbour, but wonder if anyone from the DP authorities has looked at Facebook’s architecture, because as is noted above, the processing of sensitive data is likely to be in contravention of the Directive. I question the safety of the safe harbor model too, but that would be a long rant…

When the architects of Facebook began to code away in their Harvard Dorm room they may not have even been aware of the EU Data Protection Directive and the nuances of its various national level implementations, and even if they had it would been unlikely that they would have architected the legal principles into the application. There is little market pressure to do so. There are limited guidelines even if you wanted to, and it would have just added complexity to the application and slowed its adoption.

Yet sometimes the law exists to protect us from ourselves. Like seat belts and traffic regulations. As more and more of our lives and socialising move online, then those that build and run the applications need to take greater heed of the law. And the law will need to take greater heed of the online world.

BTW. Harvard is home to some of the best research on internet law, check out the Berkmann Center  It led me Rebbeca’s blog  and then to this video. about facebook.  Make up your own mind…

I sense another chapter brewing.


And you thought your HR HCM transformation project was big and complex.

I’m on a big simplicity riff at the moment. We need to get a lot better at doing the simple stuff at SAP, hence my interest in design and UI, and my rantings about over-enterrpiseyness complexity.

Today though, I’m going to point to a big, complex project.   

On the 25th July I’ll be listening to this webex. 

Transforming the United States Postal Service

Date: July 25, 2007
Time: 2:00 p.m. ET / 11:00 a.m. PT

Register today: http://www.1105info.com/hypwwpj_sonoosxx.html

Join FCW and SAP for this 60-minute webinar with guest speaker Steve Monteith, Executive Director, Human Capital Enterprise, United States Postal Service

Hear first hand how the U.S. Postal Service is transforming its human capital management processes and technologies to enhance services and productivity while maintaining a sharp focus on employee needs.  By combining SAP system solutions with highly trained human resource personnel working in a shared service environment that is supported by an integrated technology infrastructure, the Postal Service is reducing administrative costs, significantly strengthening data management capabilities and improving overall efficiencies.  Learn how this endeavor will ensure ongoing high quality, employee-centered personnel services well into the future.

Driving change in an organisation of this size and complexity is a daunting task. US Postal has 700,000 employees, 7 million customers a day and operating revenue of 68,5 billion dollars.

The lion’s share of this success should go to USPS. Andrew, I guess this is one of those correct but bland uses of INATT 

The next someone says, “I don’t think SAP can cope with our organisation’s complexity levels”, I’ll point them to this recording. (Assuming of course that my colleagues in marketing put it somewhere where I can find it)

 Michael, this may interest you too.




Social Media on the waterfront.

So, you have a marketing director or two, and you need to convince them that Social Media is something they ought to get a handle on. Stick them on a plane, and send them to Cape Town. To be precise to the Graduate School of Business, (on the waterfront), where they can attend the Nomadic Marketing Programme.  They will learn stuff.


Cape Town Waterfront

photo from the fabulous flickr stream of slack12

Well, the course is full, but demand that they run it again.

This course will enable delegates to realise the strategic value and capability of tools such as blogs, wikis, mobile applications and social networks and how to use them effectively and creatively to build brand communities.

The programme is run by a mix of folks doing social media stuff for a living and top academics.

 There is even a stormhoek connection with Graham Knox

(check out the facts here)


Congrats to Mike and the gang for getting this going and to Frank, the Dean of the School.  

Serious innovation is going on down there at the tip of Africa. There is more to social media than silicon valley. It is all about the storytelling.


Fooled by Randomness. Black Swans, Donkeys and Turkeys.

Last week James Governor kindly bought me lunch and gave me a book. The curry was very good, but the book has  had a profound impact on me. It is not often that I finish a book, and then immediately read it again. Nassim Nicholas Taleb’s book, Fooled by Randomness is such a book.

Throughout my business studies at university, I heard a lot about the rational man. Rationality became something assumed. At the centre of most economic, efficient market and business theory is the rational, self interested behaviour. This book knocks that on the head.

Nassim has performed  format c:  on a goodly portion of my naive assumptions about financial markets and life in general. He has validated lots of what Francis Antonie and Douglas Irvine taught me as a political philosophy student years ago and I’d forgotten. It is time to dust off Karl Popper, and start thinking again.

Who ya callin' bignose

Photo from Flickr  by launceston_lad

Black swans are symbolically important, because until Australia was discovered, it was believed that all swans are white. This is a good example of a logical fallacy. There is a difference between  there is no evidence of black swans, and there is evidence of no black swans.

We humans tend to fall into the induction trap. I do it a lot.

In the airport on the way home I spotted his new book. It has the title, you guessed it, Black Swan. I was glad my flight was delayed. I could read more of it. He Americanises Betrand Russell’s chicken, turning it into a turkey.  

A little googling and I discovered  Knackeredhack he has a good review of the book here ,as well as an excellent interview series.

Nassim’s motto is

“My major hobby is teasing people who take themselves & the quality of their knowledge too seriously & those who don’t have the guts to sometimes say: I don’t know.…” (You may not be able to change the world but can at least get some entertainment & make a living out of the epistemic arrogance of the human race).

Nassim writes very well, the prose is tight and buzzword free. He doesn’t dumb things down and he explains  without being condescending. He merges a fantastic knowledge of the classics with a profound grasp of probability. He is witty but serious. 

So many new things to learn, and so much that I learned decades ago but need to rediscover:  Hindsight bias, Platonic folds, logical fallacy, epiphenomena, exquisite cadavers, induction, Mandelbrot, Hume, Wittgenstein’s ruler, negative skewness, Extremestan and Mediocristan.The list goes on.

My readers will have noticed I’ve been working on trying to understand risk recently, and Nassim’s work has made me realise that  risk isn’t as simple as I thought it was. After spending most of my adult life avoiding statistics, I’m realising the folly of my ways.

I’d better build my antilibrary.

By coincidence I stumbled on this post from the O’Reilly Radar this morning on the beauty of statistics. Watch Professor Rosling video. Swivel also looks rather interesting.  Just remember those black swans….

aSaaSination revisited

Jason Wood looks at the Netsuite IPO in some detail.

Given the dearth of attractive software IPOs, there’s little question that NetSuite will be a sought after issue and get banked by the top bulge bracket banks. But is it reasonable to expect investors to pony up a valuation similar to what CRM received?

I will leave the valuation to the experts, but I was struck by the size of the marketing and sales spend

In a filing with the Securities and Exchange Commission, the provider of on-demand enterprise-resource planning software reports solid revenue growth: from $17.7 million in 2004, to $36.4 million in 2005, and then $67.2 million last year. But up until last year, sales and marketing costs always exceeded revenue: $27 million in 2004, and $39.2 million in 2005. Last year, sales and marketing costs were $43.9 million, or 53% of revenue.

That’s not unusual. Salesforce.com’s sales and marketing costs, for example, typically hover between 50% and 70% of revenue, according to past financial statements. That’s huge compared to traditional software vendors where sales and marketing costs typically run between 20% and 25% of revenue

What happened to all of that bit of the creed where SaaS would be driven by viral user adoption rather than herds of sales people? 

Phil Wainewright picks up on the relatively high running costs

bigger problem for NetSuite though is its cost of revenues, which is what it spends on running its hosting operations and on professional services. When Salesforce.com had its IPO, it was reporting costs of around 18% of revenues (it has since risen to 24%). NetSuite’s costs were 34% of revenues in 2006, falling to just below 30% in Q1 2007. Unlike Salesforce.com, NetSuite doesn’t break out the professional services element of that figure, but that is likely to be the larger component and it’s difficult to see it reducing significantly in the near future since NetSuite has been targeting larger customers with more complex implementation requirements. Meanwhile, NetSuite faces higher hosting costs in 2008 as it plans to add a second hosting center — something that Salesforce.com already did a year ago

If marketing and sales are running at 53% of revenue, and the cost of running the system is at 34% then that doesn’t leave a whole lot over for R&D.

Those that challenge the “traditional” vendors ought to have a field day with these numbers. To paraphrase “Where is the innovation in the dollar invested if more than three quarters of revenue goes on sales and marketing and hosting costs?”

I’m not dismissing SaaS.  It is a very effective way of delivering applications, and by my reckoning it will become more and more important. It is already disruptive. Josh has a thoughtful look at Netsuite here. (Not sure about the iphone bit though)

Meanwhile, as disruption is looming in the maintenance side of enterprise software, NetSuite is heading to market with an on-demand ERP offering that tries to disrupt the key delivery model of enterprise software. Of course, NetSuite is just the latest in a list of disruptors, starting with Salesforce.com and SuccessFactors, and I have always felt that NetSuite is missing a lot of what would make it a truly competitive offering vis-à-vis the suite applications that it competes against.

But with the smart money pegging this as a potential billion-dollar IPO, the “on-demand ERP for the mid-market” disruptors are firing all over the market. And no where more strongly, and disruptively, than at SAP itself.

I refer, of course, to SAP’s much-vaunted A1S – the iPhone of enterprise software. This on-demand ERP system, which deploys in a fully-model driven way, is, in my opinion, a real NetSuite killer, once it hits the market. The demo I saw of A1S was truly impressive, and I believe that it will meet expectations when it hits the market later this year or early next.

SaaS isn’t magic though. You still need to sell and run it. Call me old fashioned but a bit of profit, or at least the hope of some isn’t a bad thing either.


Whatever happens with Netsuite and its IPO, we are in for interesting times….




Technorati tags: , , ,