News and Articles - December 2006Third
annual CRM survey December 1, 2006 from CAmagazine and written by
Michael Burns – “Welcome to our third annual roundup of customer relationship
management systems. This year, we have 16 systems, including ACT!, Epicor, Epiphany,
Exact e-Synergy, GoldMine, Microsoft Dynamics CRM, NetSuite, SageCRM.com, SalesLogix,
Salesforce and SAP Business One. We are fortunate that many of the leading CRM
vendors are participating in our survey this year. We also interviewed Microsoft,
Sage and Salesforce.com for their views on trends and what they think makes them
different. The big CRM trends this year are hosting, integration and open
source. Salesforce.com and NetSuite paved the way for application service providers
to become a respected method for deploying this type of software. ASPs host applications
on their Internet sites, which are typically equipped with state-of-the-art technology
and security. This allows organizations to avoid the costs associated with managing
the computer and database that goes with it. In 2006, both Microsoft and SAP jumped
on the ASP bandwagon...” Taming
Sarbanes-Oxley November 21, 2006 from Ventana Research – “Ventana
Research believes public companies are the winners in the latest set of reforms
regarding interpretation and enforcement of the Sarbanes-Oxley Act. This not to
say the act is dead, but as we noted earlier this year, it is clear that the compliance
pendulum is swinging away from stringent controls. The changes that the United
States Securities and Exchange Commission (SEC) recently indicated it will make
(or is seriously considering) will make compliance much less onerous for larger
public companies, and it now appears likely that small public companies will be
exempt from having to file. Recently, the SEC indicated it would unveil
major changes to rules governing implementation of the Sarbanes-Oxley Act (SOX).
Calls for tossing out or implementing a major overhaul of SOX section 404 began
in 2003, not long after Congress passed the law, as companies felt its impact
on their annual auditing processes and the cost associated with compliance. Predictably,
as memories of the financial scandals of the early decade fade and Sarbanes-Oxley
opponents continue to blare their message, pressure has been building for reform.
Most larger companies have gone through two cycles of audits under the law, and
they have been lobbying heavily to change how it is enforced. In particular, many
firms are dissatisfied with what they see as a nitpicking approach by their auditors.
There seems to be general agreement that companies should be able to use a top-down,
risk-based approach that matches risks with the cost of specific controls and
other mitigation techniques. However, even after the Public Company Accounting
Oversight Board (PCAOB) made it clear in its revisions to Accounting Standard
2 that auditors were to take steps to make the process less onerous, companies
continue to report issues. The SEC and PCAOB already have taken some steps
to make the auditing process less time-consuming and expensive, and the issue
now is how much further they will go in easing 404 compliance requirements. One
mandate that appears likely to disappear is that companies periodically test and
document their internal controls before their auditors examine them, a time-consuming
and therefore expensive task. Another change will be explicit instructions to
auditors that materiality matters. In auditing, “materiality” is the
term used to describe the significance of financial statement information to decision-makers.
Something is material if, through omission or misstatement, it is likely to influence
or change a decision by, say, an investor or lender. A third change will be exemption
of smaller companies (“non-accelerated filers” with market capitalization
under $75 million) from 404 audits. Earlier this year, SEC Chairman Christopher
Cox elected not to follow the advice of a committee that it should exempt these
companies, but now it appears he will reverse his position. Changes in Sarbanes-Oxley
enforcement do not alter the basic requirement that companies must have well-controlled
financial processes (and the IT systems to support them). However, with the emphasis
shifting to a top-down, risk-based approach to controls, companies are likely
to save staff time and external audit fees. In our view, the modifications also
do not change the need for companies to simplify and rationalize their financial
controls, to automate many of the repetitive tasks they now handle in spreadsheets
and to control those that remain in use. Unfortunately, we expect most companies
now will put off making many worthwhile process changes that they would have implemented
if a comprehensive” audit approach had remained in force. How all of this
will affect consultants and software vendors selling “Sarbanes-Oxley solutions”
remains to be seen. We think those whose value proposition has been real business
benefits beyond mere compliance will fare better than those perceived to be useful
only for streamlining and documenting the internal audit. Sarbanes-Oxley still
has life as a political football. We assert it never would have prevented fraud
led by senior executives, such as occurred at Enron, Qwest and WorldCom. When
the next high-level financial scandal erupts, though, we expect the current reforms
will be blamed. 180 View – We said last month that “It’s
about time that the auditors provided some real value in their review of internal
controls.” It looks like they will soon have no choice if they expect to
continue to offer this service. What
Questions do Database Auditors Ask? This article is a plug for a
product called SecureSphere, which was developed by the company providing the
free article (after registration). However it does contain some useful insights This
paper presents five key questions that IT professionals must answer during a database
audit to achieve compliance. These questions are as follows. - Is the
audit process independent from the database system being audited?
- Does
the audit trail establish user accountability?
- Does the audit trail include
appropriate detail?
- Does the audit trail identify material variances from
baseline activity?
- Is the scope of the audit trail sufficient?
The
answers to these questions vary depending upon the audit mechanism employed. Unfortunately,
many database audit mechanisms were not designed to meet the requirements of regulatory
auditors and therefore do not adequately address these questions. This paper examines
the strengths and weaknesses of alternative audit mechanisms relative to these
questions. The goal is to provide the reader with information necessary to make
informed choices about which audit mechanisms to deploy to satisfy regulatory
compliance audits. 1) Is the Audit Independent?
To ensure audit integrity,
the entire process must be independent of the database server and database administrators
being audited. Since database administrators and servers are both part of the
system being audited, they should not be put in a position of auditing themselves.
A rogue administrator, for example, with access to audit records may easily tamper
with those records to cover his tracks. Similarly, a non-administrator may exploit
a database vulnerability to elevate privileges and tamper with the audit trail.
The requirement for independence has three immediate implications for the design
of the audit system. 2) Who is Accountable?
The database audit trail
must attribute each audited database transaction to specific users. For example,
a SOX compliant audit mechanism must log each change to financial reporting data
along with the name of the user making the change. However, when users access
the database via Web applications (such as SAP, Oracle E-Business Suite, or PeopleSoft),
native database software audit logs have no awareness of specific user identities.
Therefore, when native audit logs reveal fraudulent database transactions, there
is no link to the responsible user. 3) Do Audit Records Include Enough Detail?
To
effectively reconstruct past database events, auditors require a detailed audit
trail that extends to the level of the exact query and response attributes. Consider
the following alternative hypothetical audit records for a call center customer
service agent named “JOHN”. - JOHN requested DATA from the
CUSTOMER database and the database returned DATA
- JOHN requested FIRST
NAMES, LAST NAMES, EMAIL ADDRESSES, PHONE NUMBERS, and CREDIT CARD NUMBERS for
ALL customers from the CUSTOMER database and the database returned 634,577 records
Assuming
that John is authorized to access individual customer records during the normal
course of his work, the first less detailed audit trail (example A) does not reveal
any unusual activity. However, the second more detailed audit trail (example B)
makes it clear that a suspicious event has taken place. There is no reason to
access the personal information (including credit card numbers) of 634,577 customers.
To fully understand the transaction, the audit trail requires complete detail. 4)
Does the Audit System Identify Material Variances?
It’s not enough for
the audit system to simply provide a chronological listing of all database transactions.
The volume of information generated in most database environments renders such
a system useless as a tool for identifying fraudulent activity. An effective audit
system should deliver prioritized views of events that separate material variances
from legitimate or “baseline” user activity. However, most native and
external audit approaches provide un-prioritized views, forcing staff into a costly
manual log inspection process. 5) Is the Scope of the Audit Sufficient?
The
scope of the database audit trail should be broad enough to identify any attempt
to exploit vulnerability in database platform software (application, operating
system, etc.) or protocol implementations. SQL Slammer, Windows RPC vulnerabilities
are two examples of the many such vulnerabilities that attackers have exploited
to inflict serious damage upon database infrastructure around the world. Dedicated
intrusion prevention systems (IPS) and protocol validation solutions are needed
to identify such attacks. Therefore, to provide auditors with a complete picture
of database activity, it’s necessary to integrate data collected from these
sources into the audit trail. 180 View – IT audit demands knowledge
of IT General Controls including hardware, operating systems, database management
systems, networking, multimedia, etc., and the environment that houses and supports
them that enable the processing of applications (such as a financial application
from SAP). A database is critical to any application. The database not only stores
data but also manages access and logs changes independent of an application. 2006
Csi/Fbi Computer Crime and Security Survey The Computer Crime and
Security Survey is conducted by the Computer Security Institute with the participation
of the San Francisco Federal Bureau of Investigation’s Computer Intrusion
Squad. The survey is now in its 11th year and is, we believe, the longest running
continuous survey in the information security field. This year’s survey results
are based on the responses of 616 computer security practitioners in U.S. corporations,
government agencies, financial institutions, medical institutions and universities.
The 2006 survey addresses the major issues considered in earlier CSI/FBI surveys,
thus allowing us to analyze important computer security trends. The long-term
trends considered include: - Unauthorized use of computer systems;
- The
number of incidents from outside, as well as inside, an organization;
- Types
of attacks or misuse detected, and;
- Actions taken in response to computer
intrusions.
This year’s survey also addresses several emerging
security issues that were first probed only with the 2004 CSI/FBI survey. All
of the following issues relate to the economic decisions organizations make regarding
computer security and the way they manage the risk associated with security breaches: - Techniques
organizations use to evaluate the performance of their computer security investments;
- Security
training needs of organizations;
- Organizational spending on security investments;
- The
impact of outsourcing on computer security activities;
- The use of security
audits and external insurance;
- The role of the Sarbanes–Oxley Act
of 2002 on security activities, and;
- The portion of the information technology
(IT) budget organizations devote to computer security.
This year’s
questionnaire also included some questions being introduced for the first time.
In particular, an open-ended question about the current concerns of respondents
has provided insight into the relative perceived urgency of concerns about issues
such as data protection and instant messaging. Some of the key findings from the
participants in this year’s survey are summarized below: - Virus
attacks continue to be the source of the greatest financial losses. Unauthorized
access continues to be the second-greatest source of financial loss. Financial
losses related to laptops (or mobile hardware) and theft of proprietary information
(i.e., intellectual property) are third and fourth. These four categories account
for more than 74 percent of financial losses.
- Unauthorized use of computer
systems slightly decreased this year, according to respondents.
- The total
dollar amount of financial losses resulting from security breaches had a substantial
decrease this year, according to respondents. Although a large part of this drop
was due to a decrease in the number of respondents able and willing to provide
estimates of losses, the average amount of financial losses per respondent also
decreased substantially this year.
- Despite talk of increasing outsourcing,
the survey results related to outsourcing are similar to those reported in the
last two years and indicate very little outsourcing of information security activities.
In fact, 61 percent of the respondents indicated that their organizations do not
outsource any computer security functions. Among those organizations that do outsource
some computer security activities, the percentage of security activities outsourced
is rather low.
- Use of cyber insurance remains low, but may be on the rise.
- he
percentage of organizations reporting computer intrusions to law enforcement has
reversed its multi-year decline, standing at 25 percent as compared with 20 percent
in the previous two years. However, negative publicity from reporting intrusions
to law enforcement is still a major concern for most organizations.
- Most
organizations conduct some form of economic evaluation of their security expenditures,
with 42 percent using Return on Investment (ROI), 21 percent using Internal Rate
of Return (IRR), and 19 percent using Net Present Value (NPV). These percentages
are all up from last year’s reported numbers. Moreover, in open-ended comments,
respondents frequently identified economic and management issues such as capital
budgeting and risk management as among the most critical security issues they
face.
- Over 80 percent of the organizations conduct security audits.
- The
impact of the Sarbanes–Oxley Act on information security continues to be
substantial. In fact, in open-ended comments, respondents noted that regulatory
compliance related to information security is among the most critical security
issues they face.
- Once again, the vast majority of the organizations view
security awareness training as important. In fact, there is a substantial increase
in the respondents’ perception of the importance of security awareness training.
On average, respondents from most sectors do not believe their organization invests
enough in this area.
posted by 180 Systems at 9:55 PM 0 comments
The
Evolution of Enterprise Resource Planning Includes Service Industries December
6, 2006 from Technology Evaluation Centre – “Since the late nineties,
the enterprise resource planning (ERP) vendors that originally targeted the needs
of manufacturing organizations have slowly extended their functionality to service
the needs of non-manufacturing industries as well. By 2000, when many of the major
ERP implementations for the manufacturing industry had tapered off, tier one ERP
vendors such as SAP and Oracle had refocused efforts to market their integrated
solutions in the greener pastures of service-oriented vertical markets, including
health care, government, higher education, banking, insurance, and other service-based
businesses. Today, ERP vendors are aggressively marketing industry-specific
and project-oriented functionality to service industries. Unlike best-of breed
solutions, these systems provide a fully integrated mature back-office system
originally developed for manufacturing industries. Consequently, this raises the
question: Is ERP for services a new category? Or is it “ERP less manufacturing?”
From a vendor’s point of view, the answer to those questions varies
according to which side of the ERP fence you stand on. On one hand, ERP vendors
claim that ERP for services is a well-developed software category customized for
the service industries they serve. On the other hand, best-of-breed vendors for
service verticals (such as professional services, health care, government, and
financial services) push their industry expertise and vertical solutions built
from the ground up for those respective service industries. Consequently, organizations
in service industries are faced with the challenge of determining which vendors
best fit their functional requirements. The main difference in functionality
between best-of breed service applications and ERP for services is the back-office
component. ERP for services applications provide complete functionality for both
the transactional (or operational) components, and the project-oriented components
of service organizations. However, best-of breed service applications typically
refer only to industry-specific functionality. Some vendors may include a back-office
piece, and others may only deliver vertical functionality that communicates with
other ERP systems or financial packages. As a result, there are two categories
of vendors for service organizations: Best-of-breed service vendors: Vendor
solutions such as Compuware’s Changepoint and OpenAir PSA focus primarily
on professional services organizations, and are typically marketed to the small
to medium business (SMB) market. These offerings vary in breadth and depth, and
the vendors tend to target a few key vertical markets. Depending on the vendor,
their business models are diverse and can deliver software as a service (SaaS)
and license models to their clients. ERP for services: These vendors are
typically traditional ERP vendors that provide a fully integrated solution with
complete back-office functionality. Since they provide their clients with complete
operational and transactional functionality, their offerings tend to be broader
in application. In addition to project-oriented functionality that vendors such
as Epicor and Deltek deliver for professional services organizations, ERP for
services vendors provide fully integrated operational functionality for non-project
organizations, such as Lawson in the health care sector, and Unit 4 Agresso for
the public sector. 180 View – We recommend that both ERP and
Best-of-breed service vendors be considered in system selection projects. ERP’s
advantages include integration, infrastructure/platform consistency, user interface
consistency, scalable, one number to call – no finger pointing. Best of Breed’s
advantages includes cost, point solution is usually less complex to implement
and maintain, focus on one industry with knowledgeable resources and best practices
for industry. Who
is the No. 3 enterprise software company? You may be surprised November
21, 2006 from Baseline Magazine - “SAP and Oracle have the top two spots
nailed down, but who's next? SAS Institute? CA? Sage Group? Microsoft? How about
Infor Global Solutions? If that name registered a complete blank, you would
be far from alone. Infor, which is headquartered in Atlanta, claims to be the
third biggest enterprise software company in the world, but it has an identity—or
lack of identity—problem. Over the past four years, the venture capital-backed
private company has quietly snapped up a host of players in the enterprise software
market—some with familiar names, like SSA Global, Mapics, Epiphany, Extensity,
Geac, Systems Union and Formation Systems. Infor has forged a collection of primarily
mid-market players into a sizable conglomerate with annual revenue of about $2.2
billion, says chief executive Jim Schaper. 180 View – We think
that Infor has a lot of great products. The question is what happens to these
products in the future. And just as importantly, what happens to the key developers
of the software. Speaking from personal (Michael Burns) experience, software is
like a baby to the people that build it. They spend countless nights working on
the system, take pride when it works well and will do whatever it takes to make
it better. Often in these acquisitions, the key people find themselves with a
severance check or sitting in the corner with no responsibility as the new team
has taken over. When this happens, the software system will not be long for this
world. The
30 Most Important IT Trends for 2007 November 17, 2006 from CIO
Insight – The article breaks out the trends by Strategy, Management, Security/Risk
and Technology. There are slides in the article showing the results of 13 surveys
taken in 2006. The trends are as follows: Strategy
1. Process improvement
will be job No. 1
2. IT works on closing the sale
3. Companies make their
Web sites more engaging
4. Customer service gets a tune-up
5. Companies
put their mounds of data to work
6. Information governance gains momentum
7.
CIOs strive to be strategic Management
8. The division between IT and
business will diminish
9. CIO compensation keeps climbing
10. IT organizations
will keep growing
11. CIOs struggle to find business-savvy technologists
12.
Outsourcing changes IT management
13. Outsourcing growth slows
14. Offshoring
shifts from India
15. Companies invest in IT leadership
16. Demonstrating
ROI will remain a struggle Security and Risk
17. No abatement of IT security
threats
18. Security concerns turn users away from Windows
19. Security
morphs into risk management
20. Compliance achieves what government intended
21.
Compliance spurs financial process improvement Technology
22. The move
to a new architecture marches on
23. Enterprise applications start losing their
luster
24. Data quality demands attention
25. IT reluctantly embraces Web
2.0
26. IT innovation loses traction
27. Business process management services
and software will frustrate users
28. For business intelligence, the best is
yet to come
29. IT organizations start going green
30. Dissatisfaction with
vendors is on the rise 180 View – We also share the view that
process improvement will be job No. 1. It’s interesting that process improvement
shows up under security and risk. This makes sense to us. Compliance reviews are
deemed a bitter poison by most companies and want them done as quickly/cheaply
as possible or at least to provide some suggestions to improve business process. Vista
Reviews from PC Magazine and PC World We have attached excerpts from
2 of the better articles available about Microsoft’s new operating system. PC
Magazine November 30, 2006 - “The first things you notice about
Windows Vista are the glitzy bells and whistles, but these aren't the essentials
that will woo businesses. Organizations, especially large ones, have always been
Microsoft's most important customers, and Vista is full of offerings aimed at
them… What's certain about working with Vista is that it's very different
from previous versions of Windows; it has perhaps the biggest interface changes
since Windows 95. It will require significant retraining of users and of IT personnel. Yes,
you can build a secure network and secure desktops with Windows XP if you work
at it and administer it properly. But with Vista, making your systems more secure
is a lot easier, even as you run into new issues in the process… The
most interesting new tool in Vista is Windows Meeting Space, which seems at first
glance like a version of Groove, the virtual office program Microsoft bought when
it hired its author, Ray Ozzie. WMS is a pale shadow of Groove and will pose no
market threat to it (Groove 2007 is currently in beta). Still, WMS will be worth
evaluating for many organizations… With WMS, you can set up a meeting
and invite others (up to ten participants) either through e-mail, by sharing an
invitation file, or by browsing and joining meetings on the local network. We
found setup very easy. In a meeting, you can chat, share documents, and share
desktop applications. Indeed, application sharing is the only apparent advantage
WMS has over an instant messaging program. Vista Home Basic users cannot start
a new meeting… Vista also comes with an integrated desktop search feature.
There were questions raised several times during Vista's development about what
level of system search the operating system should provide, and it does provide
less than what was originally planned. Nevertheless, desktop search is implemented
well… Vista will likely save your butt one day with its Previous Versions
feature, borrowed from Windows Server 2003. Vista automatically creates "shadow
copies" of file changes, reserving (by default) 15 percent of disk space
for this purpose. If you mess up a file and need access to an earlier version,
you can right-click on the file or folder and select Restore Previous Versions… We
agree with what seems to be the consensus among observers: Vista has many compelling
advantages over previous versions of Windows, especially in the area of security.
Security has been a focus for Microsoft over the last several years, as well one
of the most headline-grabbing of all computing problems, and the new features
in this area may cause many businesses to upgrade just to get them. Windows
Vista is a better business operating system, all things considered. For many organizations,
this release will prove to have been worth the long wait. But businesses need
to evaluate thoroughly, plan rigorously, and move carefully as they transition
from older versions to Vista. In many cases, this isn't going to happen overnight,
and, as always, up-front planning will make a very big difference. Expect a long
adoption cycle, especially since much business software will take some time to
work properly in Vista. But businesses should welcome this new OS and never look
back. PC
World November 22, 2006 – “Windows Vista is a clear winner.
It's beautiful, sports much-improved security, offers superb networking capabilities...and
maybe most of all, it's just plain fun to use. That's not to say it's perfect--far
from it. Some may view the new interface as little more than fluff or be turned
off by the intrusive User Account Control feature…. The Look
The
moment Windows Vista starts, some of its biggest changes are in plain view: It
is distinctive and eye-catching. Colors are subtler and the overall look less
cartoonish than Windows XP's. Dare I say it's Mac-like? In fact, it is.
Microsoft has always stolen from the best. Key to a lot of what's new in Vista
is the much-anticipated Aero interface--but to use it, you'll need adequate hardware
and one of the pricier versions of the OS.
Within Aero, screen windows maximize
and minimize with a kind of visual "swoosh." The - command for switching
between open windows now invokes Windows Flip, which displays thumbnails of open
windows. Flip 3D (-) ups the ante, stacking windows so that you can flip through
them like playing cards. Some may say this is mere eye candy that won't
affect your real productivity. Maybe so. But it makes life at the keyboard fun
again. And for my money, that's right up there with productivity.
Two other
notable new interface elements are the Sidebar and Live Thumbnails. Hover your
mouse over a minimized window on the taskbar, and a thumbnail pops up with its
contents, plus the program and document name or Web site. I'm particularly
fond of the Sidebar gadgets, interactive applets that display information--RSS
feeds, stock tickers, clocks, weather, and so on. Vista ships with about a dozen
of them; there are more online. While similar to Google Desktop Gadgets or Yahoo
Widgets, they're actually more like the Mac's Gadgets in that they're built directly
into the operating system and so may use its underlying architecture. For example,
one gadget displays RSS news feeds you've subscribed to using Internet Explorer
7's RSS Reader… New, Annoying Virtual Nanny
User Account Control
(UAC) has riled more Windows Vista testers than all other features combined. UAC
prompts you to type in a password or click OK before taking certain actions--for
example, turning the Windows Firewall on or off, adding or removing user accounts,
or even running some applications. You sometimes get a warning: A small shield
appears next to links or options that will summon the UAC prompt if clicked. What's
the point of this annoying virtual nanny? First, it protects against malware running
unchecked. If your PC gets infected and the malware attempts to perform a dangerous
action such as turning off your antivirus program or the firewall, UAC will stop
it cold. Second, UAC can protect you against yourself, keeping you from making
changes that could harm your computer. That's all well and good, but Microsoft
has gone overboard with this protection. Why should you get a UAC prompt when
you try to change Windows' font size, or your PC's name? Because of UAC, using
Vista can at times become a herky-jerky kind of experience, with so many annoying
pop-ups coming at you that you want to scream "Stop!" In fact,
you can stop the prompts by turning off UAC entirely. Go to Control Panel, User
Accounts and Family Safety, User Accounts, click the Turn User Account Control
on or off link, and you'll send that nanny into the virtual ether. Of course,
if you do turn off UAC, then you have no one but yourself to blame if a piece
of malware does get in and take over your system. Networking
Up to now,
Microsoft had never done a stellar job of integrating networking capabilities
into Windows. Just try synchronizing Offline Folders in Windows XP, for example--I
dare you. Windows Vista, however, presents your network as a natural extension
of your PC. The OS helps you configure a network, share files, manage multiple
networks, and more--all with a minimum of fuss. Vista supports all the usual network
technologies, including ethernet, Wi-Fi, and Bluetooth. The new Network
and Sharing Center puts network tools and information right at hand. Click View
Full Map, for example, and you'll see a diagram showing all PCs and devices on
your network, including printers, switches, and gateways. Click or hover over
a device icon to get more details, such as IP and MAC addresses. Vista handles
wireless network connections deftly: Simply click the network icon in the system
tray, click Connect or disconnect, and you'll see a list of nearby wireless networks.
Hover your cursor over any one to see details such as Wi-Fi type (802.11b or g,
say) and security protocol, if any. Vista saves settings for networks you
use frequently so you can automatically connect to them when you're in range.
You can even specify which take precedence if more than one is available. Not
all networking features are hunky-dory. Windows Meeting Space is supposed to let
you hold virtual meetings over an ad-hoc network--but has a well-nigh worthless
chat module, no voice capabilities, and no whiteboard tools. Doesn't sound like
any virtual meeting I want to attend. The Sync Center, designed to help
you sync files and folders between networked PCs and devices, is a bit of a mess
as well. If you want to do anything other than perform basic syncs, you may throw
up your hands and walk away. 180 View – We have read that the
research group Gartner claims some 58 percent of new PC shipments in 2007 will
include Windows Vista, and also estimate that Vista will be running on less than
10 percent of PCs in the installed base by the end of 2007. That figure is expected
to rise to 29 percent in 2008, 50 percent in 2009 and 67 percent by the end of
2010. The reason for the delayed acceptance is mostly because of the hardware
requirements. Check out http://www.microsoft.com/windowsvista/getready/capable.mspx
to see the hardware requirements and to see an analysis of the differences between
the 4 Vista editions (Home Basic, Home Premium, Business, and Ultimate). When
a project has you stumped, just think: 'What would Yogi do? October
23, 2006 from Computerworld – “If baseball and project management have
one thing in common, it’s the direct relationship between teamwork and success.
Yogi Berra, a baseball legend with a unique approach to management and life, is
a particular favorite of mine, so I recently asked myself, “What if Yogi
were a project manager?” As I thought about it, I realized that Yogi
has a lot to say about my line of work. Many of the most famous quotes that have
been attributed to him seem to bear directly on the art and science of project
management...” The article contains project management perspectives on the
following quotes: "You’ve got to be very careful if you don’t
know where you’re going, because you might not get there.”
“I
didn’t really say everything I said.”
“If you come to a fork
in the road, take it.”
“You’d better cut the pizza in four
pieces, because I’m not hungry enough to eat six.”
"Think? How
the hell are you gonna think and hit at the same time?”
“You can
observe a lot just by watching.”
“I knew I was going to take the
wrong train, so I left early.”
“This is like deja vu all over again.”
180 View – You don’t need to be a project manager to appreciate
Yogi’s view.
Skype
3.0 for Windows Beta
November 21, 2006 from PC Magazine – “Skype
is popular, no doubt about it: Downloads of the software, available in 27 languages,
average 250,000 per day, for a total of 136 million so far. The Internet voice-call
provider hosts 7 million people worldwide at any given moment and expects revenue
to hit $195 million in 2006, up from a mere $7 million in 2004. You'll find over
150 devices which are specifically built to work with Skype, and 3,500 developers
around the globe are toiling away on additional apps. With stats like these, even
the naysayers, me included, who were scratching their heads when eBay bought the
service have to admit that it appears headed toward world domination. The Skype
3.0 for Windows beta could accelerate the trend by removing roadblocks to acceptance
among network administrators in businesses.” 180 View –
If you haven’t tried it yet, what are you waiting for? I (Michael Burns)
use it all the time whether calling my daughter in Ireland, making long distance
conference calls, making calls while out of town at my client’s office or
hotel room…
November 2006
Dragon
NaturallySpeaking November 1, 2006 from CAmagazine and written by
Michael Burns – “You will love Dragon NaturallySpeaking if you know
what you’re going to say before you say it and don’t mumble. The packageof
DNS says, “Dragon NaturallySpeaking Professional 9 is up to 99% accurate.
The accuracy, performance and ease of use in Dragon NaturallySpeaking Professional
9 make it the ideal solution for busy corporate professionals.” When I dictated
those two sentences, I achieved about 90% accuracy the first time and improved
the score slightly after making some corrections. The more you train the system
and the more clearly you enunciate, the better the results..." SAP
All-in-One vs. MS Dynamics September 1, 2006 from webCPA –
“For the giant multinationals of the world, SAP continues to be the dominant
ERP player. But once you move down a notch, the picture changes dramatically.
Microsoft, once content to play second fiddle to SAP's ERP core, is quietly but
steadily ramping up its Dynamics series with a uniform Dynamics package offering
in the works for a 2008 release. SAP's All-in-One product has many strong
points, but so does Dynamics. On the flip side, either solution has its distinct
weaknesses compared to the other guy. Which path is best for your company? And
what can you expect in the years ahead? Will Microsoft's lower cost and ubiquitous
presence (ie. existing "beach heads") translate into market dominance,
or will SAP continue its midmarket growth through focus on business values and
technical finesse?” 180 View – This article contains detailed
analysis by a spokesperson for SAP and Microsoft as to why their system is the
best. The SAP argument essentially boils down to “because there is SAP development
know-how all over”. The Microsoft argument is the “flexibility to change
as your business changes”. Both arguments are interesting but not persuasive.
We think that either solution could be the best depending on the circumstances. TomorrowNow
a threat to Oracle's maintenance business? October 27, 2006 from
Frank Scavo’s blog – “I conducted a phone interview last week with
Andrew Nelson, founder and CEO of TomorrowNow, a third-party maintenance support
provider for Oracle's PeopleSoft, J.D. Edwards, and Siebel products. I've mentioned
TomorrowNow in the past, but I was interested in its business has been progressing
in the year and a half since it was bought by SAP. TomorrowNow has not yet
announced its third-quarter results, but Nelson indicated a major increase in
new customers: over 200 today, with 60% running PeopleSoft, 30% on JDE, and 10%
with Siebel (its newest support offering). The firm plans to offer support for
Baan (now Infor's ERP LN) beginning in January 2007, and has already signed up
some customers for this offering. Over the past year, TomorrowNow has built out
its worldwide support organization to Europe, Asia, and Australasia, in addition
to its base in the U.S. Although TomorrowNow markets its services for all
users of PeopleSoft, JDE, and Siebel, in my view there are really a few key segments
where the firm's offerings are most attractive. Nelson confirmed that one sweet
spot is companies that are running SAP globally but still have instances of PeopleSoft,
JDE, or Siebel. These firms, which may be looking to standardize on SAP, have
little reason to stay on Oracle support contracts, and they welcome a lower-cost
option that is backed by a major player such as SAP. Another sweet spot
is companies that have many modifications and do not intend to upgrade Oracle's
Fusion product. In Nelson's view, such customers are paying maintenance fees to
Oracle (at 22% of their license cost) to "prefund Fusion," even though
they have no intention to upgrade to Fusion. Why shouldn't they save 50% or more
on maintenance fees by going with TomorrowNow? Furthermore, TomorrowNow
actually supports the customer's modifications to source code as part of the support
contract. Oracle's support agreements, in contrast, only provide support for original
source code.” 180 View – This is an interesting blog that
contains “independent analysis of issues and trends in enterprise applications
software and the strengths, weaknesses, advantages, and disadvantages of the vendors
that provide them.” The
Art of Demotivation “For the better part of a decade, Despair,
Inc. has been engaged in a fierce battle in the marketplace of ideas with the
multi-billion dollar motivation industry. In 1998, Despair introduced the world
to a darkly insightful line of motivational poster parodies known simply as Demotivators®.
In April 2005, company co-founder Dr. E.L. Kersten unveiled his landmark management
book, "The Art of Demotivation"- a work quickly praised by Financial
Times Management Columnist Lucy Kellaway as "the most daring, funny and subversive
management book ever written". With the introduction of Despair Video podcasts,
the company opens a new front in the war on motivation- while simultaneously offering
a tantalizing glimpse at life inside the company itself.” 180 View
– We often speak about the importance of motivation in optimizing business
process. We recommend that you view Addressing Employee Complaints and Disconfirmation,
Pt. 1. The Unexpected
Benefits of Sarbanes-Oxley April 2006 form Harvard Business Review
courtesy of Approva Corporation – This article is about: - Control
environment (attitude, values, transparency…) is the 1st line of control
defense
- Reducing control testing based on risk of a particular process
leading to material errors
- Avoiding duplication of work when it comes
to documenting business process. In one example, a company’s processes were
being reviewed for Sarbanes-Oxley and for ISO 9000. There were 2 different teams
documenting the identical business process
- Standardization improves data
consistency which reduces the potential for error. Another standardization benefit
is that it can lead to efficiencies by streamlining processes. And the auditors
only need to review one process rather than multiple processes
- Manual
controls are not as good as automated controls
- Few companies have used
Sarbanes-Oxley as a way to improve business process
180 View
– It’s about time that the auditors provided more real value in their
review of internal controls by identifying weaknesses in efficiency and effectiveness
of business process. Multilateral
Instrument 52-109 and Bill 198 October 17, 2006 from Horwath Orenstein
LLP – “In a noteworthy development, separate statements of claim have
recently been filed by Marvin Neil Silver and Cliff Cohen, both would-be plaintiffs
in a proposed class action against Imax Corporation and certain directors and
officers of the company. Silver’s claim is the first (by a day – Cohen’s
followed hard on its heels) to invoke the secondary- market liability provisions
that were recently added to the Securities Act (Ontario) under Bill 198... Multilateral
Instrument 52-109 and proposed amendments setting out reporting criteria required
for 2006, 2007, and beyond, combined with Bill 198, has significant implications
for Audit Committees, Directors and senior management of reporting issuers. The
intent of these new rules and regulations is to improve governance and rebuild
corporate credibility through accurate, reliable, and timely communication of
information to shareholders. The announcement of the above class action is evidence
that Bill 198 is a reality, and public issuers must ensure that they have exercised
due diligence with respect to the company’s “Disclosure Controls and
Procedures” and “Internal Controls over Financial Reporting”, under
the certification requirements of Multilateral Instrument 52-109. Multilateral
Instrument 52-109 requires CEOs and CFOs of all Canadian publicly listed companies
to certify:
a) The design and implementation of “Disclosure Controls and
Procedures” for both interim and annual filings on or after March 31, 2005
b)
The design and implementation of “Internal Control over Financial Reporting”
for both interim and annual filings on or after June 30, 2006 (subject to transitional
rules)
c) The evaluation of the effectiveness of “Disclosure Controls
and Procedures” and have concluded on their effectiveness in the Management
Discussion and Analysis accompanying their annual report for year ends ending
on or after March 31, 2005
d) The disclosure of material changes in the “Internal
Control over Financial Reporting” that occurred during the most recent interim
period in the Management Discussion and Analysis accompanying their interim or
annual report for periods ending on or after June 30, 2006 In addition,
for years ending on or after December 31, 2007, CEOs and CFOs are required to
certify on the evaluation of “Internal Controls over Financial Reporting”,
and provide their conclusions on their effectiveness, including a discussion on
the method for evaluating their effectiveness in the Management Discussion and
Analysis accompanying the annual report...” IMA
Releases Landmark Study Revealing Sarbanes-Oxley Compliance Issues October
12, 2006 from Business Wire – “A lack of practical management implementation
guidance and the incomplete nature of the COSO (Committee of Sponsoring Organizations)
1992 framework in assessing effectiveness of internal controls over financial
reporting (ICoFR) are two of the key cost drivers for public companies complying
with Sarbanes Oxley Section 404 (SOX) requirements, says a landmark research study
released by the Institute of Management Accountants (IMA®). The research study,
COSO 1992 Control Framework and Management Reporting on Internal Control: Survey
and Analysis of Implementation Practices, was released today. Conducted
by Professor Parveen P. Gupta of Lehigh University, the study assessed the views
of nearly 400 experienced CFOs, controllers, internal auditors, and SOX compliance
specialists at publicly traded companies. The study was designed to determine
the extent to which companies are using COSO’s 1992 internal controls framework
and identify the factors which inhibit a successful and cost-effective SOX compliance
outcome, including high-cost compliance activities, definition and use of “risk
based” models, application of risk assessments (fraud, plausible, and inherent
risk), integrated audits, IT controls assessments, skills gap issues, and other
practical areas. “IMA’s study is the first comprehensive study
of its kind that goes beyond estimating the cost of compliance. This study helps
to identify the real drivers of cost and provides actionable insights for policy
makers, regulators and professional associations,” said Paul A. Sharman,
president and CEO, IMA. “We have hypothesized for some time that current
controls frameworks are inadequate, as they do not allow management practitioners
to conduct cost-effective, risk-based assessments covering internal controls over
financial reporting, fraud risk, general IT controls, and other areas.” A
sampling of key findings from the IMA research study includes: Approximately
two-thirds of the total respondents attributed two key factors as major cost drivers:
1.
A lack of practical guidance from the SEC or other professional organizations
on how to decide what constitutes an effective (or ineffective) internal control
system
2. Redundant testing (between auditors and inside SOX compliance
resources) due to a lack of collaboration to reduce the sample size. The data
suggests that the original goal of achieving efficiencies via an integrated audit
of internal control incremental to (not duplicative of) the traditional financial
statement audit is still not a reality - More than half of respondents
acknowledged that they did not use COSO 1992 to assess IT control effectiveness,
in spite of indicating their control assessment was done in accordance with COSO
1992. Almost 52 percent of respondents used COBIT for this critical aspect of
their ICoFR assessment
- Forty-five percent of smaller public companies
and 35 percent of larger public companies are using a “bottom-up” approach
to internal controls, rather than a “risk-based” point-of-view. The
higher percentage for smaller companies could suggest a skills gap issue in applying
robust risk assessment methods
- Only 38 percent of respondents indicated
that the COSO 1992 controls framework, the predominant framework in use, was guiding
their internal control assessments, while 62 percent primarily rely on Accounting
Standard 2 (AS2). Due to the lack of practical guidance, AS2 has become the de
facto assessment standard for company management
- Fifty-seven percent of
respondents did not believe that the COSO 1992 framework alone was sufficient
guidance for determining the effectiveness of internal controls, strongly suggesting
that practical assessment methodologies linked to the framework are necessary
to assert to the SEC that an organization has an effective system of internal
controls.
“These results suggest that our hypotheses have been
proven to a reasonable degree. Now it is time to develop the long awaited assessment
guidance so desperately needed by American businesses to cost-effectively comply
with SOX while protecting shareholder interests,” added Sharman. The
study, COSO 1992 Control Framework and Management Reporting on Internal Control:
Survey and Analysis of Implementation Practices, includes an Executive Summary
that is available free of charge. The full study is available for purchase from
IMA. Please visit https://www.imanet.org/research_sox_study.asp for complete details.” 180
View – We think there's no excuse for not providing an efficient SOX
compliance reveiw. Creating
Smarter, Faster, Cheaper Processes is IT's Main Mission October
4, 2006 from CIO Insight – “One of the most important lessons from the
last 25 years of business computing is that you can't throw technology at a problem
and expect it to go away, or fling a system at an opportunity and expect the dollars
to rain down. To get any real value, business processes—how people work,
how work is organized, how work flows—have to be changed, too. That lesson
has been absorbed, judging by the results of our first survey on business process
improvement since 2003. Process improvement has emerged as the top business priority
for IT organizations; improving productivity and reducing costs as the most common
goal." 180 View – IT resources typically find IT solutions
to business problems, and then find a creative way to prove the business case. Just
Say Yes to Internet Explorer 7 October 19, 2006 from ComputerWorld
– “It's been a long time coming, but Internet Explorer 7 is here at
last. If you're dying to get your hands on the new browser, you can download it
right now. But otherwise, there's really no need -- IE7 will soon come knocking
on your door. In November, Microsoft plans to make IE7 an Automatic Update
to Windows XP. That means that if you have Automatic Updates configured to install
automatically, or to download automatically and then notify you about the download,
the new browser will download behind the scenes and then ask for your permission
to be installed. If you have Automatic Updates configured to notify you but not
download automatically, you'll see an Automatic Updates screen offering to download
and install IE7. And if you have Automatic Updates turned off, you'll get no notification
at all. When the new browser comes knocking, should you let it in? Oh, yes.
IE7 is a considerable improvement over IE6, and with new features such as tabbed
browsing, RSS support, improved security and an integrated search box, it's well
worth the upgrade...” Google
Docs and Spreadsheets are here October 11, 2006 from Office Watch
– “Google has bundled their acquisition of Writely and their own Google
Spreadsheets into a single package known as Google Docs and Spreadsheets… With
this service you can create documents or worksheets online and save them either
in a private storage space on Google’s servers or on your own computer. You
get the basic formatting options like bulleted lists, fonts plus sorting by columns
and Excel compatible formulas. The really big deal is that several people can
work on the same document or worksheet at the same time – with edits showing
up in real time. You can also permit people ‘read only’ access so they
can see a document or worksheet online but not change it. The document formats
supported are the current MS Office formats (.doc .xls etc) and also the OpenDoc
formats (.odt .ods etc). Interestingly you can also save in PDF format as well
as HTML web pages. The HTML option means you can create web pages via Google Docs
to be viewed as standard web pages. Blogs are also supported with special features
to let you write a blog then post it to your site..." October
2006SAS
Review October 1, 2006 from CAmagazine and written by Michael Burns
– “In the global market for corporate performance management and business
intelligence software, SAS Institute Inc. is unquestionably a leader. With 10,000
employees, 4.5 million users and 40,000 customer sites in 110 countries, the company
earned revenue of US$1.74 billion last year. Based in Cary, North Carolina, it
has offices throughout the world, including Toronto. It also has the distinction
of being the world's largest privately held software company. In the past,
SAS competed with companies like Hyperion and Cognos. Today, it also shares the
market with some ERP vendors that are bundling CPM components with their systems.
So why would anyone want to use multiple products if they could just use one integrated
ERP solution?”
Business
Process Improvement Survey: Creating Smarter, Faster, Cheaper Processes is IT's
Main Mission October 2006 from CIO Insight – “Improving
business processes is the top priority for many IT executives, especially at small
and midsize companies. Most companies are hoping to boost productivity and cut
costs by revamping their business processes with the help of IT; smaller companies
are also aiming to increase revenues. Not surprisingly, that's spurred an increase
in the number of BPI projects across the board. Integrating timely information
into work processes is also important: 83 percent of respondents say one of their
primary BPI goals is to deliver critical information to employees while they are
carrying out the company's business processes. But CIOs aren't just seeking to
improve operations like logistics and customer service; they are also looking
to improve the ways that managers and knowledge workers do their jobs, since managers
as well as rank-and-file employees are under great pressure to work more efficiently
and effectively. Financial, compliance and strategic planning processes head the
list of today's top three BPI priorities.” 180 View – IT
can help Business Process Improvement (BPI), but should not be the driver. First,
IT can have its own agenda, which may not be aligned with corporate strategy.
Second, BPI is achieved not just by investment in IT. Motivation, organizational
structure, and business process design can also have a huge impact.
Cross
Functional Alignment in Supply Chain Planning: A Case Study of Sales & Operations
Planning July 2006 form Harvard Business School – In this scholarly
paper, we read that “In 2002, Leitax, a niche consumer electronics company,
suffered serious supply chain planning mishaps due to poor cross-functional integration
in the supply/demand planning activities. The poor integration resulted from organization
differentiation among the functions and an unsophisticated approach to integration… The
coordination system requires specific organizational devices to promote integration
that facilitates decision-making across functions and the general resolution of
ensuing conflicts to the approximate satisfaction of all parties and the general
good of the enterprise. A common organizational arrangement for achieving
integration across differentiated functional areas is the integrating department.
Lawrence and Lorsch (1986) found that six factors determine the effectiveness
of such integrating groups. Three of these factors relate to characteristics of
the integrating group. Specifically, integrators tend to be successful to the
extent that they (1) are seen as having the most important voice in cross-functional
decisions, (2) are evaluated and rewarded in accordance with the overall performance
of cross functional decision making, and (3) have a departmental structure and
orientation midway between those of the other functions. The DMO had these
attributes of a successful integrating department. The DMO was publicly mandated
to improve demand planning. The case study recounts a growing influence of the
DMO over demand and supply planning due, in part, to their competence and experience
in managing these processes. The DMO’s incentives were based on forecast
accuracy, which Fowler had realized early on was in principle a cross-functional
goal. The DMO exhibited flexibility and the ability to communicate with both extremes
of the organizational orientation spectrum, as reflected in its ability to take
in detail sell-in forecasts from the SDs and long-term aggregated global demand
forecasts from the PPS group. The other three factors that determine the
effectiveness of integrating groups relate to interactions between integrators
and functional specialists. Effective integration is supported when (4) the managers
in other departments feel that they have influenced decisions, (5) this influence
is concentrated at the managerial level where decision-making knowledge is available,
and (6) conflicts are confronted rather than avoided… Finally, the
details of the coordinating system (responsibilities, structures, and processes)
put in place by Leitax make it clear that more is required to achieve true integration
than the implementation of an information sharing tool and the efficient information
flows that result. For researchers in the supply chain management area, the case
illustrates the organizational and behavioral dimensions of coordination systems,
dimensions that, to our knowledge, have not been explicitly addressed before.
The coordination system is more than the definition of responsibilities, processes,
and structures to bring together multiple functions and organizations; it is also
the explicit consideration of the social and organizational dimensions of the
process by which alignment is achieved.” 180 View – As
the case study shows, business process improvement is not just about new systems
but also includes motivation, organizational structure and business process.
ERP
Gets A Complete Makeover July 24, 2006 from InformationWeek –
“The words "enterprise resource planning" conjure up ugly images:
tortuously complex business processes, missed deployment deadlines, massive cost
overruns. For more than a decade, ERP has been synonymous with beastly software
projects. Now the three most influential vendors--SAP, Oracle, and Microsoft--are
re-architecting their applications with the promise that things will get better… The
new ERP systems will be more evolutionary than revolutionary, some analysts think.
Unlike the move to client-server computing, businesses won't have to rip out their
installed IT systems. SAP, Oracle, and Microsoft promise to usher customers along
with incremental steps to their next-generation apps. At the heart of all
three vendors' ERP redevelopment efforts is the adoption of service-oriented architectures,
Web services standards, and business process management technology. SOA and BPM,
the vendors say, are critical to making their applications more modular and easier
to adapt as needed--say, when two companies merge--something that's been sorely
lacking in ERP software… But while SOA and Web services are driving
the vendors' ERP redevelopment efforts, they draw a yawn from some IT managers,
particularly those at small companies like Tasty Baking. "It really doesn't
mean anything to me right now," CIO Bayles says. "I don't have 100 applications
I'm trying to integrate." SOA is low on the IT priority list at some
large companies as well. Ingersoll-Rand's Libenson calls service-oriented architecture
"the buzzword of 2006," adding that his company doesn't have detailed
plans for adopting Web services. He sees them mainly as a way to link ERP applications
to legacy systems, adding, "My goal is to find a way to get rid of our legacy
systems." 180 View – We don’t think ERP investments
are made because of technology such as SOA or web services. However, if the technology
can clearly demonstrate an ROI, the investment decision-makers will be listening.
We think that at some point in the next couple of years, web services will allow
companies to exchange electronic transactions such as Purchase Orders no matter
what the system. That means that a supplier does not need to enter customer orders
into their systems – now we’re talking ROI.
Greenspan:
Dump SarbOx September 26, 2006 from eWeek.com – “The Sarbanes-Oxley
Act is doing more harm than good and must be overhauled, Alan Greenspan told a
technology audience here. "One good thing: Sarbox requires the CEO
to certify the financial statement. That's new and that's helpful. Having said
that, the rest we could do without. Section 404 is a nightmare." Greenspan's
remarks came at a meeting of the Massachusetts Technology Leadership Council here
on Sept. 25. Greenspan was Chairman of the Federal Reserve board for 18 years,
having retired in early 2006. He said the evidence is clear that Sarbanes-Oxley
strictures are driving initial public stock offerings away from the New York Stock
Exchange and to the London Stock Exchange. Increasingly, he said, people recognize
that Sarbanes-Oxley must be changed. "The pressure on getting 404 significantly
altered is rising and is taking on a critical mass." But he added, "You
do not get a bill altered when the two names [Sarbanes and Oxley] are in the process
of retiring. People are waiting until they are gone. Then, hopefully, changes
will be made. Any bill that passes both houses almost unanimously, cannot be a
good piece of legislation." 180 View – We think it’s
time Sarbox (or the equivalent) reviews include efficiency (achieve the desired
result with the minimum use of resources) and effectiveness (achieve the desired
result). Then we are talking about value for the money.
Business
Intelligence Tools - Vendor Analysis July 6, 2006 from IDC –
“IDC defines the BI tools market as being composed of two market segments:
query, reporting, and analysis (QRA) and advanced analytics. A further segmentation
by software packaging divides the market into standalone and database-embedded
BI tools:
1) Query, reporting, and analysis software includes ad hoc query
and multidimensional analysis tools as well as dashboards and production reporting
tools. Query and reporting tools are designed specifically to support ad hoc data
access and report building by either IT or business users. This category does
not include other application development tools that may be used for building
reports but are not specifically designed for that purpose. Multidimensional analysis
tools include both online analytical processing (OLAP) servers and client-side
analysis tools that provide a data management environment used for modeling business
problems and analyzing business data. Packaged data marts, which are preconfigured
software combining data transformation, management, and access in a single package,
usually with business models, are also included in this functional market.
2)
Advanced analytics software includes data mining and statistical software (previously
called technical data analysis). It uses technologies such as neural networks,
rule induction, and clustering, among others, to discover relationships in data
and make predictions that are hidden, not apparent, or too complex to be extracted
using query, reporting, and multidimensional analysis software. This market also
includes technical, econometric, and other mathematics-specific software that
provides libraries of statistical algorithms and tests for analyzing data. Although
statistics products vary in sophistication, most provide base-level functions
such as frequencies, cross-tabulation, and chi square. This market also includes
a specialized form of statistical software focused on functional areas such as
the industrial design of experiments, clinical trial testing, exploratory data
analysis, and high-volume and real-time statistical analysis… In 2005,
the BI market grew 11.5% to reach $5.7 billion in worldwide license and maintenance
revenue. As Table 1 shows, the database-embedded BI server market experienced
a higher growth rate (19.9%) than did standalone BI software (10.7%). The query,
reporting, and analysis market outgrew the advanced analytics market in 2005.
We had anticipated a higher growth rate for advanced analytics. One of the reasons
for the lower-than-expected performance of this market segment was a larger-than-expected
shift in revenue to query, reporting, and analysis tools as well as to packaged
analytic applications by SAS, the largest advanced analytics tools vendor. Business
Objects
Business Objects ended 2005 again as the leading BI software vendor,
with $795 million in BI tools revenue and a 14% market share. Business Objects
is the dominant query, reporting, and analysis vendor, with a broad user base
spanning all major geographic regions, company size segments, and industries.
Building on this base, the company has ambitious goals for growth. This growth
can either be organic or involve further acquisitions. Both paths will likely
contribute to Business Objects' top line over the foreseeable future, with most
of the organic growth coming from query, reporting, and analysis tools from both
expanding the company's user base within enterprise accounts and deeper penetration
of midsize organizations. SAS Institute
SAS was the second-largest
vendor in 2005, with $582 million in BI tools revenue and a 10.2% market share.
Fifty-nine percent of SAS' BI tools revenue comes from advanced analytics software.
However, in 2005 the company saw strong performance from its Enterprise BI Server
product suite, which resulted in a 26% growth in its query, reporting, and analysis
revenue (for more details see SAS Revamps Its BI Software and Finds Traction Outside
Its Core Competency of Data Mining and Statistics, IDC #34846, February 2006).
SAS is also continuing to find success in specialty analytic applications that
take advantage of its advanced analytics tools. Examples include applications
for various types of forecasting, optimization, and descriptive and predictive
analytics. Although this revenue is not accounted for in the current BI tools
study, it influences the company's overall product mix and in aggregate has a
tempering effect on BI tools revenue. In the short term, IDC does not see
any serious challenge to SAS' dominance of the advanced analytics market and expects
the company to continue to experience above-market growth rates for query, reporting,
and analysis. However, at the same time there is likely going to be a long-term,
continuous shift toward more packaged analytic applications. Cognos
Cognos
finished 2005 as the third-largest BI vendor, with $567 million in BI software
revenue and a 9.9% market share. Like its longtime rival Business Objects, Cognos
experienced competitive market pressures, which kept its query, reporting, and
analysis revenue growth rate below that of the market. IDC speculates that the
company's ReportNet product, which had tremendous growth when it was first introduced
at the end of 2003, encountered tough competition from the many
reporting products
in the market from specialty BI and database vendors. Although Cognos still derives
a majority of its revenue from BI tools, the company experienced a higher growth
rate in its business performance management applications than it did in BI tools.
This trend is indicative of a steady shift toward a focus on analytic applications.
As the market for BI tools matures, Cognos is likely to continue to expand on
its strategy of both developing and acquiring packaged analytic applications in
areas such as workforce analytics (released in 2006), supply chain analytics,
customer analytics, and business performance management. This expected shift will
put internal pressure on BI tools. However, these trends take years to play out;
in the meantime, Cognos remains solidly one of the top BI tools software providers. Microsoft
IDC estimates the value of Microsoft's BI tools at $353 million, which
puts the company into fourth place with a 6.2% market share. Among its closest
competitors, Microsoft is a relative newcomer to the BI tools market; the company
introduced its OLAP server at the end of 1997. Nevertheless, Microsoft has seen
strong growth over the past several years as it has expanded and enhanced its
database-embedded BI features and combined them with related tools such as data
integration. Specifically, the high growth rate in 2004 is attributed to the release
of SQL Server Reporting Services. More recently, Microsoft acquired ProClarity.
(The acquisition closed in 2006; therefore, IDC has shown the two companies as
separate entities in this 2005 market share study.) This acquisition filled an
important gap in Microsoft's BI software portfolio. The company now has not only
server-side BI engines for OLAP and data mining but also a Web-based (as well
as thick-client) end-user query, reporting, and analysis tool. Microsoft's
impact on the BI tools market cannot be overemphasized. Currently this is especially
true with respect to its Reporting Services and Analysis Services products. However,
the company is also going to have an impact at the "front end" of BI
in the coming years. Note that although Microsoft Excel is not counted as a purpose-built
BI tool, Microsoft's recent focus on promoting Excel as a key interface for BI
is also going to have a negative impact on competition. Again, this impact will
not create any sudden material shifts in the market, but an evolutionary change
has been put into motion by the database vendors, and it will reshape the BI tools
market over the next 15 years… The next wave of BI will reach out to
these employees as well as other organizational stakeholders such as suppliers,
partners, customers, and government agencies to improve information delivery and
decision support functionality for all. This shift in market focus can be only
partially addressed through existing BI software, which as already mentioned was
created with the analyst or power user as the intended audience. Clearly a frontline
employee will have limited use for an OLAP or an ad hoc query tool. In fact, to
address the needs of frontline employees and line-of-business managers, organizations
must redefine and expand what they mean by BI. The expanded vision of BI must
take into account not only the technologies involved but also business drivers
and performance management methodologies. 180 View – IDC provides
analysis on many other BI vendors including Hyperion, Oracle, MicroStrategy, SAP,
SPSS, Information Builders, IBM, Actuate, Lawson and QlikTech. The analysis also
includes BI business drivers. If you’re into BI, you should check this article
out.
Security:
Don't Spring a Data Leak July 12, 2006 from Baseline – “The
most notorious snafu: The U.S. Department of Veterans Affairs disclosed in May
that it lost data on 26.5 million veterans and their spouses plus 2.2 million
active military members when a worker's computer was stolen out of his home. Other
organizations that have reported thefts of computers with sensitive data include
Aetna, American International Group, Ernst & Young, Equifax, Union Pacific
and the YMCA. Even the Federal Trade Commission, responsible for enforcing
privacy laws, disclosed in June that a laptop with unencrypted private data on
110 people was stolen from a car used by its attorneys. From February 2005
to mid-June 2006, such security breaches have exposed information on more than
88 million individuals, according to the Privacy Rights Clearinghouse, a San Diego
privacy advocacy group. "Everyone spends a lot of time focusing on
external threats," says Gartner analyst Avivah Litan, "but most of the
threats are either from insiders or employees who take data home. It has nothing
to do with criminals hacking into your databases." Litan says many
organizations are unprepared for accidental or deliberate data breaches: She estimates
that businesses today encrypt less than 10% of all sensitive customer data. A
survey this year by research firm Ponemon Institute, sponsored by encryption vendor
PGP, found that 4.2% of companies use encryption across their entire enterprise
(as opposed to only in select departments). Litan predicts that companies
will be fast-tracking security projects to prevent information assets from leaking
out, including deploying software that stops any sensitive data from being e-mailed
or copied to any outside party or device. "Pretty soon, there's not
going to be any employee privacy—everything is going to be monitored,"
she says. Regions Financial, for one, has taken steps to seal the cracks.
The 25,000-employee company, which operates 1,300 bank branches in 16 states,
encrypts the entire hard drives of its thousands of laptops. (Zimmerman wouldn't
name the encryption software Regions is using or say exactly how many laptops
it maintains.) Is scrambling every bit of data on every laptop overkill?
Not to Zimmerman. "I can guarantee you that there would be confidential information
on almost every laptop in the organization," he says. But the danger
of data leaks obviously extends beyond portable computers. Regions also uses software
from Vericept to monitor all outgoing e-mail to make sure it doesn't include confidential
information. The software uses statistical analysis on text in messages and attachments
to find content that violates the company's policies. Most often, transgressions
are accidental, Zimmerman notes: "People don't realize they've hit 'reply
to all.'" Some I.T. executives say portable storage devices—namely,
thumb-size USB drives—scare them more than the possibility of a laptop vanishing.
"If you were stealing something, why would you carry a laptop out the door
when you could throw data on a 60-gigabyte USB drive?" asks Jim Brockett,
chief information officer at Washington Trust Bank in Spokane, Wash. Washington
Trust this year plans to deploy software from security vendor NextSentry that
will prevent any of its 900 employees' computers from using USB storage devices,
and will provide other monitoring functions like flagging e-mail for certain keywords
and phrases (say, "account number"). "We're not informing
users about [the project]," Brockett says, "but we've let them know
we have the right to monitor them." Another lesson from the rash of
data losses in the headlines is that "user education" is only effective
to a point. It's certainly true that employees should be regularly updated on
good data-handling hygiene. But no amount of education will eliminate careless
mistakes or stop a disgruntled employee from violating a policy. Security technologies
like encryption and digital rights management software, which controls access
to specific pieces of content, can act like seat-belt laws—to help computer
users from hurting themselves. "We can do training, we can do policies,
but unless we monitor every laptop every single day, there's no way we can control
what people put on their laptops," says Jacob Mays, assistant vice president
of information technologies at Stillwater National Bank and Trust in Stillwater,
Okla. To make sure no data can be read on a lost or stolen computer, the
bank fully encrypts all of its 80 laptops with PGP software, a measure it initiated
last year. Employees must enter a password before Windows even boots up. Like
seat belts, security mechanisms have to be easy to use. "You can talk until
you're blue in the face about the need for it, but unless it's practical, people
aren't going to use it," says Jason Elizaitis, director of information technology
at Fairfield Greenwich Group, a New York-based asset management firm. Fairfield
Greenwich Group, which manages $10 billion in assets for high-net-worth individuals
and institutional investors, uses Liquid Machines' Document Control digital rights
management software at six offices worldwide. The software lets employees encrypt
and assign privileges to documents (such as flagging them for "internal use
only" or "do not print"), using a drop-down menu that is installed
in the menu bar of Microsoft Office applications. Why hasn't every company
on the planet put in similar safeguards? Cost may be one issue. A sophisticated
digital rights management system, for example, can run to $500 per employee, while
content-filtering packages start at around $25,000. Encryption products have entry
prices of $125 to $300 per employee; vendors in this market include PGP, Pointsec
Mobile Technologies, Utimaco Safeware and WinMagic. Microsoft promises to
bring encryption to the masses in the forthcoming Windows Vista operating system,
which includes a feature called BitLocker that can automatically encrypt a PC's
entire disk. Meanwhile, some I.T. managers still have a perception that
deploying and managing encryption products is extremely complicated, says Andrew
Krcik, vice president of marketing at PGP. "There's still a hangover from
people having looked at encryption seriously five years ago and said, 'It's way
too complex,'" he says. Stillwater National Bank's Mays found setting
up and managing laptop encryption straightforward, requiring employees to leave
their laptops overnight to perform the initial full-disk encryption. He was at
first concerned that the PGP encryption software would slow down the machines,
but found that on any laptop less than three years old, "there's not a noticeable
performance hit." To Zimmerman of Regions Financial, the justification
for encryption and content-monitoring measures boils down to this: What's the
company's reputation worth? As Zimmerman puts it: "Whether we lost one record
or 1 million records, our credibility with customers would be shot." 5
Steps to Prevent Data Loss 1. Guard against human error. Use security technologies,
such as data encryption, as a safety net for honest mistakes. 2. When in
doubt, encrypt. All laptop hard drives should be encrypted. 3. Monitor outgoing
messages. Use software to block e-mail messages or file transfers with confidential
data. 4. Ensure security is easy to use. Otherwise, employees will find
ways to get around it. 5. Audit security practices regularly. Experts say
such reviews should happen at least monthly. 180 View – We replicated
most of this interesting article. Good policy, training and the right tools can
go a long way to mitigate the risks. Safe
Driving? Is Your Lap Strapped In? September 1, 2006 from webCPA
– “If you think this article doesn't pertain to you, your firm, or your
clients-either because your business is too small, too big, or because it's the
perfect size for guarding against IT security threats-think again. Security
woes even hit computer security software company McAfee, which in February had
to warn some 9,000 current and former employees that their names and Social Security
numbers were on an unencrypted CD that was lost after being left on a plane by
an employee of auditor, Deloitte & Touche. That same month, Ernst &
Young confessed to some of its clients that their Social Security numbers and
other personal data were lost on a laptop stolen from a locked car belonging to
one of the firm's employees. And closer to home, in May the American Institute
of CPAs had to tell its approximately 330,000 members that a hard drive containing
their Social Security numbers and other data-sent out for repair in direct violation
of the AICPA's internal control procedures-was lost in transit by FedEx. That
faux pas was particularly galling since this year's rendition of the AICPA's Top
Ten Technology list ranked information security as the No. 1 technology issue. "From
the standpoint that every AICPA member was affected, if that doesn't serve as
a wake-up call for CPAs, I don't know what will," says Susan Bradley, a recognized
IT security expert who is a CPA and partner at Fresno, Calif.-based Tamiyasu,
Smith, Horn and Braun Accountancy Corp., where she is the network administrator.” The
article gives some suggestions to improve security: "Most firms think
they have a good firewall, so they think they're not at risk," he says. "But
many are using consumer-grade firewalls that are not updated or not strong enough
to protect their networks." Higher levels of protection are available
from companies like Sunnyvale, Calif.-based SonicWall and WatchGuard Technologies
of Seattle, Johnston and others say. SonicWall's "unified threat management"
technology features solid-state firewalls and VPN appliances that incorporate
anti-virus, anti-spyware, and network-intrusion prevention features for both wired
and wireless networks. It also provides constant monitoring of firewall performance,
Johnston says. Similar features are available through WatchGuard's firewalls. IT
managers also need to ensure proper installation of firewalls, and that all crucial
network ports are properly protected. "Many times firms pay extra fees
for a firewall installer, and [do] not realize that firewalls weren't installed
correctly," Johnston says. "Installers will leave ports open, making
a network vulnerable to attack-for example, file transfer port 21, Internet browser
port 80, or mail port 25. They all need firewalls." The growing popularity
of wireless networks, along with the growth of Microsoft's Mobile 5 wireless devices,
is coinciding with more options for securing wireless operations. For one thing,
users should make sure they're using the security pack that is available with
Mobile 5 devices, experts say. Accounting firm Abalos & Associates in
Phoenix uses the Sentinel S3 USB key from Mesa, Ariz.-based Sweet Spot to control
access to laptops and other mobile computing devices, says Cheryl Folkerth, a
CPA and technology manager at Abalos. The S3 key, which a user must insert
into a computing device to access the firm's wireless network, incorporates two-factor
authentication that involves 128-bit encryption along with a user-defined PIN.
It also integrates a secure virtual private network, or VPN, tunnel to encrypt
critical data being transferred between client and host computers. "No
one has been able to get onto the wireless network without the USB key,"
Folkerth says. SonicWall also provides a SonicPoints system of securing
multiple access points throughout a wireless network, which Johnston says he has
used successfully. A SonicPoints system can be configured, managed, and updated
through a centrally managed SonicWall security application. Another tool
for protecting laptops is Palo Alto, Calif.-based PGP Corp.'s PGP Desktop, which
encrypts an entire hard drive. "If the laptop is stolen, it has no data value,"
Johnston says. But technology applications alone aren't sufficient to protect
wireless networks, experts say. At Tamiyasu, Smith, IT security chief Bradley
enforces a multi-part policy that dictates how employees can access the firm's
network. Employees working remotely must not use a public kiosk or any other computing
device other than their own anti-virus-software-loaded machine. Her accounting
firm also has remote employees access the Remote Web Workplace, a feature built
within Microsoft's Small Business Server 2003, which ensures that sensitive data
can't be downloaded to computers outside the office. "They can view but not
download the data," she says. While e-mail has done wonders for improving
the service that accounting firms can offer their clients, it also presents huge
risks for stolen data when e-mailed client communications are not encrypted. "Not
encrypting e-mail is a glaring error among businesses," Johnston says. If
a hacker knows a CPA firm's URL and corresponding IP address, he can figure out
how to receive a copy of all e-mail traffic a firm sends its clients, he adds.
"A firm's e-mail might reach the right client address," Johnston says,
"but the firm won't know if it also reached another destination." Technology
such as AMPLock encryption from Madison, Wis.-based SmartSoftKey, can ensure that
only intended recipients can receive and unlock e-mail messages and files, Johnston
says. AMPLock integrates with Microsoft Outlook.” 180 View –
This article includes the following point - “The realm of security technology
is still like the Wild West to most people, with hucksterism and snake oil vying
side by side with really well throughout security software and hardware-based
tools” Huge investments are being made or will be made to improve security
by organizations across the country. Hopefully, you’re not being sucked in
by the hype, but investing in practical solutions that are justified based on
the risks.
SOA
in Plain Language August 31, 2006 from Datamation – “Service-Oriented
Architecture (SOA) is big business – and it’s getting even bigger. Heavyweight
vendors like IBM and Accenture are promoting it intensely. Forward-looking enterprises
are moving to adopt SOA into their business plans. In the view of SOA’s
proponents, Service-Oriented Architecture has the potential to create a revolution
in IT departments. It will blur the line between software and service, radically
changing the software industry. It will save companies money, greatly increase
productivity, and empower network architects to envision brillant new services. The
only thing it can’t do, apparently, is cook an egg in under two minutes.
And with time SOA might even develop that capacity. But amid the growing
interest in SOA – and the grand claims about it – plenty of businesses
are still wondering: should we get on board? And what exactly is SOA? Their
confusion is understandable. SOA is a buzzword that is defined using buzzwords.
The jargon is so deep you need boots to walk through it. For example, try
to decipher this clear-as-mud definition from Wikipedia: “Service-Oriented
Architecture expresses a perspective of software architecture that defines the
use of services to support the requirements of software users.” Huh?
Can you put that in English? Given that SOA vendors are still working to
explain this concept to potential clients, a clear, plain language definition
is needed. One of the best experts to provide that is Marianne Hedin, an IDC analyst
who tracks SOA. So, Marianne, what is SOA? “It’s not a technology,
and it’s not something you can buy off the shelf,” she tells Datamation.
“It’s a paradigm, it’s a shift, it’s an architectural concept.
It’s a new way in which you architect your IT environment.” “But
what,” she asks, with a laugh, “does all that mean?” Good
question. So what exactly is SOA? Interoperability and Integration SOA’s
greatest value is that it allows enormous interoperability between software, information,
and processes. SOA enables a network architect to mix and match existing
elements (software, data, or processes) to create custom-made composites to better
serve the business’s needs. Enterprise managers “can create new
services for their clients by taking a component from this application and combining
it with a component from another application,” Hedin explains. In doing so,
“They can create a new type of service, or a new kind of application, that
can serve their clients much, much better.” With SOA, the divisions
between proprietary software start to blur. For instance, a network architect
can allow users to combine functionality from software by Oracle and Microsoft
and Sun all into one composite application. “The name of the game is interoperability,”
Hedin says. The services offered by these various applications become one
composite service. Hence the name “Service-Oriented Architecture.” (IDC
will host a forum in September demonstrating that SOA allows interoperability
between .NET, BEA’s Web Logic, and Sun’s Java.) SOA’s ability
to combine disparate elements also applies to legacy software and data. So, for
example, SOA can help an insurance company more easily tap data that’s stored
in outdated 1980s-vintage software. In fact, SOA enables companies to avoid
constant software upgrades, as well as that once-a-decade software overhaul, by
allowing employees to more effectively work with legacy applications. “The
architecture allows you to do a lot of integration of disparate systems, regardless
of the age,” Hedin says. Related to (But Separate from) Web Services Say
a Web site wants to sell airfares from many airlines. The site allows users to
book a hotel room, rent a car, and buy concert tickets in the destination city. “In
order to be able to provide that kind of service to the client, that Web site
had to be able to integrate multiple applications together, and many pieces of
information from disparate systems,” Hedin says. “They have all kinds
of technology they want to take advantage of there.” With SOA “Even
if the [the data streams and software] are all different, different codes, etc,
they can all talk to each other. They can be combined and integrated.” (Note:
This functionality can be combined without SOA, but it’s much easier to combine
disparate data and applications using SOA.) The standards that have been
adopted for Web services, like SOAP and REST, enhance and expand SOA’s capability. However,
“You can have an SOA architecture without Web services,” she notes.
“But with Web services you can leverage SOA much more effectively because
you have the interfaces that help you with the integration.” In sum,
SOA really does create something of a revolution in the data center. SOA turns
a network comprised of discrete elements – purchased over several years,
held together by rubber bands and band-aids – into a refreshed and ever-flexible
source of business solutions.” 180 View – If you still
don’t understand SOA, you’re SOL.
How
to bungle a software upgrade September 26, 2006 from InfoWorld –
“Ten years ago, I was the IT manager at a successful software company whose
main product was aimed at large insurance companies. It was a DOS app that read
records from large data files, did a little processing, and passed the results
to other apps downstream. It wasn’t particularly pretty, but it was accurate
-- and it was fast! It worked in batch mode, processing thousands of records per
minute, which was a critical feature, considering how many records our clients
needed to manage each day. We were doing well with this app, which was pretty
much the industry leader. So in a classic it-ain’t-broke-so-let’s-fix-it-anyway
move, some of our managers and salespeople began complaining that it wasn’t
written for Windows. They lamented the fact that we didn’t have a nice Windows
GUI we could put on our sales brochures. If we didn’t rewrite for Windows,
they insisted, our competitors would eat our lunch! And while they had our attention,
these same people decided that the product would be even more appealing to our
customers if it worked interactively, so users could process a single record at
a time. This seemed an odd request, because as far as I could remember,
not one of our customers had ever tried to use the product in this manner. Come
to think of it, our customers had never shown much interest in a Windows version
either. I expressed my concern, but the boss was convinced that a Windows version
of the software would be our ticket to world leadership. Most of our in-house
programmers had been laid off by this point, so the boss hired an expensive set
of consulting software developers. In spite of my stated reservations, I was put
in charge of managing these guys -- requirements, test plans, testing, daily builds,
and so on. When I costed out the notion of rewriting the application from
scratch, the boss decided it would be way too time-consuming and expensive. The
developers suggested creating a Windows front-end that would manipulate the old,
reliable DOS application in the background. I considered this approach to be a
serious kludge. Worse yet, it made the app a lot slower. And it was almost impossible
to run it in high-speed batch mode. But it worked, and it was cheap. My boss loved
it. We worked on the code for six months; then the copywriters showed up.
In order to create compelling sales materials, they insisted, we had to redesign
the menus so they’d look good in the brochure. We were already over budget
and over time, and some changes made the app harder to use. Still, the boss insisted. We
had worked closely with sales and upper management, and they loved the “new”
Windows version. Unfortunately, we hadn’t shown it to any of our users. Apparently
I was the only person in the company who was feeling nervous about this. Finally
we prepared to take the app, the new brochures, and a large sales team to the
biggest insurance convention of the year. Proudly, we demonstrated our new
baby to some of our largest customers. They liked the interface, they loved the
brochures, but they all had the same two questions: “How can we get this
to run faster?” and “How do we turn on batch mode?” Our sales
staff had no answers. But I had one: “Keep running the old version.”
Of course, I didn’t think saying it out loud be a wise career move. So I
kept it to myself.” 180 View – Beware of decisions based
on technology without a business case.
September 2006 8th
Annual Accounting and ERP survey
September 1, 2006 from CAmagazine
and written by Michael Burns - It's hard to believe we are now in our eighth year
for our annual accounting and ERP vendor survey. Interest continues to grow and
most vendors want to be part of the survey. This year, we have new or updated
responses for 50 systems as of June 2006. The systems cover the entire spectrum
- from QuickBooks and Simply Accounting to mid-market systems from Sage and Microsoft
to high-end products from SAP and Oracle. Each year, we expand the survey
to cover more functionality. Our objective is to include functions that differ
from one product to another. This year we have added service management, commitment
accounting, project accounting, back order fulfillment, forecasting, freight calculations,
warehouse management functionality and backflushing. Watch
out for maintenance
July 2006 form CAmagazine - "Companies
on the hunt for a new system typically do an ex- haustive analysis of various
options before they make a tentative selection. Once they do, the subject of maintenance
inevitablyrears its head. For some strange reason, vendors wait until the very
end of negotiations before they bring up the subject. They might even treat it
as a mere formality. The question is, should you sign the contract as is? The
short answer is no. Everything should be negotiable, including the maintenance
contract. Usually, vendors will ask you to pay maintenance on the list price.
But in a competitive situation, they might allow you to negotiate using the discount
price. Maintenance usually runs about 18% of the licence fee. But the contract
could include escalation clauses, such as standard cost of living increases. At
the very least, make sure there are no increases for three years. A ceiling should
be provided after that. In the fee, only a small portion goes toward actual
maintenance. Most of the fee goes into R&D. Any vendor that does not invest
heavily in R&D will not be able to compete with more nimble companies that
leverage new technology. You want your vendor to be successful; otherwise, it
will be purchased for its customer list, not its product. That will leave you
with the task of converting sooner or later to a new system. So you do need
to pay the vendors something. But is that something worth the price? You might
not want to upgrade every year, especially if you have customizations that will
need to be adapted to the new system. You might be able to live quite happily
without new features that add complexity or require more computing power. Some
vendors will require you to upgrade whether you want to or not. But you can negotiate
the length of time you can wait before upgrading. But there may be compelling
reasons to keep current. Your chosen vendor might also be working on new software
that won't be available for years. This new software might be chargeable unless
you keep current with upgrades and pay your maintenance fees. Some vendors will
not support their clients unless they stay relatively up to date. The vendors
would argue - rightfully - that problems encountered may be fixed in the newer
release. Maintenance and support can mean very different things to different
vendors. One vendor might give you unlimited annual telephone support, while another
might give you none. What's more, even "unlimited" support has some
limits. Vendors need to protect themselves from taking endless calls from poorly
trained customers. They will also vary in their responsiveness. It won't do you
much good if your vendor takes several days to get back to you for a critical
problem. Let's assume you have unlimited support and your contract includes
an adequate response time. Will you get your money's worth? During the implementation,
your support questions will probably be answered by the implementation consultants
rather than the vendor's support department. You should ask for a break on maintenance
fees during this period. However, the vendors will say you are getting support
indirectly, since the implementation consultants are calling them instead. The
vendors have a point but the consultants won't be making as many calls. And once
the system is up and running, support calls should be less frequent. Some vendors
will allow you to purchase a bundle of support hours to be used as required. Vendors
have a good thing going with their maintenance fees. Today an investment in business
systems should be a 10-year proposition. Ten years at 18% of the purchase price
isn't bad. Vendors are more willing to discount their licence price than their
maintenance price. But remember: everything goes on the table before your signature
goes on anything. Internal
Controls-A Review of Current Developments
August 2006 from International
Federation of Accountants - This review summarizes key internal control frameworks,
highlights recent legislation, and discusses the role of internal control in enhancing
corporate governance. It is a 19 page document and we will just quote some of
the more interesting paragraphs "… As the severity of high-profile corporate
accounting failures has increased steadily over the last decade, there has been
a corresponding increase in the development of new legislation,
standards,
codes and guidelines to assist organizations in improving their corporate governance.
While
these standards and guidelines originated from a variety of sources, they share
a core
principle: that good governance, by its nature, demands effective systems
of internal control. Recognition of the critical importance of internal
control is evident in the key frameworks and
guidelines on the subject. In
the 1990s internal control frameworks such as the COSO1 (USA),
Turnbull2 (UK)
and CoCo3 (Canada) emerged, some of which have recently been reviewed and
updated
or supplemented. In addition, there are many other publications on the theory
and
benefits of internal control… As internal control frameworks,
COSO, Turnbull and CoCo complement each other. They each
see internal control
as a process/set of processes designed to facilitate and support the
achievement
of business objectives. Each of the frameworks takes the wider approach to internal
control
covering consideration of significant risks in operations, compliance and financial
reporting.
Objectives such as improving business effectiveness are included, as are compliance
and
reporting objectives. The narrow approach to internal control is usually restricted
to internal
control over financial reporting… SOX focuses on one
specific aspect of internal control, that related to internal control over
financial
reporting whereas, as been previously noted, the key internal control frameworks
such
as COSO, Turnbull and CoCo take a wider business-led approach and cover
all controls.
Assessments of internal control using the SOX definition are
less likely to focus on the business
benefits that can result from a review
of the wider aspects of internal control and the related
processes for risk
management… By covering all material controls and linking internal
control to risk management, it allowed
companies to focus on the most significant
risks facing them. By setting out high-level principles
rather than detailed
processes, it required boards to think broadly about their company's risks and
enabled
them to apply the guidance in a way that suited the circumstances of their company." 180
View - We believe that internal control should consider business effectiveness.
In this way, the control review will provide more value. As well, there should
not be a significant increase in time spent as long as the reviewer has the expertise
in compliance as well as efficiency and effectiveness. Oracle
defies the naysayers
August 15, 2006 from BusinessWeek - "In
2003, when Oracle Chief Executive Larry Ellison announced his intention to buy
PeopleSoft, he was declaring war on a number of fronts. Not only did he have to
contend with PeopleSoft CEO Craig Conway, who railed against the deal for more
than a year, but he was also stepping up a battle with his counterparts at SAP,
the largest seller of so-called software applications, which run everything from
businesses' accounting to their call-center operations. Early on, Ellison
made it clear Oracle (ORCL) was buying PeopleSoft and other companies with the
immediate goal of becoming the No. 2 player in applications, and ultimately capturing
the top spot. "SAP is a formidable company, but we have a shot at catching
them," Ellison said back in April, 2004 (see BusinessWeek.com, 4/4/05, "Larry,
You Picked a Nasty Fight"). Then there was Ellison's tussle with the
many naysayers-SAP (SAP) and PeopleSoft executives among them-who warned Oracle
wouldn't sufficiently support PeopleSoft products and that it would stumble in
an ambitious project, code-named "Fusion," to knit together a string
of acquisitions, ultimately sending PeopleSoft customers into SAP's arms. IMPRESSIVE
GAINS. These days, the digestion is well under way. And according to new data
from AMR Research, Oracle has done a much better job keeping acquired applications
customers and winning new ones than many early critics expected. According
to the numbers, Oracle made impressive gains in one of the fastest growing categories
of applications: Human capital management, or HCM, includes software for human
resources departments that automates tasks like performance reviews and handles
paperwork around hiring new employees. Oracle took over the top market share slot
for the first time, thanks to its PeopleSoft acquisition, according to AMR. By
the end of 2005, it had 25% of the market, while SAP had 23% -- though the lead
will narrow in 2006, when SAP's share will rise to 24% as Oracle's holds steady,
AMR says. PeopleSoft had been the gold standard for HCM, so the gain isn't
entirely surprising. But the jump was larger than if PeopleSoft and Oracle's premerger
revenues were lumped together. In 2004, Oracle sold $324 million of HCM software,
and PeopleSoft sold $864 million. But in 2005, the combined company sold nearly
$1.4 billion in HCM software. "One plus one actually equaled two-plus,"
says Jim Shepherd of AMR. LONG ROAD. When it came to customer relationship
management, or CRM, the share gains weren't quite as impressive, because Oracle's
acquisition of Siebel, a leader in CRM, didn't close until 2006. Still, in 2005
Oracle moved from the sixth largest seller of the software, which helps manage
salespeople and call centers, to No. 3, just behind SAP and Siebel, in 2005. This
year, AMR expects Oracle will rise to No. 2, with 14%, just below SAP's 17%. Oracle
still has a long road to surpass SAP in applications overall. HCM and CRM make
up less than 30% of overall applications revenues marketwide. And because research
firms count market share differently, not everyone grants Oracle the top spot
in any category. In a statement, SAP noted that AMR takes into account services
revenues, not just licenses and ongoing maintenance, which gives Oracle an edge.
Further, it said, "any gains…Oracle has made in enterprise software
are a temporary situation, based on their flurry of recent acquisitions designed
to gain market share." The statement called further gains "unsustainable." Still,
Oracle clearly has the wind at its back. The company posted a banner fourth quarter
on June 22, with applications revenue up an impressive 83%. And the stock price
has been flirting with its 52-week high of $15.50, closing Aug. 14 at $15.29,
up 2%. Meanwhile, SAP had a rare earnings stumble on June 13 when it said it would
fall short of analysts' expectations for the second quarter. Analysts said the
miss suggests Oracle could be finally eating into SAP's market share. "If
that's not a momentum shift, I don't know what is," says Jesper Andersen,
Oracle senior vice-president of applications strategy. SLUGFEST AHEAD. Analysts
give Oracle props for overcoming early customer fears that the company would kill
PeopleSoft's superior applications. Instead, Oracle has offered lifetime support
for the software customers had already bought. "That really took a card off
the table the SAP guys could play against them," says Credit Suisse First
Boston analyst Jason Maynard. "Oracle is demonstrating to customers this
applications thing is a real and serious market for them," he says. And,
as Oracle and SAP begin to slug it out in the few remaining up-for-grabs industries,
such as retail, banking, and | 
