Day: February 9, 2005

Today’s Financial Times includes a front page story about the effect
of Sarbanes-Oxley on the fees companies are paying to external auditors: 
On the average, they have doubled this year.  Yow ! 

The FT story emerged from a study of large company spending on SOX
compliance published earlier this week by the Corporate Executive Board, a
consulting firm.  The same study reported that, in addition to the higher
fees for auditing, the companies surveyed spent an average of $5 million to $8
million on SOX Section 404 compliance work in 2004.

The numbers are in the news because companies with fiscal years ending
December 31 will be releasing their annual reports over the next few
weeks.  This will be the first year that these companies will have to
report on the effectiveness of their internal controls, as required by Section
404 of the Act. After the companies make their own assessments of internal
controls, the auditors are required to render an outside opinion on the internal
controls.  In a related story in today’s Financial Times, titled
"Crunch Time," sources from the Big Four accounting firms estimate
that perhaps 10% of the companies will report that there are material weaknesses
in their system of controls.

It appears that we will find out how the markets react to reports of material
weaknesses.

The FT reports that companies typically have three questions for their
auditors:

• Are we in the clear?  Are our controls effective?
• How can we make SOX compliance less expensive?
• How can we turn this into something we can do year after year?

In diagnosing the sources of "material weakness" in internal
control systems, auditors put problems with information technology systems at
the top of the list.  The problems take different forms, but include
difficulties in controlling access to data and difficulties associated with the
project-oriented focus that has been characteristic of initial compliance
efforts.

The companies that reveal material weaknesses over the next four weeks will
almost certainly stay in "project" mode — they will have no other
choice.  But, for the 90% of the companies that successfully make it
through the first year of Section 404 testing and evaluation, the real challenge
will be how to turn this from "crunch time" into a normal part of
business — a part that supports, rather than subtracts from, the rest of the
business.

Are there readers of this column who can share, in general terms, the steps
that their companies are taking to make this transition?  It seems
reasonable to expect that increased use of content-based technologies to
automate parts of the internal control system would be part of the
solution.  Is that turning out to be the case?  Send me an
email or post a comment.

As content technology solutions continue their evolution toward infrastructure components, it begs an answer to the question, “define ECM suite.” There’s certainly no single definitive answer among vendors. However, there are clear trends in terms of the transformation of what were once specialized capabilities into those now considered commodity items. This is not uncommon in software evolution, as Bill Trippe pointed out in a February 2004 Gilbane Report, reminding us that even spell-checking used to be a separate application in days gone by.

Clearly, version control and check in/check out functionality moved to the commodity level long ago in the content technologies market. More recently (and more interesting) functionality shifts in the ECM suite market include email integration, identity and role management, search, and management of broader content types such as rich media and fixed assets. One needs only to review recent suite upgrades by vendors such as Stellent and Hummingbird for confirmation of this evolution.

Organizations making a suite purchase should be aware of these trends; they will surely effect the viability of short and long-term implementation strategies for both IT and business units. Awareness of vendor heritage is also important:

• Did the suite evolve from a vendor with specialization a content technology solutions such as WCM, DAM, or DM?
• Did the suite evolve from a platform player now moving into content technology specializations?
• Did the suite evolve due to aquisition or in-house expansion of specialized solutions?

While not making any claim to “which is better,” I would strongly advise buyers to be aware of vendor heritage, understand the breadth of commodity functionality, and evaluate the depth of expertise in “checklist” evaluation items such as technical support, professional services, and developer resources.