Category: Content management & strategy (Page 294 of 480)

James McGovern, writing in his February 18th  IT
toolbox blog, asks for more analyst engagement and coverage regarding open
source options for users.  He suggests …

Maybe the next step is to get several analysts who blog to expose themselves to a vocal audience. Maybe they could ping this entry’s trackback and let the dialog begin. Online audiences routinely discuss, debate and refute industry analyst research.

I think that would be great.  Sign me up … I would be happy to
contribute.  But, what what would be even more useful, for me — certainly
more useful than discussions of industry analyst research — would be hearing
more about what open source platforms and tools are turning out to be most
valuable as companies implement compliance solutions.

In my own work as an analyst/writer over the last decade I have discovered
some things that match up–at least in a rough way–with McGovern’s
concerns.  I started out sizing markets, projecting growth, figuring up
market share, and so on.  I learned a couple of things after a few years of
this.  One is that it is hard to predict the future.  A second thing
was that the methodologies available for estimating current market size and
market share in markets that are relatively young and still emerging are subject
to a lot of error.  You can do it for toothpaste or cola, but there is a
lot of guesswork and making of assumptions when you are looking at something
like "content management" or, heaven forbid,
"compliance." 

But perhaps the most striking, humbling thing that I learned is that the
market sizes, growth projections, and so on that I worked so hard to create are
typically not useful to the people and firms that actually USE technology. 
It is critically important stuff for technology vendors … but
technology users are more concerned about what works than they are with
the size of the market. 

So, I don’t do market size estimates anymore.  I am much more interested
in finding out what people are doing and what works.

As I look at Sarbanes Oxley and other compliance issues, the question of
"what works?" seems more important than ever.

So, James, I really like the idea of using trackbacks and other tools to get
a discussion going that brings more open source tools to the forefront. 
But, rather than worrying about what the analysts think, I would be more
interested in finding out more about what companies are using, for what
applications, and what is working. 

I see that James
Governor of RedMonk is also interested in joining the conversation.  (I
will say a bit more about RedMonk’s interesting thinking about "Compliance
Oriented Architecture" in a separate post.)  With James on board,
along with some people who are using open source approaches to compliance, I
think we could have a conversation that would be both interesting and really
useful.

For those of you tracking the evolution of Microsofts’s Commerce Server, Content Management Server and Sharepoint, there is a tantalizing statement on Ryan Donovan’s Commerce Server blog.

There is also a good 2-part article on MS Content Management Server, SharePoint, and MS Commerce Server integration at CMSWatch.

Yesterday I wrote about the new AeA
report on the problems companies are encountering with Sabanes-Oxley Section
404. Another concern raised in the report has to do with innovation and IT
spending.  Quoting from the report …

Instead of taking a principles-based approach, COSO and COBIT provide a super-checklist for all companies, set a cookie-cutter approach for how one must run a business, and they create a limitless necessity to document, document, document, rather than to do, do, do.

The external auditing firms also come in for criticism in the AeA report for
using "cookie-cutter" approaches.  One CFO quoted in the report
complains about armies of auditors in their mid-twenties who know nothing about
business and whose "judgment" is confined to whether or not they can
check off a box on some list.

The fact that Big Four firms are reporting a doubling of auditing revenues,
thanks to Sarbanes-Oxley, invites a cynical view of their situation.  But,
a "big picture" take on the issue needs to consider the risks and
incentives on the auditing side of the problem.  If something does go
wrong, auditors know that shareholders will be coming after them for
damages.  It is hard to see the upside for the auditor in being
"reasonable" and in trying to consider the special circumstances of
smaller companies.  (I am not arguing that the inability to deal with the
special needs of smaller firms is "right" — but simply that the
auditors, too, are constrained by the business and litigious realities
surrounding SOX.)

So … what are the consequences of this "cookie-cutter"
approach?  According to the AeA Report:

A specific example of the damage that this does relates to new IT productivity projects. The only way that U.S. companies successfully can compete with companies based in low-cost countries is to be more efficient. The key to greater efficiency is to invest in new and improved IT and automated systems. Because COSO requires an internal control to be ‘mature’ to be considered effective, it is not practical to implement major new IT systems in the third and fourth fiscal quarters because the control will not be mature.

Ouch!  Is this really happening?  Are readers finding that SOX
Section 404 is turning into a moratorium on IT systems implementation for half
the year?  Send me an email or add a
comment …

Last week, AeA, the high-tech trade association, released a report titled
"Sarbanes-Oxley Section 404: The ‘Section’ of Unintended Consequences and its Impact on Small
Business."  Most readers will find that this paper is worth a
look.  The paper argues that:

• Section 404 is more expensive than anyone anticipated — so much so that
  the costs far outweigh any possible benefits.
• The Section 404 compliance burden is disproportionately large for smaller
  companies.
• External auditors are taking a "one size fits all" approach to
  assessing the effectiveness of internal controls.

AeA’ assertions about the impact on small and mid-sized companies are really
striking.  For example …

What became clear during our companies’ discussions on Section 404 is that the cost burden for smaller companies as a percentage of revenue is far greater than for large companies. For multibillion dollar companies, the cost may run at approximately 0.05 percent of revenue, but
for small companies with revenues below $20 million, the costs can rapidly approach three percent of revenue.

This is a striking number.  I have no idea how precisely accurate these
results are — but the general thrust of the argument seems plausible: Smaller
companies typically start with less in the way of sophisticated internal control
systems, and the costs of creating such systems must come out of a
proportionately smaller pool of revenue.

Does this report match up with experiences that any of you are having? Send email
or post a comment …