|
 |
|
|
| TECHNOLOGY |
July/August
2005 |
Browser
News, trends, and research that drive
IT strategy
|
The Check is for
the E-mail
Depending on who is defining the market,
companies are already spending
US$4bn a year on technologies that fight e-mail threats (including
viruses, spam, and phishing) or will reach that level within
four years. While the numbers from analyst firms may vary,
most agree that along with a continued rise in spending will
come a shift in corporate priorities, away from a reliance
on multiple best-of-breed products (that each target a specific
e-mail threat) and toward suites of products or a managed
service that can address the many ways that e-mail can spell
trouble.
Radicati Group estimates that 52bn spam
messages and 900m viruses will be mailed each day in 2005,
so there is clearly plenty of work for e-mail security products
and services to do. Both Radicati and In-Stat say that a shift
is under way toward e-mail “appliances”, a combination
hardware/software device specifically engineered to tackle
email security problems. But In-Stat says that 30% of current
decision makers are unsure whether their next purchases will
be software, appliances, or hosted services.
Not surprisingly, In-Stat ranked reliability
as the top factor influencing purchasing decisions; Radicati
reports that manageability and scalability are also at the
top of buyers’ lists of requirements.
|
|
Compliance
SARBOX SURPRISES
It wasn’t supposed to be like
this, but IT has emerged as an unexpectedly vexing aspect
of Sarbanes-Oxley compliance. According to a recent CFO IT
survey, almost all companies reporting weaknesses or deficiencies
under Sarbox have found IT to be at least part of the problem,
if not the sole source. Worse, many CFOs feel that regulators
have not done a good job of explaining what companies must
do to satisfy Section 404 requirements for internal controls
from an IT perspective. They also say the auditors charged
with giving or withholding a thumbs-up don’t understand
the IT issues well enough to render an accurate judgment.
“In some sense I’m surprised,
but in another sense I’m not,” says Steve Hill,
a partner in the risk advisory services practice at KPMG.
“IT issues account for 20 percent of the key-controls
portfolio at a typical company, which is almost twice as many
as the next two areas combined.” That is, IT is so pervasive
at most companies that any examination of internal controls
is bound to turn into a de facto audit of IT.
Indeed, a majority of survey respondents
said there is no clear line between what constitutes financial
versus IT controls. That’s one reason why the Institute
of Internal Auditors has inaugurated a new series of Global
Technology Audit Guides that includes one that focuses on
IT controls. While not intended as a Sarbox manual per se,
the guide does provide useful baseline knowledge and some
specific tools for understanding and implementing IT controls,
according to Jay R Taylor, general director for IT Audit at
General Motors. (The guide is available at www.theiia.org.)
At this point, any guidance is welcome.
“No one had a reference point,” says William Chiasson,
CFO at Leapfrog, a maker of children’s educational products.
“It’s been an uphill battle for auditors and everyone
else.” Leapfrog’s first audit uncovered material
weaknesses in accounts receivable, inventory, and IT. Rob
Moon, the company’s CIO, says software from Logical
Apps and Oracle’s Internal Control Manager product should
help the company resolve its problems, particularly regarding
segregation of duties and access rights. And he says that
in some sense, Sarbox has had a silver lining. “It can
prevent fraud and conflicts of interest, and it is a prime
motivator to simplify, simplify, simplify,” explains
Moon.
But that won’t happen overnight.
Chiasson believes that year two of Sarbox compliance will
be even more demanding than year one. “In the first
year, we described our systems,” he says. “Now
we have to update and fix them, which is more work.”
KPMG’s Hill says: “Sarbox can accelerate business,
much as Six Sigma and IT itself did. Compliance can become
a new lens through which to evaluate your company.”
So far, few companies like what
they see. But if it is any consolation, last month the Government
Accountability Office found that the SEC’s own internal
controls suffered from several material weaknesses, including
IT. |
|
Management
SPHERE OF COMMITMENT
Companies want to negotiate good
deals with their IT vendors, it’s true, but many also
say they want to rely on a smaller number of vendors that
can act as true business partners. Those two goals are often
in conflict, leading to fractured, unproductive relationships.
These are among the findings of McKinsey consultants Baljit
S Dail and Andrew S West, who studied nearly two dozen companies.
Among the firms in question, 20% regarded cost as the top
priority in vendor relationships, while 70% cited a desire
for stronger partnerships with a smaller number of
preferred suppliers. Of those 70%, however, only 30% believe
they actually do have the kind of vendor relationships they’d
like.
Driving the toughest bargain tends
to prolong implementation times, create an arm’s-length
relationship with the vendor that can hamper subsequent efforts
to customize a system or address problems, and stymie efforts
to exact helpful information from a vendor’s technical
team. At the same time, limited resources don’t allow
for strong relationships with all vendors, so the consultants
advise companies to rank vendors and focus only on those that
are critical (because they provide crucial technology or big-ticket,
noncommodity software, for example). Compare the skills of
these vendors with those of internal IT staff to see what
vendor capabilities you might best leverage. And know what
you want most: Information about how your competitors use
the technology? Influence over the vendor’s R&D?
Companies should also have clear expectations, involve senior
management, and create a forum for feedback and regular evaluation.
|
|
Leadership
SPLIT DECISION
It is the perennial question in IT management:
to whom should the CIO report? According to Mark Cecere and
Heather Liddell of Forrester Research, the answer is ... it
depends. At large organizations with large IT budgets, the
CIO is more likely to report to the CEO than to any other
C-level executive. This gives IT more influence and allows
it to drive organizational change, but also ratchets up the
responsibility and potential liability if things go south.
The analysts say that a CEO-CIO reporting relationship is
essential at companies that plan a large-scale transformation
of IT, such as a move to a centralized or shared-services
model, because the CIO will have the access and influence
he or she needs with key senior executives. But the need to
report to the CEO declines in several situations: at companies
in which IT is viewed as a support organization, when the
CIO doesn’t have the skills to run the department solo,
where cost containment is viewed as a top priority, or if
the pay scale doesn’t justify a direct line to the top
dog. Those factors tend to dominate at smaller and mid-size
companies, where a CIO is most likely to report to the CFO
(at companies with fewer than 5,000 employees) or is just
as likely to report to the CFO as to the CEO (companies with
5,000 to 20,000 employees). Interestingly, Forrester found
that CIOs who report to CEOs don’t have any more flexibility
on budgets than those who report to other executives: when
asked whether new IT investments require the approval of an
IT steering committee or its equivalent, a nearly equal number
said ‘yes.’ But CIOs who report to CEOs do have
bigger budgets, averaging 4.8% of revenue versus 3.3% at firms
where the CIO reports to the CFO.
|
|
IT Workforce
MAJOR BUMMER
Just when you thought all the IT
jobs were moving offshore, along comes Bill Gates to say otherwise.
In April, the Microsoft chairman said that a drop in the number
of US college students majoring in computer science was bad
for his company now and would prove equally damaging to all
US businesses over time. Gates said the company was having
difficulty filling “good-paying jobs” at its R&D
facilities in the US and that reducing visa restrictions on
foreign workers might be one way to respond. One problem may
be that the kinds of workers Microsoft wants are an anomaly.
The Information Technology Association of America, a Washington-based
trade group, says that non-IT companies represent 79% of the
market for IT jobs and were responsible for the “overwhelming
majority” of new jobs created in 2004. Despite adding
those new jobs, however, overall demand is slowing. Last year,
employers expected to fill 230,000 jobs, whereas the year
before they reported a need for almost 500,000, and the year
before that more than 1m. Little wonder that college students
aren’t beating a path to the computer lab. According
to UCLA’s Higher Education Research Institute, the percentage
of incoming freshman interested in a computer science major
dropped by more than 60% between 2000 and 2004.
|
|
Oracle-PeopleSoft
E PLURIBUS UNUM, EVENTUALLY
With its protracted acquisition
of PeopleSoft now a done deal, Oracle has been hitting the
road of late, laying out for customers its vision of the future,
one in which product lines are maintained in parallel and
also merged. That geometry-defying goal will take plenty of
resources, but CEO Larry Ellison insists that despite a 5,000-person
layoff, the software behemoth still has what (and who) it
takes to keep PeopleSoft and JD Edwards applications alive
and well for years, even as it merges them with existing Oracle
products. That effort, dubbed Project Fusion, will take place
over several years. “This is not a big-bang approach,”
says Steve Miranda, senior vice president for applications
development. Indeed, with Oracle pledging to keep some PeopleSoft
applications alive until 2013, and providing automatic upgrades
to Project Fusion technology from current and next-release
versions of all products, customers shouldn’t face any
agonizing choices in the near term. Miranda says Oracle wants
to ease the pain in other ways as well, by providing a simplified
infrastructure that will begin with new middleware to be released
later this year. That first dose of Project Fusion technology
aims to, among other things, reduce the number of “flips
and switches” that users must manipulate in order to
configure the software for their needs. Oracle’s competitors
are raising doubts about migration strategies, suggesting
that customers will have to pony up for several upgrades.
But analysts say that the migration plan as currently described
by Oracle gives customers time to act and avoids a multiple-migration
nightmare. |
|
E-procurement
THE ROAD WARRIOR AS TRAVEL AGENT
Business travel, already a US$153bn
industry in the US as of 2003 (the last full year for which
data is available) continues to rise, and as it does, companies
are increasingly looking to technology to help pare costs.
In a survey of more than 550 business travelers, Accenture
found that nearly three-quarters of them regularly book on-line.
Only 22% prefer to deal with a travel agent, a notable decline
from the 36% who indicated that as their preferred method
a year earlier. Online booking can put plenty of information
at an employee’s fingertips, but it’s not a panacea:
some sites do not display all available airfares, and a number
of hotel chains have decided that in order to drive visitors
to their corporate booking sites they won’t offer any
discounts through third-party sites. “Travel is an area
that has always been ripe for savings,” says Lane Dubin,
vice president of business development, North America, for
American Express Travel Services, “but it’s only
now getting real attention from companies.” That attention
takes many forms, from automated T&E sys-
tems to consulting services that can help companies navigate
this complex terrain. Dubin says companies in the US are currently
changing their focus, from reducing transaction costs to cutting
overall travel expenditures. Last month Travelocity announced
a new service that helps companies manage and reissue unused
airline tickets – an expense that can sometimes amount
to 5% to 7% of a company’s travel budget, according
to Travelocity. The service relies on new technological capabilities
and industry expertise, a combination that many online travel-services
companies will be highlighting as they continue to woo corporate
clients. |
|
IT Spending
WHEN TAXES AREN'T, IN FACT, CERTAIN
According to a new study, for all
the numbers that companies crunch when deciding when and whether
to purchase new technology, there is one area that goes conspicuously
unexamined: taxes. More than 70% of companies in the US ignore
tax considerations when evaluating IT acquisitions, say Deloitte
Consulting and IDC Research. These companies miss out on potential
savings, while also increasing the risk that they will underpay
taxes and face penalties. Sales tax overpayment (stemming
from misclassified purchases or turning nontaxable deliveries
into taxable events), inadequately documenting R&D tax
credits, and disregarding state and local tax grants for expenses
such as training staff in new technologies are but a few ways
that tax issues can affect the total cost of ownership. Part
of the problem is that many companies assume that the legal
or procurement department looks at tax implications when,
in fact, they may not. About a quarter of the survey respondents
said they didn’t think tax matters would have a material
impact on buying decisions, but Deloitte maintains that tax
ignorance results in millions of dollars of unrealized savings. |
|
Emerging Tech
NO ROOM AT THE INTERNET
You might think that 4 billion of anything
is plenty, but you’d be wrong. So say proponents of
Internet Version 6, also known as IPv6, the next-generation
foundational technology for the internet, which so far has
met with a collective yawn on the part of the technology companies
that will ultimately deploy it.
A recent survey by Juniper Networks of
nearly 350 federal and corporate IT executives in the US found
that while 80% of them want better security, network management,
and quality of service, only 7% regard IPv6 as important to
meeting those goals. But IPv6 advocates say that this next-generation
internet protocol technology will tackle those concerns and
more. “The current version, IPv4, dates from the 1970s
and 1980s, and only accommodates about 4 billion IP addresses,
which is proving to be too few,” says Ben Schultz, managing
engineer at the University of New Hampshire’s InterOperability
Lab and director of Moon v6, a public-private collaboration.
There are short-term work-arounds, but eventually, without
new technology, the system will reach capacity.
Last month, in an effort to demonstrate
that IPv6 is ready for prime time, a consortium that included
MCI, France Telecom, Lucent, and UNH demonstrated how the
system can be used to provide a global multimedia service,
such as a corporate distance-learning program. But the ISPs
and other companies that must ultimately swap out old gear
for new and train their staffs in the new protocol have shown
little inclination to move.
|
| Refer
This Page To a Friend |
|
|
|
|
|
