People! More Government is Not Good!
There has been spirited debate (read the comments in particular) about SOX and SAP's GRC (Governance, Risk and Compliance) in the last couple of days at Thomas Otter's and Dennis Howlett's
The debate to me goes way beyond arcane sections of the law. Every dollar spent on compliance IT - and by some estimates in the last few years it is up to 15% of IT budgets - sucks oxygen that could be used towards innovation. It is frustrating for my firm to save clients on utility spend, only to see that money not go towards innovation but compliance.
Even more bothersome is we may be glamorizing government regulation.
As I commented on Thomas's
"I cannot believe so many of you think government policy has caused the stock market stabilization(or improved investor confidence in the last few years)
Or that SAP which has mostly private sector customers is continuing to push the “compliance is good” agenda.
Here’s Fortune’s take (about perceptions of business versus government) from the same article I quoted (in my post Shambala)
“For all that business has done to rehabilitate itself since, a significant factor has been what government has failed to do. It did not become the hero the public wanted. In the fight against terror, polling shows, just over half of Americans think the Iraq war made the U.S. more vulnerable to terrorism, not less so. Washington scandals - the Jack Abramoff lobbying mess, the Mark Foley sex mess - reminded voters that politicians can be every bit as sleazy as any executive.
One episode did more than any other to turn attitudes around. That was Hurricane Katrina, when government at nearly every level looked utterly incompetent while businesses became the heroes. FedEx delivered 440 tons of relief supplies, mostly at no charge. Wal-Mart meteorologists informed managers that Katrina was headed for New Orleans more than 12 hours before the National Weather Service told the public; the company later hauled millions of dollars of supplies into the worst-hit areas days before FEMA showed up.”
Vinnie,
I can't seem to trackback to your blog. I've responded here.
http://theotherthomasotter.wordpress.com/2007/05/31/in-further-defence-of-compliance/
Posted by: Thomas Otter | May 31, 2007 at 10:52 AM
Thomas, I worry for SAP if this is the kind of justification you have for GRC versus good solid business cases
SOX depressed the market and the economy for several years. Greenspan last year warned it was driving stock listings away from US. And now SOX fans (or beneficiaries) take credit for the Dow as high as it is?
Like I said please go back to making money helping your customers optimize their supply chains and customer facing processes. Depending on politicians and accoutants and lawyers is bad business.
Posted by: vinnie mirchandani | May 31, 2007 at 12:50 PM
Hi Vinnie.
I've responded back on my place, but I'll cut and paste the response here.
Vinnie,
Firstly, you know the vendorprisey blog is mine, not SAP’s. My views have developed out of my LLM and my plodding PhD research rather than from any product positioning perspective. That said, the business case for GRC is strong. It wouldn’t be selling otherwise. CIOs and CFOs are smart enough to know if this stuff makes sense or not. The panic buying took place long before we had our offering on the market.
Corporate governance is a complex set of checks and balances. The recent speech by the head of the SEC, Christopher Cox does a good job of highlighting the challenges.
http://law.du.edu/jbrown/corporateGovernance/secGovernance/documents/Speech.Cox.Chamber.March14_2007.doc
His discussion of the challenges of the first SEC chairman in the 1930’s are really illuminating.
It would be nice if business could work without laws, but it doesn't. Software that reduces the cost of compliance, be it trade, tax, audit , health, environmental or otherwise is goodness.
SAP's GRC is about putting a framework in place to handle laws and regulations in a flexible and agile way. It is a pity that the noise on section 404 of SOX drowns out what should be a much broader and richer discussion.
I would love to be discussing carbon neutral supply chain optimisation strategies, fair trade certification, GRI reporting, architecting for M&A.
It is clear I can’t convince you but I will take solice in this chap’s words:
“None of us likes more regulation, but I actually think SOX 404 is helpful. It takes the process control discipline we use in our factories and applies it to our financial statements. Implementing SOX 404 cost GE $33 million in 2004. But we think it is a good investment … Investors should demand high standards of governance and great performance. Some managers failed investors in the late ‘90s. Companies were destroyed, value was lost, and billions are being paid because of fraud. This happened. SOX 404 is by no means perfect, but it is a price we are willing to pay to restore investor trust.”
Jeffrey Immelt, Chairman & CEO, General Electric, February 11, 2005
Posted by: Thomas Otter | May 31, 2007 at 02:12 PM
I am a big Immelt fan, but seriously he said it
a) to be a good corporate citizen and industry leader when a number of his peers were ready to cruficy Oxley, SEC, their auditors for the bloody waste SOX was/is
b) GE has already a huge Six Sigma investment and their auditors probably did not have the guts to question GE's operational areas. Most other companies had young auditors questioning stuff they could not even spell...
Posted by: vinnie mirchandani | May 31, 2007 at 02:22 PM
And keep in mind that SAP didn't just dream this stuff up. I head up a nonprofit organization in the US called the Open Compliance & Ethics Group (http://www.oceg.org). We were one of the guilty parties that coined "GRC" a few years ago as shorthand for the integration (not necessarily consolidation) of all of the processes that are fundamentally about keepin the organization out of trouble and operating within defined boundaries. SAP, Oracle, Microsoft, Cisco, Sun, IBM and a number of other companies are members of OCEG.
But keep in mind that all of these software vendors came on board AFTER end-user companies such as ADM, Wachovia, Staples, Wal*Mart, Dow Chemical, etc. were on board developing these ideas. I guess what I'm trying to say is that SAP, Oracle, Microsoft and others are really responding to market need...and not developing a product just for the sake of developing a product.
The goal of GRC is to simply apply some tried and true performance improvement techniques to areas of the business where, historically, they have simply not been applied. In this sense, GRC is nothing new.
== slm ==
Posted by: Scott L. Mitchell | June 02, 2007 at 07:46 AM
Scott, thanks for your comments. I am concerned, as I would think your group would be too when a) any piece compliance becomes too expensive b) compliance enabling vendors start self-perpetuating it. Kind off when the "dancer becomes the dance"
I would love to see your group, having raised awareness about GRC as also publcizing how much of IT and other budgets are being used up by it, and how it crowds out other spend.
Big business may not be perfect, but the solution is not Big government. We have to keep screaming about the costs of compliance or politicians have no reason to unwind older compliance laws past their utility or not keep dreaming news ones.
And for your group to act as a watchdog on the accountants and the software vendors to keep reducing the cost of compliance through productivity. And yes to slap them when they "glamorize" compliance. Thanks...
Posted by: vinnie mirchandani | June 02, 2007 at 08:42 AM
I think it is the MOST important item in the upcoming election. How many others are as sick of Sarbox as I am? It is costing me a fortune and for what??? Here is a guy running for President that is against this Act and will work to repeal it. Ron Paul. Read this: http://www.lewrockwell.com/orig8/haman2.html
Then go to the home page and find the "Ron Paul file" where you can read a lot of other stuff about him. He is so popular on the Internet you can get lost in the websites his supporters have put up for him, but the official campaign website is http://www.ronpaul2008.com I sure haven't heard another candidate talk about this albatross around our necks. He even voted against in the first place and tried to get it repealed once before. He has been in Congress for ten terms. So this guy really means it. Just to imagine being free of 404.... chills.
Anyway, I thought it was a great article.
See also:
http://www.house.gov/paul/congrec/co...5/cr041405.htm
http://www.approva.net/audittrail/20...5-years-later/
http://www.house.gov/paul/congrec/co...2/cr020402.htm
Posted by: John43 | July 30, 2007 at 04:11 AM