by Ross Sivertsen | Sep 3, 2013 | Blog, Business
This afternoon I read an interesting question on Quora (www.quora.com)…
Is there a documented case where a company believes its culture was materially changed because of restrictions imposed by Sarbanes-Oxley?
Theoretically, and this might sound a bit Pollyanna; anything that's done as part of an internal control environment should be done because it's the right thing to do for the business (public or private), and not because of a regulatory requirement like SOX. So if your organizational culture is that of business and process excellence; then your organizational culture won't materially change because of an implementation of internal controls. If your organization doesn't have the mindset of process management, then your organization is in for a harsh awakening.
For example, you stop at a red traffic light in a busy intersection because it's a good idea and you don't want an accident, not because the law tells you to.
In the same vein, we have a segregation of responsibilities between the person who can approve a payment to a supplier, and the person who writes the check because it's a good idea and we don't want to have someone paying themselves and defrauding the company (exaggerated for effect), not because SOX tells us to.
We control and document programming changes in an IT environment because it's a good idea, not because SOX tells us to.
What burdens an organization with a mindset of business excellence when it comes to regulatory compliance isn't the process change, or cultural shift, it's the shear weight of the audit function, and potentially overwhelming documentation required to support the audit function (but that's a tale for a different day).
Interestingly enough, Grant Thornton, did a survey in January 2013 of corporate general counsels for their clients; the survey, on the largest threats to organizational growth, showed the overwhelming response from the GCs… regulatory compliance. Go figure.
You can find the survey here.
by Ross Sivertsen | Oct 11, 2010 | Blog, Business, Current Affairs, Web/Tech
I'm at a global conference for ERP applications and Ray Wang, technology futurist, is speaking about five macro trends that will be the primary technology driver for business in the 21st century.
1. Mobility (Band on the Run)
We are changing the way we work. Forrester estimates that 283 million smart devices will be shipped this year. Where we are working has changed and we're not tied to the office any longer. I am working today from the conference floor of Perspectives the Epicor global conference (of which I'm presenting on Wednesday); I'm writing this blog post on my iPhone.
Location independence is critical to keeping people working and leveraging the best skills not from any one geographic region, but from anywhere. ANYWHERE.
2. Social (Butterfly) Media
How many of you are connected on LinkedIn or Facebook. Social media is neither a fad nor a passing fancy. Facebook added 100 million users last 9 months. People are by nature social animals; we want to connect as a community. Extending social media to business and extends information across business and consumers.
What does social media mean to business? Consider this, how do we either connect to our customers, or if you are a non-profit your constituency? I'll bet you either connect to your 'peeps' via email blasts or email or phone calls or face to face.
How about connecting to people by like interests? You connect to your friends on Facebook because they're you friends and you have common interests. Why not connect to your customers or constituents the same way.
3. Get Your Head IN the Cloud (Computing)
Part of mobility and location independence is the ability to work anywhere. As I write this article, I did so originally on my iPhone while at the presentation on the floor, I saved the draft to my Evernote account, then as I had time today, sat down to edit the article in the hotel atrium on my MacBook. What does this mean, well software is quickly becoming a service and moving all of our applications to the web. I never required any software ‘loaded’ on my notebook per se.
I could have just as easily sat at the Internet café in the hotel and edited this article from Evernote and a web browser. This idea of location independence no longer ties me to any one particular notebook, workstation, or machine, as long as I have access to the Internet and a web browser, I can continue to work. It is an ongoing experiment for me, and it occasionally works better sometimes than others.
I still prefer Word as my ‘power’ text editor, especially for particularly long papers and articles, but as a rule, I tweet, post on my blog, and write on Facebook using mobile devices, and web services exclusively.
4. Business Intelligence and Enterprise Dark Matter (Not the Dark Side)
Informatics and data visualization is at the center of translating data to information to knowledge and wisdom. How do we better understand the Internet of Things?
It’s not about the numbers, in as much as it is about understanding the patterns in the numbers, we are increasingly faced with a deluge of data, Ray noted that we estimate the amount of data in the universe is on the order of 1.3 Exabytes (That’s a 1.3 with 18 zeros behind it or a REALLY big number).
Understanding the patterns of all that data is the world of analytics. It’s about connecting the patterns in the data in the context of the real world, for example what does the increased number of tweets Twitter receives on President Obama’s vacation mean in the context of the world economy? Does it mean that he’s simply foolish to take a vacation during the mid-term elections, or that people care about what Michelle is doing with the girls at Disneyland?
5. Unified Communications and Video (Come Together)
Looking at the jet blue model of how they communicate to their customers for reservations have nothing to do with call centers. When you call jet blue to make a reservation you aren't calling a call center you're calling Donna at home in Kansas City. Unified communications are about communicating in real time from anywhere. Do you use Skype or SMS or instant messaging? Think about it.
I completely agree with Ray’s assessment, these trends will have a significant impact on our society for the next several years.
So, have you tweeted recently?
by Ross Sivertsen | Mar 10, 2008 | Blog, Business, Information Security
Quoted from http://online.wsj.com/article/SB120511973377523845.html?mod=hps_us_whats_news:
NSA’s Domestic Spying Grows As Agency Sweeps Up Data – WSJ.com
NSA’s Domestic Spying Grows
As Agency Sweeps Up Data
From the “The price of freedom is eternal vigilance” department, come this article from the front page of today’s Wall Street Journal. This is interesting for me on a number of levels; not only am I responsible for the management of my company’s information assets, and having a master’s degree in information assurance. I find this truly disturbing. The fourth amendment of the constitution prevents the illegal search and seizure of our property, but in the interest of “national security” the NSA seem to find this notion… inconvenient. Now, honestly, this isn’t anything that hasn’t been happening since before the days of J. Edgar ran the FBI, but this move of “openness”? The NSA effectively states “yeah, we’re monitoring you, and you should probably be careful.” Interesting… I could rave on about this being a fascist plot to oppress the populous by “the man,” but they’re probably already monitoring this blog.
by Ross Sivertsen | Dec 26, 2007 | Blog, Business
My wife (an accountant) and I were having a discussion on the way to my dropping he off at her office this morning, and the whole thing stuck enough of a chord with me that I thought I'd share my insights with you on the subject (imagine that).
She and her office had just completed a year end audit from their internal audit department, and I'm about to go through the same thing shortly with my yearly GCC (General Computing Compliance) audit.
Apparently the auditor assigned to their case was more concerned about tactics than strategies in performing their audit.
It's been my experience especially in assessment and audit situations, that the demeanor and background of the folks responsible for audit oversight are every bit as important as the organization and processes being scrutinized during the audit itself.
I've found that the worst personality type to have an audit oversight is a highly structured and detailed oriented individual, someone with the background of requiring compliance in strict accordance with the letter of the law (or internal procedure as the case may be).
The problem with this approach, is that like most things in life, though rules may be interpreted as binary (0 or 1, black or white), life is not binary, and mostly consists on a continuum with everything being shades along the continuum.
Such is the case with the assessment or auditing process, the type of auditor, in my belief, that makes the best of these types of situations is that of someone with the heart of a teacher. An individual that understands the strategies involved with the process under assessment, understands that situations are different for different cases, and subsequently adjust to meet the spirit or intent of the process, not the letter of it.
I'm not advocating being sloppy about assessment processes, I'm suggesting that life requires balance. And understanding the spirit of the process and measuring against the objective evidence for assessment is every bit as important as the assessment itself.
I would rather have an organization seek to understand WHY things are measured a particular way, so they can do a better job at improving the QUALITY of the process, than worrying about HOW a particular instrument was implemented to collect data for producing an assessment artifact.
In my own experience I've run across several auditors, but three of them specifically come to mind, my experience with all three have been if not enjoyable, then at the very least educational. These are all people with the heart of a teacher, professionals interested in seeing organizations succeed during the assessment process, while not allowing for sloppy process failures. They are come from different organizations and disciplines but all share the same spirit of education.
I've worked with Mary Sakary and Neil Potter from The Process Group for several years in improving the processes on our software development systems using the CMMI, as a model systems and software process improvements.
Without this spirit of education, auditors can get caught up in the HOW data are collected and loose sight of the nature of the control and risk the process is intended to mitigate. This "tactical" approach can lead to crushing rigidity in organizations where strict adherence to the law actually causes processes to fail.
So as a note, remember WHY you're assessing a process, understand the risks and measures needed to mitigate the risks, instead of getting wrapped around the axle about HOW the data are collected.
So what are the two biggest lies told during an audit?
1. "We're here to help."
2. "We're sorry to see you leave."
by Ross Sivertsen | Nov 27, 2007 | Blog, Business
Link: Email’s Friendly Fire – WSJ.com.
You know it, I know it, and anybody who works in an organization knows it.
We are organizationally overrun by email. I’m not talking about the spam we get in our gmail or hotmail accounts. I’m talking about the bread and butter communications used to drive business in the modern workplace.
My organization RUNS on its email, it is the communication fuel that drives just about every interaction with coworkers and customers. But I get on the order of 100 emails a day on a variety of subjects, all coming from coworkers, not spam. “That’s not too bad,” you’re saying, “I get 200 messages a day.” Sound absurd? It’s not, I know for a fact that the many of the senior staff in my organization get that many when you count customers as well.
I ran across this article, written by Rebecca Buckman, in today’s Wall Street Journal on organizational software that’s used to sort and filter, not spam, but REAL messages. I’m going to take some commentary license, and change the purpose of the article, because it focuses on some software that helps organize the inbox of the driven down masses.
A couple of things I think are really worth noting here are the messages that are sent out not as messages that require action on the recipients part, but rather as the term “colleague spam” will become known.
You know the messages I’m talking about, you’ve seen them, and you’ve received them and you probably, willingly or not, sent them. They are the messages that have either a superfluous recipient on them because of a CYA factor or a broadcast message to everyone about “I’ll be on vacation tomorrow…”
Here’s the problem, business and our culture is being inundated with hundreds of pieces of information per day, we are exposed to so much, so fast, so often that having Blackberry’s is quickly becoming a requirement in many workplaces.
Buckman writes “Last year, the average corporate email user received 126 messages a day, up 55% from 2003, according to the Radicati Group, a Palo Alto market research firm.”
This all stems from the notion that we’re being more productive. In fact, we are becoming less productive. The fact of the matter is, Buckman quotes “By 2009, workers are expecting to spend 41% of their time just managing emails.”
Holy Cow! Nearly 50% of my time managing the influx of messages I’m receiving?! I have to ask myself in those circumstances am I really being productive and giving quality attention to the issues I address?
Many businesses are declaring an occasional “Email Moratorium Day,” where team members use any other medium to communicate OTHER than email. Where I to mention an “Email Moratorium” to some individuals (especially at my place of business) it would generate a visceral response; much like a crack addict suffering withdrawal (what does THAT say about this subject?).
Ok, so in most places a moratorium isn’t a practical solution, but there are ways to stem the addiction:
- Be really conscious of the when and if a message is REALLY necessary (I’m not talking about limiting communication, I’m talking about whether or not the janitor needs to know you have a dentist appointment and won’t be in until noon when you send it to “everybody”).
- Does the recipient list you have on your message really reflect the true audience of the communication, or are you just trying to CYA, or make a power play by sending false bravado to (among others) your boss.
- Can your message be more effectively communicated through some other means (like getting up from your desk and walking down the hall, apart from the additional exercise, the communication becomes more personal), so often email is used as the de-facto communication method when the communication requires little more than a phone call or a visit.
- Avoid using the “Reply to All” when at all possible, and reply only to the original sender, there’s no need to chime in to everybody just to say “Me too.”
- Know the limits of what email can provide, if a message is going back and forth between two people like a ping-pong ball, it’s time to pick up the phone, or walk down the hall.
- Just as with most things in life, apply the Golden Rule, if you don’t appreciate receiving email, why do you think that others will appreciate your superfluous email.
Here’s an excellent link on Email: Do’s and Don’ts from Stephen Wilburs of the Minneapolis Star Tribune.
Thanks very much to Rebbeca Buckman of the Wall Street Journal, Stephen Willburs of the Minneapolis Star Tribune, and Kristan Arnold, author of Email Basics: Practical Tips To Improve Team Communication.
by Ross Sivertsen | Nov 27, 2007 | Blog, Business
Link: The Office Pessimists May Not Be Lovable, But Are Often Right – WSJ.com.
Ok, I was doing research on another topic when I ran across this article, written by Jared Sandberg, in the Wall Street Journal.
Sandberg’s article asserts, you’ll need to read it for yourself, that "pessimists are more accurate at gauging success and failure rates (than optimists)," and that "evidence shows that pessimism can be highly motivational, as what’s called ‘defensive pessimism’ drives people to achieve their goals."
In my experience, more often than not, this is less of an issue of optimism versus pessimism, and more of a perception of control.
What I mean by that statement is this; I’ve spent an entire career (25 years) in the technology services business in manufacturing. It’s taken me nearly that long to learn the lesson that I don’t CONTROL most of my environment. I might have influence over the people and events around me, but I don’t CONTROL their actions or outcomes.
The ONLY thing I can control in my life is me, and my actions, and more specifically my reactions to people and events. When I don’t trust my intuition, and more spiritually, my faith, that things will work out the way they’re supposed to; and I try to control and manipulate the people and events to achieve outcomes I perceive as RIGHT, I, more often than not, fail… miserably.
I’m NOT saying that I sit around in a “Pollyanna,” self-delusional catatonic state, with my fingers plugged in my ears yelling “nah, nah, nah, nah… I don’t hear you!” I can be, at times, fairly pessimistic (just ask my wife).
The key here, in my humble opinion, is balance. It seems to me that it’s easy, when things get tough, to either ignore them, or run around screaming “the sky is falling!” It’s all about understanding the influence an individual has in a given situation, and acting in balance according to that influence.
For example, in a real life illustration, I have a friend whose organization is restructuring, and he finds himself reporting to a new supervisor, one he apparently didn’t see eye-to-eye with the first time they worked together. My friend in these circumstances had NO control over whether or not he was re-assigned. He DOES, however, have control over how he REACTS to the change.
Look, I’m not saying that change is easy, change is hard. But we as individuals have a choice on the attitude we adopt when reacting to crisis. In a study done by the VA on resiliency, soldiers most likely to survive a traumatic experience like a war time prison camp are those who have certain key characteristics, among that optimism.
So in the end, this is all about balance, and being active participants in our own lives. Inaction, whether it’s fostered by optimism OR pessimism is complacency, and complacency more than anything else will lead to failure.
I’m reminded; again, about the old joke the man sitting on the stoop of his house during a flood…
As the flood waters were rising, another man in a row boat came by.
The man in the row boat told the man on the stoop to get in and he’d save him. The man on the stoop said, no, he had faith in God and would wait for God to save him.
The flood waters kept rising and the man had to go to the second floor of his house.
A man in a motor boat came by and told the man in the house to get in because he had come to rescue him. The man in the house said no thank you. He had perfect faith in God and would wait for God to save him.
The flood waters kept rising. Pretty soon they were up to the man’s roof and he got out on the roof. A helicopter then came by, lowered a rope and the pilot shouted down in the man in the house to climb up the rope because the helicopter had come to rescue him. The man in the house wouldn’t get in. He told the pilot that he had faith in God and would wait for God to rescue him.
The flood waters kept rising and the man in the house drowned.
When he got to heaven, he asked God where he went wrong. He told God that he had perfect faith in God, but God had let him drown.
"What more do you want from me?" asked God. "I sent you two boats and a helicopter."
