software companies

The meaning of IBM's Cognos deal

Tue, 20 Nov 2007 06:59:59 -0500

What prompted IBM to pay about 5 times Cognos' annual revenue and nearly 40 times its most recent net earnings? Well, you can chalk some of it up to Sarbanes Oxley. IBM has been aggressively pursuing the compliance opportunity--along with Oracle and SAP--and seems to be close to achieving "leader" status in the Gartner Magic Quadrant for financial compliance software companies. Of course, Cognos was a leader in Business Intelligence. The challenge for IBM is to offer the software in an integrated way. One could argue that compliance is the conversion point for a lot of apps, content management, business intelligence, core GRC, and ERM. IBM is clearly on to something.

For more about the purchase:
- read this New York Times article

Software piracy wanes in part to Sarbox

Tue, 16 Oct 2007 06:59:59 -0400

Ah, the good old days when software licenses meant nothing. For big companies anyway, Sarbanes Oxley has led to a clamp down of sorts. And that's a good thing. Most agree that piracy is much less of an issue for companies that have to comply with Sarbox, which has forced many to get serious about IT governance-related issues. It remains to be seen whether smaller companies will similarly crack down. The anti-piracy trend also reflects some stepped-up enforcement of course. But here is one hardly predicted consequence that is actually good news, for software vendors anyway.

For more on software piracy trends:
- here's an article from SC Magazine

Related articles:
- Software-as-a-service and Sarbox: Good match?
- State of compliance: Automation catching on?

Aberdeen looks at best-in-class security trends

Tue, 09 Oct 2007 06:59:59 -0400

When it comes to compliance-related security efforts, the benefits are pretty obvious. Most people would agree that automated approaches would work best, but resource issues and stubbornness at the top make it a somewhat lower priority than you might expect. Aberdeen Group has just issued a report that reiterates the benefits. Nearly 45 percent of "Best-in-Class organizations" reduced the cost associated with non-compliance incidents over the last year; 26% lowered their cost of grappling with security-related incidents. Nearly half were able to lower the number of security incidents. Overall, these marketing points, while interesting, are sort of obvious. But such projects compete with many others, including lots that are also compliance related.

For more:
- here's the report

Related articles:
- New world of network compliance and security emerges
- Don't let compliance overshadow security

New world of network compliance and security emerges

Mon, 02 Apr 2007 20:01:39 -0400

It's often said in general Sarbanes-Oxley discussions that if a company, or executive, really wants to commit a crime, the law will not stop him. That's true of course. When it comes to network integrity, the old saw is increasingly a cause for chagrin at top companies with lots of IP assets. The brave new world we're all facing is one where internal network intrusions are by far the most costly and deleterious. And it's obvious to many that stamping out insider threats and data leaks is much more difficult than stopping viruses and rogue hackers and the like. Most firms would admit they need to do more to secure sensitive data and intellectual property. This is an appropriate area of Sarbox focus; most people still assume Sarbox requires companies to audit access to sensitive data. Whether the possibility of an internal breach eventually meets some future materiality standard is really immaterial. Audits are already leading to lots of changes. There is no shortage of software companies hawking security wares. It requires a concerted effort. You may want to renew your focus now.

For more:
- here's an article from Top Tech News

Software-as-a-service and Sarbox: Good match?

Mon, 19 Mar 2007 20:01:39 -0400

You've probably heard a lot about the rise of software-as-a-service as a model that more companies, big and small, are embracing. Clearly, the notion of paying for software services, hosted elsewhere, on an as-you-go basis makes a lot of sense. Does it offer any advantages from a compliance standpoint? Treb Ryan, CEO of OpSource, noted at a recent conference the software-as-a-service model can be a big benefit in compliance if the service is already "compliant" from a Sarbanes-Oxley, or HIPAA or regulatory perspective. OpSource, which provides a platform for software companies to deliver services, notes that its service has completed a rigorous audit known as a type II SAS 70, which basically validates that the service is compliant. So the marketing point is that if software-as-a-service (SAS 70-audited anyway) for critical functions can still deliver the benefits and perhaps even save you a few compliance headaches. More software-as-a-service providers will likely start touting this.

For more:
- here's an article from Infoworld (scroll down for Ryan's comments)

ALSO NOTED: Bad news for first Sarbox whistleblower, More Sarbox-driven buyouts coming for tech and software companies;

Mon, 09 Oct 2006 20:01:38 -0400

> A U.S. district judge has decided not to give David Welch, the first person accorded Sarbox whistleblower protection, his job back. The Department of Labor had previously ordered a small-town Virginia bank to reinstate him. So far, would-be whistleblowers have little reason to cheer. Article

> The best time to hire middle- and senior-level accounting professionals? October. One firm says hiring now will make it more likely the new recruit can start in December, which gives them a month break in before the new year starts. Release

> The chief administrative officer of the PCAOB has decided to step down. Paul Schneider says he wants to work in the private sector, with start-up companies or in distressed situations. Article

> Another Sarbanes Oxley whistleblower suit has been filed, this one against Nektar Therapeutics. Article

> Steve Jobs owns up to options backdating, notes that Sarbox makes backdating much less likely. Article | Meanwhile, ex-CFO Fred Anderson steps down from board. Article

> More Sarbox-driven buyouts coming for tech and software companies. Article

> The first nonprofit medical center to be certified compliant with Sarbox is announced. Article

> Survey: The benefits of automating compliance. Article

> Fifth WorldCom accountant suspended by SEC. Article

And finally ... Don't end up like this. Cartoon