“Digging Out from Big Data” (July/August) was an interesting article. Social-media use applies here as well. Social-media platforms can certainly be described as containing “unstructured data.” And with the increased adoption rates of “internal” social-media apps such as Salesforce.com, Yammer, and Jive, the regulatory burden increases greatly. It’s critically important to have an archiving solution to capture data from such platforms as well.
In the Cloud We (Need to) Trust
Your article “Before You Sign That Cloud Contract” (June) was spot-on. The cloud is important to enterprises because it allows them to move essential functions to specialists who can provide economies of scale and skill. Done right, cloud computing enables companies to focus on their core businesses, while reducing risk.
The article recommends that customers negotiate six key contractual terms with their cloud providers. These include getting a “wet-ink” contract rather than a “click through”; asking providers to guarantee minimum functionality; demanding transparency, clarity, and assurance around the provider’s data-protection policies; and reserving the right to audit the provider’s practices. What it boils down to is that enterprises want a more customer-friendly agreement than they have been getting in a traditional shrink-wrapped software model. It’s easy to understand why they might want that: their cloud vendor isn’t just supplying software, but managing data and operating infrastructure on the customer’s behalf. So the shrink-wrapped-vendor negotiating stance won’t work. This is a hard lesson for our colleagues in the cloud-computing business to heed.
Enterprises want contracts they can understand, metrics that are clear, and assurance standards they can rely on. These things all lead to trust, and trust is what will make the cloud go mainstream.
Chief Financial Officer
The Buzz on CFO.com
• In August, reader Don Doherty praised David McCann’s polemic against performance reviews (“The Scourge of Performance Reviews,” August 16), even though he doesn’t share the author’s opinion that performance reviews should be abolished. “I am in the midst of reviving a performance-review system at my company,” wrote Doherty. “I can say that the employees and managers are about 90% enthusiastic about it because there has been no formal feedback for several years here.” He went on to say that “our system is not perfect, but it is working so far.”
• Caroline McDonald’s “A Peek Inside a Forensic Fraud Investigation” (August 13) recounted how a forensic accountant and his team brought to light a systematic fraud at a company that totaled more than $3 million. The CEO had removed the CFO from the company’s expense-reporting and reimbursement processes, and given oversight of the company’s credit cards to the HR leader. That enabled the CEO and the HR leader to charge the company for personal expenses for several years, and ultimately resulted in prison sentences for both.
But reader Larry Hightower thought that “something about the facts of this case just doesn’t smell right.” “The transfer of the responsibility for establishing policies and procedures for expense reports, including review and approval, from the CFO to an executive in human resources, should have been a huge red flag,” he wrote, and should have been questioned by the CFO and the chairman of the board. Hightower thought the article should have included a discussion of board responsibility and the importance of organizational structure, reporting relationships, and internal control.
• McDonald’s “Penn State Disaster a System-Wide Failure” (August 6), which asked where was risk management at Penn State University when former coach Jerry Sandusky was molesting children, drew strong responses from readers. SF Gale said the Sandusky case was “far more than a failure of risk management,” it was “a failure of ‘tone at the top,’ the fundamental value system which is the foundation of any effective management and control system.” Where else at Penn State may the value system have failed, Gale wondered. “System failure? Not at all!” thundered Len Green. “Systemic failure by leaders? Yes. Risk denial is not risk management.”
Finally, reader Susan Carol said she believed the Sandusky case was “a clear example” that “public relations and risk management should not be in silos, as the reputation of an organization is its most important asset.” Penn State, she continued, “should be engaging its alumni in a meaningful way.”