You are currently browsing the tag archive for the ‘GRC’ tag.
In some parts of the world, bribing government officials is still considered a normal cost of doing business. Elsewhere there has been a growing trend over the past 40 years to make it illegal for a corporation to pay bribes. In the United States, Congress passed the Foreign Corrupt Practices Act (FCPA) in 1977 in the wake of a succession of revelations of companies paying off government officials to secure arms deals or favorable tax treatment. More recently other governments have implemented anticorruption statutes. The U.K., for instance, enacted the strict Bribery Act in 2010 to replace increasingly ineffective statutes dating back to 1879. The purpose of these actions is to enable ethical and law-abiding companies to compete on a level playing field with those that are neither. A cynic might wonder about the real, functional difference between, say, Wal-Mart’s recent payments to officials in Mexico to accelerate approval of building permits and the practice in New York City of having to engage expediters to ensure timely sign-offs on construction approval documents. No matter – the latter is legal (it’s a domestic issue, after all) while the former is not.
Moreover, the U.S. Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) have increased their oversight of bribery. At the beginning of 2013 they jointly issued the Resource Guide to the U.S. Foreign Corrupt Practices Act. For its part, the SEC has stepped up enforcement using its own resources. Recently, it charged a group of bond traders with enabling a Venezuelan finance official to embezzle millions of dollars by disguising the money as fees paid to the broker/dealer to handle apparently legitimate transactions. Tellingly, though, there was another relatively recent bribery issue that involved Morgan Stanley where the SEC declined to include that company in an enforcement action because it had demonstrated diligence to prevent it.
Before anticorruption laws, it was expedient for corporations to pay government officials to close business, get preferred status or prevent punishment. Once the laws were established, that stopped being the case. However, from a management standpoint, compliance with the law became complicated because of the dual nature of the corporation, which is both an entity and a group of individuals. In the case of the latter, when an individual breaks the law, is that person at fault, is the corporation or are both? Regardless of how a case is decided, there can be severe reputational damage to a company found violating the law, and that will have repercussions for corporate boards and executives.
This question leads to the agency dilemma, an important consideration in enterprise risk management. Economists long ago recognized the agency dilemma when the modern corporation separated the roles of its principals (that is, the shareholders) from its management. The agency issue exists where the best interests of the principals are either not aligned or in conflict with the interests of the agents (the professional managers running the corporation). But agency issues also extend to the company’s executives and may be rife in any large-scale business. Within the management group, authority to act independently is delegated down through the hierarchy, and the interests of the lower-level managers may be in conflict with those of senior executives, the board of directors and shareholders. For example, suppose that a local manager believes his performance evaluation, compensation and prospects for promotion hinge on the timely opening of a new facility. Confronted with a culture of payoffs for permits, that manager may try to find a way to pay officials for expedited consideration, especially if he is local to the area. From that individual’s perspective, corrupt activity may be the norm, and he may believe himself to be clever enough to violate company policy without detection.
It was once acceptable for a company to claim that it had a stated 
policy prohibiting bribery and that executives were ignorant of an employee’s actions. Absent proof to the contrary, that often was enough. However, the FCPA changed this norm, imposing the need for diligence and affirmative actions on the part of companies to prevent employees from breaking the law as well as to detect and report any such violations that do occur (which is how the Wal-Mart situation came to light). Public standards, too, have changed since the 1970s. Despite its self-disclosure after the fact and the steps it took to address the corrupt behavior, Wal-Mart suffered severe reputational damage. Yet even with the likelihood potential consequences, our benchmark research reveals that just 6 percent of companies have effective controls for managing reputational risk.
We assert that the most effective control is to prevent illegal activity from taking place at all. Short of that, companies that can demonstrate that they have taken all reasonable steps to prevent a violation of the law are in a better position to claim that the individual, not the company, is at fault.
An organization should have clearly articulated and documented antibribery and corruption policies and procedures, institute mandatory training of and signed acknowledgements of having taken it by executives and managers, and put in place incentives and disciplinary measures. However, these required measures are increasingly insufficient to demonstrate diligence in preventing corrupt activities. Companies also must have a software-supported internal control system that flags suspicious activity immediately and triggers a rigorous remediation process that analyzes, investigates and documents the disposition of each incident. Incidents that are detected long after their commission are more difficult to cope with and pose much higher legal, financial and reputational risk.
Software is available that helps detect activities that violate anticorruption laws and regulations as they occur or shortly thereafter; this is far more effective than waiting for internal audits or (worse still) whistleblowers to uncover malfeasance. To prevent violations of the FCPA and other antibribery statues, corporations must be able to monitor their financial and other systems for warning signs. These applications take advantage of operational intelligence, a class of analytical capabilities built on event-focused information-gathering that can uncover suspicious actions as they occur. Our research on innovating with operational intelligence shows that companies use an array of systems (led by IT systems management and major enterprise applications such as ERP and CRM) to track events, analyze them, report results and create alerts when conditions warrant them, as detailed in the related chart. The research also shows that about half (53%) use 11 or more information sources in implementing their operational intelligence efforts. In the future, effective FCPA software increasingly will need to look at a wider range of internal data as well as information from external sources and social media to determine, for example, whether a consulting company that just received a finder’s fee is run by or employs a relative of a government official. Today, companies can utilize software from large vendors such as IBM, Oracle and SAP, as well as vendors with FCPA-specific software such as Compliancy and Oversight Systems.
Bribery and corruption are unlikely to disappear entirely. Regardless of anyone’s best intentions, corporate boards and executives can find themselves enmeshed in a scandal not of their own devising. The best defense in such cases is plain evidence that the organization has done everything reasonable to prevent its occurrence and has discovered and dealt with it promptly if it does. Policies and training are vital components, but software can be the extra component necessary to improve the effectiveness of monitoring and auditing to support anticorruption efforts.
Regards,
Robert Kugel – SVP Research
At this year’s Inforum user group conference, Infor representatives showed the progress the organization has made since last year in transforming itself from a ragbag of mostly small, often obsolete software companies to a competitive vendor of a modern enterprise management software suite. Infor was created by private equity investors employing a “rollup” strategy, aimed at combining smaller companies within an industry to form a single larger company that could achieve economies of scale and greater market presence. Others have tried this in the software industry in the past and encountered difficulty in making it work for two primary reasons. One is the technical challenge of achieving economies of scale in enterprise applications by turning a set of similar but separately developed software pieces into a single offering. Computer Associates achieved economies of scale through acquisition in the 1990s in the IT infrastructure software segment. But it did this largely by forcing customers of the various acquired companies to migrate to its single offering in the specific category. This is not a practical approach for business and finance enterprise applications because customers are willing to go off maintenance and eventually look for another vendor. The second difficulty is that newer or larger competitors can focus on innovation and overtake the rollup company while its attention and resources are focused on stitching the pieces together.
Infor has addressed the economies-of-scale issue with its loosely coupled, XML-based ION middleware. Introduced in 2011, ION is an elegant method for integrating the data and process elements of the disparate pieces of Infor’s portfolio. (And of other software, too: Half of Infor’s customers use it to integrate with other vendors’ software.) ION has made it easier and less costly, for example, for Infor’s ERP customers to add its financial performance management software, according to our Value Index analysis. This cross-selling had been at the core of the company’s strategy from the start but needed a practical solution to make it work; ION supplied that.
Innovation is the other important issue that Infor needed to address. The numerous incremental technology advances that have taken place over the past decade, combined with the rise of the “millennials” and the retirement of the Baby Boomers in the workforce, are driving fundamental changes in how people expect to work with software. This shift is a key part of my research agenda for this year.
Nothing says “modern” like the Cloud. Most observers now recognize that corporations will continue to pick and choose how they deploy software and data for quite some time. Our benchmark research into business technology innovation confirms that organizations have different preferences in how they deploy information technology, as the chart shows. In some cases, such as analytics, they prefer on-premises by a substantial margin, while the cloud rules for social media. Many companies that won’t dream of having their ERP and financial management systems in the cloud are long-time users of Salesforce.
Infor has made strides in addressing this situation. For example, Inforce is a native Force.com tool that connects Salesforce with Infor’s back-office applications. Inforce enables a company to automate management of, say, the full scope of a sales order process that begins as an opportunity in Salesforce and ends with posting all details of the completed transaction in the company’s ERP system. This structure eliminates the need to rekey data and enables controls such as credit limit approvals to be enforced. Similarly, Infor recently announced Sky Vault, an offering based on Amazon Web Services’ Redshift. Sky Vault is a cloud-based variation of Infor’s Business Vault, a dedicated repository for data generated by any transaction system (not just Infor’s). Business Vault offers users a way to immediately access a full range of company data for analysis and reporting. When it is formally launched in the second half of this year Sky Vault will provide a cloud-based repository that includes prebuilt,
industry- and function-specific business analytics, reports and dashboards. Its purpose is to give users low-cost big data capabilities. Our research shows that corporations are increasingly looking at big data technologies to retain and analyze more corporate data, increase the speed of analysis of that data and make it more accurate.
Simply having a cloud-based offering or an approach to big data is less important than what you do with it. To that end Infor has focused on improving the efficiency with which people use its software (one metric being the number of clicks required to perform a process) as well as making “beautiful apps,” in what it is calling “the SoHo Experience” created by its internal creative design organization. The dull, cluttered and difficult-to-navigate interfaces of the past were the result of inexperience in design and constrained computing resources. Today, it’s important to apply basic concepts of industrial design and ergonomics to creating user interfaces. This goes beyond making old code bases pretty. Largely because of tablets and mobile computing platforms, people now work with multiple types of interfaces and use a wider range of methods and gestures to interact with their devices. Today’s software design must reflect these changes. Having a modern user experience also makes it easier for Infor to attract customers and deflect claims that it is selling warmed-over applications that it acquired, which would have been a competitive vulnerability had it taken a more conventional approach.
Enhanced business collaboration for every part of the organization increasingly is a key requirement for software, and Infor is at work here also. Its Ming.le social collaboration software provides the means to connect groups of people within a workforce to achieve faster communication and more effective interaction in the context of specific issues or processes supported by computing systems. Instant messaging evolved from teenagers passing electronic notes to their friends into an easier way for business people to connect faster than through phones and email. Similarly, social collaboration is now more than a Facebook metaphor and addresses a key drawback to instant messaging systems. Individuals have multiple roles and multiple networks of people with whom they interact. Some relationships are tight, but others are transient. Some may be focused on a general topic such as marketing and therefore include a large and possibly diffuse group, while others such as performing reconciliations in the financial close process have a defined and controlled set of members. Well-designed social collaboration software can manage all of these types of interactions and enable people to resolve issues faster and with less effort than other means of communication.
As well, Infor has been building out mobility applications for extending functionality to people and functions that aren’t confined to a desk, such as a shop-floor tablet application, proof of delivery, requisitions and field service, to name a few. Mobility is rapidly becoming a table-stakes capability expected by software customers.
Integration and innovation support Infor’s core strength, which has been – and will continue to be – a customer base that values Infor’s highly specialized offerings. Infor’s “micro-vertical” strategy suits midsize companies (and midsize divisions of larger corporations) that have limited IT budgets yet want their specialized requirements addressed without having to pay a premium for customization and configuration. Many types of business adapt well to standard software, and all major ERP software companies have built industry-specific variations of their software offering over the past two decades. But milk and beer, for instance, remain two very different types of beverages with distinct requirements. Likewise steel service is a distinct form of distribution, and different types of industrial equipment dealers have specific requirements. Even Lawson’s S3 customers are focused in businesses such as government and healthcare that are people-intensive and therefore must manage the complexities associated with rapidly evolving workforce relationships.
Addressing micro-vertical specific requirements in business analytics, planning and control software will enable Infor to continue 
increasing its penetration of these products into its installed base. For example, by deploying Infor’s financial management software, one longstanding ERP customer I spoke with was able to shave half a day from its accounting close in part because it was able to automate more and eliminate 300 spreadsheets that were used in the process. Rather than have three people spend a half day each creating spreadsheet reports that were distributed to individuals by email, reports are generated automatically and individuals can retrieve them from a central repository. In addition, the company controller is now able to complete the management accounting narratives half a day earlier, making critical information available sooner than before. All of this is consistent with our research that demonstrates the value of automation in accelerating the financial close process, as shown in the chart. Across its range of micro-verticals Infor offers off-the-rack basic dashboards and reports tailored to the businesses requirements of its customers. Another example of cross-sell potential is its Approva continuous monitoring software, which can be especially useful for government, education and nonprofits. Unlike most businesses that pay expenses from a common pot, almost all of these entities must use funds-based accounting, so it’s necessary to keep tabs on these individual funds’ balances for specific programs, departments and so on to avoid overspending.
None of what Infor has added over the past two years is groundbreaking technology or a revolutionary approach to enterprise computing compared to what’s available in the broader marketplace. On the other hand, it doesn’t have to be. The changes it has made offer existing customers substantial advantages for sustaining and even expanding Infor’s footprint in their organization. From the perspective of private equity investors and bondholders, this has been and continues to be the most critical aspect of the company’s business strategy. Without it, their investment in Infor would be doomed. And in this respect current leadership has succeeded where the previous management group did not. All of the steps in modernizing and upgrading the products have been achieved at a critical time. The prices paid for software companies in the consolidation of the past decade were based on the assumption of a long stream of annual maintenance payments. However, new technology and a new generation of buyers with more demanding requirements put those dependable maintenance streams in peril. Vendors can no longer assume that they will sustain their current share of wallet without adding functionality and capabilities as well as eliminating ancillary ownership costs (for example, by reducing customization and implementation costs).
The company’s senior executives appeared much more at ease this year than in the past, which might be an indicator that business is improving. But it’s hard to know for certain because Infor is a closely held corporation and is not required to routinely disclose its financial statements. Presenters declined to answer specific questions about the financial performance this year. However, Infor filed its fiscal 2012 financials with the U.S. Securities and Exchange Commission (SEC) as a result of an exchange offer for its debt last year. The company data relates to its fiscal 2012, which ended that May 31, so the information is now almost a year old. The S-4 filing shows the company had revenues of $2.5 billion, a 35% increase over the prior year. This reflected increased demand for software generally but also renewed confidence in the company’s future as well as the Lawson Software acquisition, without which the top line would have been up 24%. Infor’s income statement had been holding its own under the weight of heavy interest expense related to debt taken on to fund acquisitions and a substantial investment in R&D. In fiscal 2012 it lost money on a reported basis but was slightly above break-even when noncash and nonrecurring items are excluded, as well as solidly profitable before interest expense. The numbers also illustrate the substantial investment Infor has made in R&D, which rose by $115 million to $322 million, representing 13% of revenues, up from 11% in the previous two years. For Infor to go public, the company would have to demonstrate ongoing organic revenue growth and prospects for more in the future. One reason for going public would be to retire the company’s high-cost debt, which would allow more spending on sales and marketing focused on gaining new customers.
Infor appears to have come a long way toward achieving the objective of making a very challenging enterprise software rollup work. The first, relatively easy step was buying a set of unsustainably small software companies at reasonable prices. The more recent, much more difficult step has been to make the technology and product design investments needed to transform solid but stodgy intellectual property into a modern software suite. I’ve been describing Infor as “the largest software company you never heard of,” but I expect that won’t be true much longer.
Regards,
Robert Kugel – SVP Research
Business Exchange
Google+
Klout
LinkedIn
Plaxo
Twitter
Facebook Fan Page
Facebook Group
Ventana Research Website
