Part II – Compliance: A cloud services pitfall disguised as the solution
// July 29th, 2010 // Comments // Cloud Computing, Software as a Service // Justin Alexander
I kicked off this series about compliance and the cloud with a piece about the false comfort of data center audits. In my next two posts, I’m going to drill down into the most common “solution” offered by today’s cloud vendors — a SAS 70 audit from the data center provider.
It’s important to start by noting that vendors buy space in a data center. As part of the cost, they get a “free” SAS 70 audit report. This allows them to lower their cost of entry into the cloud market, focus immediately on selling new business and lobby the for press coverage about their commitment to compliance, as evidenced by their SAS 70 designation.
Unfortunately, a SAS 70 audit that only covers the data center aligns quite poorly with the customer’s needs. It doesn’t fully address ANY of the three areas we defined in my last piece. As a result, my advice is to seek out cloud vendors that offer their own audit report. I also recommend giving strong preference to prescriptive audit standards that are explicitly targeted toward information technology systems and processes, such as SysTrust® and ISO 27000.
Joe’s Sub Shop
I certainly don’t expect you to just take my word for it. I need to make my case. But, it can be difficult to explain the problems customers are typically confronted when selecting a cloud vendor that relies exclusively on a SAS 70 data center audit without devolving into an endless barrage of auditor jargon. So, let’s try using an analogy that we can all relate to… eating at the local sub sandwich shop.
You pull into the parking lot, passing several other storefronts within the strip mall. The best places are always tucked away in the back, and Joe’s Sub Shop is no exception.
You enter the store and walk up to the counter to place your order. The menu is huge, but easily read on the big chalkboard over the counter.
“I’ll take the Roast Beef sandwich. Ooh. I see that has onions on it. Yuck!! Hold the onions, please!”
Your order is placed and your money is taken. You wait anxiously as a second employee prepares your sandwich right in front of you. He wears those plastic gloves, a hairnet and a hat to help ensure that the sandwich is safe to eat, which is reassuring.
In this scenario, the cloud vendor’s audit is sort of like those plastic gloves and hairnets. It ensures the people who are actively handling your data are doing so in a responsible manner based on a set of commonly accepted standards.
Similarly, a prescriptive IT audit standard like SysTrust is kind of like the menu at the sub shop. It allows you to know exactly what your company is receiving from the cloud vendor and allows you to customize your order if needed.
If you have any questions or concerns about what is or is not covered by the vendor’s compliance program, you can go read the audit criteria yourself, and it will tell you exactly what standards the vendor has demonstrated they conform to.
In part three of this series, I’ll expand on my analogy and get into the trouble with SAS 70.
Accounts payable vs. accounts receivable: Managing the invoice tug-of-war in accounting and finance with software
// July 27th, 2010 // Comments // Accounts Payable, Accounts Receivable // Jasin Kessler
My son just finished up a week at summer camp. At the end of the week, the parents were invited to a family day to see what their kids worked on, play games, and most importantly, to take their kids home. But, as usual, the clear favorite game of the day was tug-of-war. You know, the classic matchup of one team pulling for supremacy over the other. Brute strength is often the deciding factor.
It’s funny how so many things in life are a proverbial tug-of-war. At home, it might be struggling between purchasing that new entertainment system versus the roof on your house. At dinner, it might be the healthy choice versus the hearty choice. And at work, it might be in the accounting and finance department, specifically accounts payable (AP) versus accounts receivable (AR).
If you’re not in AP or AR, let me explain why this is such a battle. AP often interacts with a vendor’s accounts receivable department. Conversely, in AR, a customer’s accounts payable department is your regular contact. And I bet those conversations aren’t about the latest summer blockbuster or the weather for the weekend. Much too often it’s a tug-of-war over money. Did you receive an invoice from your vendor that you don’t think is correct? Or did you send an invoice to your customer, only to receive back a portion of the payment you originally requested?
So who wins? Just like at summer camp, the winner is the one with the most strength. But in this case, strength isn’t about muscles. Rather, it’s information that is the source of power. And in the AP versus AR tug-of-war, the winner is the one with the best information. Whoever’s records are best, whoever’s proof is better, and whoever has the confidence that all of the information they need is right at their finger tips will come out on top.
But there are plenty of obstacles along the way preventing a victorious finish. Too often the information is very decentralized. Think about it sitting in a file folder, manufacturing specs on the production floor, shipping documents and photographs in the warehouse, and invoicing information stuck in the accounting system. And what about all of the e-mails and phone calls that took place in between?
To prevent these obstacles, centralizing the information is key. To do so, you must be able to capture content from any number of sources and interrelate it to each other. Using software like enterprise content management (ECM), this can be done. When a purchase order is issued, it’s tagged with a number. Then, all of the subsequent documents, e-mails, photos, specifications, etc. are tagged with that same number. Now, you have all the information you need. More importantly, you have all the information you need in one place. ECM is like a one-stop-shop for information that touches all the areas of an organization’s finance operations.
So when you are haggling with your vendor’s AR department or your customer’s AP department, think about how long it would take you to gather all of the information you will need to win your argument. Then think about ECM. Without it, you might need to resort to brute strength to win, but with ECM, the strength of the information you have right at your finger tips will give you the proof you need to win the AP versus AR tug-of-war.
Connect with us!
Categories
- Accounts Payable
- Accounts Receivable
- Affordable Housing
- Cloud Computing
- Document Management
- Enterprise content management
- Financial Services
- Food and Beverage
- Government
- Healthcare
- Higher Education
- Insurance
- Justice & Public Safety
- Lending
- Public Works
- Software as a Service
- State and Local Government
Our Latest Tweets
- "Save the clinical narrative" - great article on why an EMR isn't enough (via @HCTechnology) http://ht.ly/2j0RO
- Curious what a sub shop, plastic gloves and a hairnet have to do w/ #cloud services and audits? Short blog post explains: http://ht.ly/2iv8d
- Georgetown U, Davidson College, others say yes to #ECM - and OnBase http://ht.ly/2hOHW
- Familiar w/ the accounts payable/accounts receivable tug-of-war? Here are some useful tips for using #ECM to win http://ht.ly/2hk7Z
Recent Posts
- Part II – Compliance: A cloud services pitfall disguised as the solution
- Accounts payable vs. accounts receivable: Managing the invoice tug-of-war in accounting and finance with software
- PART I – Compliance: The false comfort of data center audits for cloud services
- What ECM has to do with your salad: The issue of traceability in food and beverage and how this software can help
- PART II – Hyperbole in the cloud: Welcome to the Wild, Wild West
YouTube Feed
Self-service kiosk powered by award-winning education software helps to deliver happier students
What ECM software system is best for your organization? Start by understanding your problems
Document management software: Government expert says, "Invest in it"
Why work at Hyland Software, developer of OnBase?
