CFO IT welcomes your letters.
Send to: The Editor, CFO IT, 253 Summer St., Boston, MA 02210.
E-mail us at: [email protected] You can also contact a specific author by clicking on his or her byline at the beginning of any article.
Please include your full name, title, company name, address, and telephone number. Letters are subject to editing for clarity and length.
Regarding your article on spyware (“Somebody’s Watching You,” Summer 2005), I have spent more than 30 hours in the past month in a wearying effort to rid my computer of various forms of spyware and malware. These appeared, seemingly, from nowhere.
I believe I have (mostly) succeeded. I am not certain, however, and I am increasingly questioning whether I can ever know for sure. The cost in terms of lost “real” work, frustration, and confusion has been high.
Worse, it seems clear upon reading your article that what I have experienced is the tip of the proverbial iceberg. Why do I need to understand, use, or otherwise fool around with Hijack This, Symantec Corporate Anti-Virus, firewalls, Microsoft Anti-Spyware Beta, SpyBot, AdAware, TuneUpMyPC, etc.? Who can possibly understand how all of these things work independently, much less in conjunction with one another on a single system? I posit that no one does, and no one can—not even Microsoft. Yet, noticeably absent in your article was any meaningful acknowledgement of the role of Microsoft itself in this morass.
Of course, the graphical user interface has, in core ways, improved productivity and expanded human reach and capabilities. However, it seems to me unconscionable that a company like Microsoft could become so dominant without delivering a product that is fundamentally stable and secure — absolute requirements for effective computing and, indeed, for any technology, including tires, telephones, and televisions.
Microsoft, in that limited but growing sense, must be viewed as a very real threat to companies’ economic viability and, in an extended sense, the United States and even the global economy. Transaction processing across all industries is increasingly reliant upon Microsoft technologies, which leak like sieves. Microsoft, in its drive to add useless, counterintuitive features ad infinitum — at the expense of the core issues of system stability and security — is in the process of destabilizing some of the most important aspects of global commerce.
What aspect of economic imperative has led us (me included) to accept — nay, invite — this level of shoddy workmanship? Walt Kelley’s Pogo said, many years ago, “We have met the enemy, and he is us.” Unfortunately, too many of “us” work in Redmond.
Data Privacy and Hiring
In Readers Write (Summer 2005), C.T. Seidl addresses some good points regarding companies requiring Social Security numbers in the application process, but Seidl does not go far enough. There is absolutely no valid reason why a company needs an applicant’s SSN, or birth date, during the application process. Federal law should be changed to make the acquisition of either of these illegal (isn’t age discrimination already illegal?) until a job offer has been extended, subject to the customary inquisitions. No job offer extended equals no need for SSN or birth date. Seems like an easy fix to me!
William P. Rosenberg
Data, Data Everywhere
Regarding Nick Cellentani’s letter asking why there seems to be little or no planning when it comes to storage (Readers Write, Summer 2005), I submit there are two fundamental and related reasons that perpetually put IT into a reactive position.
First is the ethereal form of data itself. That is, bits and bytes do not “take up space” the way physical things do. For example, if I know my widget-producing company is going to expand the product line next year and also plans on 30 percent growth (we make popular widgets), and my warehouse is already packed almost to capacity, I can proactively seek out new building space or otherwise plan for the new space requirements. There is no similar 1:1 spatial correspondence with data — a 100-gigabyte disk drive looks pretty much identical to a 500GB disk. Thus, there is no natural inclination to realize you should “buy more space” because what you have is getting pretty full.
The other root cause is the sheer explosion of data. New technological capabilities such as RFID, point-of-sale systems, and even Sarbox requirements bring with them the virtually unquenchable thirst for more data storage. And, unlike physical items, data can be (and is) accrued through time. That is, transactional data is kept long after the physical goods it represents are gone.
This is not to excuse the lack of planning—certainly appropriate tracking and reporting of consumed and surplus storage capacity, with rough estimates of future needs, can help IT plan as needed.
I am only saying it’s not human nature to do so — if we hire 10 more people, everyone “knows” that we’ll need more desks, office (factory) space, lockers, parking spaces, what have you. Most people, however, don’t reflexively think, “Oh, and to track their histories over time, we’ll also need x megabytes of disk capacity.”
Third Wave International
Van Nuys, California
Inefficient Audits Inevitable?
There is little to be surprised about regarding IT’s role in Sarbox compliance (Browser, Summer 2005). In response to the Exposure Draft for Standard No. 1 by the Public Company Accounting Oversight Board, the New York State Society of CPAs’ Technology Assurance Committee had voiced doubts about the viability of “walk-through” as a sustainable auditing or testing method in an IT environment. The response then was to what is now known as “Auditing Standard No. 2: An Audit of Internal Control Over Financial Reporting Performed in Conjunction With an Audit of Financial Statements.”
The PCAOB, in its final version of Standard No. 2, clearly ignored these comments, perhaps because they were too techno-geek-like.
Meanwhile, the arcane language and understanding of the audit and internal-control process is such that a virtual walk-through is simply not a sustainable concept. Forensic accountants know that electronic records are susceptible to change with little trace, and that results in moment one are inapplicable in moment two, even if they follow immediately after one another.
It is no surprise then, that auditors and CFOs are having a hard time with the language. The PCAOB language is general enough so CFOs must have inefficient audits and tests.
Person & Company LLP
Reduce Acronyms ASAP
I am a scientist and engineer who also oversees an entire corporate structure as its chief executive officer. Please note that I did not use “CEO,” although I do know what it stands for. I enjoy reading your publication, but I have a bone to pick: your writers use acronyms profusely, assuming that everyone who reads your fine magazine will be able to converse in a sea of jargon made up of abbreviations. Although I am very busy, I took the time to scan your whole Summer issue and nowhere in it did I find out who this mysterious “IT” is.
As an engineering student, I and the other students learned that if we used abbreviations our term paper or quiz would be discarded, unread and ungraded, so we always listed addendums of definitions. This solved the problem.
The Western Science Foundation
Information technology (IT) is a field so rife with acronyms and abbreviations that often the short form is equally or better known than the phrase for which it stands. That said, we prize clarity and try to keep jargon and acronyms to a minimum — lest we, too, end up “discarded and unread”!
Our story on BI dashboards (“Gauging Success,” Summer 2005) failed to note that software vendor Webplan has changed its name to Kinaxis Corp. We regret the oversight.