When was the last time you upgraded your ERP system? If the answer is “not in recent memory,” then you aren’t alone. About two–thirds of mid–sized businesses are running old versions of their enterprise resource planning (ERP) system—in some cases, it’s software that’s three or more versions old. This is the legacy of decades of on–premise (in–house) software deployments, incremental releases that never seemed worth the pain of a major upgrade migration project, and fear of losing critical customization.

But in the midst of rapidly changing revenue recognition rules and a constantly evolving regulatory environment, it’s more important than ever to have your business systems reflect the current business environment. At NetSuite, at the time of this writing (December 2010), we’re running the company on the current version of NetSuite’s cloud ERP solution—2010.2—that was released in October 2010. In fact, every other business running its financials on NetSuite’s cloud ERP—from the smallest business that started using it more than 10 years ago to the largest enterprise that signed up last quarter—is also running on the latest version of the software. In contrast, the fact that the bulk of finance organizations are running traditional, on–premise accounting systems that are too painful to upgrade is just one data point that the era of cloud computing promises to transform for the finance organization.

No doubt you’ve heard the buzz about cloud computing. It’s a way of using business applications over the Internet, just as you use online banking or Gmail. No more expensive, capital–intensive hardware and infrastructure and no more expensive, time–consuming, staff–intensive upgrades. You pay as you go and get your finance, human resources, sales, or service applications through a Web browser. According to IDC, this software delivery model is experiencing dramatic growth, and the market for cloud–based solutions is set to grow six times faster than the overall software market.

More than likely your sales organization is running a cloud–based sales force automation application, such as one provided by Salesforce.com. Or maybe your HR function is deploying an employee performance management cloud application, such as SuccessFactors. These applications were designed from the ground up to run in the Internet era. This not only transforms how employees who use them collaborate, but it also significantly lowers the costs to deploy, run, and maintain the applications. For some types of applications, software–as–a–service (SaaS) is already the default architecture.When was the last time you heard of a monolith on–premise Siebel CRM (customer relationship management) implementation? No modern enterprise writes a request for proposal (RFP) for CRM today without considering a cloud–based solution.

Now the cloud application wave has reached the finance organization where it promises the same impact—lower cost, easier collaboration, and faster innovation. But as with any new technology, preconceptions and myths abound. At NetSuite, a $1 billion+ market cap public software company, we run all of our business applications in the cloud. From tracking a sales opportunity to a sales order, through to invoicing and revenue recognition, and from management reporting and generating GAAP (Generally Accepted Accounting Principles) financial statements, through to managing the most complex service and renewal processes, everything is done through a Web browser. The impact on finance and our broader organization has been profound and far reaching—and a sharp contrast to companies where I’ve worked that ran traditional financial applications such as Oracle Financials, SAP R/3, or Microsoft Dynamics.

So why would a finance organization move its financial processes from on–premise ERP to a cloud–based model? Before I answer that question, it’s key to define what cloud computing or software–as–a–service is (I use these terms synonymously). In a nutshell:

• There is subscription licensing of applications rather than the traditional upfront capital acquisition of the software license.
• The solution is hosted and operated by the provider on equipment owned and maintained by the provider. All of your transactional and customer data is housed at the provider’s data center together with all of the hardware and infrastructure to run it. All you need to access it and run your financials is a Web browser.
• The system is completely Web based. No Windows clients, no Citrix logins, no virtual private network (VPN) tunnel. Instead, there’s an ability to access the application securely from anywhere—home, mobile device, on any operating system (whether Mac or PC), across remote locations—all through any standard Web browser such as Internet Explorer, Firefox, or Chrome.
• The system is designed for multi–tenancy. The provider is able to achieve economies of scale by running the application for thousands of customers across a shared infrastructure and achieve a cost structure that would be impossible for an individual accounting or IT department to achieve on its own. The result is that a cloud multi–tenant financials application can be more than 50% cheaper to run than its on–premise alternative.
• There is a single version of the application. This means that the finance department is able to get automated upgrades and functionality (such as support for the latest accounting changes) without having to go through a patching and upgrade process. It also generally means that any customization done via the system is automatically upgraded, and no one has to reimplement customizations. The result is an upgrade process whereby, for example, a finance department will be running on the latest software and hardware (at the vendor’s data center), even though it never upgraded anything.

The benefits of transitioning from an on–premise ERP system to the cloud are manifold. In a recent survey that NetSuite conducted with approximately 800 IMA® members, the results closely mirror my experiences at the company. The survey asked finance professionals: “What do you perceive as the single key benefit of moving your financials to the cloud?” Figure 1 shows their answers. The clear drivers were around total cost of ownership; anytime, anywhere access; and business process improvement.

Reducing cost of ownership of the ERP system has a significant benefit to finance. It isn’t just about reducing IT spend. It’s about reallocating the IT budget from maintenance—such as keeping servers running, performing upgrades, and taking backups—to actually improving business processes and delivering innovation to the finance organization. Some years ago, a report from Gartner found that more than 90% of a typical IT budget is spent on maintenance, and as little as 9% is left for actual business process improvement. The result is that a substantial gap has opened up between the goals of the finance organization—such as establishing clear business visibility, maintaining an effective internal control structure and process, and ensuring efficient GAAP conformance—and what IT can provide from the current systems. There simply isn’t any budget left for innovation.

Cloud delivery changes this equation because businesses are able to recoup 50% or more of their IT application operating costs by making the transition. No more servers, databases, backups, failover, patches, and upgrades. It frees up IT resources to move from an operational role to a strategic role. At NetSuite, the systems team supporting finance is completely focused on business process improvement, not maintenance, so, for example, it sped up our adoption of the new revenue recognition rules EITF 08–01 (ASU 2009–13), which was clearly a time–sensitive priority for our finance organization. Project resources could be devoted to building the necessary reports, key alerts, and workflows to support adopting the new rules rather than the on–premise alternative of applying patches or making risky database changes. The result was a timely, less risky, and morecost–effective adoption.

Another key benefit IMA members identified is the ability to access financials securely anytime, anywhere through a Web browser. At NetSuite, our organization is inherently distributed with a significant portion of our back office staff in an offshored location.We also have remote finance staff and line–of–business executives in regional subsidiaries. Depending on the company, a distributed finance organization can yield substantial cost benefits as well as enable you to retain the best staff, especially with the continued growth of globalization. But in order to run a distributed finance organization efficiently, your business systems have to facilitate real–time collaboration. Cloud–based financials shine here.

A traditional, on–premise ERP model hampers a distributed finance organization in a number of ways. At an operational level, it requires IT resources on the ground, and they have to travel to remote locations to make sure client tools and local accounting applications and databases are up and running. Thus the support costs can quickly spiral. But there’s a more insidious issue at play. With traditional, on–premise models, data can quickly become siloed within the business, whether buried in spreadsheets, local databases, or applications. This means finance staff members can quickly find themselves with outdated information, can encounter conflicting data in different places, or will be holding out for a spreadsheet extract. In an offshored model, this can result in substantial latency in the flow of financial information throughout the finance organization and to the executive level.

When your financials are accessible through a browser in real time, everyone is operating on a “single version of the truth,” no matter where they are—corporate, subsidiary, or offshored location. At NetSuite, the cloud enables us to drive key financial processes much faster vs. running traditional accounting applications. One financial process that demonstrates this is our distributed financial planning process. It’s much more agile, less error prone, and more accurate than it otherwise would be because, with Web–based cloud financials, our finance and line–of–business stakeholders are operating on the same centralized real–time actuals throughout our business. Corporate also has instant visibility into divisional transactions, enabling either a centralized or decentralized planning process. The result is a corporate level plan and forecast free from version issues and out–of–date spreadsheets—and one with a dramatic reduction in time wasted with financial data being e–mailed between stakeholders. It also frees up financial resources from having to push out financial information and moves the reporting process to a self–service model. Stakeholders can securely make changes through their everyday Web browser, the finance team can collaborate around the same information in real time, and no one ends up making changes to old versions of data.

Despite the accelerating growth of the cloud and its adoption in key areas of business, myths about cloud–delivered ERP still linger within finance departments. Part of this is because cloud–based financials are later in the adoption cycle than sales and human capital management (HCM) applications, where these concerns have already been overcome, but it also stems from finance being the clear custodian of critical operating data for the business. When we asked IMA members their concerns about cloud computing, some issues were clearly top of mind, including security, data ownership, and the level of customization that a cloud financials application can reasonably allow.

How do these perceptions hold up? Let’s start with security. This concern stems from the fact that a cloud datacenter is connected to the Internet and that cloud applications are used over the Internet. But most people already conduct their most sensitive transactions via the Web—everything from initiating bank payments to processing payroll to managing sensitive personal information. The state of the art for Internet security with cloud applications—whether consumer or business—is the use of banking–level 128–bit SSL security. This means that, when using a cloud application, the information is invariably more heavily encrypted than a traditional local area network (LAN)–based, pre–Internet application.

Having your financials hosted in a datacenter rather than in your own on–premise server room also raises some interesting questions. Isn’t a cloud datacenter inherently more hackable than its on–premise counterpart? Businesses are connected to the Internet all the time, and the typical on–premise business applications are, too, in some way.Whether locked in a server room or under your desk, they’re directly or indirectly connected to the Internet. The vulnerability of in–house systems is most clear in a November 10, 2010, article by James Verini in The New York Times titled “The Great Cyberheist”— where “a crew of hackers and other affiliates gained access to roughly 180 million payment–card accounts from the customer databases of some of the most well known corporations in America: OfficeMax, BJ’s Wholesale Club, Dave & Buster’s restaurants, the T. J.Maxx and Marshalls clothing chains. They hacked into Target, Barnes & Noble, JCPenney, Sports Authority, Boston Market and 7–Eleven’s bank–machine network.”

So the question isn’t really about cloud datacenter vs. on–premise datacenter when it comes to security. The question is really about how many resources your organization can dedicate to data and application security to protect your financials and business data and how that compares with the expertise and resources the cloud vendor will deploy.Most cloud vendors have experts focused solely on running your application and keeping your data secure. These people never stop to answer an Outlook question, never have to worry about setting up PCs or fixing a printer. They begin and end each day thinking about security and uptime. Your IT department probably isn’t as focused! But because the cloud vendor is operating with a shared services model, it’s able to create an entire function focused purely on security, with resources and dedicated budget focused solely on maintaining stringent security standards, such as PCI DSS compliance, that are often cost prohibitive for an organization to achieve and maintain on its own. So a cloud vendor can be more secure than a homegrown on–premise deployment. It’s the old question about whether your money is safer under the mattress where you can see it and touch it or safer at the bank.

Another concern with cloud financials is availability of the application. Of course, whenever an application such as Gmail or Salesforce experiences an outage, it always makes the press. But, realistically, how do well–run cloud applications stack up against the availability of in–house applications? A key place to start is that cloud vendors typically provide a service–level commitment to their users of 99.5% or better. As with any service level, it’s about transparency and about penalties if the vendor doesn’t meet that level. The transparency comes from publishing the availability online; for example, NetSuite publishes its availability at status.netsuite.com, and Salesforce publishes its at www.netsuite.com, and a member of IMA’s Peninsula–Palo Alto Chapter.

By KATE LINEBAUGH, GINA CHON and VIPAL MONGA

Times may be tough for companies with poor credit, but for well-heeled corporate borrowers it's a different world.

Greg Hayes, chief financial officer of United Technologies Corp., was inundated with calls from bankers around the globe after news broke that his company was in the hunt to acquire aircraft-components maker Goodrich Corp. In the space of a single weekend, he got unsolicited commitments for more than $100 billion in loans, according to a person familiar with the matter.

The flood of offers reflected bankers' eagerness to snap up a piece of a big deal. The company wasn't expected to use anywhere near that much money. Indeed, United Technologies said Wednesday that it had agreed to buy Goodrich for $16.4 billion.

But the episode shows that the big problem for banks—and the global economy—isn't a lack of money to lend. It's a shortage of solid borrowers.

"This is not like 2008-2009, where there was truly paralysis of all the credit markets," said Deane Dray, a research analyst at Citigroup. "Better-capitalized companies which have easier access to very low-cost financing can use this as a growth opportunity."

At the opposite end of the credit spectrum, the situation could hardly be more different. Market volatility and fears of a spreading European debt crisis have put the brakes on financing for riskier deals, such as leveraged buyouts, which typically involve a big chunk of debt. Banks, afraid tough credit markets could leave them overexposed, are being more selective about the deals they back.

Thursday's steep drop in the stock market spooked some bond investors like Andy Johnson, head of fixed income at fund manager Neuberger Berman. But he said investors still are looking for debt that carries higher yields than U.S. Treasurys without too much risk, making an A-rated credit like United Technologies attractive.

J.P. Morgan Chase & Co. is leading the financing for United Technologies' acquisition of Goodrich, which includes a $15 billion one-year term loan. HSBC Holding PLC and Bank of America Corp.'s Bank of America Merrill Lynch unit also are involved in the loan package. United Technologies said Thursday that it expects to pay an average of less than 3% in annual interest on its borrowings for the deal.

"Financing activity has stayed strong for investment-grade companies," said Andy O'Brien, co-head of syndicated and leveraged finance at J.P. Morgan. "There is plenty of liquidity to finance large corporate M&A activity."

Highlighting the importance these days of a solid credit rating, United Technologies is taking the painful steps of selling $4.2 billion in stock and suspending share buybacks, for fear that the new debt it is taking on for the acquisition might otherwise trigger a downgrade.

"Keeping the credit rating especially in times like this, I mean it is sacrosanct," Mr. Hayes said on a conference call Thursday.

Many companies still have record amounts of cash on their balance sheets and are finding acquisitions an avenue for growth, deal makers said. United Technologies, for example, is extending its product lines by buying a business that doesn't overlap much with its own.

Earlier this year, J.P. Morgan, with an almost $2.3 trillion balance sheet, agreed to provide $20 billion in financing for AT&T Inc.'s proposed $39 billion takeover of T-Mobile USA. If the deal closes with J.P. Morgan as the sole lender, it would represent the largest single-bank loan funding for a takeover in history and would be the bank's biggest loan ever.

In Hewlett-Packard's $11 billion deal to buy U.K. software company Autonomy, Barclays Capital is the sole bank behind an $8 billion loan package needed to seal the transaction.

To finance United Technologies' purchase of Goodrich, the banks will assemble a 364-day loan commitment. The acquiring company rarely draws on such a loan. Rather, it is considered a "bridge" to tide the company over until it can sell bonds or stock to finance the deal. But if a company is unable to raise such funds, banks can be left with a hefty exposure to a single company, which is why United Technologies' high credit-rating helped draw so much interest.

United Technologies plans to raise about $12 billion in a bond sale before the deal closes, which is expected to happen in the middle of next year. It would be one of the biggest bond sales in the recent years. The last bond deal of more than $10 billion took place in March 2009, when drug maker Pfizer Inc. sold $13.5 billion of bonds.

Since 2000, just 10 U.S.-dollar denominated bond offerings have exceeded $10 billion, according to Dealogic.

Moreover, there are significant differences between the U.S. and the European liability systems. The continental model appears to be moving at least to some extent in the direction of the Anglo-Saxon model. One question is whether the legal liability system will also evolve in a similar direction. It would be logical to argue that there will be some such evolution, on the basis that, if continental shareholders are demanding new rights, they will also demand new remedies. Will they go the way of the United States, where aggrieved shareholders may file class and derivative actions against directors alleging fraud and mismanagement?

With the 2011 MIT CFO Summit fully underway and already 1/3 sold out (!) we are excited that we have so many great speakers lined up.  The CFOs of larger public companies like Oracle, Duke Energy, Raytheon and Verizon are joined by growing company CFOs like Zipcar, Harvest Power and recently public, Linked In.  This year's timely theme of "Where Finance Meets Innovation" will be an exciting topic for prive, public, new, and growing CFOs alike.  Check back here for relevant articles and updates relevant to our upcoming conference, and most importantnly, GET EXCITED!!!!

Congress seems to love whistle-blowers.

The Dodd-Frank financial regulatory act makes that clear by requiring the Securities and Exchange Commission and Commodity Futures Trading Commission to pay at least 10 percent, and as much as 30 percent, of any monetary penalties more than $1 million to those who provide “original information” about a violation of the law.

The financial overhaul measure requires the agencies to set up whistle-blower programs by early next year.

The S.E.C., led by Mary L. Schapiro, released its proposal last week. Unfortunately for businesses, the S.E.C. must comply with the Congressional directive that puts the interest of attracting tips about corporate wrongdoing ahead of the internal compliance programs that most corporations set up under the Sarbanes-Oxley Act, which passed eight years ago. For businesses, it looks like Congress may be willing to use the new whistle-blower programs to undermine Sarbanes-Oxley.

Admittedly, most corporations grudgingly accepted the compliance programs required by Sarbanes-Oxley Act, including the elaborate reporting mechanisms that can involve reviews by the audit committee and the entire board if there is credible information of significant misconduct. The whistle-blower program does not negate Sarbanes-Oxley — companies will still have to keep compliance programs in place, often at a significant cost. But they may well fall into disuse now that employees have a monetary incentive to go directly to the S.E.C.

The initial challenge for the S.E.C. will be to distinguish information that is worth pursuing from mere speculation and conjecture, or, worse, an effort to harm a company. The rule proposal estimates that the S.E.C. will receive some 30,000 tips or complaints a year, and about half will lead to the filing of the required document, Form WB-DEC, which makes a person eligible to receive a payment if a recovery is made based on the information.

The rule proposal tries to limit the number of spurious tips by imposing what the S.E.C. calls “certain procedural requirements designed to deter false submissions, including a requirement that information be submitted under penalty of perjury, and requiring an anonymous whistle-blower to be represented by counsel who must certify to the commission that he or she has verified the whistle-blower’s information.” How much these modest measures will deter questionable whistle-blower filings is an open question.

Requiring a person to sign Form WB-DEC “under penalty of perjury” may not be much of a deterrent because showing that someone intentionally made an affirmative false statement, a requirement to prove perjury, is difficult. In many instances the information provided will be vague or subject to interpretation, so the threat of a perjury prosecution is probably so low that it will not impede the flow of tips. In addition, the number of people who will use a lawyer to assist in reporting information will probably be fairly small, so this will not provide much of a check on the potential deluge of tips.

Corporations are concerned that the program encourages employees to bypass their compliance programs and go straight to the S.E.C. The agency has acknowledged the potential conflict by encouraging corporate employees to use internal reporting mechanisms while allowing them to qualify for whistle-blower awards. The S.E.C. has also limited who can be a whistle-blower if the information is obtained through a corporate compliance program.

Lawyers, accountants and those responsible for corporate compliance cannot qualify for an award because they do not have the “independent knowledge” required to be a whistle-blower. This is a sensible limitation because working in a compliance program should not be a means to win a reward from the S.E.C. Nor should outside advisers be allowed to benefit at the corporation’s expense by reporting information received in the course of representing it.

Still, the proposed rules would not completely exclude employees involved in corporate compliance from being whistle-blowers. These employees can file a report and qualify for a monetary payout if a company did not disclose information about its wrongdoing in a timely manner or otherwise acted in “bad faith.” The S.E.C. takes a “never say never” approach that preserves the possibility of receiving a tip from any credible source.

For other employees, the S.E.C. rejected adopting a rule requiring them to first utilize any internal reporting mechanism before providing information, reflecting the Congressional suspicion about whether those programs result in adequate self-reporting of violations. If an employee reports information internally, then the company must act within 90 days, while the employee can still go to the S.E.C. This gives a company a narrow window to conduct an investigation and report the results to the S.E.C., particularly if the accusation involved an overseas operation and possible violations of the Foreign Corrupt Practices Act for bribery of foreign officials.

The Dodd-Frank Act protects employees from retaliation, even if the report does not trigger an investigation or result in an enforcement action. The law prohibits a company from taking any steps to “discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistle-blower.” This protection will no doubt make life more complicated for companies because the protections afforded to whistle-blowers may effectively encourage more employees — some who are trying to protect their jobs — to file report as a way to keep their jobs.

The only real incentive in the rules for reporting information internally is that the criteria for determining the amount of any potential award includes “whether, and the extent to which, a whistle-blower reported the potential violation through effective internal whistle-blower, legal or compliance procedures before reporting the violation to the commission.” That is just one of 11 factors the S.E.C. will consider, however, and is the last one listed.

I suspect that an employee’s decision to report information internally is unlikely to have much impact on any award the S.E.C. may give when the whistle-blower is already guaranteed 10 percent of the recovery, particularly if the violation is significant.

The rule proposal also addresses how the S.E.C. will protect the confidentiality of a whistle-blower’s identity and information by providing that commission staff need not inform a company about the receipt of information or that the person may be contacted to further discuss potential violations.

In fairness to the S.E.C., the agency does not have much choice in favoring whistle-blowers over their corporate employers because Congress made its intent quite clear, even if an unintended consequence is to limit the effectiveness of corporate compliance programs.

While there is talk of a pushback against the Dodd-Frank Act on Capitol Hill, Republicans and Democrats have agreed over the last few years that encouraging disclosure of corporate misconduct by rewarding those who do so is a good thing

Rather than limit whistle-blowing, I would not be surprised if Congress expanded the program in the securities and commodities fraud area to other government programs, such as health care and defense contracting.

Gloom among finance chiefs about the state of the economy doesn't square with the reality of current trends, attendees at CFO Rising are told.

David McCann - CFO.com | US

October 26, 2010

Although CFOs may be mired in pessimism about the economy, in fact "the cup is more than half full," a leading economist told attendees at the CFO Rising conference in Las Vegas on Monday.

An attempt to protect small investors has the unintended effect of driving firms to debt market

The US Securities and Exchange Commission in 2000 adopted Regulation Fair Disclosure, a rule requiring firms to provide investors equal access to information about companies. The goal of Regulation Fair Disclosure intended to curb insider information and protect small investors. But this well-intentioned attempt to level the playing field has had the unintended effect of causing companies to take on significantly heavier debt burdens, according to MIT Sloan School Assistant Professor Reining Chen.

The regulation prompted companies to change how they raise capital, according to Chen, who analyzed 10 years of data on over a thousand publicly traded firms affected by the rule. Instead of selling stock, which would require public disclosure, many firms avoided the release of detailed company information by going to banks or other lenders for their capital needs, Chen discovered.

"The SEC wanted to affect the information environment for companies," says Chen. "While the agency may have done so, it actually affected the capital structure of companies as well. It had the effect of making companies more leveraged."

Regulation Fair Disclosure, adopted in a 3-1 vote in August 2000, ended the practice of selectively disclosing information, typically to favored analysts or institutional investors. Advocates for small investors praised the new rule, which they said would promote democratization of investing and restore confidence in the integrity of the market.

To unravel the effect of the ruling on the capital structure of firms, Chen analyzed data from the SEC filings of firms listed on the New York Stock Exchange for five years before and five years after the rule went into effect. The companies most affected by the disclosure rule were those that had the greatest imbalances in buy and sell orders for their stocks after the rule went into effect, Chen determined.

Companies hurt by the regulation tended to borrow money when they needed capital, rather than sell stock, she discovered. Some public disclosure is required for borrowing, but it is not as detailed as the disclosure required for selling stock.

Companies may fear public disclosure for several reasons, according to Chen. Sometimes firms are protecting information that could help competitors, she says. "Also when a company discloses something that is complicated, the general public may not be able to understand it and that will create volatility in the stock price."

The regulation has been more of a burden for small companies than large companies, according to Chen. Large companies have many analysts following them, and information about big firms comes out one way or another. Small companies, on the other hand, get less attention from analysts, and these firms have trouble conveying information accurately to the public.

"The bigger companies actually benefited from this rule," says Chen. "Their information environment in the equity market improves. It does not improve for smaller firms."

One way the SEC might have avoided this problem is by having different regulations for companies of different sizes, she says.

In some ways the regulation helped large investors at the expense of small investors, according to Chen. When companies go to the debt market, they avoid public disclosure, but analysts and investors still need to know about the firms.

"Big institutional investors have more resources than small investors do to search for undisclosed information, so the large investors benefit," says Chen. "That is an unintended consequence of the regulation."

Chen does not pass judgment on whether Regulation Fair Disclosure was good or bad for the investment world. But she says her research shows that regulators need to be aware that simple rules can have far-reaching effects.

"Regulators may have good intentions, but when making rules, they need to have a broader perspective," she says.

FOX Business' Dagen McDowell interviewed Eric Spitz, CFO of the Narragansett Brewing Company, today. Here is a link to the segment.