Thursday, September 29, 2005

Sarbanes-Oxley -- Wave 2 opportunity

I attended a Sarbanes-Oxley (SOX) related conference this past week. Among other things, I wanted to learn about businesses that had been formed or refocused as a result of SOX and what opportunities remained. The SOX market opportunity alone is reported to be a $6.5B market. In addition, I wanted to get a feel for implications on Altus' portfolio companies. Ed Sims posted recently on the excesses of SOX to get another perspective. The summary of my observations follow:
  • A lot of existing companies refocused their energies on SOX particularly focused on establishing controls, segration of duties and ensuring proper security was in place. One of the notable companies was Virsa that is now a Kleiner Perkins and SAP Ventures funded company. They appear to be on a hockey stick growth pattern. A lot of the companies I observed had point or "band-aid" solutions but Virsa has a broader (though not all-encompassing) offering.
  • It's not clear that companies have realized a lot of strategic business advantage in these "Wave 1" applications (i.e., apps focused on controls & security) though they've certainly incurred a lot of expense. There are two types of "Wave 1" apps...
  1. Business Process Management (and hence compliance) companies like OpenPages. Effectively a glorified PERT chart that tracks the "critical path" of non-compliance.
  2. ERP Compliance Management, like Virsa and LogicalApps. One problem with them is that they assume that the entire world is either SAP or Oracle and that all the data that is needed resides in these systems (this is especially true for any company using partnerships to sell their offering). Fundamental departures from real life.

  • From the presentations given by keynoters and talking with senior partners from both big and regional audit firms, it became clearer to me that companies seeking an "exit" (i.e., IPO or acquisition) need to give more thought to SOX than they might have previously thought. In either exit scenario, a company that isn't SOX compliant is going to face obstacles when they try to exit (i.e., delaying or scuttling plans for the exit). The challenge is that when they most need to stay focused, preserve cash, etc. it is also the best time to set up SOX-compliant processes so they can avoid re-engineering processes later. Getting some strategic SOX/governance counsel early on is a good idea. It's the classic "pay now or pay later" scenario.
  • The firedrill to get Wave 1 processes/applications in place appears to be winding down for most public companies. "Wave 2" processes/applications will focus more on financial reporting transparency that can demonstrate to the investment community that a company has a handle on how they handle issues such as revenue recognition. Whereas Wave 1 was largely focused on blocking fraud, Wave 2 will address situations where there is no intentional fraud but where Operational and Transactional streamlining is needed. This involves actually managing day in and day out transactions for financial reporting and analysis for companies with complex revenue models, like the ones who sell through distribution channels. In other words, streamline your business, get compliance for "free".

  • Let me give you an exampe -- Take a company like Symantec. They have a variety of revenue streams ranging from 2 tier distribution into retail (e.g., Ingram is distributor and CompUSA is the retailer), relationships with consumers downloading bits of Symantec servers, enterprise customers, OEM deals, etc. In addition, they have monthly and annual recurring revenue streams. Figuring out how to accurately recognize revenue quickly becomes a nightmare of dozens of spreadsheets, various datafeeds from disparate partners, etc. Throw in properly paying spiffs & commissions, handling price protection and rights of return and you have a gnarly challenge on your hands that is people intensive. The vast majority of companies have some kind of band-aid solution in place that is both costing them a lot of human resource as well as delivering sub-optimal results (i.e., either takes too long and/or has questionable accuracy). Like Virsa, I think the companies that can develop a comprehensive system that makes sense of this will prosper. The system will be closer to a supplier relationship management solution as opposed to trying to connect various spreadsheets with bailing wire and bubblegum. It's one of the reasons I saw some private equity and VC firms in attendance at the conference. Entomo was one of the companies exhibiting at the conference -- they released a whitepaper at the conference that highlights these issues. Click here to get a copy. [Full disclosure: I have advised Entomo on their business] From a customer perspective, the good news is that there is a greater opportunity to realize strategic advantage in Wave 2 applications. For example, an automated solution will help a company reduce inventory, minimize gray market activities and enable them to report revenues on a more timely basis.
I think one of the prime challenges for a company selling a SOX offering is "SOX fatigue". A lot of organizations have been in sprint mode for the last year or two and/or they have a desire to move on to something that isn't related to SOX. Like any other enterprise application, demonstration of a strong ROI story will be paramount.

No comments: