Intelligent Enterprise

Better Insight for Business Decisions

RSS
Webcasts
Whitepapers
Subscribe
Home

June 13, 2001

Keeping Promises

Backing up your promises of reliability with proof is becoming a New Economy critical success factor

By Kristin Valente

In the old economy, prevailing wisdom ruled that "time is money." In the connected economy, "trust is money." In a world where your competitors are becoming business partners, your company sources mission-critical business functions to third-party providers, and your customers, regulators, the media, and investors stand ready to reprimand your company if it doesn't do what it says, trust and confidence are imperative to garnering participation and achieving business success.

In today's economy, even companies with recognized brands are struggling to establish trust and confidence as their business models change. These business models assume immediate and active customer participation, leaving scant time for brands or reputations to mature or stakeholder confidence to increase. To move at warp speed, your business - be it established or startup - must be able to assure one and all that it can deliver what, and when, it promises. Although failing to do so can trigger the demise of a business, more often this process is just staggeringly expensive.

Old economy paradigms would have companies developing marketing messages that repeatedly told their stakeholders what they are doing. But just saying what they are doing isn't enough. Even the most technology- and business-savvy stakeholders are asking for more. They want proof, not just promises. Their primary concern: Are your company's promises of reliable systems trustworthy enough to hand over mission-critical data, processes, or transactions? Quickly and adequately addressing this concern is a New Economy "critical success factor."

But what is the best way for your business to effectively communicate the reliability of its systems: To your diverse stakeholders? To your customers and potential customers who may not have firsthand experience with your people, processes, or technology? To your business or alliance partners who must support service agreements? To your employees and other internal stakeholders whose confidence in the integrity of your company's business model is essential to their wholehearted participation?

Filling the Void

Enter the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accounts (CICA). Recognizing that the marketplace could greatly benefit from the introduction of a uniform code of assurance standards that can be equally and evenly applied to any business or business function, regardless of industry sector, the two professional organizations joined forces in 2000 to create SysTrust, a service designed to provide independent assurance on system reliability.

The move puts into the hands of independent reviewers - the groups' own certified public accountant members - a set of clearly defined standards and measures that they can uniformly apply to any discrete business system, in much the same way that CPAs evaluate financial analysis and reporting practices. For businesses seeking to prove their trustworthiness, SysTrust provides a generally accepted set of standards as a basis for that claim. With an independent examination of your people, processes, and technology by an independent accountant, your company earns a report to back up its claims of reliability.

Setting the Standards

SysTrust is founded on the AICPA's and CICA's shared definition of a reliable system: "One that is capable of operating without material error, fault, or failure during a specified period in a specified environment." To that end, SysTrust encompasses four principles for evaluating system reliability:

Availability: Does a system operate and provide information in accordance with its stated availability, and is it accessible when you perform routine processing and maintenance?

Security: Is the system protected against unauthorized physical and logical access? (Logical access is the ability to read or manipulate data via remote access. Restricting system access helps prevent potential abuse of system components, theft of system resources, misuse of system software, and improper access to and use of information.)

Maintainability: Can you update the system to provide ongoing availability, security, and integrity?

Integrity: Is system processing complete, accurate, timely, and authorized?

A SysTrust report is "earned" by demonstrating that processes and controls are in place to achieve the SysTrust principles.

Trusted Relationships

Why is system reliability the primary stakeholder concern? Many companies achieve success by sharing and collaborating on all or part of a business strategy. Companies are investing in alliances, comarketing arrangements, and outsourcing or newfound business models such as exchanges. Each of these agreements brings risks to a company that it can no longer manage within its own walls or systems.

What if an alliance partner has a security breach? Does that breach affect your company's reputation? Many believe it does. Leading companies are addressing that risk by embedding risk management practices into contracts and are requiring periodic independent audits of alliance partner operations and security.

Rate This Article

Comments:

Optional e-mail address:

What if an outsourcing partner can't handle the transaction volumes with the speed you require? What if it can't meet its service-level agreements? How will you manage that risk before you enter into the contract for services? If you are the service provider, you need to recognize that long sales cycles and repeated discussions with your technical team are efforts to get your targets to trust you enough to become your customers. You must also recognize that this process is driving up the acquisition cost of each new customer. Leading service providers are now offering proof of their promises up front to targets, shortening the sales cycle or at the very least, more cost effectively addressing target customers' concerns. For more information see the online sidebar, "Loudcloud Earns Report".

The "always on" economy demands that businesses remain serious about keeping their promises to their stakeholders. Even the perception that promises are not being kept can cost businesses valuable revenue and new customers. Responding to the repeated requests from existing and targeted customers to visit facilities, review documents, and assess controls can be quite costly, distracting valuable resources from critical business tasks. Many companies find that providing independent third-party verification can minimize these distractions, while still satisfying customers' needs.

Breaking the Barriers

To break through trust barriers, companies must deliver the right "proof" to the right stakeholders at the right time. Validation from a credible and respected outside party provides evidence of the tremendous investment a company has made in the people, processes, and technology that keep its systems operations reliable and secure. To those inside the organization, seeking such certification has the added benefit of elevating trust to a high-level issue and uniting everyone behind the challenge of meeting a common goal.

Kristin Valente is a partner in the Innovative Solutions Group of Ernst & Young LLP's Assurance and Advisory Business Services Practice. She is responsible for the global acceleration of Innovative Assurance Solutions that solve complex client needs such as Internet privacy and security, media measurement, regulatory and contractual compliance, and other business trust needs.

Resources

Loudcloud Inc.
SysTrust: www.aicpa.org/assurance/systrust/index.htm

Related Articles on Intelligent Enterprise.com:

"Welcome to the Trust Economy," February 16, 2001