Friday, November 27, 2015

Will Accountants be Uberized? Part 2: Crowdsourcing and the rise of Pro-Ams

This is part 2 of a series of blogposts that I will write (aiming for 3 parts, but let's see) on how CPAs can be uberized. In this exciting installment, we explore how crowdsourcing and the rise of ProAms (professional amateurs) has altered other professionals, such as photography.

In the last installment, we explored how Uber was actually not a 1:1 replacement of the taxicab profession. Cab drivers fill a social function that ensures that people can from point A to point B safely, accommodates their disabilities and at a regulated rate. However, taxi cab still actively cash out now as we can expect Google to fill in the societal gaps that Uber appears to be unable to. Google could actually revolutionize car ownership by make their driverless cars they sell "ready-to-share" thereby enabling people to benefit from the share economy (imagine your car running around town earning money while work, sleep, play, engage in activism, etc!). Alternatively, they could go own a fleet of cars that people effectively rent in a way that's cheaper than owning a car altogether.

Crowdsourcing as Jeff Howewho authored the original 2006 Wired article that brought notoriety to the concept, where he was trying to describe the phenomenon of using the Internet to outsource work to individuals, defines it as: “is the act of taking a job traditionally performed by a designated agent (usually an employee) and outsourcing it to an undefined, generally large group of people in the form of an open call.”
 In his book he highlights the following uses to illustrate the impact of crowdsourcing on how companies do business:
  • Threadless: Is a great example of how the crowdsourcing brought life into the commodity business of selling t-shirts. In a nutshell, the crowd submits t-shirts designs, then the crowd votes on what designs are best and the designs that win are sold to the same crowd who already voted on them being the best! (For more details see the wiki article on Threadless)   
  • P&G hires scientists via Innocentive to solve problems that they can’t. As noted in the Wired article, Colgate-Palmolive "needed a way to inject fluoride powder into a toothpaste tube without it dispersing into the surrounding air". So the posted the challenge on Innocentive and Ed Melcarek, who has Master degree that is related to particle physics, "knew he had a solution by the time he’d finished reading the challenge: Impart an electric charge to the powder while grounding the tube. The positively charged fluoride particles would be attracted to the tube without any significant dispersion".  
  • iStock Photo: Instead of hiring professional photographers to make stock photos, iStock solicits photos from the crowd. The Wired article explains how the Claudia Menashe, director at the National Health Museum, was about to buy $600 worth of stock photos from a professional photographer Mark Harmel. However, she bought the photos from iStockPhoto for a fraction of the price at $1 a piece. iStockPhoto was snatched up by GettyImages “the largest agency by far with more than 30 percent of the global market, purchased iStockphoto for $50 million”. 
  • Howe's book (see pages 61-63) also discusses how NASA relied on the crowd to classify the age of craters. A professional had taken 2 years to complete a similar study that was done by these “clickworkers” over a month with results yielding a “comparable degree of accuracy”.
Can accountants/auditors be crowdsourced like the way professional photographers were? 

It seems were crowdsourcing works best is an arena where you find hobbyists who do such things out of passion instead of obligation. My dad was a hobby photographer and although I am no way near talented as he was, I love trying to capture those unique moments. For example, I was able to capture this unique division sunset with my Samsung Note 4


In other words, if I decided to put my mind to it, I could be potentially competing with Mark Harmel. 

However, are there hobby auditors or accountants out there that would compete with CPAs? 

I have yet to find one!

There's a case that can be made for the impact of David Weinberger's "networked knowledge" (book, YouTube video below) on the dilution of expert knowledge in general (law, medicine, accounting). What he proposes is that the ability to share, link and debate information on the Internet transforms knowledge into a more fluid state in contrast to the static nature of books. 


With respect to accounting, non-professional accountants can network with each other to get an understanding on how to account for stock provisions, but would management or the SEC find it acceptable that a company determining its accounting position by looking it up on Google Groups?

And that takes us back to the issue we discussed in the last blogpost: when disrupting a profession it's not just about the production of a good or service but also the social function that the profession was fulfilling. Public accountants have a fiduciary responsibility to the users of financial statements to ensure that they are free of material misstatements. Failure to fulfill this responsibility can result in fines, disciplinary measures or even loss of one's designation.

However, as Google's driverless cars could step in where Uber can't, could IBM's Watson step in and fulfill that societal function that accountants currently do?

To be concluded next time...





Tuesday, November 17, 2015

Will Accountants be Uberized? Part 1: Examining the Google-Uberization of the Taxi Profession

This is part 1 of a series of blogposts that I will write (aiming for 2 parts, but let's see) on how CPAs need to take lessons from the Uberization of taxi cab drivers and see whether CPAs can themselves be uberized.

A recent article in the Toronto Star highlighted the latest turn of events in the battle between taxi industry and those that want to bring Uber to Toronto

What is Uber? 
Uber enables the "sharing economy" by bringing together people who need a ride with those who have spare time and a spare ride via a mobile application. In other words, Uber does for car owners what Airbnb did for homeowners.

Who's resisting? 
Taxi cab owners have fiercely resisted the arrival of Uber into their cities as it can dramatically impact their ability to make a livelihood. The article attacks the position of the cab drivers as follows; "For decades, Toronto idled as taxi permits were traded among owners for obscene prices, pushing up meter rates while service declined". Taking the argument to the logical conclusion: Uber breaks the monopoly by enabling non-traditional competitors to enter into the marker.

The argument from the cab drivers side of things is that they are a profession: they have to pass examination standards that enables them to be qualified by the public to fulfill their duties. Furthermore, as noted in this article on the Walrus, taxis have a public duty in terms of assisting the handicap whereas Uber appears to be shirking this responsibility:

"Then there are disabled passengers, who don’t fare well at all with the Uber model of transportation. Indeed, nothing demonstrates the fundamental gulf between market-driven and civic-minded car services as much as the issue of accessibility. From a purely commercial point of view, passengers in wheelchairs represent a niche market. And unless compelled to by regulation or personal circumstance, most drivers are not going to invest the $60,000 needed to buy an accessible van.
For the most part, Uber pretends that the issue doesn’t even exist: In California, where a 2013 law requires ride-sharing services to report data about disabled passengers, the company has stonewalled the government. In July, a state judge recommended that Uber operations be suspended statewide and the company fined $7.3 million (US) for violating reporting requirements."

These protests are not limited to Toronto but are worldwide. Take for example the following video posted by Russell Brand actor-turned-activist who brings the issue of cab drivers in UK to light:



Other issues to note:
  • Is Uber cheaper? Not always. As noted in this Forbes article and this article on Business Insider, Uber is not always cheaper. Business Insider notes how that Uber you pay for both the distance and the length of ride. Although there are certain times that it's cheaper to use a cab than Uber, the reality is that it's significantly different in price between the two options and you need an app . 
  • Taxis have to charge standard pricing, Uber does not. The company engages in what it calls "surge pricing", which means "[a]t times of high demand, the number of drivers we can connect you with becomes limited. As a result, prices increase to encourage more drivers to become available." This is in contrast to taxis which are regulated in terms of how much they can charge.
  • Tax implications of Uber: Beyond the licensing fees a cab driver would pay to the municipal and other governments, Uber uses transfer pricing techniques - like any multi-national corporation - to minimize the taxes it pays. As noted in this Fortune article, Uber takes a 20% cut - meaning governments stand to lose the income taxes associated with this revenue that could have been taxed as income as from the local cab driver or the company that owns the plate. 
  • "Creative destruction" meets nest eggs, loans and food-beverage cart vendors. The disruption of Uber doesn't just impact taxi industry but also the retirement plans of drivers, financial institutions as well as tertiary industries that are ancillary to cabbies. In Toronto, plates were pricey costing as much as $360,000 (but are now selling for 120K). The logic of paying such an exorbitant amount was that it would provide a nest-egg for the purchaser and his or her family. But they weren't only ones betting on these assets. As noted in the Wall Street Journal, BankUnited Inc. lent $214 million against 577 cab licenses (also known as medallions). Finally, as noted by the cab driver in the video above, there are the food and beverage carts, restaurants, etc. that serve cab drivers who will also face a decline as cab drivers exit the business. 
Uber vs Taxis: What does the taxi-cab profession add to society?

Isn't it essentially trust? 

Prior to Uber, we had relied on municipal governments to license and vet cab drivers to ensure that they would get from us point A to point B in a safe, efficient (e.g. the fastest route possible) and cost-effective manner (e.g. fair pricing). 

Not to feed into the classical techno-phobic mantra of fear-uncertainty-doubt (FUD) but Uber drivers have violated that trust.

What Uber essentially proposes, is that municipal governments can be dis-intermediated in terms of oversight of the taxi profession. 

In terms of trust, what Uber purports is that the rating that drivers assign to passengers and passengers assign to drivers can serve as an effective substitute for the licensing and vetting function. Although this may work for the vast majority of time, it does not help those that have been victimized by Uber drivers. To use auditing-speak, the rules & regulations around cab drivers serve as a more effective control around cab drivers than Ubers rating system. 

The other issue is that Uber does not seem to be able to replace the public service function of the taxi profession: they openly "surge price" customers and are stone-walling the government around how they can serve the disabled community. 

Google's Driver-less Cars: Taking Uber to its logical conclusion 
Although the cab drivers can have a solid argument against Uber in terms of trust and public service, they may not fare so well at the next incarnation Uber: "Google's Uber". This is where we take Google's driverless cars to the concept of and apply it to Uber. I had mentioned the implication of Google's driverless car in a previous post - examining the impact on car insurance and the industry that has grown up around it. But I didn't explore how such a future will evolve. Google can effectively fill the role of cab services as follows:
  • Getting us there the fastest: With its Maps offering, we all have come to trust Google to get us to our destination the fastest which incorporates live traffic data. 
  • Safety:  Google's driverless cars have proven to be safer than human driven cars. Assuming it is not taken over by homicidal program like Skynet, the issue of assault basically is eliminated from the equation. 
  • Cost effective: This perhaps the most important part of the value proposition: Google's advanced algorithms could bring a level of optimization that would take the sharing economy to unparalleled heights. Imagine if Google sold driverless cars that would be earning money while the people are working. In such a scenario, the cost of the service would not only reduced by the amount of by the amount of wages and benefits paid out (regardless if it's a cab driver or an Uber driver), but it would also effectively share the cost of capital with the owner of the car. Alternatively, Google could offer, or supplement such an offering, with its own fleet of cars. Ultimately, would such an offering cannibalize car ownership altogether? If it's cheaper and faster to Google-Uber it, why bother owning a car and being held ransom by some insurance-feudal-corporate overlord? 
  • Public service: Given Google's experience with working with municipal government via its high speed internet offering, it is uniquely positioned to see such a service fulfill its public service role. As noted in the previous bullet, Google's own fleet of cars could be special purposed to serve the disabled.  In fact, Google openly advertises its driverless cars as something that will give the blind their independence (see video below as proof)

In the next installment (or set of installments), I will explore the prospects of how the CPA profession can be Uberized and what we can learn from the Uberization, and ultimately Google-Uberization, of the taxi cab profession. 

Wednesday, November 4, 2015

Did WSJ go too far in exposing Apple employee home purchasing habits?

The WSJ published an article discussing the cost of houses in the Bay Area. As per the title of the article, "Apple Paychecks—One Reason for High Home Prices", the key culprit they highlight are the significant salaries that the Apple employees are allegedly paid.

The the data for the findings were based on the work done by Zillow completed "at the request of The Wall Street Journal" who "used census data to track down where workers in the census tract that is dominated by Apple’s Cupertino, Calif., headquarters live—primarily neighborhoods in the San Jose and San Francisco metropolitan areas". It's not clear if they relied on their own data to complete this analysis. As per the graph below, Zillow tied the rising house prices to iPhone sales.



To be fair, and abide by full disclosure principles, the article does also blame "[z]oning laws and regulatory red tape are key factors as well". However, would it be the WSJ if it didn't lay such a charge?

Where to begin? The article raises a lot of issues in terms of the role of publicly available data - regardless if it is only the census data, data gathered by aggregators such as Zillow or social media sites.

As I had written a couple of years ago, the article actually is the promise of social media to "return us to the village". In the village privacy was limited because people knew each other and any deeds or misdeeds made by the individual were quickly found out by the community. A good example of how social media accomplishes this was role of public in identifying the rioters involved in the post-Stanley cup "celebrations". If such a riot had happened in the village, the rioters would be have been held accountable in a similar manner.

The Zillow-WSJ effort is really along similar lines: if employees of a company or members of a particular guild were buying up houses and driving up prices in particular area; wouldn't people in the village know?

Furthermore, it actually is village business. We need to understand how we will live with one another how we are going to make the most of living together in this shared space called community, which requires an understanding of how the actions of one group within the community will impact others especially when it relates to a basic need like housing.

That being said, it opens up the issue of big data and its ramifications on privacy.  Although the above rationale translates well into issues relating to communal benefit it doesn't translate well into issues relating to how private entities can handle the information they were given for a specific purposes. This of course refers to the concept of "consent" well-established within privacy parlance.

The authors of  Big Data: A Revolution That Will Transform How We Live, Work, and Think raised this issue in there book. As I had noted in a previous post:

"The authors, however, raise a much more interesting point when discussing privacy in the era of big data. They highlight the conflict between privacy and profiting from big data. They note how the value of big data emerges from the secondary uses of big data. However, privacy policies require the user to consent to a specific use of data at the time they sign up ahead. This would prohibit companies from big data. However, corporations in their drive to maximize profits will ultimately make privacy policies so loose (i.e. to cover secondary uses) that the user essentially has to give up all their privacy in order to use the service. What the authors propose is an accountability framework. Similar to how stock issuing companies are accountable to the security regulators, the idea is that organizations would be accountable to a privacy body of sorts that reviews the use of the big data and ensures that companies are accountable for the negative consequences of the data.

For those of use that have been involved in privacy compliance, such an approach would make it real for companies to deal with the privacy issues in proactive manner. We saw how companies attitudes towards controls over financial reporting shifted from mild interest (or indifference) to active concern with the passage of Sarbanes-Oxley. In contrast, no similar fervour could be found the business landscape when addressing privacy issues. Although the solution is not obvious, the reality is that companies will make their privacy notices meaningless in order to reap the ROI from investments made in big data."












Monday, October 26, 2015

Hey CPA: What's this machine learning all about?

Harvard Business Review online published a great article summarizing how the machine learning, and analytics works in a business context. It uses an illustrative set of decision trees to show how in a cable business scenario (something we can all relate to) and then ends with the following graphic on how a hypothetical algorithm would determine whether a customer would continue with the cable subscription or join the cord cutter crowd.





It's a great illustration of HBR breaks down these "glob" words like, machine learning, algorithm, etc., and transforms them into digestible concepts. Furthermore, and I would say more importantly, it illustrates a rising level of expectation of technology knowledge for client facing business professionals, like accountants and consultants. 

In a previous post, I had noted the following with respect to a couple of WSJ articles on information security and malware :  
"WSJ is a good litmus test of what the business press can expect a business professional to know about IT security, and technology related controls more generally. 

Although not explicitly mentioned in the first article, one of the key trends that has raised the level knowledge required for the average business professional is consumerization: individual have access to technology, such as tablets, smartphones, networks, etc. that were once the sole domain of corporate IT. Consequently, now the average business professional needs to increase their knowledge of IT and IT risks to avoid a virus or getting hacked. For example, I heard a couple of guys at the gym discussing the risks of downloading illegal movies: getting targeted by regulators and malware infection. "

We could also apply this to the HBR article: it too is a good litmus test of the level of competence that a Canadian CPA should know about leading edge topics such as machine learning and its relationship with analytics. 

We should recognize that the technology and security concepts discussed in these articles represent the minimum standard of what is expected from an accountant.  If we as a profession want to achieve the vision of being the  "globally respected business and accounting designation" [emphasis mine], then we must go above and beyond this minimum and surpass expectations of our clients, employers and business community at large. 

Thursday, October 8, 2015

Microsoft Strikes Back with Surface Book!

About a month ago, I wrote about Apple's foray into the 2-in-1 market as a reaction to declining tablet fortunes. Ironically, one of the key pieces of evidences to prove my theory was the following:

"The biggest proof, however, that they are going for the 2-in-1 market is that they invited Microsoft to demo how the Microsoft Office leverages the Apple pencil to work with Excel, Word and PowerPoint. As the Verge notes in this article, the pencil can draw shapes that converts to actual shapes. The video also highlights how you can use the multi-window feature to move content between the Office Apps. Microsoft gives more details on these features on post the put up yesterday."

Well, the irony lays in that Microsoft released the Surface book yesterday - just under a month of Apple's announcement:


They also released the Surface Pro 4, however, if YouTube views are any indication of which product got the most excitement the Surface Book nearly had triple the number of views of the Surface Pro.

And the reviews are quite positive.

According to Wired:  "Microsoft’s Surface Book is the most exciting Windows laptop in years. Actually, aside from a few hot-rod gaming rigs, it may be the only exciting Windows laptop in years. That’s great news for people who’ve longed to long for a PC again. And it could be a nightmare for every other PC manufacturer.

If you missed the Surface Book announcement, you’ll want to get acquainted. It’s a 13.5-inch laptop with a killer display, maxed-out guts, a funky cool hinge, and a top half that detaches, like the saucer of the USS Enterprise, to become a thick, powerful tablet. Reattach the display face-up, and the Surface Book enters “draw mode,” which brings the full power of a discrete Nvidia GPU to bear on stylus-based sketches and similar applicationxs" [SIC]

According to The Verge: "I got a chance to take a closer look at the Surface Laptop during Microsoft's Windows 10 devices event in New York City this morning. It's gorgeous.

Microsoft wants its Surface Book to be a MacBook Pro killer, and while it's too early to say whether it is, it's off to a great start."

According to BGR: "Microsoft on Tuesday had its best product unveiling in years and revealed several interesting products that culminated with the announcement of the Surface Book, which it bill as the “ultimate” laptop.

Microsoft dazzled the audience by revealing the Surface Book is actually more than a MacBook Pro clone, as it’s able to transform into a tablet."

There is one catch, however, it is a bit pricey. According to CIO, "Surface Book, at its lowest configuration, will run you $1,499, while the highest configuration retails at $2,699". This works out to be $1,949 to $3,499 Canadian according the Microsoftstore Canada website.

How pricey?

Just to contrast, as I noted in the blog post on Apple mega-pad,

"Although I thought the size of the mega-tablet would throw people off, the price may be a bigger factor that could be an obstacle to consumers. The tablet starts at $799 coming with 64 GB of storage, the keyboard runs about $169, and the pencil is another $99. That puts the starting price at $1,067. In contrast a 2-in-1 Yoga starts at $829."

So are people going to pay basically a $500 premium for the a pure Microsoft experience?

I think corporate IT would have a hard time justifying this premium in contrast to the Yoga. However, from a consumer perspective, it remains to be seen whether this can inject the enthusiasm into PC market.

The other interesting question: is Microsoft hedging its bets by making Office365 available on the iPad?

It seems that Microsoft CEO Satya Nadella has realized that he has to fight a strategic war on two fronts: the hardware front and the software/services front.

Making the Office365 available on the iPad seems to be the answer to software/services front: truly embrace the promise of the cloud to be made available on any device thereby maintaining Microsoft's dominance in office productivity. This contrasts to what I originally thought: if Microsoft made Office available on the iPad I thought they would be shooting themselves in the foot because who would then by the Surface?

In terms of the hardware arena, Apple has captured the "mind share" for a long time now: high quality PC as well as stunning mobile devices that have enabled what I call the "toasterfication of IT": reducing the complexity of a PC to something that's easy to operate as a toaster.

What Nadella states in an interview with The Verge's Nilay Patel (see below) is that he wants to "stimulate demand for the entire ecosystem". In other words, by setting the bar so high - he is forcing Windows PC partners to try harder and deliver more.  And I can see his strategy working: I recently bought the Dell Inspiron 13 7000 2-in-1 and it could be argued that by pursuing the Surface line of PCs Dell was forced to up its game.

While watching the interview the other announcement that caught my eye was the ability to convert its latest mobile device Lumia 950 XL into a PC. According to The Verge, "Continuum for Phones, it’s designed to take advantage of new universal apps that run across Windows 10 on phones, PCs, tablets, and the Xbox One. If you’re running a mobile version of Excel on your phone it will magically resize and transform into a keyboard- and mouse-friendly version for use on a bigger screen." As Nadella states in the interview, this will help capture marketshare in the developing world. Also, think corporate IT: how many managers would ditch the PC and mobile phone for one of these + a couple of Continuum docks? As I had noted in this post in 2012 regarding the then just-launched Surface: "users will no longer need to carry a laptop and a tablet: the Microsoft window 8 machines can act as a laptop when you are at work or at home and as a table when you are on the go".

Although the ability for Microsoft to recapture the imagination of the masses is up for debate, what is clear is that CEO Satya Nadella has imprinted his vision on the future of the company and he's going to give his competitors a run for their money.



Sunday, September 27, 2015

It's been 17 years since Google went live!?

Can you believe it's been 17 years since Google has been around?! 

Google's Doodle for today takes us back down memory lane to an era prior to Google. It's especially memorable for those of us who were in university in the late 90s because we had access to high speed internet on campus unlike the painfully slow dial-up at home. 

I remember my first job as a coop student at the UW Federation of Students (I can't believe this quote is still hanging around from that time!) when a co-worker was explaining to me how OpenText was the best search engine (of course using my NetScape Browser). Of course back then there was a number of search engines including, Yahoo, Lyco, Alta Vista, etc. However, I stuck to OpenText for a while then eventually switched, along with everyone else, to Google. 

Back then Google was a struggling start up. Of course now its tech behemoth facing the regulatory scrutiny that was once reserved for Microsoft (again from the late 90s). 

Well Lycos, OpenText (as a search engine) and AltaVista may be long gone, but it looks like plaid is back!

Wednesday, September 23, 2015

Google Glass: Where is it at?

Ever wondered what happened to Google Glass?

Well wonder no longer!

According to recode, Google glass has been re-branded as project Aura. As noted in this Fortune article, the company decided to focus on the business potential of the project as the consumer oriented device had lackluster demand. According to Fortune, Google glass is being used by industries such as healthcare, energy and manufacturing.


What does this mean?

It yet again gives credence to the trend that IT is being repatriated to the enterprise, as predicted Deloitte's 2015 TMT predictions. On a previous post, I had noted that the Intel's growth area was in support of data centres instead of consumer products - giving kudos to Duncan Stewart and team. But this serves as another evidence of their prediction being right.

Interestingly, Google has been able to procure the services of employees used to work on Amazon's Kindle tablets. Will this breathe in the consumer savvy that Amazon has been bringing to US customers?

Although the sources cited earlier say that this will be hitting the consumers some time in the near future, I still think that the privacy concerns I raised on a previous post on Glass still exist. Specifically:

"The issue, however, with Google Glass is that it is integrated into one's person's physical body and, unlike a smartphone, video camera or that ancient camera with smoke and all,  it inherently lacks the social mechanism to communicate that the interaction is being recorded. Even with social media, it is well understood that the communication is occurring in a medium that can be easily shared, so those that engage in such a communication understand there is a possibility that their conversation is not private and may not be kept confidential. In other words, precisely because Google Glass is integrated into the moment, it inherently lacks the ability to gather:
  • "Notice. The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed."
  • "Choice and consent. The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, and disclosure of personal information."
(This was taken from AICPA-CICA Generally Accepted Privacy Principles, see page 7)"

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Thursday, September 10, 2015

12.9 inch iPadPro: Too pricey or a step towards "2-in-1 Domination"?

Yesterday, Apple launched its latest line of mobile devices. However, it's the "off year" where the "S-ify" their existing line up, so mostly incremental improvements around their successful line of smartphones and tablets. Perhaps the most interesting announcement with respect to the phone line up was the new payment plans you can get. As reported by the Verge, "You can either pay for the 6S in installments of $27 per month, or lease an iPhone for $32 per month, which lets you trade in your phone for a new one every year". Note: this is a US only program.

The other big announcement was the 12.9 inch iPad Pro, which seems odd at first glance as they decided for a bigger form factor. The following video gives a good overview of the features that this new "mega-tablet" offers:



This very much seems to address the woes in the tablet market that we discussed recently. As I noted in a recent blogpost:

"Things don't look as rosy for the iPad. Fortune reported that "the iPad is the current leader in the tablet market, accounting for 24.5% of all tablet sales, its market share has consistently decreased by about 18% over the last few years". 

Nick Statt of CNET posted a great article that discusses some possible reasons as to the declining fortunes of the tablet. Once seen as a PC killer, now is in a state of normalization. One could argue that the tablet is entering into the "trough of disillusionment" after slide down the "peak of inflated expectations"...When it comes to the larger tablet form factors, Nick points out that tablet owners are favouring to keep their iPads for a longer period of time and now are opting for the 2-in-1s (like Lenovo's Yoga line of laptops), which enable more productivity than the tablet counterparts." [emphasis added]

As they have highlighted in the video, they have designed the tablet to work with the Logitech "Create" magnetic clip on keyboard. The keyboard interfaces via the magnetic clips instead of Bluetooth, thus saving battery life. They also unveiled the $99 Apple Pencil, featured in the following video:

Apple has been the vendor of choice for the creative, so it's no surprise that they decided to focus on the stylus instead of the keyboard.

The biggest proof, however, that they are going for the 2-in-1 market is that they invited Microsoft to demo how the Microsoft Office leverages the Apple pencil to work with Excel, Word and PowerPoint. As the Verge notes in this article, the pencil can draw shapes that converts to actual shapes. The video also highlights how you can use the multi-window feature to move content between the Office Apps. Microsoft gives more details on these features on post the put up yesterday.

Although I thought the size of the mega-tablet would throw people off, the price may be a bigger factor that could be an obstacle to consumers. The tablet starts at $799 coming with 64 GB of storage, the keyboard runs about $169, and the pencil is another $99. That puts the starting price at $1,067. In contrast a 2-in-1 Yoga starts at $829.

Will Apple be able to turn its tablet fortunes around?

I think that this move will enable them to compete effectively in the 2-in-1 market place as well as the traditional tablet marketplace: those who are in the market for a new laptop or new tablet will give this a serious look. However, I don't think it will change the overall market demand for the tablet. Tablets are no longer a novelty device: they are largely consumption devices where you can get some work done, but the heavy lifting is best left to a good old laptop.   




BNY Mellon Software Glitch: Cost of IT Control Failure

In the previous post on the BNY Mellon's technology woes, we explored what the company did right as well as the overall need for independent evaluation of the technology that runs the Information Age. In this post, we explore the costs and consequences of the breach.

One of the challenges for putting in controls around information integrity is that it is a hard sell: what's really the value of accurate information? This is in contrast to something like information security where it is also hard sell, but much easier. The reason? When an information security breach occurs, it is largely to access something of value that can be monetized. The Poneman Institute puts this cost at approximately $174 per record.

Consequently, it is easier for someone to go to the CEO/CFO and explain how tightening controls around information security will protect the company's bottom line. Furthermore, information security breaches are something that has entered the mass consciousness within the business community: SunGard was quick to reassure everyone that the issue affecting BNY Mellon's accounting software was NOT attributable to "any external or unauthorised systems access".

When making the business case for controls over information, it can be challenging to show how the control will lead to savings in terms of "decision failure", i.e. the cost of making the wrong decision due to unreliable information. Let's face it: most companies are willing take big risks on their information by continuing to rely on spreadsheets that have an error rate of 88%. Furthermore, as highlighted by this Protiviti study, internal auditors understand the information integrity challenges but are not getting the funding to tackle them.

So the incident at BNY Mellon is rare occurrence where something that is mis-priced can actually lead to costs. As noted in the Wall Street Journal:

"A software glitch this week at fund administrator Bank of New York Mellon Corp. caused difficulties in pricing many mutual funds and exchange-traded funds, prompting some fund sponsors to publish lists of funds whose stated asset values were erroneous.

What can you do if one of your funds is on the list, meaning you may have overpaid for shares?

Reach out to your fund company and ask for a refund. They don’t have to give you one but firms may do so because of their often long-term relationships—ones they want to keep—with investors, analysts said."

The other costs include:

Of course we won't know the full cost until, the regulatory probe finishes and the publish their findings or the cost was material and this shows up in the financial statements. Regardless, organizations should be proactive in ensuring that sufficient technology controls are in place and that these types of risk are controlled. 









Monday, September 7, 2015

BNY Mellon Software Glitch: Time to make SysTrust mandatory?

As was widely reported in the business press, BNY Mellon experienced a technical glitch that affected its ability to price mutual funds accurately. Based on the press release from one of the affected funds, the problems started on Monday August 24th, where one of BNY Mellon's system "InvestOne" managed by SunGard was pricing about 800 mutual funds inaccurately.

So what was the cause of this fiasco?

According to CNN, "BNY Mellon outage occurred after a SunGard accounting system it uses became "corrupted" following an upgrade. A back-up also failed."

Normally, this type of thing will force the party experiencing the breach intense scrutiny over what went wrong. However, as I went through the timeline posted by the company, I found (reading between the lines) that they did a number of things right, such as:
That being said, there is always room for improvement. When I was reflecting on this, I speculated that this was another case of inadequate testing of the system upgrade. However, according to SunGard, this was not the case. As they noted on their website:

"The issue appears to have been caused by an unforeseen complication resulting from an operating system change performed by SunGard on Saturday, August 22nd. This maintenance was successfully performed in a test environment, per our standard operating procedure, and then replicated in SunGard’s U.S. production environment for BNY Mellon. This change had also been previously implemented, without any issues, in other InvestOne environments. Unfortunately, in the process of applying this change to the SunGard production environment of InvestOne supporting BNY Mellon’s U.S. fund accounting clients, that environment became corrupted. Additionally, the back-up environment hosted by SunGard, supporting BNY Mellon’s U.S. fund accounting clients, was concurrently corrupted, thus impeding automatic failover. Because of the unusual nature of the event, we are confident this was an isolated incident due to the physical/logical system environment and not an application issue with InvestOne itself."

Given my background as a CA, CPA and CISA, I have always thought it is an odd contradiction that we expect infrastructure (road, dams, bridges, etc.) to be certified by engineers to be in working order (key word is expect, as John Oliver notes in the video below, this is not exactly up to snuff!), but do not have the same expectations for the technology that runs the Information Age.

And that's where I have always proposed that it is necessary to have a framework like SysTrust (now SOC2 and SOC3) in place that requires companies to ensure that their systems are reliable: secure, available, and able to process information without messing it up.

Based on the experience between SunGard and BNY Mellon, I think it actually proves the case. Although companies, like SunGard, likely have such controls in place it is beneficial to others to have a second set of eyes on those controls, ensuring that they are in place, are designed effectively and are operating effectively. The reason is that with such mandatory audits in place, it will allow for the circulation of best practices through such audits. This occurs in the financial auditing world through "management letter points".

One other area that we should explore is the total impact of this error, as it will give insights into the "total impact of failed IT controls". This will be the topic of the next blogpost.



Saturday, September 5, 2015

Monitoring the FIs: Auditors to the rescue?

Wall Street Journal had an interesting article earlier this week on the inner workings of out-of-court settlement deals with FIs. It noted how Western Union had to use a "monitor" to independently oversee the implementation of policies and procedures to remediate it's business practices that were found to be illegal by the Arizona's attorney-general. Specifically, the company had to pay $94 million (this was mentioned in the AG's website, not the WSJ article) for facilitating "blood wires" on behalf of "organized criminal cartels that seek to profit from Arizona’s porous border".

Activists, such as Matt Taibbi, have criticized such out of court of settlements as examples of a two-tiered justice system. He specifically cites how HSBC paid $1.9 billion for laundering drug money, but no jail time for the CEOs. In contrast, Cameron Douglas, son of the famous Michael Douglas, got 5 years for drug crimes (including possession and dealing).

Regardless of such a critique, it does give insights into how the audit profession can play an effective role in balancing the needs of businesses and oversight. The WSJ article goes into some detail as to how monitors are chosen by law enforcement officials (and the companies themselves) to ensure that the corporate governance and controls are implemented to ensure that the particular indiscretion does not occur again.

The article focused on the relationship between one of the monitors, Ted Greenberg (who according to the WSJ was a prosecutor) and his work with Western Union. However, Greenburg and Western Union had a fallout over the aggressive nature of his recommendations. The Arizona AG agreed and fired Greenburg.

And that's what I find interesting. Often the concept of "reasonable assurance" is something that non-auditors find hard to digest. And it seems that this could have played a role in the overbearing recommendations provided by Greenburg - who is a prosecutor not an auditor. And as it turns out, the Arizona AG seems to have the same line of thinking: they ended up replacing Greengburg with BDO.



Wednesday, August 26, 2015

PCs: "The news of my death has been greatly exaggerated!"

With Apple's iPad storming the scene, some felt that the PC was dead giving away ground to the tablet form factor. What I felt that Apple achieved with the iPad, was the "toasterfication of IT": turning the relative complex device in something that is easy to operate as a toaster. This lent it to be something that would a fan favourite with the elderly and kids.

Things don't look as rosy for the iPad. Fortune reported that "the iPad is the current leader in the tablet market, accounting for 24.5% of all tablet sales, its market share has consistently decreased by about 18% over the last few years".

Nick Statt of CNET posted a great article that discusses some possible reasons as to the declining fortunes of the tablet. Once seen as a PC killer, now is in a state of normalization. One could argue that the tablet is entering into the "trough of disillusionment" after slide down the "peak of inflated expectations". Nick explains in his article that mini-tablets have lost market share to the the phablet (as I have noted in previous posts, I strongly dislike this term. But phonelet isn't much better!). Quoting IDC analyst, Jean Philippe Bouchard, "When your phone is only an inch or two shy, what's the point".

I find his analysis dead on: when I migrated from the Blackberry, I went straight to the Samsung Note to get a larger screen that would be easier to type because I was so used to the physical keyboard. However, when I was contemplating getting the Nexus 7 from Google, I thought exactly that: why bother with the tablet when my Note is already a "pocket tablet"? 

When it comes to the larger tablet form factors, Nick points out that tablet owners are favouring to keep their iPads for a longer period of time and now are opting for the 2-in-1s (like Lenovo's Yoga line of laptops), which enable more productivity than the tablet counterparts.

Why is this the case?

It seems to me that people have realized that tablets are more of a consumption device rather than a productivity device: they are great for reading, listen to podcasts or watching videos. However, if you want to churn out a blogpost, document or even email - you need that physical keyboard.

Wall Street Journal also had an interesting op-ed pointing to the continued usefulness of the PC. Geoffrey Fowler attempts to convince us  that the next computer should actually be - wait for this - a desktop! Mr. Fowler, not without humour, mentioned how a friend asked him whether he still drove a horse and buggy!

Jokes aside, I think he does a pretty good job in pointing out that when you are able to connect remotely via multiple devices to cloud based software to get your work done, desktops make a lot of sense. In the article, he included the following link that points to the improved productivity (17% more to be exact) of using a full keyboard and mouse. The article includes a number of suggestion, including the HP Pavillion mini, which looks quite tempting (see the CNET preview below). Definitely agree with the tip about using the keyboard and mouse: I actually lug around my ergonomic Microsoft mouse and keyboard connecting to my work issued 2-in-1 Lenovo Yoga to save my wrists and neck.



The revised interest in the PC and retreat in sales of the iPad highlights the importance of being on top of tech trends and avoiding the "bleeding edge": executives should be sure of the business value of the technology before jumping the bandwagon.


Monday, July 27, 2015

Artificial Intelligence: The new "space race" for the tech-giants?

When IBM's Watson defeated Ken Jennings and Brad Ritter on Jeopardy!, it was a shock. As Ken Jennings describes in this Ted Talk, he had no idea that a computer could possibly defeat him at Jeopardy! On this Ted Talk, Ken Jennings describes how he never thought that a computer could beat him:



And he's right.

How can a computer possibly understand that "feel can smell" and a "nose can run"? 

But on February 16th 2011, IBM's Watson did precisely that: it was able to defeat the two reigning human champions Ken Jennings and Brad Rutter. And with that IBM ignited the space race for artificial intelligence.

Although people may point to the wide array of personal digital assistants from Apple (Siri), Microsoft (Cortana) or Google Now as the true birth of the AI space race. However, these application are limited to the use of the personal arena. Anyone who used things like Google Now - which can link your calendar to traffic patterns and tell you if you'll be late for appointment - can tell how amazing it is to how have a digital assistant work behind the scenes to keep your day on track. That, however, is limited to the consumer realm. Where AI gets real interesting is the B2B realm: Watson has made some strides in automating the FAQ process. However, it's real promise has been demonstrated in the cancer treatment realm, where it enables doctors to "race with the machine" combining the millions of pages of medical journals and articles to determine the best cancer treatment for patients.  Watson is available in a cloud offering to developers who submit applications.

But IBM is not alone and so the AI Space Race is on!

As for the other vendors, see the following:

However, the one that I am really waiting to hear about is coming from the makers of the Siri, Viv.ai. They are hoping to build AI as a service, similar to Bluetooth, that will be embedded in all hardware. I will leave you with the following quote from the Wired article that discusses the possibilities of Viv.ai:

"Viv...generat[es] its own code on the fly, no programmers required. Take a complicated command like “Give me a flight to Dallas with a seat that Shaq could fit in.” Viv will parse the sentence and then it will perform its best trick: automatically generating a quick, efficient program to link third-party sources of information together—say, Kayak, SeatGuru, and the NBA media guide—so it can identify available flights with lots of legroom. And it can do all of this in a fraction of a second."




Sunday, July 12, 2015

Driverless Cars and the end of car insurance (can't we dream?)

Great piece on Brookings on Driverless Cars, or what they call Autonomous Vehicles. As it turns it, driverless cars are safer than human driven cars. The Brookings refers to the following DW article to note the safety record of the Google driverless car experiment:


"Google's 11 accidents happened during 1.7 million miles of driving, working out to 0.6 percent per 100,000 miles (160,000 kilometers). The national rate for reported "property-damage-only crashes" in the United States is about 0.3 per 100,000 miles driven, according to the National Highway Traffic Safety administration. But as Google noted, as many as 5 million minor accidents are not reported to authorities each year."

(On a side note: Google's analysis of the official accident rate is a valid one. The real rate of human accidents is quite significant in determining how safe autonomous cars actually. Data integrity strikes again!)

What Brookings points out is that for years the various governments across north America have been able to exploit human weakness and use that to prop up their revenues: speeding, accidents, and driving related fines. They also point that there will be tremendous savings in the US (approximately $10 billion a year to the overall infrastructure) as state and federal governments will be paying less for the damages caused by accidents.

With the rise of "smart machines" such as, driverless cars or IBM's Watson, the society will under go economic shifts that are going to cause massive impacts on the way we do things. Just think of all those who currently benefit from the "human inefficiency" of traffic errors and infractions:
  • Insurance companies: Ideally, governments will eliminate mandatory insurance as it can no longer by justified in such a low-accident environment. We can dream can't we? Perhaps the manufacturer can take on the risks associated with the vehicle instead of the driver
  • Police departments: Police spend time catching motorists speeding, etc. They will need to be re-assigned to other areas. Although these areas are likely potentially less revenue generating, they may be more helpful to society. 
  • Courts: Courts get bogged down and take months to process cases. This backlog will be a thing of the past and then they can work on other cases. 
  • Lawyers and paralegals: If there are no court cases, then there's no need for these guys either.
  • You and me: People will no longer to take time off work and spend time defending themselves against these charges and extra tithes we have to pay to our insurance-feudal-corporate overlords.
The counter-argument is that there's less freedom to drive as you please. But should you be able to driver faster than the speed limit if it's illegal? It's an inconvenient truth, but either speed limits are not necessary or fast cars are unnecessary. But why are we driving so fast? It's usually we are needing getting places to do things.  If we can shift our schedules to handles those task as we are taken where we need to go in our "e-chauffeur driven car" doing what needs to get done while driving at safe speeds. I, for one, welcome our new autonomous-car future. 


Tuesday, July 7, 2015

Can BlackBerry get back in the game with using the Android OS?

Late last year I wrote in a post reminiscing about those good old BlackBerry Days: days when Canada's very own tech darling, Research-in-Motion (as it was called back then), was the hot technology that executives and business savvy individuals had in their pockets.

In the post, I discussed the possible factors that led to the decline, wondering how the RIM exec's did not just go out and try one of the Android or iPhone devices to see why these brands were overtaking theirs. 

Well, not sure if they read my post - in fact I highly doubt it :) - BlackBerry appears to be toying with the idea of using the Android OS instead of its BB10. As noted in the following edition of Android Authority, rumours are a swirling about the Android OS being loaded onto BlackBerry phones (starts around 1:10). 

If this ends up being true, then this could be (for real this time!) that could get BlackBerry into the game. However, this hinges on BB being able to leverage their corporate customers to get this device to integrate with the corporate IT (especially email and calendar). For example, my employer support iPhones and BB but not Android.

So I have been contemplating on whether I should get a iPhone on my next upgrade.

However, if BlackBerry were to switch to Android then I would definitely consider that as an option. For me the issue is when I am travelling on business, I need to use my phone. However, the native BB apps are simply not the greatest and I miss using the Google Maps and other services.

There's definitely a good strategic analysis of how BB can benefit from the Android App store or offer users cutting edge services. However, it probably just simply boils down to a strategy of if you can't beat them you might as well join them!


Wednesday, June 17, 2015

Can Inadequate Disaster Recovery Planning be worse than locusts?

Why are US farmers facing a disaster?

Is it due to locusts? No.

It's due to inadequate IT disaster recovery planning.

As reported in the Wall Street Journal, the US Immigration Department is unable to issue visas to temporary workers due to a system failure. Specifically:

"“The system that helps perform necessary security checks has suffered hardware failure,” said Niles Cole, a State Department spokesman. “Until it is repaired, no visas can be issued.” He said technicians are working around the clock to resolve the issue but couldn’t offer a timeline for when the system would be back in action.

Specifically, a central database isn't receiving biometric information from U.S. consulates world-wide, he said. Biometric data, including fingerprints, are used for security screening of applicants."

And the losses are mounting daily. Over 200 workers are sitting at the Mexican-US border waiting to be processed by system so they can get into the US and help harvest the crops. The article reported that farmers are losing between $500,000 to $1,000,000 per day because the fruits are spoiling.

Reading this article I had the following questions

Why isn't there a hot site? 
Given the importance of the technology, why don't they have the ability to swap to a new piece of hardware instantaneously?

Was the security information backed up and why is there no manual work around? 
If it's digital information, why isn't there a manual work around to transmit the information and circumvent the faulty hardware? The data could be manually uploaded to the central database.

Was a proper risk assessment done? When a disaster recovery plan (DRP) is created for a system, the organization must determine the Recovery Time Objective (RTO) that determines how quickly a system will be stored after failure. Google, for example, has an RTO of zero. To determine what the RTO is there needs to be an assessment of the impact of such a failure. In this case when setting the RTO did the risk management professional include the fact that this system was critical in supporting the visa program H2-A for temporary farm workers? It should be noted that the US farmers association had paid into this program and now they are suffering losses of over $500,000. This will also reduce the amount of tourist visas issued potentially resulting in lost tourist dollars to the US.

The lesson we can learn from this is to ensure that we understand what business processes a system supports and understand the impact to those business processes should the system go down.

Monday, May 11, 2015

Hey CPA: Should I get anti-virus for my home network?

Recently, I was having a conversation with my friend's 12 year old daughter. She's an avid e-book reader and her Kobo is a close companion. We were discussing the susceptibility of Kobo (in contrast to her computer) to viruses. I wasn't sure what OS was on the Kobo, but I did a quick check and realized that it was a Linux operating system. So I explained the economics of malware: most malware are designed for the Windows or MAC Operating System: criminals want to get the most bang for their buck. So the likelihood that hackers would target the Kobo tablets would be quite low.

Then it struck me: would a CPA be able to lead this sort of discussion?

The recent merger of the professional accounting bodies prompted the publication of a new competency map. The new competency map, however, greatly reduced the amount of technology competence required by a CPA.

Coincidentally, the WSJ published a review of the Bit Defender BOX around the same time I had this discussion. For what it is, see Amazon's Video Review.


As with the conversation with the 12 year-old, I wondered whether a CPA could keep pace with the issues brought up in the article, which include:
  • If there's an OS, there's a risk of virus infection: The proliferation of "smart" devices is actually a proliferation of operating systems. As they point, no large scale infections to report yet. But the point is that there is a risk of infection and consumers need to figure out how to handle the virus.
  • Network controls versus end-point controls: The solution for the virus can either be put on each device (e.g. mobile phone, tablet, smart thermostat, etc.) or at a network level. But which one is better? And that's the point: could a CPA discuss the advantages and disadvantages of each approach
  • Evaluating intrusion detection systems (IDS): box is, in a sense, the IDS for the masses. As noted WSJ, the Box sent a number of "unhelpful alarms". In other words, the system generated "false positives" which means that users will initially check it alert diligently, but then ignore subsequent alerts assuming it's a false alarm. 
  • Limitations of scanning devices: The article also notes how the device can't work on encrypted traffic.  More generally, it talks about the overall (lack of) reliability and 
  • Best security practices: The article also notes several best practices to make home networking safer including, patching/updating router software + enabling auto-update, use of strong passwords, hardening systems (i.e. changing the default user ID & password on things like routers), use WPA2 standards (i.e. not WEP which can be easily cracked), and use of guest network instead of sharing passwords. 
But that's not all. WSJ also published this article detailing five key corporate security practices, including:
  • Patching, i.e. installing software updates to plug security holes in the software,
  • Limiting connectivity of devices on a "need to do basis",
  • Encrypting data that is confidential or highly confidential (e.g. credit card data)
  • Use of physical security devices instead of just passwords
  • Independently assessing vendor compliance with security. 
The interesting thing about this article is that it omits the use of SOC audit reports (see Amazon's FAQ on the topic or the AICPA's site) with respect to verifying the level of security compliance with the latter point. 

But, again, does the current competency map train CPAs sufficiently to spot that? 

We should keep in mind a couple of things.

Firstly, the WSJ is a good litmus test of what the business press can expect a business professional to know about IT security, and technology related controls more generally. 

Although not explicitly mentioned in the first article, one of the key trends that has raised the level knowledge required for the average business professional is consumerization: individual have access to technology, such as tablets, smartphones, networks, etc. that were once the sole domain of corporate IT. Consequently, now the average business professional needs to increase their knowledge of IT and IT risks to avoid a virus or getting hacked. For example, I heard a couple of guys at the gym discussing the risks of downloading illegal movies: getting targeted by regulators and malware infection. 

Secondly, my friend's kid is 12 years old and understands the concept of viruses, OS and risk at very rudimentary level. 

Okay so we all know the kids are tech savvy. 

But we need a competency map that would be relevant to the future generation that will be entering the profession.  Furthermore, if the CPA profession wants to achieve its vision of being the  "globally respected business and accounting designation" it must not just meet the level of the business press but must go beyond. 



Tuesday, May 5, 2015

Should Algorithm Audits be mandated for HFT firms?

Was heading into work on train and came across WSJ's op-ed piece on the need for regulation around algorithms involved in trading. The article mentions how the regulators have not done much since the Flash Crash of 2010.

What is the Flash Crash of 2010?

As noted in the piece, "flash crash hit on the afternoon of May 6, 2010, as riots in Athens and a European debt crisis weighed on markets. In about eight minutes the Dow Jones Industrial Average fell 700 points before rebounding." 

The op-ed goes on to dismiss the "official" explanation (i.e. a large hedge placed by a US firm and financial shenanigans of UK based day trader) and states: "More important, they say, is the role of high-frequency firms, which use hard-to-monitor algorithms to trade large amounts of stock in fractions of seconds. If they trade erratically, the market can come unglued, as happened in the flash crash."

The article notes that the SEC has been exploring the mandating disclosure requirements and controls on firms that use algorithms. However, the article also quotes a number of regulators who say they don't have enough funds to keep pace with the firms. 

Before I go back down memory lane, it is also worth noting that there are other experts who hold that algorithms - from a privacy perspective - need to be regulated. Bruce Schneier, a well known information security expert who helped review the Snowden documents, in his latest book, Data and Goliath (see clip below for a summary), also calls for "auditing algorithms for fairness".  He also notes that such audits don't need to make the algorithms public, which is it the same way financial statements of public companies are audited today. This keeps a balance between confidentiality and public confidence in the company's use of our data.


So is it time for auditing algorithms through an "AlgoTrust" offering?

As I noted on my reflections on "Big Data: A Revolution That Will Transform How We Live, Work, and Think": 

"[H]ow would you go about auditing an algo? Although auditors lack the technical skills of algoritmists, it doesn't prevent them from auditing algorithms. The WebTrust for Certification Authorities (WebTrust for CAs) could be a model where assurance practitioners develop a standard in conjunction with algorithmists and enable audits to be performed against the standard. Why is WebTrust for CAs a model? WebTrust for CAs is a technical standard where an audit firm would "assess the adequacy and effectiveness of the controls employed by Certification Authorities (CAs)". That is, although the cryptographic key generation process is something that goes beyond the technical discipline of a regular CPA, it did not prevent the assurance firms from issuing an opinion."

I also noted:

"some of the ground work for such a service is already established. Fundamentally, an algorithm takes data inputs, processes it and then delivers a certain output or decision. Therefore, one aspect of such a service is to understand whether the algo has "processing integrity" (i.e. as the authors put it, to attest to the "accuracy or validity of big-data predictions"), which is something the profession established a while back through its SysTrust offering."

What I saw to be the challenge at the time I penned that blog post is market demand for this type of service. The answer appears to be that SEC could mandate such audits and leverage the CPA firms the same way they do for financial audits. However, instead of rendering opinion on the financials, such audit firms would render an AlgoTrust opinion on the algorithms to ensure that they are in-line with Generally Accepted Algorithmic Principles instead of Generally Accepted Accounting Principles (sorry I couldn't resist!).

Beyond WebTrust for Certification Authorities, companies are currently leveraging SysTrust which has been subsumed into the SOC 2 and SOC 3 audit reports. For example, Salesforce.com gets an audit opinion that provides reasonable assurance that its systems are secure, available and that it maintains confidentiality of the information they are provided with.

The AlgoTrust standard should address issues such as the ones raised in WSJ (i.e. as it relates to trading algos) as well ensuring the preservation of privacy. But it should not stop there. In the original post, Chris Steiner explains how algos are invading all parts of life, including things like robot pharmacists.

We have at least three experts from three different fields: finance, data, and information security that all see the value in auditing algorithms. If the CPAs don't take the lead on this, who will? As Bruce Schneier notes it won't be easy, but it is something that will eventually be tackled by either the CPA profession or someone else. 


Thursday, April 23, 2015

Google's Mobile Launch: It really may be about the big data!

Yesterday Google launched "Project Fi" - Google's foray into providing mobile service. As CBC reported the service "will cost $20 US a month plus $10 per gigabyte of data used" (I am still an accountant, trained to find the numbers!). According to the Google blog post on Project Fi, the service will:
  • Find the fastest connection: The service will enable the Google Nexus 6 to switch to the fastest mobile connection, whether it's home/work WiFi, WiFi hot spot, Sprint's network or T-Mobile's network.  
  • Seamless transition between networks: The above service is not just about data, but also voice: when you transition between networks, you can keep on talking without any disruption. 
  • Ties cellphone number to the cloud, not the device: Is this the end of SIM cards? With this service, you can take a call on any device (tablet, laptop, etc.) 
  • Refund for unused data: While implied in the CBC article above, Google has structured the plan to refund the customer for the amount of unused data. 
As I had noted in an earlier blog post, one of the possible reasons that Google is entering into mobile world is to get access to mobile data. Specifically:

"the hidden strategic objective is a big data play: what could Google do with the new data feeds? Sure they already get from being able to correlate the information it already gets from their Android devices. However, they will now be able to analyze this data with the additional data that moves through their MVNO network, such as demographic information and location data. What good is this to Google? In a word: advertising. Advertising is still the biggest source of Google's revenue and adding this pool of data to their reservoir can only add to the bottom line."

Although this project is in "user testing" mode, the video indicates that this is not simply a giant "user acceptance test". Specifically, the announcer says "Getting it in users hands and finding out all the new amazing things we can build that will make your lives easier." (Go to 1:34, if you don't have the 2 minutes to spare)


In other words, the service will actively work with the early adopters to target services that work with the users. Of course these services will be a better way to target ads, such as location based advertising or augmented reality.With respect to the latter, you could use your phone to interact with an augmented reality billboard, store, etc. And Google could turn these numbers back to potential advertisers to demonstrate the effectiveness of such technology. In fact, Google (according to the Verge) invested over half a billion in Magic Leap, an augmented reality firm. But let's see how this rolls out.