SET: Secure Electronic Transaction protocol, a rival to SSL (Secure Sockets Layer). Both provide secure links between a web server and its communicating browser.

“Organizations are not forecasting well, and it does matter. Poor forecasting not only shakes investor confidence, it prevents use of an extremely useful tool in strategy setting and performance management...The forecasting process needs to change from being seen as an inconvenient waste of time which at best requires manipulation to improve pay packages, to a means of generating data that is important for the successful management of the organization.” --From a report by KPMG on greater accountability in forecasting technology.

Forecasting: Inexact Science Faces Tougher Scrutiny
Palaparty, Vijay
Forecasting goes beyond merely taking stock of financial conditions to create an outlook; more CFOs are turning toward its potential to manage performance and processes. Investor confidence plays a strong role, given forecasting’s relationship in driving business value, countered by its inexact clarity.

“Success depends largely on the discipline applied to support processes—the integrity of financial, operational, and external information—and the support of leadership and organizational culture,” said Scott Parker, head of financial management at KPMG International, Amsterdam, which recently released a survey of senior executives on forecasting.

The KPMG report surveyed 540 senior executives, including 168 CFOs, which reviewed how top-performing organizations take different approaches to forecasting. It also compared organizations with high levels of forecast accuracy—within 5 percent of actual results over the past three years—to those that had a wider margin of error in forecasting during the same period.

Only 22 percent of organizations came within 5 percent of their forecasts within the past three years, and only 1 percent hit their forecast exactly. On average, forecasts have been off by 13 percent.

“If a result deviates from predictions, the share price suffers for three or four quarters,” said Jim Sutcliffe, CEO of Old Mutual, a London-based international insurance organization.

Executives reported that errors in forecasting cost their share prices 6 percent, a majority of the decline coming from investor reaction. But forecasts that came within 5 percent saw an increase in share prices of 46 percent over the past three years.

Technology, scenario planning and understanding future developments could help the forecasting process to be more reliable. Forty-two percent of executives said automation through IT systems and tools could improve confidence in forecasts. Focusing less on details and more on business drivers and improving quality of data ranked among the top five in improving forecast confidence as well.

“Knowing what is going to happen tomorrow is much more important than having an accurate accounting view on what happened yesterday,” said Peter van Rossum, CFO at Unibail Rodamco, Paris.

Data quality seems to be large issue for organizations, as it was often reported inaccurate and incomplete. Nearly half of survey respondents believe the reliability of their financial data is adequate or worse—a majority said the same about their non-financial data. Only 15.5 percent believe the reliability of their financial data is excellent, a view shared by only 9.7 percent about non-financial data.

Though respondents said technology would help improve forecasting, one-third believed the technologies their organizations currently use are a notable impediment. Furthermore, 40 percent of organizations solely rely on spreadsheets to produce forecasts. Twenty-eight percent of these organizations are among the top producers of accurate forecasts while 44 percent are part of the low-to-average accuracy group.

“Spreadsheets are easy to tinker with. The consideration that goes into planning models is very considerable,” Rossum said. But regardless, the input data must be of good quality as well as the appropriate processes to produce reports, he added.

The forecasting process could also be aided by not limiting the discipline to only the finance department—other parts of the organizations are as critical to the process. Only 34.6 percent of organizations include operational line managers including finance, sales, marketing, supply chain and other cost/profit center managers in preparing forecasts.

Survey results also revealed that organizations are more likely to outperform rather than underperform their predictions, with the average forecast coming out 8 percent below the actual. While outperforming doesn’t seem like a problem, it means that resourcing and investment choices are based on inaccurate and incomplete information.

“The forecast’s key role in management of the organization means it must be brutally honest whether we like what we see or not,” said Bjarte Bogsnes, project manager at Statoil, Stavenger, Norway.

When respondents were asked how their actual results varied from the forecast over the past three years, 21.3 percent said they performed 6 percent to 10 percent above forecast. However, taking the total sample average, organizations forecasted 6 percent to 10 percent below actual performance.

The 22 percent of organizations that had actual results within 5 percent of have characteristics that set them apart, the survey found. Forecasting appears to be a higher priority among these organizations because they hold managers accountable for agreed forecasts, 86 percent compared to 76 percent of others. Accuracy is also rewarded—25 percent of organizations provide incentives to managers where as only 12 percent of other organizations do the same. The most accurate firms also are focused more on enhancing quality. Fifty-one percent are more interested in further scenario planning and sensitivity analysis compared to 41 percent.

“Organizations are not forecasting well, and it does matter,” the report said. “Poor forecasting not only shakes investor confidence, it prevents use of an extremely useful tool in strategy setting and performance management. Fortunately, application and resources will take organizations much of the way. These measures, however, rather than isolated process improvements, need to be part of a broader cultural shift within organizations. The forecasting process needs to change from being seen as an inconvenient waste of time which at best requires manipulation to improve pay packages, to a means of generating data that is important for the successful management of the organization.”
(Back To Top)


Malware Tops 2008 Security Threats
Palaparty, Vijay
Cyber criminals continue to step up operations, using creative means to plant code on web sites to prey on victims by infecting computers, allowing them to steal information and resources.

The phenomenon, known as malware, has grown such in scale that one new web site hosting malware is created every 14 seconds—6,000 per day. Malware is currently among the top security threats for 2008, according to a report from Boston-based Sophos.

“The web is the now the vector by which people go around affecting computers—cyber criminals try to break into a PC to hack it,” said Graham Cluley, senior technology consultant at Sophos. “It used to be that the bad guys used email attachments but more businesses now have gateways that stop such emails from coming through. So the hackers look for another way to do it. They try and affect high-traffic websites.”

These web sites aren’t necessarily set up to share malware, Cluley said, noting that 83 percent of web sites are those that have been hacked. “More and more, a lot of web sites are hosting malware and people need to be aware of that,” he said.

Malware is hosted primarily in the China and the United States, 51.4 percent and 23.4 percent respectively. Last year, the U.S ranked first with 34 percent of malware-infected web sites while China accounted for more than 30 percent.

“The U.S. and China have a huge number of computers, some of which are not protected, so they can be abused to either host malware or used to send spam and attacks,” Cluley said. “China is responsible for more than 50 percent of malware hosts worldwide. That doesn’t mean the Chinese are responsible—they could be hackers from anywhere in the world.”

Avoiding malware requires making a web server more secure—by not installing unnecessary components on the server; signing up for security notifications; patching all operating systems and applications with security fixes; and running up-to-date anti-virus software on the web server, regardless of operating system type.

“What you need to do is to make sure your web site is properly patched with web server software that you are running,” Clulely said. “It makes sense to scan your web site and the directory on your network with antivirus software. Make sure that unauthorized people haven’t changed it remotely.”

Malware is not a problem that only Microsoft Windows experiences. “A lot of people think that malware is only a Microsoft problem, but there are a multitude of operating systems,” Cluley said. “When it comes to traditional malware, it is written for Windows, Mac, Linux or Unix. What you have to realize is that the author is just trying to embed it, to inject it.”

Threats coming in via email, also part of the security threats list for this year, have declined steadily over the past three years, perhaps because compromising code writers have turned to the web to host their attacks. In 2005, the number of emails with infected attachments was 1 in 44. In 2007, the ratio spread to 1 in 909. Despite the decline, emails containing links to malicious web sites have increased.

Spam is also on the rise—Sophos research revealed that 95 percent of all email is spam. The United States ranked number one as a spam relayer in 2007—22.5 percent of all spam originated in the U.S. South Korea and China ranked second and third at 6.5 percent and 6 percent respectively, according to report.

“The United States, responsible for sending about one-fifth of all the spam in the world for the past few years, needs to tackle this problem urgently,” the report said. “Not only is the problem polluting our inboxes with unwanted emails—some of which will got to malicious or infected web sites—it also means that a large number of U.S. computers, most likely run by home users, are infected. Educating users on how to protect their system again a compromise to the U.S.’s success in its war against spam.”

Identity theft in business networks is also on the