SEC Relaxes Section 404 Compliance Requirements

On Monday May 21, the SEC approved “right-sizing” measures to describe how corporate managers should comply with SOX expectations. The guidelines are the first significant change to SOX since its passing by the Bush Administration in 2002.

Compliance requirements, especially to Section 404 of SOX, is a time-consuming and costly endeavor for a public company; on average, approximately 15-percent of annual IT budgets have been spent on SOX compliance since 2004 – the article suggests that, on average, $2.9 million was spent in 2006 by companies seeking compliance; $91,000 for smaller public companies. Companies must implement strong policies and controls that govern the accuracy of the financial statements, then have an independent auditor attest to the effectiveness of their controls through certification.

The charge from business that motivated the change was that SOX created a huge competitive burden for US firms subject to the regulatory requirement, stiffled innovation, and SOX could be blamed as the principal motivator for companies to relocate to more unregulated markets.

The Public Company Accounting Oversight Board’s new auditing standard guidelines (AC-5) allow corporate managers to inspect areas where faults in the financial reporting process could likely be found instead of requiring the independent auditor to do the same thing. It scales Section 404 requirements to better fit the company’s size and complexity; it encourages auditors to use more independent judgment on risk assessment and Section 404 implementation; it will allow auditing fees to be capped or reduced as redundant analysis by the auditor would be eliminated.

IT staffing levels, auditing, and engineering responsibilities/spending for public organizations may be affected by the change.

R

Net Neutrality and Small Business

Net Neutrality is the idea that all users on the Internet should be in control of their own content, applications, and have equal and fair share to bandwidth. Neutrality, in this context, suggests Federally-recognized economic classifications of bandwidth and content could prohibit or restrict Internet access for all. Net Neutrality is about unfettered and equal access to the Internet.

The threat to Net Neutrality was raised in 2006 by the 109th Congress’ 2nd session in the US by the introduction of HR 5252: The Communciations Opportunity, Promotion, and Enhancement Act of 2006 (COPE). In May 2006, this bill was approved without adequate Net Neutrality provisions and on June 8, 2006, HR 5252 passed the House 321-101 with minimal amendment. The Markey-Boucher-Eshoo-Inslee Amendment, which would have protected Net Neutrality, was not adopted prior to introduction to the Senate. Because the bill contended with a Senate Commerce Commitee’s S. 2686 Telecom Bill, HR 5252 eventually died in the 109th 2nd session Senate without coming up for a vote.

But does that mean the Net Neutrality issue is resolved? Not at all. This is an ongoing fight being raged both domestically and abroad. Recently, telecommunications providers and market supporters have espoused a belief that Net Neutrality is genuinely un-American, that companies and individuals who use more bandwidth should have to pay premium prices.

Raising rates without providing additional value must be, after all, patriotic. There’s a certain “feel good, market forces, capitalist” flavor to this argument that is, at first glance, appealing to anyone that wants to make money on the Internet. Why shouldn’t those who use more pay more? Yet, for the critical thinker, small businesses should be terrified by that statement: the capability to compete with the big boys on the Internet would be dictated by economic forces. The Internet is a level playing field of open opportunity. It always has been. A bill like HR 5252 would stratify bandwidth and content access exacerbating the problem of information haves and have nots: the poor would have limited access to content and the wealthy more access to content. Small business would have less opportunity to market their products and increasing sales volume without suffering a bandwidth penalty, or, toll, for attracting more business through their portals. At second glance, Net Neutrality is simplified for the sake of capitalism but complicated for the sake of freedom and equal opportunity.

Anti-Net Neutrality laws would be bad for students as well; online education is a growing market modality for continuing education programs. It allows working professionals with families and work obligations to attend a college program and earn a degree. If students were forced to pay more for their Internet access because of their bandwidth consumption, this would put downward pressure on new enrollment because of financial constraint. It would increase the costs of providing for and attending an online university, further partitioning our society from those who do and don’t have access to a college education.

And disregarding Net Neutrality is bad for small business because it constrains opportunity and access. It puts downward pressure on innovation and forces small business to consider the financial risk of increasing bandwith and content provided to the consumer. It allows telecommunication providers to charge more while providing no additional value, in an era where capacity is abundant. Finally, in unfairly taxes the consumer who must make opportunity cost decisions on where they browse, what they read, and what they access on the Internet.

Interested in getting involved?

• Save the Internet petition to Congress for Internet freedom.
• Write a Congressional Letter.

R

What’s in Your Backup?

A client called me two weeks ago. A microcomputer completely died; the system wouldn’t even spin-up after a reboot. After arriving onsite and removing the case, I found that the hard disk had entirely failed. I couldn’t even get the conrtoller to recognize it. The system was nearly eight years old and in a very dirty environment – the dust in the case was extraordinary. But this just wasn’t any PC: this was the bosses’ PC.

Shouldn’t have come as a big surprise though. Hard disks are measured in mean time before failure (MTBF) ratings and, by all averages, this one had lived twice its useful life. Luckily a majority of the user’s files had been on the network, but a few files – like the Quicken file – had been maintained on this hard disk. That caught me by surpise – I didn’t realize that the boss was using a 1999 version of Quicken; that particular software maintains its data file in its program directory so it was outside the scope of my backups and data replication processes. I had to perform some forensic work back at my lab to recover the hard disk’s contents and restore them to the bosses’ new machine today. Yeah, we were probably lucky.

This incident got me thinking about how I could have handled that situation better. I thought of a couple of ideas concerning backup assessments though that all small businesses should practice.

1. Centralize. Plan for client failure. Move critical information to the server. Your administrator should work with you to make the process transparent and simple, but no critical data should be maintained on a PC hard disk.

2. Create a Plan. All small businesses would do well to have a Data Backup, Archive, and Retention Policy. This would reflect management’s intent to preserve information resources and create a structure for data classification and preservation.

3. Implement the Plan. Once intent is established and data classified/identified, technical controls should be setup to implement the backup strategy. Have a qualified system administrator implement the backup solution.

4. Test the Plan. Don’t be passive about your backups. Your administrator should check the logs, review the tapes, actively look out for discrepancies and resolve them immediately. The administrator should then prove – frequently – the acceptable performance of the backup.

5. Manage the Plan. Setup some benchmarks so the backup process can be measured. How fast does a regular backup usually work? How many bits? Rates of failure? Metrics (measurements) can help you, as a functional manager, understand the backup process and to detect variability. Communicate these metrics to your system administrator: hold them accountable for implementing your controls, not vice-versa.

So, myself, I’m going to go back to the client and pitch a stronger business continuity strategy employing some of these ideas; re-assess what’s actually on the client machines. I thought I’d share that idea with you as well: you usually don’t luck out after a catastrophic failure like that.

R

Star Trek: Hidden Frontier’s Last Episode

One of the most amazing fan sites for Star Trek, Hidden Frontier, released their last episode on May 19, 2007.

Incredible graphics, production, scripts – seven seasons of work, and watching from season six is an extraordinary experience; the detail put into these new episodes is a testiment to the power of microcomputer technology and the capability to produce and distribute a high-quality series without the traditional overheads of the television medium. A true diamond in the rough of fansites, if I were Paramount, I’d be looking for ways to tap into an online community of talent and dedication rather than mothballing the franchise.

Hidden Frontiers proves what is possible in the next generation of media. Extraordinary work and worth downloading if you’re a Star Trek fan.

R

Futurework – Mobile Spaces

My itinerary for the next 24 hours:

3:00am PST – Woke up. Logged into Colorado Technical University.
5:30am PST – Finished grading CTU papers and posted final grades for two classes.
6:00am PST – Showered, dressed, headed out for the airport.
7:00am PST – Connected to the free PDX WiFi, did some work with my Keller Graduate School class on information system security.
8:15am PST – Boarded the plane to Bend, OR.
9:00am PST – Arrived, grabbed the car, headed to Bend,
10:00am PST – (Now) Starbucks, TMobile account. I’m working around three other people who’re also working, one guy’s holding a meeting, another brought in a portable file cabinet. We’re all on the phone, laptops going, coffee fueling the fire. Deals are being made across scones and caffene.
2:00pm PST – Scheduled to have a visit with one of my customers out here.
3:00pm PST – Check-in to hotel.
5:00pm PST – My MBA505 class for Concordia University – Hello Moto. Lectures, discussions, presentations.
9:00pm PST – Return to hotel, wrap up lose ends, get some sleep.

Sat – Teach for eight hours on-ground in Concordia. Get some work done during tests (database projects).

6:00pm PST – Catch a flight back to PDX
7:00pm PST – Arrive back in PDX, do dinner with my family (for my birthday)

Ahhh – the future of work (work everywhere, emersive, freelanced, entreprenueristic, connected) is here.

R
www.micklerandassociates.com

What’s in My Forensic Kit?

I’ve been asked at times what I keep in my forensic toolkit. This is a collection of burned commercial and open software that I take with me when performing computer forensic work: the extraction and preservation of data evidence for eventual presentation to a legal representative (lawyer or court).

Cain & Abel. A password recovery tool for all variants of Windows, except Vista.

Kiwi Syslog Daemon. This is a log parsing utility for Windows environments.

The Ultimate ZipCracker. A utility to crack or find lost passwords in PKZIP and Office documents.

Email Examiner. A great tool for recovering email on a microcomputer.

Knoppix. A bootable version of Linux that allows a bypass on NTFS controls in Windows.

WinRescue. A general purpose tool for a Windows station.

Uneraser. A great command-line and bootable solution to unerase contents of various file systems.

Acronis. Data archive and retrieval – stream an image of the drive to another USB drive without disturbing the original image.

OfficeRecovery. A useful tool for repairing corrupted Office files.

Snort. Network packet logger and investigations software.

So – what’s in your kit?

R
www.micklerandassociates.com

Open Source Miscellany

A couple of noteworthy ideas encountered this last week on the Open Source movement.

1. The Open Source Thinktank 2007: The Future of Open Source.

An interesting report on the state of the movement and the convergence of commercial vs non-commercial interests in this sector. Evidence, stage left: Microsoft was a platinum supporter of the event – go figure. A good read on the evolution of ideas in this space.

2. The Long Tail of Spare Cycles.

Chris Anderson, author of The Long Tail, has proposed that open source development is spurred by an excess capacity in our time; out-of-work programmers experimenting to keep their skills sharp and to provide the next commercial opportunity for them.

This rings true to home: it wasn’t but a year ago that I was invited to join-in on a project involving Asterisk, the free Linux PBX, to create a service company based on the product. I’m afraid I didn’t have the space cycles myself, though, to really get involved. Huh – I wonder how they’re doing?

3. The Red Hat Online Desktop.

Sniff sniff – do I smell the fresh aroma of online apps? Competition for Google is on the horizon as Red Hat announced their attack against the traditional desktop. Imagine a customizable desktop stored on Red Hat servers, available to anyone in the world. “The computers will target small businesses and governments in emerging economies, and the software will be made available on Intel’s Classmate PC, a low cost notebook computer for students.” Just more evidence that IT is becoming more utilitarian.

Good to know – good to read.
R
www.micklerandassociates.com

My Story on Adjunct Teaching

>Since this isn’t really a school related email; I
>won’t be graduating until ~December but I
>wanted to ask how you got started teaching for
>Devry.

Sure!

>I think it may be something I would enjoy doing.
>I rarely see job openings available for teaching
>on their website but know that classes
>fill up so quickly they must need people for this field.

Yes, and not just DeVry/Keller, but tons of traditional university systems and for-profit institutions like Apollo and Career Education Corporation (CEC). There is a very large market for adjuncts right now.

>I wanted to ask. Do you know how “in need” they
>may be of teachers and what their requirements
>may be? I know I should probably direct this to
>the school and if you would rather not answer until
>after semester or never I’ll certainly understand.

Sure, I can give you my impression.

I’ve been doing adjunct teaching – contract-based teaching – since 1996. I applied to an ad in the paper for a contract teaching position with a vocational college in Wilsonville, OR, to teach a DOS 6.22 class. I had my bachelor’s degree and I was a Netware Certified tech and MCP at the time, so my qualifications passed muster. I loved the experience. It was fun – and challenging – to stand up in front of a bunch of people and deliver a lesson plan.

I took on more teaching opportunities at Pioneer Pacific College and the University of Oregon, where my MCSE credential now opened a lot of doors. In 1999, I was on the verge of completing my graduate program, and I applied for onground adjunct teaching with the University of Phoenix; I taught grad and undergrad tech curriculum for them exclusively for many years.

In 2004, I saw an ad that DeVry/Keller had opened up a facility in Portland.

I made a call, talked to the dean, and received an interview. I started teaching grad work for them in 2004 onground and I’ve been teaching for them onground ever since; I’m presently teaching an IS535 class onground.

It was around 2004, too, that I expanded my horizons. I applied for an adjunct instructor position with Colorado Tech University and began teaching online courses. I asked the same of DeVry, channeling through the onground dean to talk to the right people, and began teaching for DeVry/Keller online, too. And since 2004, I’ve been designing classes for both CTU and DeVry, which introduces a new set of challenges and skillsets.

Since 1996, I’ve been teaching adjunct without a real break. Eh, I love to teach (grin) and it’s just a major part of my life. I teach for about four university systems right now but that goes up and down based on what the market is doing.

Universally, these are the things you’ll need to be a successful adjunct candidate:

1. At least five years of stable work experience in your field, preferably as a manager or higher level of responsibility.

2. A bachelor’s degree at minimum; a master’s degree to teach undergraduate and a small sliver of graduate; a Ph.D. if you want to teach exclusively graduate.

3. Teaching experience helps and gives you a competitive edge, but I wouldn’t say it’s absolutely required. Being able to say that you understand lesson plans, rubrics, that you’ve had face time on the stage with a bunch of students, and know how to grade papers… this all helps. However, in today’s market, I think most schools are willing to take a chance on talent, to give them the experience they need in this area.

Contract teaching (adjunct) is an attractive option to for-profit and traditional university systems. You can cap the cost of an instructor through the contract without promise of tenure nor all of the messy direct and indirect benefits offered to employees. Adjuncts are often just as qualified (if not more qualified if you look at real-world experience) as the tenured professor, and can relate to employees in continuing adult education programs better (in my opinion) than someone whose been away from the workforce for a while.

Adjunct teaching is very rewarding because you meet all kinds of people and backgrounds, new ways of doing things, new ideas being explored in other companies. It can give you insight into your own career and technical problems just by involving yourself in the curriculum with the students. If you love tech, and you love to talk about tech, then adjunct teaching tech can be a lot of fun.

However, it’s very time consuming and the hourly rate would probably make you laugh, particularly once you start out; adjuncts with more experience command higher rates on the contract, particularly PhD’s, which are more versatile to the university. Typically it’s a 5.5 week to 8-week engagement and you aren’t paid all of the funds up-front; instead, you wait to be paid until after the 8 weeks, or, some schools pay you a 1/3′rd now, 2/3′rds after the end of the course. This means heavily financial management on your part. You’re a contractor being paid on a 1099 (usually), so you must factor in the management of your own taxes. Plus, if you factor in Net/30, you’re not being paid for up to 90 days of the beginning of the class.

A typical contract for an undergrad course could run a new adjunct instructor $1,200. Based on the dire necessity for your talent, you could see $1,300-$1,400. If you’ve taught before, $1,500; and if you’re a PhD, $1,600.

A typical contract for a grad course could run a new adjunct $1,600. Necessity, $1,800. Sometimes, stipends and other incentives are allowed, $1,900. Experience, $2,100. PhD, $2,400.

I typically run about 4-6 classes at a time, mostly online through CEC and Keller, although I do onground teaching. I know of adjuncts that just do 1 class a quarter; I know those who run up to eight courses at a time, full-time. The online environment allows me to maximize time and
minimize my expenses, so it’s a better ROI for me. Some instructors hate teaching in front of the box – it’s a preference thing – but I enjoy it, yet I don’t want to totally lose my onground skillset so I’ll intentionally teach for Phoenix or Keller onground throughout the year.

It’s rough when you first start out. You’ll be learning how to do things, learning the curriculum, reading the text, figuring out the process, sapping a bunch of time. Plus, students: helping them with homework, fielding email and phone calls – sometimes at whacky hours and on weekends. This will reduce your margin at first. You’ll spend, probably, at least 15-20 hours/course; you can do the math to see the hourly rate, and it’s not all that spectacular.

However, once you get the groove – you know what to do, what to expect, what you’re going to lecture on, or the focus of discussions, the content of the course, the textbook, all of the policies and procedures… then you can easily begin to whack that down maybe 3-5 hours/week per class (especially online as much of your content is electronic and “copyable”).

So, in the first couple of years, you’re gaining experience and learning the ropes, getting used to performing (grin), and getting used to the process – managing your finances, balancing work and family time, getting used to paying taxes and benefits differently than “normal”. Sometimes, I see new instructors burn out, be uncomfortable with managing their own financial affairs, find that they can’t juggle work and family, that they’ve no “free” time of their own because they’re always on call. This happens. And they don’t move on.

But, for those others, what you see are economies of scale effect where they take on more contracts with more institutions, learning how to market themselves, balance their engagements, and make a fairly good scaleable income. Myself, I use teaching as a stable portion of my company’s revenue model that can be expanded and contracted based on other demands on my time.

Oh, and did I mention that you’re awarded incredible education discounts on software and hardware (grin)? Check out journeyed.com. An _excellent_ benefit for being a teacher!

In any case, in Google, just do a search on “adjunct teaching”. The rest is up to you. You’ll find that there is plentiful opportunity and I think DeVry is in that list, but there’s also others… when you’re ready, just contact me and I can put you in touch with a dean or two.

R
www.micklerandassociates.com

How to Investigate the Cached Email Addresses In Outlook

You may wonder what happens to all of those email addresses that Microsoft Outlook “remembers”. You know, when you create a new email, you begin to type and the field autofill’s with the name or address of somebody you’ve sent email to before?

I ran into a problem last week with one of my clients. I had to re-create a Windows profile for him which essentially regenerated a new cache, wiping out all of these pre-stored email addresses. It turns out these were essential for him so I had to do some digging on getting them back.

Even in an Exchange configuration, they’re not stored on the server but are rather stored in a machine language *.nk2 file under the local profile in Windows. This file is under a nest of hidden folders under WinXP from:

c:\documents and settings\%user name%\local\application data\microsoft\outlook

Within that Outlook folder should be a *.nk2 file. Now, if you rename or delete the file, Outlook will automatically regenerate a new one, which effectively wipes out the cache. But in my case, I wanted to restore this list to the client’s new profile. Copying the file and placing it into the appropriate directory for the new profile did the trick.

But the client wanted to go one step further. He wanted a copy/output of the cache, but it’s unreadable – it’s machine language. So I needed to find a tool that would help me parse the file and convert it to something I could understand, like a text file or a spreadsheet.

I found a free tool on the web to do just that.

Simple to use and install, the utility allows you to export the cache’s contents to a variety of other formats. Very useful – I was able to prepare a spreadsheet and hand that over the client. Then I thought: “Hey, not a bad thing to write about on my blog…!”

R
www.micklerandassociates.com

The Windows Experience Index (WEI)

WEI. This is WEI.

Feel the WEI. Know the WEI. Be… the WEI. Well, this is my WEI.

Nothin’? Aren’t you impressed?

So you might be wondering what it means. So are a lot of people.

The Windows Experience Index is a new feature in Windows Vista that attempts to rate your “experience” with Windows on the subject PC. If you were to then compare the WEI of various PC’s, you would then have a basis of suggesting, “Wow. My Vista experience sure seemed better on that computer,” or “Wow. A 4.4 rating is better than my 3.8 rating on my home PC. I think I’ll buy the new computer.”

The WEI is comprised of five indexed elements: processor, memory, graphics, 3d rendering, and the hard disk. If you were wondering, the maximum rating is 5.9 and apparently the scale will slide as new hardware is introduced into the marketplace. The minimum score for Vista’s Aero Interface is 3.0. 4.0 is a snappy and responsive PC; 5.0 ratings are top of the line.

If you’re running Vista, you can glance at your aggregate and composite score under System Properties in the Control Panel, or just right-click the My Computer icon and select Properties. And if you’re really a geek and want to compare your WEI against other nerds, visit:

www.shareyourscore.com

Now, consumers have a counter to track a machine’s obsolence. That’s convenient… I always wanted a statistical counter from a vendor to let me know when it was time to upgrade.

Supposibly, we will be able to use the score as a means of reviewing our purchases. For example, we could look at a new graphics card and the box packaging recommends a WEI of 5.1 or higher; or before you purchase Doom 5, you’ll need a WEI of 5.8.

At this point, vendor support for WEI seems limited. Even Intel seems hesitant to really endorse their products under a WEI score and admit that Microsoft’s benchmarking is more attuned to graphics than processor capabilities.

What a great idea though: lock a number into the public consciousness as a numerical perception of performance. Then, allow Moore’s Law to constantly raise the number to generate anxiety and encourage more sales to keep up with the artificial score. A constant race against an arbitrary metric. Pure marketing genius.

Whether or not the WEI really makes headlines, sticks around, and becomes valuable for consumers is when it sees wide market adoption and if it transcends Microsoft’s products in favor of competitors like Apple and Linux. What is really called for here is an open standard not fudged by Microsoft that everyone can agree on, so that when we compare boxes we can compare raw performance. The WEI, as it relates to stictly Microsoft Windows, isn’t exceptionally useful if vendor’s don’t agree with it (say, er, Intel), or, if it’s strictly limited to Windows. Seems like a perfect solution for open source (wink).

R
www.micklerandassociates.com