Yesterday, I had a fascinating discussion about governance and risk with Jonathan Becher who is a senior VP in SAP’s governance, risk and compliance group. Prior to this he was CEO of Pilot Software, a strategy software company SAP acquired earlier in the year.
I knew Pilot back in the late 1990s when it was a tiny vendor aligned to the then emerging business intelligence market. I recall its products were advanced for their time but, as with many software companies, it was let down by less than optimal marketing.
I wasn’t sure that Jonathan and I would agree on much as I have problems with the way governance, risk and compliance is positioned. I am suspicious about the motivations behind many projects, seeing governance measures as little more than lipstick on a pig. Surprisingly, we agreed on much more than I thought we might.
Jonathan talks about the development of business analytics and social computing in terms that make a lot of sense. He sees four factors in play:
- Self-publication: where there is no central authority imposing rules upon those who are disseminating information. This contrasts with old school views about knowledge management where the end game was command and control
- Self-structuring: where the restrictive hierarchies that apply to how individuals organize information are displaced in favour of self-selected tagging structures. We agreed this can lead to difficulties and that some sort of seeding mechanism is required to handle say 20% of common terms with which people would be familiar in any given context. An example might be ‘deferred tax’ or ‘gross profit margin.’
- Self-assessment: this is the application of Amazon style methods of recommendation where users who find one piece of information useful might also find something related to be of value. We discussed the problem of popularity style ratings. Here there is a risk that topics get skewed in favour of individuals not wishing to ‘step out of line’ and so creating a false sense of wisdom or consensus. This is a topic I’d like to explore in greater depth as it has ramifications for the way information is parsed and used.
- Self-policing: this is really about reputation. While there has been a lot of fear around the use of social computing techniques and concerns over the loss of company secrets, the reality is different. People value reputation and are, therefore more likely to behave accordingly.
I enjoyed our conversation because it opened up topics of mutual interest where I was able to learn more about how we can apply ideas behind social computing to improving our ability to not only share knowledge but add value both internally and externally back out to clients. We both agreed this is very early stage stuff and that there is still much to learn. I hope to catch up with Jonathan when I visit Munich next week for SAP’s TechEd conference.