As the vice president of cloud security for Coupa, I recently was invited Amazon Web Services (AWS) security event in San Francisco. We’ve built and grown Coupa on AWS for the past seven years. A lot of other companies have been built on AWS as well, but as an enterprise software company, specifically a financial application, we are a still bit of a rarity and we work very closely with AWS on security issues.to speak at an
We have seen and dealt with a lot of challenges that other companies are just starting to think about. So that puts us in a pretty unique position, and it was nice to be able to share with about 140 people—entrepreneurs, risk managers, investors and developers—who turned up to learn how their companies can meet security requirements in the cloud.
Security alone is not an end goal unless it is the primary business of the company. That said, most companies store data that needs to be protected. It might be customer or credit card information, patient records, personal information, government information or trade secrets. The three main drivers forcing companies to address these issues are loss, theft or unauthorized use or changes to their data.
Sarbanes-Oxley Act of 2002
This is especially true for companies dealing with financial data, and regulatory compliance as it relates to the Sarbanes-Oxley Act of 2002. In November 2004, Section 404 of the Sarbanes-Oxley Act went into effect and required all public companies to perform internal audits and provide evidence that they are meeting SOX 404 guidelines. Coupa has been following
Last week, Coupa hosted a delegation of 30 Ruby enthusiastsfrom Japan, including the creator of Ruby, Yukihiro “Matz” Matsumoto.
For those of you who don’t know a lot about Ruby, it’s an elegant, object-oriented, dynamic programming language, and it underpins the popular Ruby on Rails model-view-controller (MVC) web framework that we use in Coupa’s products.
While from an implementation standpoint Ruby is not a simple language, a large part of its elegance comes from its conceptual simplicity. There aren't many exceptions to the general rules, and the exceptions that do exist tend to be for human reasons rather than to accommodate the machines.
Ruby lets us write concise, expressive, readable code, which in turn makes it easier to
The Affordable Care Act (ACA), a.k.a. Obamacare, took effect October 1. With millions of people looking into health insurance exchanges either online or in person just on the first day, healthcare providers downstream are preparing to cope with the new reality.
Earlier this year, we hosted a webinar, Finding Certain Savings in Uncertain Times with two of the healthcare industry’s leading influencers: Curt Miller, chief information officer for Amerinet GPO and Brent Johnson, vice president of Supply Chain and Support Services for Intermountain Healthcare. They shared some of their thoughts on what healthcare providers can do to cut costs and do more with less. Here is an excerpt of our conversation:
Coupa: How have you guys been planning on dealing with the Affordable Care Act?
Brent: There’s no question the Affordable Care Act brings up some huge issues. A lot
Are there too many people in your approval chains?
We all know how a long approval chain can slow the business down, create headaches and foster maverick spend. But having too many approvers can hurt your business in a way that’s far more insidious: it decreases accountability.
It's almost counterintuitive. You would think that if you had more people looking at a transaction, you would get better results. But in fact, you often get worse results.
At a recent gathering of CFOs I attended, one CFO shared an example where he was presented with a check to sign for $600,000. His question was,
At Coupa, we are passionate about helping ourcustomers save money. And who needs more help with this right now than the U.S. Government? With Congress returning from summer break this week to tackle a series of budget deadlines, I did some math to see what kind of savings might be achievable through using a product like ours. Here’s how I did it.
USAspending.gov, is the first place I looked for published data. This is an official website of the U.S. Federal Government, which captures information about all the contracts that the federal government awards.
To keep things simple and to be conservative with the numbers,
This week, Coupa is releasing the results of its study onthe math and the methodology behind the math.2012 government spending. As a procurement veteran in both government and the corporate world and as an advisor to the company, I reviewed
There are some challenges specific to government procurement that should be noted, but when you take a look at the $239 billion per year that the press release is talking about, being able to save in the range of 6 to 10 percent on that spend should be very achievable if the government procures in a different way.
One of the challenges is that it's hard to just take what business does and bring it straight across to government. I know, because I tried. I had some
In my last post, I outlined some of the things you should consider when transforming a purchasing group into a strategic sourcing group, including whether to take a category or process based approach. Regardless of which philosophy is right for your organization, the next thing to think about is the process itself. Just having a sourcing process is not enough. It is also necessary to establish checkpoints along the way to make sure the team does not take a wrong turn during a sourcing project.
Most of the likely checkpoints will be associated with ‘points of no return’. In other words, decision points where changing direction later comes with a cost in terms of leverage, options, or price.
Keep in mind that checkpoints are not category specific. For example, procurement may not have visibility into the fact that there's an acquisition
As companies grow, purchasing grows, and atsome point the company realizes it's time to be more strategic about the way they are acquiring goods and services. Usually, the first step is to implement a sourcing application.
That first step is where the first mistake often gets made. Simply buying a sourcing solution does not turn a purchasing team into a sourcing team.
There are two common philosophies you will see play out in a sourcing organization, and you need to decide which one is right for you.
The first option is process-focused; procurement owns process and discipline and drills the team on methodology and mindset. They work to create more options so at the end of the day there's better competition ultimately leading to a better result.
The other approach is to take a category focus. In that case, you say,
Last month, Coupa sponsored a survey of 500 employees who submit expense reports at enterprise-level companies. 72% of respondents said they thought that expense report waste, fraud and abuse cost their companies between $25,000 to $200,000 per year - from things like buying office supplies for personal use, unauthorized airline upgrades, overly expensive dinners, and the like. 33% of those surveyed even admitted to stealing
How can healthcare organizations prosper in a rapidly changing economic live webinar discussing exactly that. Our guests will be Curtis Miller, CIO at Amerinet, a healthcare focused GPO; Allen Esses, a healthcare supply chain expert with CCP Global; and Brent Johnson, VP Supply Chain at Intermountain Healthcare, a non-profit hospital system serving Utah and southeastern Idaho.and regulatory environment? Join us next Thursday August 22nd for a
These guys have some serious chops when it comes to helping healthcare organizations save money. To give you a little taste of their expertise, we caught up with Brent Johnson of Intermountain for a pre-webinar chat. Brent is a 30-year supply chain veteran who has held leadership positions in three different industries. For the past 8 years, he has led the transformation of Intermountain to become #4