* Posts by Yougottalaugh

26 publicly visible posts • joined 26 Mar 2019

Cisco spends $28B on data cruncher Splunk in cybersecurity push


Re: Does anybody get this?

If you are splunk then this makes sense - a great premium payout before your decline in market share, precipitated by the desire of CIOs and CISOs to reduce costs. The clues are in the number of products competing to reduce that splunk bill. The acquisition seems likely to accelerate the decline because any effective bundling is going to require an amazing transformation in Cisco’s GTM. The real winner here is probably Crowdstrike, who this week announced their latest cybersecurity platform with their own logging solution. Don't hold your breadth waiting for thousands of CISOs to run joyfully from Crowdstrike towards whatever ‘splunk -enabled security vision’ Cisco are touting. Expect rather the opposite and raise a glass to the Splunk board for selling at the top of their market.

Keir Starmer's techno-fix for the NHS: Déjà vu disaster or brave new blunder?


When they open the tender documents perhaps reality will dawn....

When the National Programme for IT (NPfIT) launched, three different tech giants consulted me. They had got the bid packs and it made sense to them to do so. After all I was working in the leadership team of a British software startup but had spent five years in a leadership role in the social and health care care sector. They probably figured if anyone knows how to win this he will. I told all three No Bid. Their sales leaders told me that wasn't an option. So I asked them to show me the model of the domain - the operating model they were going to be building their solutions for - and they searched inside the envelopes and alas found that was missing. Instead, the procurement team had included some wonderful National Service Framework Standards. I think they were the National Service Framework for Diabetes complete with a black and white picture of a roguish Alan Milburn Secretary of State for Health. The triumphant sales team declared "here is the domain model" and so we sat down with the developers, the engineers, and a couple, of hours later they No Bid. Three consultations and three No Bids. Some years later one of them thanked me for avoiding the write-downs that some of the winners had to make.

Some of the confidence I felt in doing this was because I knew a secret. One of the 'authors' of the National Programme for IT (NPfIT) had previous form. He had helped the Major of London tender for a Congestion Charging System. The winning tech firm reached out for help several weeks after winning the bid. Their many programmers writing code had a problem - no one had built a congestion charging system before - this was a creative first. And the consultant who had prepared the 'requirements' well lets just say there were some holes. Luckily, it was solvable. We had helped them create an evolutionary solution, helped them figure out how to build it iteratively, to learn and add (on a 24 hour cycle) to the model, then to build new IT services to handle what they had discovered and was now in the operating model. The grew slowly and successfully.

Every software Product Manager will find this a familiar journey and the approach was what I had told a group of NHS leaders several years before the National Programme for IT. We had proved the approach with a Local Authority who avoided the trap of buying an old an antiquated IT solution for social care. The LA instead commissioned their own evolutionary approach. They accepted the need to change how social care was delivered and managed, and developed their IT system, slowly, to help enable this operating model change. No big bang. No secret magic solution. Just careful learning and change. As I say, I shared this approach with the NHS leaders (including the future National CEO) years before the NPfIT: Divide up the problem into different health domains; Focus on working out how you want to deliver say diabetes services; get that defined well enough to begin working on that (which means the experts and patients are the key design partners; have multiple local owners iterate it; make this early adopter solution more widely available to others when done and share the transformation journey the people may need to travel along; create some enabling platform services that enable this and solve for some of the data challenges, but remember this is primarily about transforming how the health and social care system should and could work in future, not about how to do todays hospital admin more quickly. I saw no evidence that they listened or understood. Perhaps they di but were not empowered. But I would give the next Government the same advice today.

HPE hits record compute profit margin, insists you're buying bigger boxes, not being milked


Re: I'm pleased

Me to its so nice to see an engineer who started his career handling support calls leading a CEO driven transformation that is slowly succeeding. Quarter by quarter they get stronger and better, a real credible option for CIOs to complement the three big hyper scalers by handling the 70% of workloads that don’t naturally fit the public cloud. Dell are trying to follow but HPE have a solid lead

IT technician jailed for wiping school's and pupils' devices


Re: Hmm

I know this police officer. He is a tech by background and superb. When our school got attacked by some nasty Russians he spent hours helping our sys admin restore and rebuild. Top guy. In fact Leicestershire Police Cyber team are a hidden gem

HPE has 'substantially succeeded' in its £3.3bn fraud trial against Autonomy's Mike Lynch – judge


Re: Lynch should be in prison

It is one year since I read the FRC Disciplinary Tribunal report following the sanctions against Deloitte and former partners for audits of Autonomy. Having just read the Summary Of Conclusions by Mr Justice Hildyard for the first time I now feel some sympathy for Deloitte.

Sympathy because of the scale of the fraud: the Hardware case: the VAR case: the “reciprocal transactions case; The "hosted case"; the OEM case". All found to be strategy/programmes that were dishonest, and that were accounted for through dishonest presentations. This means the CEO and CFO skewed the whole business, distorted its success and its value. Deceive everyone. Yes their Auditors failed. But so did their Audit Committee and so did their Board.

Rather than throwing stones at 'stupid Americans' we Brits should be asking how can we ensure this level of fraud never happens again to a public company? Because this level of fraud reduces confidence in the UK public market place and that ultimately reduces the market capitalisation of those listed companies, reducing their ability to leverage funds and invest and grow. This hurts - ultimately - this country. It's a sad bad story.

Mike Lynch loses US extradition delay bid: Flight across the Atlantic looks closer than ever


Re: Let the chuckles ring out!

“ The sale of Autonomy comes under UK jurisdiction, the company is a UK company, the accounts must adhere to UK financial rules.”. Which they clearly did not. According to the FRC who gave the auditors a record breaking fine.


Re: Let the chuckles ring out!

As reported previously “Deloitte has been fined £15m by the Financial Reporting Council (FRC) for “serious and serial failures” in its auditing of British software company Autonomy prior to the latter’s acquisition by HP for $11bn”. The outcome of the civil case is unlikely to have any ramifications for the criminal case which is highly likely to cover the same evidence the FRC considered.



Re: Let the chuckles ring out!

Fraud is strange. Fraud in a public company is stranger still. Hopefully it is also rare. Sadly due diligence is very unlikely to detect fraud in a public company with audited accounts and quarterly reports. The Auditors have been found guilty and given a record fine. So that is three forums trying the same thing. Strange indeed.

UK Home Secretary delays Autonomy founder extradition decision to mid-December


Re: This is bonkers!

As your likely an anonymous PR hack being paid to distract let’s just say your wasting your time here. The Reg has covered these stories better than the wider media so most readers will recognize a sad attempt to confuse with irrelevant points. This is a US criminal case, not a civil case, the second case the US authorities have brought, and given they won the first, don’t bet on them loosing the second.

Brit analysts formed pact to crash Autonomy's market valuation, ex-CFO tells US court



Roles and responsibilities and logic explain it. The CEO (Lynch) is the most senior accounting officer, whose job it is to ensure the financial statements are accurate. His codefendant (Chamberlain) is VP of Finance and prepared those statements. If the statements are wrong then these two are at fault. Deloittes verify, they act as auditors of what Autonomy were claiming was happening. Auditors should give everyone confidence that the financial statements are reliable. The FRC concluded that the auditors failed and should not have agreed the financial statements. The only conclusion you can reach therefore is that the financial statements were not reliable. So now you know who is at fault. Given the defence relied on the argument that the auditors approved things, and the auditors were subsequently found to be unprofessional and given a record breaking fine, there isn’t really a defence any more. It’s not just that the defence has got a hole in it, it sank without trace the day the FRC finished their work.

'Biggest data grab' in NHS history stuffs GP records in a central store for 'research' – and the time to opt out is now


If only we could imagine a better way

Oh if only there was a better way to meet the wonderful stated Government objectives of enabling better research. One that did this without enabling crass commercial exploitation and privacy loss. But its JUST TOO HARD!. Sob sob sigh

But wait. What's this? A couple of academic clinicians and some coding friends at Oxford University Data Lab have solved this? They did it in FIVE WEEKS! That's going to put a kink in the kickbacks from our commercial colleague retirement fund. These guys dont even appear to be hoovering up the data..and wait, they are openly sharing the code on...? Sorry whats a Github?

"OpenSAFELY is a new secure analytics platform for electronic health records in the NHS, created to deliver urgent results during the global COVID-19 emergency. It is now successfully delivering analyses across more than 58 million patients’ full pseudonymised primary care NHS records. All our analytic software is open for security review, scientific review, and re-use. OpenSAFELY uses a new model for enhanced security and timely access to data: we don’t transport large volumes of potentially disclosive pseudonymised patient data outside of the secure environments managed by the electronic health record software companies; instead, trusted analysts can run large scale computation across near real-time pseudonymised patient records inside the data centres and secure cloud environments of the electronic health records software companies. This pragmatic and secure approach has allowed us to deliver our first analyses in just five weeks from project start. You can read about the principles of OpenSAFELY here. You can read about our pilot programme for new users here."

Everything you need to know about the HPE v Mike Lynch High Court case


Re: Why so pro-Autonomy?

"If Autonomy WERE cooking the books (which has not been established) then yes, they should be punished for that"

I think its fair to conclude that if the authors were fined 15M its highly likely someone thinks the books were indeed fully cooked then reheated and finally deep frat fried. That someone is the body overseeing standards in not cooking books. Probably a safe conclusion (in the 99% range of likelihood).

If your (1) is wrong then your (2) sort of falls. So please have sympathy. And if your surveyor said the house was ok but the builder had convinced the surveyor by producing fake certificate then its not on you or on them. And that's a far better analogy for what happened.

HPE urges judge to pick through Deloitte-bashing report it claims demolishes Autonomy founder's defence


"and likely would have raised issues if they had waited"



Re: Expert evidence versus adjudicatory findings

Or you can argue, if Deloitte the Auditors were conspiring with their client Autonomy to mislead the market then they should both be punished. The Auditors have been punished with a record fine. So what do you think logically comes next?


Re: report demolishes Lynch's defence ... not sure.

I just posted on this so wont repeat it all here, but the question is can the buyer do that research? I would argue no they can't. They can only examine in the clean room the evidence they get and what is publicly available. And we know the later was false so lets guess what the former was!


Re: report demolishes Lynch's defence ... not sure.

Buyer beware absolutely applies your so right. But the fact that key Directors didn't read reports while it may be bad practice, probably had no material impact. That may sound strange but the reality is that most acquisitions of this type are teams of professionals in a clean room (electronic nowadays) talking to other professionals trying to substantiate trading figures and projections and to ascertain the working capital needs of the business going forward. The also look at liabilities. In a share buyout its an 'all-in take it or leave it' deal as you are buying the whole business. So its bankers and lawyers and accountants talking to each other. And if the starting point is that the accounts are not real...well they are not going to catch it in most clean rooms, because, ask yourself, where is the data coming from? Imagine someone saying "here are our books behind the last four quarterly earnings, actually we keep two sets the real ones and the ones we falsely report to the market". NOT GOING TO HAPPEN.

Occasionally, the buyer/seller puts in a senior manager or two and they may smell a rat. But there is a catch here because the parties have to sign an NDA and that can mean - if the deal falls through - that the Manager can't, well carry on managing. If you ever want an early retirement/change of career then (like some of my friends) you volunteer for this role and get paid off if the deal fails, because your conflicted with confidential information and are of no more use to your firm. I was once one of two such people and we both smelt a very smelly rat (strangely for totally different reasons) just before we would have started the next phase where we would have 'seen too much' and we convinced our CFO to cease and desist. So it can be done, but I am guessing its rare (don't know where we could find data on this).

So back to your comment - "they didn't bother to read the due diligence reports" yes but thy would have told them nothing, because the reports were based on accounts that were not real. So then the question we can ask (we who are not lawyers) does' buyer beware' still cover the seller? Is that fair? Or another word beginning with f?


Re: report demolishes Lynch's defence ... not sure.

Yes your right the Audit was the normal audit - which you get to see very year as the results are published annually - and for a listed company of this size it is continuous and involves the Auditors every quarter. For example the Audit Team listen to the earnings calls and - if the management are wise - have some discussions (even negotiations) before the earnings call. Well if I was the CFO I would.

For the managers there are two continuing 'pinch points' when their finance story gets stress tested. The first is discussing the quarterly reading, pre earning calls (reviews with the Auditors). The second are the Q&A on those calls with the analysts. These are probably the two sets of meetings where every quarter, Management come under most scrutiny. If either one of these narratives becomes a fiction...well then trouble follows. Think of it as starting to accrue factual debt from that point - its going to be paid back at some point.


Re: report demolishes Lynch's defence ... not sure.

"curious that a few million in hardware sales could wipe billions off the value of the company"

Excellent post - your curiosity gets nicely to the heart of what went wrong!

So here is why it matters so much....what it was probably all about, the root cause. Let me show you how to avoid loosing a billion with a few $M of hardware and some dodgy accounting hiding our failure to make our sales growth plan.

If you and I tell investors that we have just had a quarter with $100M of software sales then our little enterprise is worth a multiple of that number (lets use x4 as a rough rule of thumb multiplier). If we have four successive quarters where we are adding, say 10% more in sales each quarter then, you and I have a proven steadily growing software business. Nice multiple, nice steady growth. Lets say we get an offer of $1.85Bn and we say yes it is time to sell!

But if in fact we only had $80M of software in that first quarter and we concealed $20M of hardware to boost our numbers, then we are worth a lot less. Our valuation isn't x4 it could be as low as x2 (different business models are worth different multiples). And what if we also didn't actually have steady growth, but instead had some ups and downs, because it was a rough year and we ended up flat making $400M in sales (including all the hardware). We get an offer to sell but its now only $800M. Its a fair price just less than we had dreamt about.

Different investors have different appetites for their pay back periods, so a Private Equity firm buying a European software enterprise might be very happy with a 10 year pay back plan and very interested in that growth line because over ten years how you draw that line of growth makes an enormous difference to the value. Is if flat? Or is it sharply upwards? And they will focus like a laser on what is being sold (and since this case even more so!).

The Tribunal found that Autonomy first added 20% of hardware sales to the quarter (booking hardware and making it look like software). At that point if disclosed the multiplier drops. That's worth billions. That's what the analysts were saying in their evidence.

And by allowing fictional VAR deals to be booked - because Autonomy couldn't close deals with all the customers - the quarterly sales numbers were misleading. That's the growth line changing trajectory on the graph paper.

Together these little things are worth billions.

Make sense?


Re: report demolishes Lynch's defence ... not sure.

"they employed auditors and relied on the resulting audit by telling everyone they were conducting due diligence etc. and assuming it would find everything in order and so didn't bother actually reading the reports"

Here is a quote - note the astonishment - from one of those due diligence auditors:

“[W]hen Autonomy records provided to TP13 during its post-acquisition ‘closing balance sheet’ engagement reflected substantial hardware sales (upwards of approximately $40 million in the first six months of 2011), my team and I were astonished... my team and I had no knowledge before the acquisition that Autonomy was making substantial hardware sales: we understood that occasionally Autonomy made appliance sales (i.e. where Autonomy’s software was pre-loaded on hardware), but it had not crossed our minds that Autonomy resold third-party hardware on a standalone basis. [...]

I recall noting that the 2010 Annual Report referred (at pages 13 and 16) to Autonomy’s ‘pure software’ model. ... I understood it to mean that the company’s revenues derived almost entirely from software sales. I did not understand any statements in the Annual Reports (or anywhere else, for that matter) to disclose that Autonomy’s reported revenues included revenue from the sale of third-party hardware that included no Autonomy software.”

Now you can be deeply cynical and argue that all auditors should assume other auditors probably failed to follow professional standards and so one should not be astonished. But I don't think it is unreasonable for one audit firm to trust that another 'big four' audit firm was failing in this way. And if you read this internal email from a clearly very concerned Deloitte auditor to the senior Deloitte person (para 295) you can see how worried some Deloitte auditors were:

"“My earlier comments re disclosure of hardware sales in Q3 to avoid potential embarrassment at the full year when the segmental disclosures pop out, I see as critical. This represents c20% of sales in the Q so I don’t see how they can give a balanced view if they don’t cover it in the narrative. If it is such a strategically important initiative, I assume they would want to talk about it. I look forward to seeing the words.”

We dont know who that Deloitte person was - they are D7 in the cypher - but despite D7's email of 14 October 2009, saying in effect 'hey Mr Kights, these guys are adding 20% to their sales and it isn't software so we have got to get them to fess up now' Mr Knights failed to get Autonomy to change their narrative (tell the world a more truthful story).


Re: report demolishes Lynch's defence ... not sure.

" The auditors findings are often trivial and it is much an attempt at winning additional consulting services business as genuine systemic failures - mainly because companies doing dodgy things with genuine systemic failures will try and hide said issues from the auditors."

Yet in this case they were not trivial matters, they were both material and serious. The report of Tribunal concludes: " Misconduct through a failure to act in accordance with Fundamental Principle (c) “Professional Competence and Due Care” (against both Mr Knights and Mr Mercer), through a lack of integrity (against Mr Knights) and through a loss of objectivity (against Mr Knights)." and that the conduct "falls significantly short of the standards reasonably to be expected"


Re: report demolishes Lynch's defence ... not sure.

I have read the report of the Disciplinary Tribunal. It took me several hours, but to be fair the oral evidence alone occupied approximately 20 days with oral opening and closing submissions from counsel over several days and voluminous written evidence.

This report is a cracking read, especially if you sit on an Audit Committee (full disclosure I do) or if you have been involved in selling software (even fuller disclosure I have in the past). Or maybe you have heard rumours of just how many deals get stuck right at the end of financial quarters, as if those pesky customers know about the supplier financial reporting periods (wait a second I've just realised...)

I think anyone who does read this report - and please do read it, even if only to admire the beautiful writing - will find it is both thorough, and somewhat sad, like watching a very slow car crash play out. The auditors were found to be culpable of misconduct in relation to (i) the allocation of hardware costs in Q3 09 and Q4 09/FY 09; (ii) the non-disclosure of the hardware sales in FY 09; (iii) the recognition of revenue from sales to VARs in Q4 09/FY 09, Q1 10 and Q2 10 and and Q3 10. They also failed to correct Autonomy’s letter dated 3 March 2011 to the FRRP. By the time you read these conclusions you will have long since realised where this was going to end.

It is an educational report because it paints such a vivid picture of the market scrutiny and the constant background pressure on the Autonomy Managers, and subsequently the pressure on the auditors:

"The pressure on Autonomy to meet market expectations gave rise to a risk of misstatement through manipulation of the financial results to achieve a desired position. Deloitte, Mr Knights and Mr Mercer were well aware of the pressure and the risk. They were under pressure from Autonomy to accept its treatment of the hardware costs and the revenue from VAR transactions, rather than upset their client by challenging it."

The Tribunal considered why that mattered. Why the pressure from market scrutiny? Para 291 and 292 sets out the impact. Evidence from one analyst was:

"if the market had known of the 2009 hardware sales, the impact on Autonomy’s stock in 2010 and early 2011 would have been “significantly negative”.

A second thought that: "a negative reaction to the share price of at least 30%".

And a third - a former Head of Investor Relations for Autonomy - said he:

"...was unaware of the hardware sales in Q2, Q3 and Q4 10. If he had been aware of them, they would have indicated that Autonomy was:

“a totally different type of business and a totally different business model, which would have had a very different valuation ... it would have indicated that this wasn’t a pure software business, and that there was much lower margin revenue stream included in its – in its P&L, and it would have had a correspondingly low evaluation [sic]”

So really bad and really clear. But the remit of the Tribunal - as the report says - was only the Auditors. The introduction makes it very clear that:

"No individual director, member of management or employee at Autonomy was a party to the Tribunal hearing. The Tribunal did not invite, receive or consider any witness evidence from any director, member of management at, or employee of Autonomy, and no such individual was represented at the Tribunal’s hearings. Further, the Tribunal did not invite or receive comments or representations on the terms of the Tribunal Report from any such individuals prior to the Tribunal Report being finalised."

Just in case anyone missed the significance of that, the introduction then states:

"The Tribunal has not made, and should not be taken to have made, any finding against any individual or entity other than Deloitte, Mr Knights and Mr Mercer (including Autonomy, or any individual who was a director, member of management or employee at Autonomy)." It even anonymises several third parties, who are instead identified by ciphers.

I am not a lawyer and I don't understand the rules by which the judge in the commercial case may or may not admit this into evidence. But if it is admitted it wouldn't be so much a demolition, more like a total obliteration.

Financial Reporting Council slaps Autonomy auditor Deloitte with £15m fine over audit 'misconduct'


"Culpable of serious and serial failures"

Culpable of serious and serial failures...and..."The Tribunal made numerous findings of Misconduct". So now we know that three years of Autonomy accounts, pre-sale, are untrustworthy or to put it another way, it is highly likely that there were "accounting improprieties, misrepresentations and disclosure failures". With the fine reflecting "the gravity and extent of the failings" it will be fascinating to hear the basis for Dr. Lynch vigorously rejecting "all the allegations against him" as he fights the fraud charges.

Worldwide Google services – from GCP to G Suite – hit with the outage stick


Re: A clear case of all your eggs

Interesting conclusion to reach when Google is the only large public cloud provider that actually helps you replicate workloads in AWS and Azure. So any really critical workloads can be replicated across the big three public clouds in your choice of reasons. All your eggs in as many baskets as you want to feel safe and secure with Mother-Hen-Level engineering

Cash carousel spun between Filetek and Autonomy, Lynch employee tells court


Re: And the others?

If you bought a software/SaaS company using a value-to-sales multiple based on the long term development in the company's markets and working backwards using probability-weighted scenarios about the potential size of market and the current market share as well as the level of return of capital you can earn, and you then found that the past growth rates were not real, then that would account for an over evaluation. Software/SaaS sales are massively sensitive in valuations, because they can change the growth rate graphs, with huge impact. It's not the $ amounts that matter, its' the role these $ play in creating the story "we are a fast growing company in a huge market with a small share". The valuation is a multiple of the sales $ over time, and it can be a very very big multiple, because you are using them to justify the value of future growth. Think graphs where one line is pointing up to the top right and one is a flat line. The missing value is that slice of pizza (or pick your favourite food substance) shape.

WeWork filed its IPO homework. So we had a look at its small print and... yowser. What has El Reg got itself into?


Re: Nice wheez

But wait there’s more. The WSJ reported in July that Cofounder Adam Neumann cashed out what they described as an “unusually large sum of $700M” ahead of the IPO through through a mix of stock sales and debt.

The tech lawsuit of the year: HPE v Mike Lynch and Sushovan Hussain


Re: If the frauds are quite small, how come the $8Bn write down?

Small changes can make a big difference to valuing a business because the first data point for the acquirer in a trade sale is likely to be the growth curve, based on the past and then the future forecast growth. So the past revenue is a highly sensitive metric, which if tweaked, can be very misleading. Full disclosure, I was part of a UK software startup leadership team looking at a trade sale, and was constantly told by the advisers "keep the growth curve looking good". So you are under huge pressure to keep that revenue growing and the curve consistent. One bad year and your valuation drops from a multiple of potential future annual revenues, to a number much closer to the current year revenue.