Step one: take your hugely expensive company accounts system off your network and onto the Internet. Step two: wait for the cost savings to come rolling in. Financial software giants such Oracle and PeopleSoft are desperate to convince senior management that this is the way forward for accounting systems. They’re also hailing browser-based software as the new form of electronic data interchange (EDI), eradicating information gridlock between head office, warehouse and suppliers. But the marketing hype leaves many crucial questions unanswered. With the Internet still dogged by security worries, are company boards poised to place mission-critical financial information on the web? If so, who will have – and who will steal – access? And with the twin challenges of Year 2000 and Emu conversion looming, is it really the right time to embrace a new way of doing business? In terms of functionality, a web-based accounting package does exactly what its non-Net forebears did. It’s the way you access them that changes. “In version 7 of our software you get Windows and web capability in the same package,” says Steve Curtis, a technology consultant for PeopleSoft in the UK. “When accessing the financial package over the Internet you just type in the company’s website address and click on the PeopleSoft accounting system link. A set of panels for different accounting functions then pop up just as with the traditional system.” The financial applications can be downloaded by the user on to their PC through a programming technology called Java applets. This does away with the need to store this information on individual desktop PCs, instead storing it on a server, normally run in-house. The new, and potentially make-or-break, business decision is whether to run the package on the company’s existing internal network using web technology – as an intranet – or to place it on the wider Internet. There are three main business arguments put forward for web-based technology. Firstly, a web-enabled system will be cheaper to maintain, largely because software upgrades or tweaks are performed only once on the central server rather than on every PC running the package. This cuts down the operating costs and saves time, argue web vendors. Secondly, it’s designed for remote access. Employees anywhere in the world can access their company accounts or databases via a laptop or even a hand-held organiser. Access to important information no longer hinges around a cumbersome PC directly linked to the company server. This is particularly useful for industries that demand a lot of off-site work, such as construction. Thirdly, web-enabled software will revolutionise EDI links to suppliers. When a company’s head office has one version of EDI and their supplier has another, vital orders lie unprocessed because the systems can’t communicate. The web uses well understood and genuinely open ‘protocols’ – which means that every web-enabled system can communicate easily with every other one, regardless of hardware platform or (usually) operating system. But the prospect of using the Internet as a repository for such sensitive information sends a shudder through many industry observers. “Placing mission-critical information on the Internet opens up a big security headache,” argues John Moroney, a principal consultant in new media technology for IT analyst Ovum. “What if outsiders manage to tamper with the accounting system while it’s in progress? It would be absolutely disastrous. You might as well let people walk in and steal buckets full of five pound notes from your office. Decision-makers have to weigh up the worst-case scenario.” Moroney touches on a hyper-sensitive point for industry and consumers. Incidents of hacking and computer virus infection are increasing, while a recent survey by IT consultancy NCC found half of all British businesses have suffered some form of security breach in the past year. Half of these breaches were classed as serious. Software suppliers claim most of these security worries can be dealt with through commonsense security measures: “Managers can grade access to corporate information,” says Amir Jamal, European technical manager for Slough-based Prestige Software, vendors of the Masterpiece/Net accountancy package. “For example, all line managers would be allowed to view ‘001’ accounts but only a select few would be allowed to see accounts beginning with ‘002’. You just employ traditional network security technology such as firewalls.” Steve Curtis, a UK technical consultant for PeopleSoft, argues that web-based packages are not a risky option. “We provide the user of a browser-enabled system with the same level of security as a Windows financial package (such as) access through user ID and passwords,” he says. But as Curtis concedes that these security assurances are not winning over clients: “We’ve talked to our clients about web-based financial applications and about 95% of them have yet to be convinced, although some are testing browser packages.” So will the accountants and management consultants happily conduct accounts online? Eddie Short, an executive consultant for KPMG, gives web technology a cautious welcome: “There is a security risk if you put your company’s accounts on the Net but the risks are no worse than normal if you use strong encryption (software which scrambles electronic information). We’re prepared to integrate web-based software from companies such as SAP and Oracle.” Short identifies two factors delaying investment in Internet software: Year 2000 and euro compliance: “But our research suggests that when compliance projects hit their target of mid-1999 there’s going to be a massive amount of IT resources released into the economy.” Mark Fisher, head of business operations for NatWest in the UK, warns against a one-size-fits-all approach to web-enabled software: “Browsers are an enabling technology. It all depends on what kind of operation you are and the kind of communications network you have,” he says. “If a company is scattered geographically and it doesn’t have a wide area network (Wan), then a web-based package is attractive because the infrastructure is already there. The beauty of the browser is that it relies on common Internet standards which cut costs and open up access to information.” Fisher argues that placing accounts on the Internet does raise security issues as the company has less control than usual over it’s system. NatWest does not use any web-enabled accounting packages although it runs an online banking service for corporate clients. “It’s really easy to stick a browser front-end on applications. The big issue is whether you apply the technology in-house or outside your company network,” he adds. It’s clearly difficult to gauge the market impact of this new, distributed, financial software. Early adopters may get a head-start, but as with most technology, leading edge can quickly become bleeding edge. Dixons has invested in a web-enabled form of EDI to speed-up communication with its suppliers. “Our suppliers found EDI technically difficult and some didn’t even have an IT department,” explains Pam Bingley, commercial systems controller for the retail group. Bingley is currently trying to persuade suppliers to adopt this new strain of EDI. When Dixons sends an order to one of its 400 merchandise suppliers, using their traditional EDI system, it passes through the network and the order is converted for the Internet and posted on a website – constructed by software vendor GE TradeWeb – and displayed as an e-mail-style message. To pick up the message the supplier goes straight to the website and clicks on a “message received” icon. The order form can be changed to an invoice online before going back to the head office as traditional EDI. “The new system isn’t in operation yet, but we’re about to sign up a number of suppliers,” reveals Bingley. “We’re the first retailer in Europe to use this package and after a big chunk of development work, it fully integrates with our existing system.” Traditional EDI, however, is far from dead, with around 250,000 users worldwide, according to figures form IT consultancy Dataquest. Companies have invested heavily in hardware and software to support it, so a mass conversion to the Internet’s virtual private networks won’t happen overnight. “Think very carefully about what kind of information you deal with over the Internet,” urges Moroney. “There’s a big difference between putting general promotional information online and then doing the same with core business processes. Even if you work within an intranet, it’s worth remembering that 80% of security breaches are internal.” Browser-enabled financial software looks set to expand steadily over the next few years, as companies come to terms with the (largely overblown) security fears. In the meantime, feel free to browse. Next page: The software vendors debate.