Introduction (00:05): Welcome to Achieving Frictionless Commerce, a podcast series brought to you by Vertex, where tax and IT experts discuss how you can create a frictionless buying experience that will better support your customers and drive future growth for your organization—as well as the surprising way that tax plays a part.
Jeremiah Owyang (00:27): Developing a smooth customer buying experience is a necessity for today's businesses—it's no longer an option. For IT leaders that are challenged with making this happen, the good news is that there is help out there. Welcome to Achieving Frictionless Commerce. My name is Jeremiah Owyang, a technology analyst and entrepreneur based in Silicon Valley and your MC, join me and my guest experts from Vertex, a leading global provider of indirect tax software and solutions in our six-part podcast series. Together, we will discuss what the term frictionless commerce means right now, what you can do to minimize any barriers in your customer journey, and the best steps to take that will lead to long-term organizational growth.
Jeremiah Owyang (01:16): We will also take a deeper dive into the somewhat surprising ways tax plays a major role in reducing friction and give you a powerful example of one retailer who used tax software to do just that. I'm so fortunate that I'm joined again by Robin Allen, Senior Director of Agile Program Management, and Digital Transformation, and Change Management at Vertex. If you didn't listen to our interview from the last session, go back and also listen to that one. Robin is back today, to help us discuss creating a plan for frictionless commerce within a company, and to provide IT experts with what they need to make positive changes for their organization that moves towards a better, frictionless experience.
Robin, welcome.
Robin Allen (02:04): Hello Jeremiah, it's good to talk to you again.
Jeremiah Owyang (02:05): We'd love to hear your thoughts on how companies can take this forward?
Robin Allen (02:09): So, audit itself starting there, embrace it. In the last podcast we talked a little bit about what it looks like to lean in, how do we help businesses to embrace this idea of an audit. This is a gentle reminder these are good things, an audit's not a bad thing. You're selecting your vendor to partner with to give you this feedback. Depending on your organization of course, there's different types of audits. Financial audits are probably some of the most common, but there are many different types of audits, and some also can be broader.
Robin Allen (02:37): A finance audit is very specific to obviously an organization's finances, and all things connected to that. Also, I would say, you know, best practices, right? So, we're building things and we're enabling and supporting technology for our organizations. In the last podcast when we spoke Jeremiah, and I talked about those ility's, the scalability, and reliability. Those are all things that you have to be thinking about… monitoring, performance, ease of use to make a frictionless experience. Because we're focused on ultimately our customer, or the end user. And then lastly this idea of partnering… just as a gentle reminder, the auditor is a partner of some sorts, but there's also partners that you have that help you—not just tactically and perhaps operationally, but also strategically—as you're building solutions out for your business."
Jeremiah Owyang (03:27): I love that point you made in our last discussion around how IT is empowering the business, and that arm-in-arms linked together, locked together, in lockstep—so that was a great point that you made. And also, to think about audits being as an opportunity for business growth.
Robin Allen (03:41): Absolutely, the auditor is, as I said, a vendor, someone that you hire that gives you feedback. Being open and embracing the feedback can only make you better. It's someone that's looking at your environment that may tell you things that you may not be aware of. Processes that you may need to look at more closely. An easy one as an example Jeremiah is access. Sometimes as IT professionals giving access to ourselves and giving everything is a defacto default, because sometimes it's easy. It doesn't have as many challenges when you're troubleshooting it makes it so much easier. But as we know, using financial systems (or even people systems), having access to everything actually isn't a good thing. And an audit can raise those things, but also help you to understand that you have to change what you're doing.
Jeremiah Owyang (04:27): Great points. Let's dive into some of the tactics… and I know you have a whole treasure trove of what to do because you've been, walked in these shoes before. So, my question to you is, what should IT do with the information gathered in the audit?
Robin Allen (04:41): One, don't hide it, right? So, communicating the outcomes… generally what happens in an audit is a good auditor will help to prioritize, meaning this high… low, medium, high. So, they're categorized in a way that it helps you to assess the risk to your business. And then you decide. Certainly, the highs are going to be ones that they will assert that you absolutely should do, and then the lows, there's probably a little bit more room. But certainly, communicating the outcome of the audit with clarity. You're not hiding it, it's not a bad thing. You shouldn't… IT shouldn't be saying, "Well I don't want anyone to know that maybe we have a lot of highs, or we have lots of mediums."
Robin Allen (05:21): That is the opposite of what you should be doing. There's also setting expectations because assuming that you have a certain number of things you have to fix, you do have to set expectations with the business. But I think also it helps the business in connecting the dots where gaps exist. Because for myself as a leader—whether I'm a CIO or whether I'm the Senior Director of the Agile Program Management Office—I have responsibilities as a leader, as the safety of our business (from a data perspective [and] from a people perspective). And this helps me to do that. So, it's helping from an IT perspective the business closing those gaps and making them more aware.
Jeremiah Owyang (06:00): I want to go back to your point on the low, medium, high prioritization. What should be done in addition to just identifying those?
Robin Allen (06:07): So, you'll get them back, so the auditor will help you. And then I think there's an opportunity if there's a lack of understanding from an auditor and let's say an IT professional, and there's a conversation there. But really what that does is it in turn more tactically gives you an organized way to attack what's going on, especially if it's your first time or even second time. I've never done an audit where nothing has come up. As perfect as I like to think I am, I'm not. And the audit, there's something that comes back to the team (the low, medium, and high) gives the opportunity to prioritize, assess, and then fix what it is the auditor has identified. So, it's a way to know if there's fifty things—low, medium, high—you're going to go for the highs first because that's the most bang for your buck and it's probably where the largest gaps exist.
Jeremiah Owyang (06:57): I would imagine that there might be some feasibility and then cost associated with that analysis?
Robin Allen (07:03): There is. So, sometimes to fix something you may have to purchase a tool. So, a good example when you think about data and information… there's tools and things, and sometimes solutions have it where there's data masking. So, I mentioned the people systems before… if we're all familiar with people systems, that's pretty much all my PII as an individual. If you're a company of five-hundred people, a thousand people, or ten-thousand people, if you're testing or if you're implementing something new you can get tools and technologies that mask that data. So, Jeremiah, I don't see your social security number, or your birth date.
Robin Allen (07:42): And I'm not saying people are bad. What I'm saying is we need to protect the information. So, that's part of that and having the high, medium, and low as an IT person, or professional, I say, "We've got these mediums... I may need to invest in a tool in technology; we may have to change a process; we may need resources to help us externally to fix something (maybe from the vendor that you brought the technology from)."
Jeremiah Owyang (08:07): I think you're making a great point. That this in a way really rolls out your road map on what to do. So that's another benefit of the audit, right?
Robin Allen (08:15): Yes, absolutely.
Jeremiah Owyang (08:16): Okay, let's go a little bit deeper. If tax is part of your action plan, what should you do?
Robin Allen (08:21): Jeremiah, when I answer these questions about tax and thinking about tax, I always relate it to my own experiences [of] when I shop. So, if we think in terms of tax—reporting tax, collecting tax, returns—always think about your own personal experiences. When I shop online, I go through a process by which I select my item. And depending on the item, the tax is calculated. And depending on where I live or what the item is, that dictates that. Delaware is a state that is a no-tax state on anything so if you purchase something physically in Delaware, you don't pay tax.
Robin Allen (08:59): So, same idea if you ship something there. So, this idea of having clarification around are you charging the right tax, because collecting it is just a step. I can apply a number or percentage to a certain amount and just collect that, but the rules and the regulations behind what you're collecting is also part of this. Because ultimately for organizations, you're going to have to tell someone what you collected as far as tax and/or returned.
Robin Allen (09:24): So, this idea of frictionless commerce, I as a consumer want to trust that when I'm buying something and I'm making the decision to put it in my shopping cart, that I'm being charged the correct tax. And then from an internal perspective as the company that's providing that service and that I'm buying from, I need to make sure that I'm collecting the right tax. Just because I live in Delaware—well I also may be buying things from California, or I may be buying something from New York, and all of those rules behind tax that makes it true—that when it comes to Delaware, and it's shipped there, that I may not pay tax. [Those] are all things that happened that I don't know about as a consumer, but I need to know about as someone supporting (as an IT professional working with the business) to provide that service.
Jeremiah Owyang (10:12): Here's a question, what should we do when it comes to engaging the leadership within the organization after the audit's been completed?
Robin Allen (10:20): What hopefully has gone on (and we talked a little bit about this in the last podcast) is that the business leader should be in lockstep. The audit shouldn't be happening without there being awareness. But certainly, once you have the results, IT should be working with the business. It's like I said it could be, "We have to invest in a new technology," but also it could be process related. Depending on the size of an organization… generally what happens when you're smaller, you as an individual Jeremiah… you have five jobs, so there's not that delineation of responsibilities.
Robin Allen (10:51): Well, that's something that you have to work with the business on. And I'm not saying, you go hire fifty people so that you have separation of duties, but you do need to work together in figuring out how that's going to look and feel. So, reviewing the audit, helping there to be understanding of the next steps that you have to take, because hopefully once you do this [it] is not going to be your last time. You're going to have audits on an ongoing basis moving forward. You're also setting a baseline for yourself as you go into the future.
Jeremiah Owyang (11:22): Once the leadership has been included, what are the other departments that should also be involved?
Robin Allen (11:27): So, it's going to depend on the type of audit. Leadership in general, but then if it's specific to Finance, or specific to People and Culture, if it's a specific audit to IT… it just depends on the type of audit and what you're going for. Something like SOC 2 Type 2 audit or even a SOX audit… those things require probably a broader set of resources from different areas of the business because you're looking more holistically at the business as a whole. But it does depend on the type of audit. In this case, as we're talking about frictionless commerce, this is very specific to Finance. So, obviously Finance should be involved, and then IT, and then perhaps others.
Jeremiah Owyang (12:10): It makes sense. One of the areas that I have a question for you is, is there value in telling the public market about the accomplishments of the audit and it being completed?
Robin Allen (12:22): Absolutely. So, you don't necessarily share the specific outcomes, but you as an organization can absolutely say that you're “this compliant”, “SOC 2 Type 2" It's a branding. I know myself as a consumer, as a CIO, if I was purchasing something and something that may have data that's being stored, I want to know if they do have audits. And more specifically, I want to know that they passed and that they are now complaint.
Robin Allen (12:49): We at Vertex, our cloud solution is SOC 2, Type 2 compliant. That's important to me as a consumer. Because my data, my information, is sitting in your solution (or in the cloud). Hugely important. You should absolutely tell people and if people don't ask, you should tell them.
Jeremiah Owyang (13:08): You've shared many best practices and pragmatic plans, but I want to hear some scary stories. Something that has made you cringe. Something that has gone wrong. Can you enlighten us?
Robin Allen (13:19): Lots of things Jeremiah. I mean, you think in terms of sometimes there's organizations that maybe don't pursue an audit. Then they just don't do it for whatever reason. Either it's a cost thing, or a resource thing, or that you actually get the audit, and you ignore the results, right? So, getting an audit again, always remember you are engaging in with whomever you are and they're there to services you. So, it's not that you have to share it. You [don’t] have to open up the audit and say, "Here whole world, you can take a look!” It is meant for you.
Robin Allen (13:52): So, I've also seen organizations have an audit and then disagree with the results—the high, medium, and low, and they're like, "Nah, I don't really think so," or "Well, that's the way we've always done it," or all the things that come into play emotionally when it feels like someone is critiquing your work—and they're not. They're advising. They are giving you input to make things better hopefully. Lots of times with IT (sometimes with IT resources) we get very attached to the way that we've done things and this is a very nice subtle way to begin to think not just about the work that you do, but about connecting it to the business.
Jeremiah Owyang (14:31): It reminds me of arguing with your doctor after an exam.
Robin Allen (14:35): Yes, “Oh, that can't be the case!” (laughs)
Jeremiah Owyang (14:35): (laughs)
Robin Allen (14:35): ... “What do you mean?”
Jeremiah Owyang (14:35): (laughs)
Robin Allen (14:39): ... “I don't… that's not true!" Yes, absolutely.
Jeremiah Owyang (14:41): So, flipping the narrative here just a bit… when it comes to best practices, especially when dealing with vendors, what's the right mindset and approach to take?
Robin Allen (14:50): I think for organizations just to remember [that] you don't have to do everything yourself. You can buy things, like there's software that you buy. But this idea of a partnership with a vendor… it implies the idea of a partnership that it's more strategic in nature. You should be thinking about the things that you do well and wanting to do those things well. And then those things that you may not do well, or you don't want to do, you seek out the vendor. Doing everything yourself doesn't mean that's a bad thing or a good thing.
Robin Allen (14:50): It means you're making good decisions about what you should do and what you shouldn't do. [Think] what makes sense? Sometimes you also partner with vendors because there's skills that you may not have and that's a way to move ahead, to maybe invest in your team. But also, maybe their resources are types of skills that you'll never invest in, and that's okay. So, just being less tactical and more strategic about what the partners look like, and I said, a Vertex serve as a purpose, but there are many other vendors and partners that you can engage with to help to enable your business.
Jeremiah Owyang (15:56): Robin, how can Vertex help reduce friction?
Robin Allen (15:58): We provide solutions so I would suggest—highly suggest—exploring our products and our services, because we accept some of that burden. Depending on the solution… I mentioned the cloud, I mentioned SAS… but thinking in terms of, how do you partner with vendors to help to share that burden? So, I said Vertex products are a cloud SAS product, SOC Type 2… SOC 2 Type 2. That burden means that it is something that Vertex now carries and maintains, so you can trust that we are being responsible, that we are going through audits, and that we're compliant.
Jeremiah Owyang (16:38): Robin, thank you again for coming back on our show. A big thanks to Robin Allen for sharing her knowledge about creating an actionable plan for frictionless commerce. Join us next time as we take a deep dive into the importance of tax technology. Subscribe now so you don't miss it. I'm Jeremiah Owyang and this has been "Achieving Frictionless Commerce" from Vertex. Thanks for listening.