Better Safe Than Sorry: Blue Rhino Corp.
Ask Billy Prim's fellow executives at Blue Rhino Corp., and they'll tell you that their CEO runs his company in a freewheeling, entrepreneurial style. Meetings are short, managers are trusted to make the right decisions and put them into motion quickly, ideas flow easily bottom to top, and red tape is kept to a minimum. And Prim wears Blue Rhino's mission on his sleeve. From civic events to meetings with would-be partners, Prim is a full-time cheerleader both for getting people to take in the outdoors, and for preaching the virtues of Winston-Salem, N.C.-based Blue Rhino, the country's largest supplier of propane gas cylinder exchange for backyard grills. Prim even purchased the Winston-Salem Warthogs, a Class-A team in baseball's Carolina League, in part to publicize the virtues of hamburgers, hot dogs and hot weather.
Just ten years old, Blue Rhino's business already extends to 28,000 retail outlets throughout the U.S., including Home Depot, Lowe's, Wal-Mart and Circle K., and its $258.2 million in revenue for fiscal 2003 (ended in July) was up 86 percent in two years. Operating income, at $24.4 million for the year, rose over 500 percent in that period. And, in perhaps the biggest surprise, the Warthogs, a perennial also-ran, swept the Carolina League playoffs last year without losing a game.
But in the summer of 2002, something happened to slow down Blue Rhino's hard-charging culture: Congress passed the Sarbanes-Oxley Act. The legislation, approved after the epidemic of high-profile corporate accounting scandals, makes top executives more accountable for their company's income statements and balance sheets. Under the bill, chief executives and chief financial officers are now required to vouch for the accuracy of quarterly and annual reports, and they face up to 20 years in jail if these financial statements turn out to have been falsified. (See "Squeeze Play," December 2002.) It's the upcoming Sarbanes-Oxley deadline, however, that's been causing the biggest headache: Beginning June 15, companies with market capitalization greater than $75 millionBlue Rhino's was about $250 million in January 2004must, at the end of their current fiscal year, issue a management report, signed by its outside auditor, attesting that they have instituted adequate controls on all financially related systems and processes to ensure that they are protected from internal fraud and sabotage.
To meet this requirement, known as Section 404, many companies are spending tens and even hundreds of thousands of dollars on new software to manage the diverse systems that handle accounting, supply chain, inventory and customer data banks. And they're instituting regulations that limit the ability of employees to input information, or change the way systems operate, without first receiving many levels of approval. At Blue Rhino, says CIO Bob Travatello, the impact of Section 404 has been dramatic, ratcheting down the company's torqued-up environment.
"Our mentality has been to beat the market," Travatello says. "If a major retailer wanted us to do something, and that would get us the business, we would do it right away. We basically looked at ourselves as a speedboat going through the water. If someone said we have to make a left turn, we were able to make a left turn on a dime. What we see happening now with Sarbanes is that we can't make that turn on a dime any more."
While that may not significantly affect market shareas Travatello notes, Blue Rhino's public competitors are bound by the same restrictionsit will certainly force Blue Rhino to tone down the aggressive attitude it takes with customers, an attitude that, so far, has been critical to its success.
The main roadblock is the number of people who have to sign off on almost every initiative, large or small. For instance, to alter a process in the financial system, programmers must obtain three separate approvalsit used to be just oneand each step of the modification must be managed by a different programmer. It could take up to three times as long to complete even the most minor change.
"We were a company that was built on trust: We trusted our employees," Travatello says. "Now with these new approval rules, employees ask, 'What, you don't trust me now?' 'Yes, we do trust you, but, unfortunately, the government doesn't.' "
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now