ASPs in the General Ledger business, in particular, are operating in a marketplace that is very sensitive to risk and reputation. This is almost like banking. ASP industry organizations (ASP Industry Consortium, or the IBSI) should be working systematically to minimize the frequency and severity of losses that subscribers will incur from time to time.

Internet accounting providers are in a delicate transition right now, beginning to win acceptance by consumers and small businesses. The trust they are earning could be eroded all too quickly by a few highly visible, publicized occurrences of lost accounting data. Or security breaches, financial collapse, etc.

When client-server software crashes, the events occur in isolation. A true picture of unreliability never really emerges. But when an ASP datacenter crashes, it is globally visible to all the customers at once. You could almost predict a value for reliability - let's say R - as the frequency of system failures that accounting software must be held below in order to be viable in the market. The reliability an ASP must achieve is several orders of magnitude higher than, say, a Windows client-server package.

Customer rejection is a function of:

• e1 = indirect events; number of failures any particular customer or subscriber will tolerate hearing about, before abandoning a particular software service
• e2 = direct events; number of failures any particular customer or subscriber will tolerate experiencing directly, before abandoning that service
• p1 = percentage of events the market learns about
• p2 = percentage of events the customer experiences directly
• n = number of subscribers on the system at the time of the failure event

The problem comes with variable e1 and percentage p1. ASPs have a great disadvantage compared to packaged software because the simultaneous visibility makes the users pick up the phone or email with each other at a moment of high frustration. There is a near certainty the event will spill over to usenet and other searchable archives.

There are already numerous messages on usenet and web forums from accountants stating they will never put accounting data on a remote host. And this week in Infoworld, a letter to the editor from Bob Zorich which is quite representative: "I would not .. risk my assets .. 1) security .. 2) reliability .. 3) Speed .. 4) Response Time .. 5) ASP Vendor support .. 6) Fly-by-night nature of e-commerce sites ... etc ..."

For a longer list of 26 worries see my post here on the ASPNews.com dicussion forum Dec 12th, Evaluating WebLedger ASPs solutions.

There are two basic models for regulation in the United States: self regulation (medical, legal, accounting, etc. industries) and governmental (securities, air traffic, etc.) I honestly don't know how some industries manage to get their act together and regulate themselves, but self-regulation does require the profession to beat up its misbehaving members, and it also seems to require a licensing mechanism, where the government provides a framework for asserting real power to regulate.

I will now, like Cassandra, predict that one or another WebLedger provider will have a sensational system collapse, probably in its eagerness to save $5,000 on a redundant device someplace, and as a result the ASP industry will experience a collective loss of sales of $500,000. Then we will all pick up and work harder, and rebuild reputation, and somebody will fail, again. This will happen over and over and over. And at intervals of perhaps one year, an ASP employee will be arrested for some outrageous act like selling customer lists, or monitoring the monthly P&Ls of 500 companies to scout profitable markets or trade securities, which could have been prevented by systems of internal control.

So what I see is this: if we're going to have a healthy, broad-based industry comprised of reasonably scaled ASP enterprises, it can only really happen with self-policing. It can only be accomplished if a lot of systems people and ASP managers study some stuff they never studied before, because it's required for the ASP license (or at least, their ASP certificate). Otherwise, a few very big, monolithic portals who have the money for reliable service models will end up with ALL the customers, and the small ASPs will have a tough time.

The small ASP industry is going to have to mature in Internet time.

This article was first published February 1999 as a posting to the ASPnews.com discussion board. Other postings by Todd include:

• Prototype WebLedger design (Feb 12th)
• More on monolithic vs component (Feb 8th)
• Egoless General Ledger (Jan 11th)
• XML Schema for General Ledger (Jan 7th)
• Rolling thunder; living in a webledger universe (Jan 7th)
• Evaluating WebLedger ASPs solutions (Dec 4th)
• Accounting ASPs - key factors (Nov 9th)