Establishing Program Standards

Many people believe that W3C, Web Standards, and SEMPO are the governing bodies covering SEO practices, but that’s not necessarily true. Those organizations only create guidelines that are not mandatory. Standards are different than rules. Standards exist so that there’s a process to ensure that what’s supposed to happen is really happening. With the rise of mega-conglomerates in tech, our standards and guidelines are now being dictated by them. From Apple’s Retina display standards to Google’s project AMP, we’re being led in a weird direction. It’s unclear who’s setting the standards for search performance as a whole, so we now run by the engine’s rules. It’s cowboy times, but that’s OK. We’ll get there.

Best practices for an industry are simply recipes that others have successfully used before you. Standards are paramount for any website or marketing program. Standards help SEO plans stay in touch with the market over time. At the end of the day, the goal of an audit is not to punish or determine rightness, it’s to provide guidance and oversight. Audits can range in size from individuals to large corporate audit departments with many full-time auditors. Independence is also important; in larger organizations, the same person shouldn’t necessarily be doing the work and also reviewing the work.

In 2014, SEMPO sought to establish a code of ethics, but not much came of it. Many who participated came out opposing the code of ethics citing that it wasn’t needed and could even open up SEOs to legal risks. People also felt that adhering to ethics could mean potential penalization by search engines themselves, because ethics do not generate revenue for the engines. This is a flawed line of logic. Measuring a piece of software might not generate any money, but not doing so costs even more in the end. By operating in the shadows, SEOs can risk their own reputations. The industry’s reputation has suffered due to the lack of standards.

Continuing to let giant companies dictate all of the upcoming web performance standards is a dangerous road to go down. Collaboration for formation of standards vastly improves it. Philosophically the standards discussion almost always takes me back to this mid-1990s white paper:

Linus Torvalds’s style of development—release early and often, delegate everything you can, be open to the point of promiscuity—came as a surprise. No quiet, reverent cathedral-building here—rather, the Linux community seemed to resemble a great babbling bazaar of differing agendas and approaches (aptly symbolized by the Linux archive sites, who’d take submissions from anyone) out of which a coherent and stable system could seemingly emerge only by a succession of miracles. The fact that this bazaar style seemed to work, and work well, came as a distinct shock. As I learned my way around, I worked hard not just at individual projects, but also at trying to understand why the Linux world not only didn’t fly apart in confusion but seemed to go from strength to strength at a speed barely imaginable to cathedral-builders.

Eric Steven Raymond, The Cathedral and the Bazaar

We have to separate ourselves from the idea that change is scary and approach it in an analytical way, raising the bar for all of us. Any industry with very little or soft standards also risks becoming complicit in fraud.

I propose the following voluntary ethical best practices for organic search professionals:

• Never promise what cannot be delivered, such as guaranteed search rankings.
• Never knowingly harm a client site by violating the published search engine guidelines.
• Report data thoroughly and accurately to the best of your ability.
• Do not obtain information dubiously and pass it off as credible.
• Be transparent about any use of paid advertising or paid endorsements.
• Do not share working documents or data with third parties without permission.
• Do not employ any methods of tracking that violate the user’s right to privacy.
• Never take credit for increases in search traffic that weren’t verifiably related to your actions.
• Always maintain as much impartiality in reporting as possible.

I’ve inherited too much work over the years from colleagues who have misrepresented capabilities or simply not done anything at all. One of the worst cases was when a prospective client paid tens of thousands of dollars for what amounted to the creation of a free Google Maps listing. There’s nothing wrong with Maps listings, but they require basic business acumen, not SEO. It takes five minutes or less to update a Google Maps listing, but that’s not the most egregious issue. The promise made to the client by the shady consultant was to “get them to appear on page one.” After a week of investigation, I could not find any other actual work performed towards SEO. The Maps listing was the consultant’s cheeky way to technically claim credit for the client’s appearance on page one.

Content and performance are the two areas of guidelines that SEO is missing. The problem with not having standards is that so many things can happen when you hire someone for SEO. Practices could be long outdated. There are industries where standards mean survival, and SEO should be one of them. Each state in the United States has a board of accountancy, which is different in every state. The American Institute of CPAs (AICPA) operates nationally and they have adopted the Generally Accepted Audit Standards (GAAP), which governs the quality of audits. There are no SEO standards within International Organization for Standardization (ISO) audits, which typically cover many other aspects of information technology (IT).

The generally accepted audit concepts laid out by the AICPA are as follows:

1. The auditor must maintain independence in mental attitude in all matters related to the audit.

2. The auditor must have adequate technical training and proficiency to perform the audit themselves. The auditor must exercise professional care during the performance of the audit and the preparation of the report.

These standards give us something to think about. Quite often the consultant performing the SEO audit also stands to benefit if more work is needed. This is not the ideal situation for the person doing the hiring.

One of my very first consulting jobs many years ago proved a bit dramatic, because I immediately uncovered evidence of willful wrongdoing. It was clear the person hired as an SEO was not performing any type of optimizations or updates to the site. There was no change management procedure, which could have been as simple as using server logs. This person was also acting as gatekeeper to website changes and spinning all sorts of tall tales as to why changes needed to take a long time. The title of the homepage was “home”; it was not even branded with the company name. No changes showed in the server logs for weeks at a time. The company had a primitive but simple CMS that anyone else could’ve used to make their own updates. This was in a time before CMS was really a thing. What we really had was a bridge and a troll guarding it for power.

Clearly I was onto something juicy because the SEO called in sick the second day of the project and she resigned the following week, suddenly. It was probably that hair-raising project that clenched my desire to become a full-time independent SEO. It became my passion to help companies knock down what stands between them and revenue. Sometimes helping a site means drawing boundaries and making rules about how things get done: it’s not always fun. Most business websites are directly tied to some aspect of generating or maintaining revenue. There needs to be processes in place so that a website can be updated as needed, so that revenue isn’t lost. Another term for this is corporate governance, which is known as a system of rules, practices, and processes under which a company is governed.

Because standards vary so greatly from expert to expert, visions never quite match up. Some experts are very tied to certain tools so they will insist on switching to those for their own comfort. Switching tools to stay in your comfort zone when there’s no concrete business reason to do so is poor decision-making.

What one SEO sees as a hot button issue another might see as lower priority. Ofttimes I’ve seen that the data from different tools doesn’t line up, because data (that’s relevant) often lives in the eye of the beholder. So what do we do in this situation? We call upon shared principles.

In business, GAAP is most often applied when publicly traded companies generate financial statements for the shareholders. The auditors follow the standards for reports so shareholders and investors can compare multiple companies in the same way and then make decisions. It would be amazing if one SEO could leave information intact in a way that set it up for the next one. Institutionally speaking, documentation is the strongest way to retain information. Annotations are allowed in most major platforms and can be used generously for purposes of reporting and making decisions. It’s not a bad idea to have a discussion about power structure to clearly define the stakeholders for any given search program and flowchart it out.

Whether standards become established or not, most sites are not going to start out doing an ISO 9001 SEO audit, if such thing even exists (it doesn’t). Regardless, it’s advantageous to be familiar with the groundwork for compliance frameworks, in case anyone asks during an acquisition or round of investment. It’s also serious self-preservation for an SEO to be able to definitively exhibit how much revenue he or she is bringing to a company.

Countless times I have been called upon to demonstrate for companies (or their board of directors) where revenue is coming from, precisely. Passing on revenue information is sacred and must always be handled with the care it deserves. Information you’ve provided about revenue may go upstream to other departments, such as accounts payable, which could then possibly trigger an audit.

It’s judicious to think of revenue growth in terms of Pearson’s Law:

That which is measured improves. That which is measured and reported improves exponentially.

Karl Pearson, mathematician and statistician

After speaking to and observing legions of teams operating websites, I’ve noticed that most organizational dysfunctions are reflected on the website itself. Let me help unpack that. I once helped a startup that had several development teams in several different countries running independent WordPress installations for the same top-level domain (TLD). One section was the corporate site; the other one was an elaborately tricked-out blog.

Both teams truly believed they were “running” the same site, even though they were doing so separately. It was like two organizations were living separate lives under the same roof. Numerous development efforts and resources were duplicated as result of separate CMS, tracking, and tool installations. The party kept on going as we uncovered duplicate tracking scripts, hosting charges, etc., which were becoming detrimental to reporting and therefore the financial health of the site. A united team is always the strongest.

I’ve seen so many institutional issues bring dysfunction to a website, including writing over other’s website changes because people are making updates from local copies. Many smaller organizations do not have GUI monitoring tools, release schedules, or site versioning.

Standards and Goals

Review the data. Staging servers and weekly release schedules are signs of a healthy organization following best practices. Too many procedures, however, can be onerous and actually prevent business from getting done. Part of a technical SEO’s job is to determine the proper blend of running versus walking when it comes to development. It’s sometimes easier to deploy a subdomain because the tools are easy to use for a blog, but then you can easily turn around and find that you’re maintaining multiple tools and systems.

Just as there are no guarantees in development of what you will get when you hire a developer, the same is true for SEO. It would be ideal if a developer could just look at a site and adhere to standards for search efficacy. Wild variances in professional practice can lead to misunderstandings, disappointment, and heartache. If search professionals unite in adhering to a code of ethics, the industry could move forward and make a considerable impact. Corporations have essentially started governing standards and that, my friends, is one dangerous precedent.

Suggested standards for the SEO audit are as follows:

1. The SEO audit is performed by someone who does not benefit financially from the results, regardless of what they are.
2. The audit includes study of the search engine traffic, specifically.
3. No more than 20% of dark or direct (unattributed) traffic can be counted towards the SEO’s efforts.
4. SEO effectiveness can be judged by the increase in nonbranded traffic. This means the SEO may not take credit for traffic coming from brand search unless other marketing activities are at play.
5. For ecommerce sites, data must be correlated with another source.

The first step to gaining compliance is defining what “in compliance” means. Scope has to be defined up front. There are many types of audits, which vary by size and scope. However, if you’re up for sale or about to close a round of investment, you could be called upon to defend your revenue numbers and even your conclusions. Even worse, you get audited by the IRS. The worst place to be in an audit situation is to be bereft of information. You need to know what to expect and hire a CPA if you’re having any issues.

Sometimes this context is indeed the reason for getting an outside contractor. Startups often don’t have the staff or expertise to assign more than one body to the task. If this is your use case, you probably really want to have an in-depth knowledge of this aspect of the business.

An IT general control demonstrates that the organization has a procedure or policy in place for technology that affects the management of fundamental organizational processes such as risk management, change management, disaster recovery, and security. IT application controls, which are actions that a software application does automatically, should demonstrate that software applications used for specific business processes (such as payroll) are properly maintained, are only used with proper authorization, are monitored, and are creating audit trails. IT controls are a subset of the more general term, internal controls.

Separation of Concerns

Whether publicly traded or not, there has to be a way within an organization to run marketing programs with integrity. The accounting profession has invested significantly in separation of duties because of the understood risks accumulated over hundreds of years of accounting practice. By contrast, many corporations in the United States found that an unexpectedly high proportion of their Sarbanes-Oxley internal control issues came from IT. Website marketing absolutely falls under the IT umbrella, but often it’s kind of a rat’s nest.

Separation of duties (SoD) is commonly used in large IT organizations so that no single person is in a position to introduce fraudulent or malicious code or data without detection. Role-based access control (RBAC) is frequently used in IT systems where SoD is required. RBAC is leveled by role exclusions, which means that roles that exclude each other cannot be assigned to the same user at the same time.

Strict control of software and data changes will require that the same person or organization performs only one of the following roles:

• Identification of a requirement or change request (e.g., a businessperson)
• Authorization and approval (e.g., an IT governance board or manager)
• Design and development (e.g., a developer)
• Review, inspection, and approval (e.g., another developer or architect)
• Implementation in production; typically a software change or system administrator

This is not an exhaustive presentation of the software development life cycle but a list of critical development functions applicable to separation of duties. To successfully implement separation of duties in information systems, the following concerns need to be addressed:

• The process used to ensure a person’s authorization rights in the system is in line with his role in the organization.

• The authentication method used such as knowledge of a password, possession of an object (key, token), or a biometrical characteristic.

• Circumvention of rights in the system can occur through database administration access, user administration access, tools that provide backdoor access, or supplier-installed user accounts. Specific controls such as a review of an activity log may be required to address this specific concern.

Signatures mean commitment when accompanied with a report. Simply asking, “Is that what you mean? Would you mind signing here, then?” can tell you heaps about their feelings. Don’t use this as a control too often as it could potentially freak people out.

People need to stand up for what they are reporting. Reporting is how we maintain credibility.

Arlette Hart, data scientist, FBI

It would be awesome if everyone embraced and understood hardcore logic, but that’s not the world we live in. There are different methods to inform colleagues in an organization without confusing them. A key method to maintaining integrity is visualization, which helps organizations to begin parsing information for all parties involved. Oh yeah, I’m talking flowcharts! To enhance understanding of data, it is useful to provide a graphical overview of the key elements in the process. These charts do not show how the data flows, but instead show what the data is and what to do with it. This can aid in understanding and/or provide a common language between different stakeholders or departments.

In the real world, each case is different and your results may vary. Having said that, most cases are more similar than they are different. Each CEO wants to think his or her data set is a special thing, but ofttimes this is not the case.

You can tailor the methodologies to the real world, but pay careful attention not to just be rubber-stamping things just to get a passing grade. The numbers won’t bear out in the long run.

Let’s say you’re conducting a site audit. One good thing to do at the beginning is to decide on some agreed-upon procedures (with the client). This allows you to “delete things from your memory bank as you go” so to speak, because once you’re done with one phase of the project and it’s documented, it doesn’t have to be revisited. This sidesteps one potential obstacle that can bog down an audit.

Information ebbs and flows all the time, but the where, how, and why it passes through various parts of the system matter. Though each practitioner takes a slightly differently flavored approach, there are some things that you can do to assist in getting to the desired outcome, such as questioning your methodology, managing expectations, and asking “What does the deliverable look like?”

Reporting becomes a giant time waster if it’s not mapped out and agreed upon from the outset. Rough-and-tumble reporting leads to unsatisfactory results. Fortunately there are frameworks to follow. The next section is meant to help you create the testing framework to ensure a high quality of data integrity.

The CAVi(a)R Test

There’s an easy-to-remember mnemonic that I use to ensure the highest data integrity for every site. CAVi(a)R is the gold standard of data integrity. It covers the entire pipeline of methods to ensure reproducibility for the enterprise. The test seeks to help prove that data is complete, accurate, valid, and restricted and it’s fun to take out on the field.

You always want to have a plan when verifying data integrity, but sometimes the tests do not work out. Reproducible results are salient; however, it’s not good to do Monday morning quarterbacking in real life. Campaigns can fail. Do not spend too much energy on the instant replay if something breaks down. You can’t replay time.

Assessing Value for Organic Traffic

There are rare cases when scandal breaks or news is made and then traffic soars. Who takes credit? It’s often difficult to assess the value of publicity. A question I’ve been asked many times is: how do you assess the value of just the traffic? Logically it’s not hard to understand the value organic traffic brings in terms of revenue, but what about when it’s mixed? When there is no ecommerce, it’s not straightforward to assess the value of organic traffic. I’ve adapted formulas from our cousins in PR and devised a proprietary method to tabulate the value.

The first method to assign values to organic traffic is to make sure analytics is tracking commerce properly to calculate costs per lead or inquiry, etc. Design your KPIs and build your analytics reports to address those KPIs (i.e., a signup with the attached sourcing of that signup). In Google Analytics, once a financial value is attached to a KPI or lead, then you can calculate from there.

The second method to assess the value of organic traffic is brand versus nonbrand. Tracking organic queries to the site will allow for this style of analysis. If revenue transactions are happening on the site from organic traffic, the reports will match the lead sources back to it.

The third and final method to assess organic value is the public relations standard. This method is ideal when there’s no ecommerce for the site or the site operator needs to assess the value of traffic for a third party. For decades, PR professionals have assigned dollar values to the exposure they gain clients by equating eyeballs on the page to advertising value rates for the same placement. Online advertising rates are what a company would pay for traffic to their site; it’s only logical that views can be monetized. You can make educated guesses about whether or not organic mentions are indeed more valuable than paid placement and apply multipliers. Some PR mavens take the value of advertising traffic and multiply it 2.5 times for magnification.

Sometimes you can look up a site or site tier and figure out the advertising costs; some even list it. Most publishers do not list their numbers, so it’s going to require a touch of sleuthing.

We must first assess the traffic for the sites based on data from analytics itself (or Quantcast). The total ad value number is the amount of circulation to compare against the value of paid placement for the same caliber of sites. Social mentions are quantified financially in terms of search engine display ads (Google), because that is essentially how they function. Google’s ad reach for certain types of ads are measured in a unit called CPM, or cost per M (one thousand). The suggested bid is calculated by taking into account the costs per click (CPCs) that advertisers are paying for this keyword for the location and search-network settings selected. The amount is only an estimate, and the actual CPC may vary based on competition.

To calculate traffic, simply look up Quantcast or Alexa ranking data for traffic approximations. The total ad value number is the amount of circulation to compare against the value of paid placement for the same caliber of sites. Table 3-1 illustrates how to apply the calculations to assess value of traffic.

We can take the circulation by day and divide by 1,000 to get the right variable for the CPM calculation:

• 251,947 / 1000 × $150 = $37,792.05

If I wanted to follow the more optimistic of the two PR standards and call this a big magnifier, I would take $37,792.05 x 2.5 for the value. There is no hard and fast rule about your magnification of paid placement versus organic, so it doesn’t hurt to show both.

As an example of social value, imagine a company that had 1,000 Twitter mentions in a month and 99 of those were branded. One can calculate the total number of followers of those accounts who posted the mentions—a laborious task. As an example tally of follows let’s suppose the total reach of those tweets was roughly 200,000 people. Using a conservative CPM of $5, those mentions were worth $1,000 to that organization. This is how Radian6 and other industry analytics tools place value on a mention.

One can never be too removed from one’s own calculations and interpretations of what they mean. Devise your own calculations of what success looks like and use tools to help with the heavy lifting.

Tools may come and go, but they help tell us the value of things. Like a kid in a candy store, it’s time to get excited—we’re about to shop for tools!