The Best ACT! Is Still to Come

Anyone involved in sales during the eighties would surely remember ACT! as the crucial contact management tool. The competition was fuzzy until the dawn of customer relationship management (CRM) when vendors appeared offering new packaged applications that included contact management, marketing automation, sales force automation, and call center management. Now, more than a decade later, the odds dictated that ACT! should have been overshadowed and its market share divided up among the new packaged applications. However, a few acquisitions later ACT! has still managed to maintain its raison d'tre, retaining over two million users in North America alone.

Looking to further consolidate its leadership in the lower-end CRM marketplace, ACT! is once again undergoing a face-lift in presenting new features and functions that respond to the latest market trends. This innovative initiative by Best Software, the American subsidiary of the UK-based Sage, Group plc, is due to take place in late August 2004, with the solutions now available in two versions: ACT! 2005 and ACT! 2005 Premium for Workgroups.

Product Definition and Market Impact

Management at ACT! sees an opportunity to increase the lifetime value of its loyal customers in two ways. By providing a broader assortment of functionality, customers' requirements will be fulfilled over a longer period of time. In addition, by intentionally reducing the market gap that currently exists between ACT! and its sister products, transitioning from ACT to Best's other CRM solutions will be an organic process. This is a valuable opportunity to leverage Best's existing customer base and marketing potential.

As Joe Bergera, senior vice president and general manager at ACT! explained, traditional market segmentation strongly positions ACT! in the 14 user category, representing 40 percent of the company's customer base. Interestingly enough, research shows that the software is currently very well received in sales departments of larger organizations housing more than 500 employees. As Beth Kohler, senior product manager at ACT! explained, it appears as though sales representatives are using the solution as their own private contact information organizer and then reprocessing the data into other co-existing CRM solutions like Salesforce.com, Siebel, or SAP. Clearly, the inexpensive contact management software for small businesses is playing a transitional role for sales representatives in bigger organizations. A logical deduction is then that either sales populations have difficulties in working with upscale and complex CRM tools, or that ACT! has done an excellent job of making the sales population fervently loyal to their product.

How and how well will Best seize this opportunity in leveraging its existing customer base and marketing potential? Since Sage/Best acquired ACT! in 2001 and presented ACT! version 6 to the marketplace, the company has taken slightly over three years to introduce ACT!2005 representing version 7, with over fifty new features and many usability enhancements. This new version reflects a more long term strategic positioning.

As far as the product goes, ACT! 2005 provides several additional functionalities to satisfy requirements from a sales force automation (SFA) application including better opportunity management, enhanced activities and calendars. In order to clearly target the larger workgroups ACT! 2005 had to improve data accessibility and security. Some improvements are intended to empower sales management with better visibility and reporting tools that can export organized data with ease.

More importantly, there are new technical improvements that reflect more current and Internet-based technologies. While ACT! 2005 supports 110 users, an additional version intended for larger sales teams and workgroups, ACT! 2005 Premium for Workgroups is targeted for 550 users. Both new versions boast an MS SQL database allowing improved scalability and make use of a complete .NET platform providing a more reliable code base ready for total Internet accessibility. The development of a web client version is, however, only due at the beginning of next year. Opportunity management improvements include features such as new templates that follow sales stages accurately, along with a completely new quote generation functionality that together move ACT! out of the arena of solely contact management and into the world of sales force automation.

SOURCE:
http://www.technologyevaluation.com/research/articles/the-best-act-is-still-to-come-17478/

SalesLogix and ACT! Officially Branded As Best Software Part 2

At the beginning of July, Best Software, one of the leading business management products and services providers for small and mid-size organizations, announced that Interact Commerce Corporation's popular ACT! contact management and SalesLogix customer relationship management (CRM) solutions will join Best Software thereby creating its CRM Division. The company believes the move should further strengthen its position as a leading provider of front-office/back-office business management solutions for small and mid-size businesses (SMBs). Interact Commerce Corporation and Best Software were operating as sister organizations in the US under their the UK-based parent company, The Sage Group plc (LSE: SGE.L), one of the leading worldwide suppliers of business management solutions and services for small and mid-sized enterprises (SMEs). The new division joins Best's four existing Mid-Market, Small Business, Specialty Products and Nonprofit/Government Divisions.

This is Part Two of a two-part analysis of Best Software. Part One discussed the Market Impact of recent announcements.

Positioning

Looking at positioning, about less than one fifth of the entire Sage client base is in the manufacturing industry, while the rest of its business and products are aimed very successfully at the customers with prevailing needs for accounting, HR/payroll and financials. Still, Sage does have a notable SME manufacturing customer base, particularly at the lower end of the spectrum. Rounding out Best Software's offerings should allow the vendor to solidify its position in its target market. Whereas other vendors such as Epicor Software and Microsoft have been trying to move up-market, Best will likely maintain its focus on the lower-end of the mid-market.

Additionally, the company sells almost entirely through value added resellers (VARs) as per Great Plains' and Navision's business model. The company has particularly found certified public accountants (CPAs) to be very effective in marketing its bottom-of-the-range of accounting products. At the enterprise level, niche markets and vertical applications are developed by more than a hundred of MAS 90/200 licensed Master Developers. Best's VARs have a reputation for relatively low-cost implementations often with equal service and software license costs (due to the implementation methodology and business templates) and with a go-live within 60 days period, although in part this reflects the smaller scope of implementations too. One has also to remember Sage's widespread global coverage as to discern the company's true position within the global SME market.

Sage's former acquisition of Interact will have given pause to Microsoft Great Plains/Navision, Epicor, as well as to Siebel Systems, Oracle, SAP, Baan, J.D. Edwards and PeopleSoft that have overtly been targeting the SME for some time. Sage had long needed CRM functional capabilities, and it might have hit the bull's eye with Interact Commerce. The two vendors have indeed marshaled a powerful back-office and front-office systems' combination to the market for SMEs.

Challenges

The downside, as a rule, is the painstaking integration effort yet to be devised for a number of remaining products in the Sage/Best family and to be subsequently exerted. The mitigating factor for already integrated products was the fact that erstwhile Sage and then SalesLogix had long formed the product alliance, so the integration task had not started from scratch. However, this might not be the case for the rest of the product portfolio, and as integration is never a simple feat anyway despite SalesLogix' proverbial Open CRM' initiative and a number of mid-market ERP product alliances and subsequent product integration experiences (deals with Exact Macola, Intuitive Manufacturing Systems, and Expandable Software being some, as a matter of interest). A quite similar situation exists with the Abra HR/Payroll product that, likewise SalesLogix in the CRM market, has a prominence in the SME HR market, and has been used via many OEM or any other arrangements by a slew of vendors.

Best Software will still have to address other challenges in order to continue to thrive in this ruthless competitive environment. The competition is flying from many directions since the company competes in many diverse markets. To that end, in the traditional back-office market, the threat comes from the likes of Intuit and AccountMate in the small business accounting market, via its peers (e.g., Microsoft Great Plains, Navision, ACCPAC, Exact Software, Epicor, SunSystems and Scala to name only some), to the Tier 1 vendors storming down the market. In the pure HR/Payroll mid-market, its archrivals have long been ADP, Employease, Ultimate Software, Agresso, and Lawson, while in the pure-CRM mid-market, that would be the likes of Onyx, Pivotal, Kana, Salesforce.com and FrontRange. Not to mention that SAP, Oracle, PeopleSoft and J.D. Edwards will likely be faced in all the above markets as well.

Additionally, the wealth of corporate names and a likely unwieldy slew of products within each of Sage's divisions and groups, presents sales and marketing confusion for the company, both internally and externally across the globe. For instance, while the Best brand will be applicable for the North American market, Sage offers for the other international markets a line of products for small business comparable to the above-mentioned Best's line (e.g., Instant Accounting for a single user, Line 50 (for up to 5 users), Line 200 (5-25 users) and Line 500 (up to 1,000 users, f.k.a. Sage Enterprise).

Therefore, Sage has a myriad of products in its portfolio that could benefit from integration with ACT! and/or SalesLogix, and the company must clearly articulate its plans and the timeline for integration for each of its products. Otherwise or it may face confusion and/or anxiety amongst both its current and potential customers as well as within its VARs. That would be the music to its direct competitors' ears, some of which have already (or all but) rounded up their CRM offering after daunting integration experiences (see Mid-Market ERP Vendors Doing CRM & SCM In A DIY Fashion and Epicor Claims The Forefront Of CRM.NET-ification).

Room for functional enhancements remains too, despite some of the products' leading positions. To that end, Abra Suite v 7.0 will ship in October with a number of enhancements, including modules for open enrollment and timesheet entry, both of which supplement its existing web-enabled employee self-service and alerts modules. Also, Best will have to build or acquire additional CRM functional enhancements (e.g., database-based marketing management, data mining/analytics, and support for field service) to round out a complete CRM suite. Not to mention the need to bolster external/field service and multilingual capabilities, well beyond English and Spanish.

The vendor has also been working on extending its coverage of factory processes, especially in terms of job- costing and project-based manufacturing and of more advanced planning capabilities areas that Best Enterprise Suite already addresses well. It also intends to build on its web integration side as to bolster its private trade exchange (PTX) and/or collaborative role-based portal solutions strategy and delivery. The company only recently extended its reach in the professional service automation (PSA) area, with additional enhancements to Best Enterprise Suite that should make it competitive with the above-mentioned peers.

User Recommendations

Best's target market, single- and multi-site and multi-national light manufacturing companies and their satellite subsidiaries with up to $250 million-a-year revenue range, should consider the company's value proposition, but avoid selecting it without looking at what the other vendors have to offer. These companies generally are rapidly growing and agile but have a limited IT budget/staff, a conformist IT strategy (a staunch Microsoft shop), and solid to order' manufacturing, distribution, CRM and B2B e-commerce collaboration requirements. Certainly, for SMEs that have long been using one of Sage's/Best's products for financials or HR/Payroll, Best Enterprise should continue to be seen as a logical, but not necessarily the only solution.

Looking at industry sectors, the company covers financial, distribution, manufacturing and service sectors. Preferred manufacturing styles are make-to-order (MTO), make-to-stock (MTS), and configured products/assemble to order (ATO) in discrete and semi-batch manufacturing processes. Where it does target vertical sectors they would include textiles, furniture, automotive, pharmaceuticals, electronics, food and steel stock holdings via third-party add-ons and resellers' functional additions. Small and mid-size batch process manufacturers should look at Best Mid-Market Division's BatchMasterPFW, a recently acquired comprehensive process manufacturing package.

While we believe that the above intra-company merger should be synergistic in the long run, some outstanding integration issues, and discontinuation of redundant products are always to be expected. Consequently, until the internal restructuring is consummated, users evaluating the above individual products should exercise moderate caution, keep themselves informed, and consider generally available (GA) functionality only.


SOURCE:
http://www.technologyevaluation.com/research/articles/saleslogix-and-act-officially-branded-as-best-software-part-2-challenges-and-user-recommendations-16714/

The Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg

The Sarbanes-Oxley Act (SOX) might be only a tip of a "compliance iceberg" for many enterprises. Namely, International Financial Reporting Standards (IFRS) is another set of guidelines governing the financial statements of listed companies in Europe and other regions, which was introduced on January 1, 2005 (see Claudia Delto's 2005 article Checking It Twice—Basel II, Sarbanes-Oxley Act, International Financial Reporting Standards). IFRS and International Accounting Standards (IAS) were created by the International Accounting Standards Board (IASB) to promote internationally comparable financial statements. Regulation 2002/3626 requires that some 7,000 listed companies in the European Union (EU) prepare their consolidated financial statements in accordance with IFRS and IAS (see mySAP ERP Financials: IFRS Compliance).

Somewhat similar to SOX, the IAS framework was adopted by the European Commission to increase transparency among companies operating in the EU, with the goal to promote investor confidence and optimize working capital and risk management (see SAP for Banking: Regulatory Compliance). Moreover, IFRS requires companies to provide additional information and contains new standards for valuation, as well as clearer procedures for determining risks and company performance. The most substantial changes affect fixed assets and financial assets, whereby intangible assets such as the value of shares or investments in other companies count toward the total assets. Depreciations that are permissible by tax law but are higher than, for example, German Generally Accepted Accounting Principles (GAAP) depreciation disappear and have no negative effect on the total liabilities. In other words, under IFRS, different life and depreciation periods of assets apply than under any national GAAP (see Checking It Twice).

Also, under old accounting rules, a company could value its inventories at historic cost (original cost at the time of purchase or payment) so that, for example, an electronics goods vendor might value unsold, several-month-old DVDs at the amount they could have been sold several months ago. But, under IAS-2, when a company files its financial report, it has to give an up-to-date net realizable value (NRV). NRV is an accurate estimate of the products' market values at the time the report is published, with the idea that all corporate assets must be valued at "fair value", rather than at the possibly problematic historic cost. Companies will also need to account for the cost of all employee compensation plans, meaning that the cost of stock option plans must be reflected in company accounts, and any shortfall in company pension funds must be recorded in the accounts.

Companies in the US are not directly affected by these regulations, because they have to comply with the US GAAP financial reporting regulations instead. However, because these financial statements alone do not fulfill the legal requirements for local financial statements, financial accounting books will have to be kept in parallel so that they can be assessed both in terms of IFRS and local law (see Checking It Twice).

This requirement has far-reaching implications for companies of all sizes, since publicly traded companies need to adhere to IFRS while still complying with local tax, dividend, and other regulations, and therefore require at least two sets of financial statements. Further, because capital markets demand comparable numbers for investment decisions, even non-listed companies will be forced to issue IFRS-compliant financial statements (see mySAP ERP Financials: IFRS Compliance). This requires the use of enterprise systems that can maintain several parallel ledgers in general ledger (GL) accounting, and carry out parallel evaluations so that companies can adhere to complex accounting standards, meet capital and financial market requirements, and ensure the reliability and transparency of their financial reporting.

In this way, companies should be able to meet the different requirements of IFRS and local GAAP, as well as address such issues as business combinations, financial instruments, and share-based payments. Last but not least, a well-devised enterprise solution should not allow anyone reconfigure a workflow if a number of the SOX or IFRS compliance steps would be disregarded. Likewise, a compliance-aware enterprise system would not permit someone to move (drag-and-drop) a specific field to a different screen if that information is required for some other critical processing.

For additional information see Thou Shalt Comply (and More), or Else: Looking at Sarbanes-Oxley and Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management.

Horizontal Versus Vertical Regulatory Requirements

Apparently, many human resources (HR)-related regulations, in addition to the above mentioned financial reporting directives, are applicable across numerous industries, and most enterprises must abide by them. Included in the long list of such regulations are Equal Employee Opportunity (EEO); the patient privacy Health Insurance Portability and Accountability Act ([HIPAA], see HIPAA-Watch for Security Speeds Up Compliance); Consolidated Omnibus Budget Reconciliation Act (COBRA); Occupational Safety and Health Administration (OSHA); Employee Retirement Income Security Act (ERISA); discrimination and harassment regulations; union agreements (where applicable); and those of the Financial Accounting Standards Board (FASB).

Given that we live in a litigation-happy society, where a company is more likely to be sued by an employee than to be audited by the US Internal Revenue Services (IRS), it is no surprise that regulatory requirements and corporate governance issues account for the modest increase in demand for transactional HR systems. These HR systems provide tools to produce the W-2 and 1099-R forms, the maintenance of data in compliance with immigration laws, and the Americans with Disabilities Act (ADA) disability information. For more information, see Thou Shalt Manage Human Capital Better.

Banks and Financial Organizations' Liquidity Issues

However, to further complicate things, many industries have their own inherent regulatory requirements. For instance, banks and financial institutions must comply with a growing array of national and international legislation and recommendations. For example, the Gramm-Leach-Bliley Act (GLBA), signed into law by former US President Clinton, has drastically changed the way financial institutions conduct business. With this law, many responsibilities have been placed upon banks and financial institutions to protect the customers' nonpublic, personal information. The GLBA governs the collection and disclosure of customers' personal financial information by financial institutions. It also applies to companies that receive such information, whether or not they are financial institutions. Namely, the GLBA Safeguards Rule requires all financial institutions to design, implement, and maintain safeguards to protect customer information, and the rule applies not only to financial institutions that collect information from their own customers, but also to financial institutions that receive customer information from other financial institutions, such as credit reporting agencies.

Recently and frequently publicized has been the New Basel Capital Accord, or Basel II, which establishes requirements for banks to manage the risks of issuing loans. As discussed in Checking It Twice, the regulation, whose implementation was completed at the end of 2006, increases both the level of risk management and the required level of disclosure, and consequently requires significant changes in financial institutions' policies, processes, and systems. A recommendation issued by the Basel Committee on Banking Supervision, Basel II is a recommendation to help credit institutions protect themselves against the risk of credit loss and increase the overall transparency of their business in their daily work with market, liquidity, and general risks. To that end, banks must identify potential risks and set aside capital to compensate for potential losses. Furthermore, Basel II calls on the banking supervision authorities to conduct regular inspections of credit institutions to jointly monitor and analyze risks. Finally, the banks are committed to publishing their equity capital structure and their own risk situation.


SOURCE:
http://www.technologyevaluation.com/research/articles/the-sarbanes-oxley-act-may-be-just-the-tip-of-a-compliance-iceberg-18908/

The Strategic Importance of Asset Management Part Three: A New Framework

As the level of understanding of these areas begins to rise, so too do the expectations that managers and companies will be able to meet modern requirements.

In the past, maintenance strategy has frequently been treated in a highly reactive manner. Maintenance regimes are often created in response to machine breakdowns or incidents. Often, in the aftermath of disasters, there are public statements made demanding, or promising, "more intensive maintenance."

While the intention is laudable, the result of such reactive actions is often either non-effective or counter productive. Either way it is too late to stop the original incident from having occurred.

Managing assets needs to be done in a truly proactive approach, one that ties the management of physical assets to the corporate objectives.

A modern approach to asset management can be visualized as a series of dominoes. Each domino needs the momentum from the previous area, and then proceeds to pass this momentum to the next domino in the line. Starting at any point other than the beginning will leave some dominoes standing.

Modern asset management can be seen in the same way. Each of the dominoes represents one of the decision-making areas that are required to adequately manage assets.

The initial momentum to begin the sequence comes from the vision of a future state. This needs to clearly represent the corporate objectives and goals, and expressing how asset management can play a part in achieving these goals.

This energy is then carried forward to impact on the remaining areas of decision-making. As with the dominoes, a decision to begin in the middle of this chain reaction will omit areas important to the end result.


This is Part Three of a three-part note.

Part One discussed changing attitudes.

Part Two covered the implications for asset management.

The Corporate Viewpoint

Perhaps more than any other management initiative, asset management is heavily driven by the corporate requirements and objectives. Yet it is often overlooked or summed up in global statements regarding "improved efficiency" or "improved quality."

One of the more recent tools in a manager's arsenal is the balanced scorecard. This proven tool has been used successfully throughout the world as a means of communicating corporate strategy, and converting strategy into results. However specific asset management goals and causality links are rarely included in corporate scorecards. Including asset management at this level of corporate objective setting, sets two powerful dynamics in motion. Firstly, it raises the level of understanding, throughout the company, of this area and its importance. Secondly, it provides guidelines for future decisions that will need to be taken regarding the following steps in the chain reaction.

Developing Maintenance Strategy

The corporate objectives, once clearly defined and linked to asset management, act as "requirements" in the creation of the strategy regimes.

An example of this can be found in the linking of corporate objectives regarding quality to asset performance. Determining exactly what the future acceptable level of poor quality will be immediately provides a guide for the performance standards required of the assets in the production lines.

These then need to be considered along with all other requirements that the company may have of its assets. There are a large number of areas that contribute to the company's requirements of its assets, and all of these need to be considered in the resulting analysis.

When there is a clear definition of what it is that companies need from their asset base it will allow them to
a)
understand if their assets are able to achieve these objectives in the first place, and
b)
determine the maintenance strategies required to ensure that they do, or
c)
determine what enhancement actions are required to meet corporate requirements Working through these two steps not only forces a radical change in the manner in which companies view their assets, it also leads to a radical change in the way that the assets are managed and that decisions are taken in this area.

Applying Maintenance Strategy

As work on maintenance strategy gets underway, work can begin on the steps relating to the application of maintenance strategy. This means taking the strategies and determining what are the supporting business needs and processes that will be required to execute them.

As the strategies are developed, information regarding the clear requirements of the materials and human resources functions will begin to emerge.

This gives a company the ability to totally plan and control the maintenance efforts and spending, from the strategies through to the materials and human resources dimensions, all aligned with the true asset requirements.

Similarly, as these fundamental issues are addressed, there begins to be an understanding of what the business processes need to be. Quite often this can mean a radical change to existing processes.

These can range from processes governing acquisition, installation and enhancements, through to the operational processes. In some cases it may require different maintenance scheduling frequencies, in others it may require whole new skill bases to be developed or it may lead to changes in the ways that we plan, perform, and record work that are done.

In stark contrast to conventional thinking in field of asset management systems, it becomes clear that business processes do not drive "requirements". In fact business processes, and the systems that are used to manage them, are driven by asset requirements.

This is one of the key misconceptions to have emerged regarding enterprise asset management in recent years.

Administering Maintenance Strategy

With the asset requirements, supporting business needs, and work processes defined, attention can now turn to the use of an existing or future computerized maintenance management system(1).

It sometimes becomes clear that the systems in place are either inadequate for managing the asset portfolio or that they are being used in a manner that does not align with the newly defined business processes.

This is often a startling revelation to companies expecting to be able to merely "roll out the maintenance modules" of their existing ERP that was bought for financial or other business reasons.

This can often be a rude awakening when the amounts of money that are sometimes involved are taken into account.

Conclusions

There can be no doubt that the perceived importance of physical asset management has risen substantially during 2003. There can also be no doubt that this trend will continue into the future as it has done over the past three decades.

It is beginning to become more widely understood that asset management is a complex and specialized area. One which can be a source of strategic advantages, but also one in which the implications of misjudgement can be extremely serious. Not only from a financial perspective but also in many areas of corporate activity. In order to exploit the advantages available in asset management, and ensure their responsible stewardship, management will need to be based around three basic tenets:

1. Using the correct people;

2. With the correct knowledge;

3. To make decisions in the correct way.



SOURCE:
http://www.technologyevaluation.com/research/articles/the-strategic-importance-of-asset-management-part-three-a-new-framework-17140/

Audit Considerations for Enterprise Software Implementations Part 1: Project Planning and Management

Recent scandals in the corporate world have created a refreshed awareness of the audit function. A direct by-product of these scandals is the Sarbanes-Oxley Act of 2002 (SOX), which gives legal and financial muscle to the assurance of the integrity, reliability, and accuracy of financial reporting and corporate disclosures. In fact, based on a recent survey of CFO's and IT executives, 71 percent of the respondents believe that Section 404 of the Act, which requires business process audits and documentation to support internal controls certification, is the most critical part of SOX. While some may argue that the Act does not go far enough, it is surely a positive, aggressive start.

While this reemphasis may be good news for current and ongoing systems, the process of developing an audit awareness and the need for substantial controls can and should be established as software is being implemented. If you are the project manager or the project sponsor, possibly the company's CEO or CFO, it is in your best interest to create a financially healthy environment from the start of the implementation project. The expectation is that this good inbreeding will continue with the software into production and throughout its entire lifecycle. Considering the extensive scope of enterprise software such as enterprise resource planning (ERP), supply chain management (SCM), and warehouse management systems (WMS) software, the need for adequate and substantial controls is even more apparent.

This two-part article looks at four key segments of an enterprise software implementation, with timely emphasis on SOX, and suggests audit procedures, controls, and processes that should be typified, observed, tested, and reported upon. These segments include:

* Project Planning and Management
* Documentation and Reporting
* Software Piloting
* Data Conversion

Clearly, there may be others and, hopefully, this discussion can encourage or scare you into identifying these other areas that may be pertinent and cost-effective to your organization.

Part I discusses planning and management and documentation, which have a wide-ranging influence on an implementation project.

Part II will look at two specific areas where the audit affect can be particularly significant and follow the software into production.

Project Planning and Management

Before the full impact of SOX can be absorbed into an organization as a basic component or guiding principle of a project's life cycle, considerable prep work is needed. Getting everyone acquainted with the requirements of the Act and making sure that projects are in compliance is no simple task. Be advised, it will not happen overnight. Consequently, an education and training process must be completed so that everyone is in agreement and on the same sheet of music. This mission should be undertaken as you would for any project but with special emphasis placed on securing a high profile executive to serve as the sponsor. Given the fact that they are most affected by SOX, a CEO or CFO are natural choices and should be easy to convince to participate.

The key elements of project planning and management that come under intense scrutiny include:

* Project charter and overall workplan
* Project plan
* Regular and documented status reporting format
* Issue resolution protocol
* Deliverable monitoring against plan
* Continual communications plan

You are probably saying this is not new stuff; we're doing it today. While the sections of SOX are still in a state of flux, particularly Section 404, the specifications for these elements will not be open to discussion but rather will be rigidly dictated and compliance strictly enforced. Consequently, more than casual attention must be given to these matters and must be available for future review.

Projects will be evaluated based on their impact on a company's bottom line. Specifically, large projects, particularly those associated with enterprise-wide systems, are responsible for consuming materially significant funds that can affect financial statements. Accordingly, the internal and external costs associated with a project can represent a significant expenditure and corresponding expense. The level of expenditure can determine whether software acquisition and implementation projects are capitalized between the balance sheet and income statement. Furthermore, the allocation method must be defensible. Typically, a company will rely on the project manager and the corresponding procedures and controls to support the position taken.

With the arrival of SOX, as project manager, you should be taking certain actions in preparation. Become familiar with the Act itself and see if your industry has additional requirements. An education process for the organization has been addressed above. The AICPA provides a nice and concise overview of the Act. Start looking at Sarbanes-Oxley tool sets. Typically, these are not intended to replace project management tools but rather act as repositories, providing a means to capture required data. Typically, your external auditors can help in this regard. As will be discussed below, start involving the audit function in the project management process as a way to install a control discipline and mindset at the start of a system's life cycle.

Probably those of you working in an overseas company and not subject to the Act may heave a sigh of relief. Good control practices, however, are not restricted by national boundaries or languages. These practices just make good sense and do not need legislation or the attachment of criminal penalties to be implemented. Steal the concepts from the SOX and start your own program to improve internal control practices.

As a project manager, you should encourage the involvement of the audit function from the outset. While specific and typical areas of involvement will be addressed in Part II of this article, as part of the planning and management process, coordination with the audit function can ensure that control objectives and guidelines are understood. In this way, team members will be able to assist in the identification of control weaknesses or gaps. Bear in mind, however, that the ultimate decision as to the materiality of a control weakness rests on the shoulders of the audit function.

Finally, a key aspect of project management is keeping management informed. Ensure that the steering committee, including the executive sponsor, is aware of the project's progress against plan, decision points, and significant changes in scope. Their approval will help keep you in SOX compliance. This is also an opportune time to discuss control objectives and their positive affect on and through the enterprise software. Companies are also starting to look more closely at the project management office (PMO) in an effort to provide more efficiencies but, more importantly, tighter control and monitoring of IT projects. But don't expect a quick fix, easy metrics, or an immediate payback.

Documentation and Reporting

The documentation required for compliance with SOX is rigorous. Consequently, a critical aspect of SOX compliance and an internal controls framework is developing a repository of documented controls. As indicated above, there are tool sets available to facilitate this activity. However, the implementation team, with the software's functionality fresh in mind, can start the compilation process and fill the repository. As the project team becomes familiar with the software, control aspects will come to light. For this reason, it is important the audit function defines internal controls, both hard and soft, so that the team knows what to be on the watch for. Confirmation of the controls can be completed in the testing and piloting phases.

Samples of documentation that could be used to satisfy the SOX requirements and, more importantly, can be accumulated during the acquisition and implementation of software are:

* Policy and procedure manual
* Job descriptions and desk procedures
* Systems documentation and workflows
* Report layouts and samples
* Edit criteria and error resolution procedures
* Ongoing reconciliation procedures

Many of these samples can be easily obtained from the vendor or vendor special interest groups where other companies may have already paved the way.

Some might argue that compliance with SOX will only add to the length of the overall project. First, to counter that argument, companies bound by SOX may have little choice. Secondly, it is easier to gather the information gradually as a work-in-progress rather than afterwards when interests have been transferred to other projects. Finally, below is the tradition timeline of an implementation project with the interjection of an audit presence. It would not appear that the extension of the overall project length is minor and could be considerably offset if the audit function serves an active member of the team.


SOURCE:
http://www.technologyevaluation.com/research/articles/audit-considerations-for-enterprise-software-implementations-part-1-project-planning-and-management-17089/

Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management

More and more, enterprises are realizing the importance of adopting a holistic approach to their businesses from top down, and are beginning to harness an emerging strategic software category—governance, risk management, and compliance (GRC). To this end, their attention so far has been greatly focused on ensuring compliance with the US Sarbanes-Oxley Act (SOX). Chief financial officers (CFOs) and chief executive officers (CEOs) of publicly traded companies are now very much aware of the impact SOX has on their firms, as failure to comply with the law's strict standards and policies, even unknowingly, can essentially end the career of any executive, and often in a disgraceful manner. For a discussion on the relationship of SOX to other regulatory laws, see Thou Shalt Comply (and More, or Else).

Although the law included a number of new mandates, two sections have had clear implications for corporate information systems, while some are especially relevant to supply chain management (SCM). Namely, Section 404 (management assessment of internal controls) requires management to assess the effectiveness of its own internal controls and procedures for financial reporting each year. Section 409 (real time disclosure) requires companies to disclose material changes in their financial conditions or operations on a rapid and current basis. Section 404, which requires audit of internal controls, has made executives reexamine and sometimes replace operational systems that are not well integrated with their financial systems.

Section 401a (off-balance-sheet obligations disclosure) is an addition to the Securities Act of 1934. Section 401a requires disclosure of "material off-balance-sheet transactions, arrangements, obligations (including contingent obligations), and other relationships of the issuer [that is, the company itself, an issuer of securities] with other entities or persons" if these arrangements may have a current or future material effect on the firm's financial condition, operations, and so on.

This particularly affects service contracts, such as those typically written with ocean carriers and vendor managed inventory (VMI) arrangements undertaken to hedge risk and move assets off the balance sheet. Increasingly, businesses that adopt VMI practices to reduce current inventory assets may include some form of penalty clause in their contracts for failure to use materials or early cancellation of agreements, and Section 401a clearly requires time-phased listings of these potential obligations. Also, market conditions might change and cause firms to cancel long-term purchase agreements with suppliers, with cancellation penalties or restocking charges as a result. SOX requires enterprises to outline the precise details of these potential charges and penalties. Along similar lines, companies must report and document any early termination or cancellation fees in any lease agreements or letters of intent (which are sometimes used to aid with delivery schedules and manufacturing lead times for critical items).

While Section 401a has limited applicability to some supply chain contracts, Section 404 is broadly relevant to many SCM processes, including outsourcing arrangements. Outsourcing of processes and transactions comes under both Sections 401 and 404, whereby off-balance-sheet agreements with suppliers need to be reported (401) and subjected to effective internal controls (404). SOX is more demanding in this regard than traditional auditing standards. For instance, Section 404 directs the US Securities and Exchange Commission (SEC) to prescribe rules that require annual reports to include an internal control report. This internal control report must contain two elements: 1) it must state management's responsibility for establishing and maintaining controls (including policies, procedures, and processes) for financial reporting, and 2) it must contain an assessment of the effectiveness of these controls and procedures.

If the supply chain is to be truly controlled to the level required by SOX, then there must be a well-structured process that runs across multiple functions, and not merely a series of transactions pretending to be a process. CEOs will thus look to all leaders corporate-wide, including the SCM managers, to take a proactive and collaborative role in corporate governance, since everyone has to realize that passing audits is only one step to the improvement of corporate governance, and that auditors will never understand areas of the supply chain the same way SCM professionals do (and vice versa).

Firms that move aggressively in the direction mandated by Section 404 might even have a chance to improve the management of their supply chains (that is, achieve supply chain excellence), and to gain a competitive advantage on their rivals. This is particularly true given that other disclosure requirements (those instituted in the European Union [EU], for instance) can also support a more efficient and credible, competitive environment for businesses and their supply chains.

Control requires visibility across the process (from ordering components to delivering finished goods and services to customers), and information technology (IT) may be a necessary aid to achieving this total visibility. Yet IT alone is not sufficient to constitute SOX-level control. Meaning, the mere tracking of inventory cannot substitute for efficiency and effectiveness in all SCM activities. For example, with regards to inventory management and inventory write-offs, most enterprises still have the responsibility of controlling inventory and fixed assets. However, SOX implications would now instill the requirement that inventory values are correctly stated, whereby CFOs can no longer "defer" inventory write-downs to avoid write-off losses on quarterly income statements. In other words, SOX demands more accurate and timely accounting to ensure that the material is physically present, its condition is correctly stated, and inventory values are accurately recorded within the accounting system.

As for material transfers and poor inventory accuracy, most enterprises still have the responsibility for material control activities. In the past and all too often, material transfers and inventory transactions would not be processed in a timely manner, thereby creating a true inventory that is "out of kilter" with the expected-on-records situation. SOX, however, states that all movements of inventory or fixed assets must now be recorded in a timely fashion. In other words, all movements will have a definitive financial impact on the company, and the recording of accurate financial information is the foundation of SOX.

Further, an accounts payable (AP) system that does not systematically match purchase orders (POs) and receipts to vendor invoices prior to payment might be vulnerable to fraud, or even to a situation where someone creates fictitious employees or suppliers to then "pay" them, and pocket the money himself or herself. Traditionally, SCM departments within enterprises (for example, engineering departments) have accommodated "internal customers" to "sanitize" so-called "after the fact purchase order" commitments. Under SOX regulations, however, if policies and procedures specifically outline requisitioning and procurement authorities, and if these clearly state that SCM departments are not authorized to issue confirming commitments, then such actions by SCM departments would be an apparent SOX violation. The "charge" would be failure to adhere to internal controls with regards to commitment of company funds and in accordance with company policies and procedures.

All this accentuates the importance of instituting the so-called segregation-of-duties (SOD) for possible conflict-of-interest practices in the procure-to-pay processes, which include receiving, order placement, invoice processing, and establishing vendor (supplier) master data and setups. Section 404 is all about ensuring that companies have adequate approval processes and procedures in place to preempt fraud or theft, as well as making sure what controls and testing are performed to guarantee that these safeguards are working.

Other examples of good SOD practices are to not allow an engineering manager to both select and pay suppliers, because some of these suppliers could, for instance, be family members or best buddies of the manager. Software developers should not perform quality testing on their own applications. Also, an invoicing system that is not integrated with shipping might allow a manager to improperly recognize revenue that has not yet been earned. Many enterprises now also use numerous contemporary tools, such as procurement cards, e-procurement applications, and blanket order releases, to either assist or monitor execution of company expenditures. The aim of SOX is to ensure that businesses institute adequate controls to monitor expenditures and commitments to make certain that company assets are safeguarded and policies are complied with.

Documenting Activities Affected

SOX has also had an effect on the obligation of public companies to document their activities. Since changes in their activities could affect companies' bottom lines, companies must provide all relevant information about any changes to their shareholders within ninety-six hours (see Claudia Delto's 2005 article Checking It Twice -- Basel II, Sarbanes-Oxley Act, International Financial Reporting Standards). Therefore, the timeliness requirement of Section 409 seems to call for a much more transparent and integrated financial reporting system than many companies have today. For example, companies that are accustomed to working on a ten-day financial closing period would seem to be at risk for noncompliance with the real time disclosure requirement, which is currently interpreted as demanding disclosure of material events within four business days.

Logically, when key or critical supplies or services are late, they inevitably have an impact on a company's revenue. And if late deliveries result in a material financial impact, this must be reported in a timely fashion. Also, given the trend towards more outsourcing, companies are held responsible for good business decisions and for execution of agreements and supplier relationships. Section 409 is to make sure that in case of supply disruption, there is a process in place to report the financial impact of the disruption on a timely basis, if of material nature.

An SAS 70 Type II Report may also need to be included within the outsourcing proposal request. For those not familiar with the report, SAS 70 is an auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to enable an independent auditor to evaluate and issue an opinion on a service organization's controls. The service auditor's report contains the auditor's opinion, a description of the controls placed in operation, and a description of the auditor's tests of operating effectiveness (if the report is a Type II).

The audit report can be shared with the service organization's customers (user organizations) and their respective auditors. The service organization is responsible for describing its control objectives and control activities that would be of interest to user organizations and their respective auditors. In other words, the report allows each outsource provider to have a single assessment account, and precludes the need for them to have each client review their processes on an individual basis. It is a mechanism for outsource providers to demonstrate the sufficiency of their controls design and to verify that their controls are operating effectively.

The problem of SOX reporting is particularly acute for firms with multiple operating units and decentralized systems. This is because in recent years, many enterprises have grown both organically and through acquisitions, and thus, accurately reporting on these business units requires a significant number of "manual" accounting processes and adjustments. Such companies will either need to adopt a common financial reporting system, perhaps integrate multiple systems with a financial reporting layer at the corporate level, or implement a performance management solution to provide near real-time analytics (see Financial Reporting, Planning, and Budgeting As Necessary Pieces of EPM).

Also, while the first few years since SOX enactment have been devoted mostly to financial issues, in 2007 and beyond, the law's mandates will likely delve deeper into organizational structures and significantly touch SCM, human resources (HR), and IT departments. Even now, SOX requires disclosure of risks and strategies that will go into effect after such disruptive events as hurricanes, accidents, and threats or actual instances of terror, to mitigate their effects.


SOURCE:
http://www.technologyevaluation.com/research/articles/important-sarbanes-oxley-act-mandates-and-what-they-mean-for-supply-chain-management-18906/

Process Manufacturing: Industry Specific Requirements Part One: Introduction

Traditionally, manufacturing is categorized by two methods: process and discrete. Many differences exist, but most can be grouped into two areas: those derived from material issues and those derived from production issues.

Process materials are different than discrete materials. Process materials are powder, liquids or gases; they must be confined; and they are more difficult to accurately measure. Process materials are close to their natural sources (farms, mines, etc.) and therefore, are of inconsistent quality. Inconsistent quality means extensive quality procedures, segregation (lot control), restriction of use (this lot is okay for one customer but not another), and usually the inclusion quality attributes as part of their inventory definition. Process materials vary with time. They get better, they get worse, and they change their identity.

Production issues give us the simplest definition of process manufacturing. Specifically, once you produce your finished product, you cannot distill it back to its basic ingredients. Have you ever attempted to return orange juice back to its original water, sugar, sodium, and, of course, oranges or extract the pigments out of paint? Conversely, you can disassemble a car back to its tires, spark plugs, carburetor, and engine block. There are similar components in process and discrete manufacturing such as ingredients versus parts; formulas versus bill of materials; several units of measure (i.e., pounds, ounces, and liters) versus EA (each).

There are, however, subtle differences. Process manufacturing is scalable. For example, if the formula calls for a 1,000 pounds of oranges but you only have 500 pounds, you can still make orange juice; just not as much. If you only have three tires, you are going to have wait for the fourth tire before the car can start rolling off the production line. In process, you tend make product in bulk or batches as in a vat of coke or a 500-gallon tanks of solvent and then pack it off to fulfill customer orders. On the other hand, in discrete manufacturing you would expect to see one computer at a time coming down the production line.

For a quick refresher on process manufacturing, peruse the articles, Process Manufacturing: A Primer or What Makes Process Process.

The remainder of this article focuses on process manufacturing. However, to say process manufacturing functions are the same in all industries is tantamount to saying that a Ferrari and a Ford truck are simply means of getting from point A to point B. Just as you would not use a Ferrari to haul lumber, aspects of process manufacturing cannot be applied equally and with the same importance to all industries. This article looks at the unique requirements of process manufacturing in three industries: food and beverage, chemical, and a hybrid industry, textiles. One way or another, these requirements must be satisfied. If a software vendor can provide this satisfaction, your organization's anxiety level concerning the implementation of enterprise-wide systems can be significantly reduced.

If you are not in these industries, you can stop reading. No, wait! Perhaps, by understanding how a particular requirement or aspect of process manufacturing relates to one of these industries you may get a better understanding or insight on how it can be applied in your company. Whew! Thought that I had lost you! Glad you're back.

Editor's Note: For the purpose of this article, process and continuous-flow manufacturing are treated as synonymous. Continuous-flow manufacturing is the eradication of product stagnation in and between processes. Once a product has entered the manufacturing process, it moves on without having to be stored. Special considerations to establish a continuous-flow operation, such one-piece-at-a-time production and multi-process handling, , will not be addressed in this article.

This is Part One of a three-part note.

Part Two discusses process manufacturing requirements for the chemical industry.

Part Three discusses process manufacturing requirements for the textile industry and provides a summary.

Food and Beverage Industry

As you might expect, any industry that affects the health and welfare of the human race is bound to have special needs and requirements. With the incidents of Mad Cow Disease and the sudden and seemingly continuous preoccupation with the Atkins Diet, the most insignificant requirement for the food and beverage (F&B) industry is in the area of quality control (QC). While your customers may have their own special quality requirements, first and foremost, conformance must be established and verified with external agencies, such as (in the US) the Food and Drug Administration (FDA) and Bureau of Alcohol, Tobacco and Firearms (ATF) or your product will never reach the market. Consequently, integration with these external sources and frequent changes would be a critical element of the QC function. As you go further back into the supply chain process, the QC function must extend and usually starts with the supplier. Regardless, as the producer of a finished product, the responsibility for quality is joint and several which gives little allowance as to where the defect occurred in the supply chain. Look for software that seamlessly integrates with external agencies regulating your particular segment of the F&B industry.

Of special note is the US Bio-terrorism Act of 2002. This act places a series of new requirements on F&B companies. Most, including the authors, think that compliance with the Bio-terrorism Act is not possible without computerization of both the production process and the supply chain.

Once the regulated and external requirements are satisfied, there are customer and ingredients-related QC specifications that must be addressed. If your company is producing a finished product that is an ingredient into your customer's product, additional QC compliance is typically required. This could be for nutritional or ethnic considerations. Consequently, the setup of the QC function within the software must be flexible and adaptable.

The accurate statement of the QC specifications for the ingredients can also come into play. Going back to the orange juice example, the acidity of the oranges determines the amount of other ingredients (sugar, water, etc.) that may have to be adjusted to counteract the pH level. The pH level, recorded in the QC process, will therefore impact the product's specifications but, equally important, effect the "on the fly," one-time formula modification. Other QC-related requirements, that should be self-explanatory, include

* Nutritional reporting and labeling
* Taste QC specifications
* Color consistency QC specifications
* Shelf life longevity and reporting

Having worked in the food processing industry, the most terrifying words that you can hear on a Friday afternoon are, "This hamburger or soda tastes funny!" Your weekend, and possibly your livelihood, could be ruined and until you can dispel or confirm the damaging insinuation, an F&B organization is living in anticipatory paralysis. The fear stems from the negative financial impact on the company's image and customer base. Consequently, product recallability is an essential.

The Bio-terrorism Act of 2002 spells out detailed requirements which are often referred to as "one up and one down" tracking. This act also calls for the appropriate records within four hours from the receipt of a request from the FDA. Furthermore, recallability implies isolating and locating the defective product to an absolute minimum with dead-on certainty. To achieve this objective, "bullet proof" lot and sublot tracking is needed. This is easier said than done and can be an extremely time consuming process. However, certain attributes of lot/sublot tracking in the software can expedite the recording and tracking functions and help to eliminate damaging fallout.

First, there is lot to sublot inheritance. This means that characteristics of a lot are transferred automatically to the sublots contained within the lot. In so doing, the characteristics of bulk quantities of meat or oranges, for example, used to make hamburger patties or juice, respectively, are retained or inherited by the boxes and crates of the finished product. As a result, the recording of sublots places less hardship on the production line personnel and is less prone to recording mistakes or errors of omission.

Secondly, lot tracking should follow the product through any re-work processes. Even with undergoing a re-working process, the original lot and sublot characteristics should not be lost unless the re-work makes these characteristics meaningless.

Finally, lot and sublot tracking must be able to remain intact until the product arrives at the customer's location. This is the only way a complete recall can be accomplished and the questionable product returned to the manufacturers. Software gaps, preventing any one of these three requirements from being satisfied, brings the entire recall process into question and would require significant custom coding or administrative procedures to be filled.

Other Operational Issues

There are several additional operational issues that any self-respecting F&B software should be able to address. In addition to accommodating picking strategies such as LIFO (last in first out), FIFO (first in, first out), and FEFO (first expire, first out) the software must account for the perishability of the ingredients as well as the finished product. Consequently, taking into account the expiration date is key when determining picking priorities.. Some customers also demand strict rotation where the supplier can never ship product that is older than the last shipment.

For some manufacturers, private labels represent a significant segment of a F&B production run. Using the private label concept, large supermarkets utilize the value of name recognition to provide products under their own label like Safeway, Albertson's, Royal Ahold, and Tesco. Because of the large quantities required by these customers, manufacturers usually cannot wait until the order is on hand to start up the production line. Alternately, if the raw ingredient is only available in season (vegetables in August for example), the entire year's demand must be processed in a limited time period. Accordingly, a food processor will create unlabelled products. Labeling will only be completed after the sales order is received and confirmed.

Because of their extended shelf life, cooked, canned goods lend themselves well to this type of production. Sealed aluminum cans remain on an inventory shelf for up to twelve months while waiting for labeling. Hence, the terms, "brite stock" or "shiny stock" were created to refer to this type of stock. To be able to accommodate requirements lot and sublot tracking must extend and be maintained within the brite stock. Also, the manufacturing process must be able to be separated into two stand alone, independent processing runs. One would be for the production run to make the brite stock and a second, a packaging run to label and ship the product.

SOURCE:
http://www.technologyevaluation.com/research/articles/process-manufacturing-industry-specific-requirements-part-one-introduction-17302/

The Challenges of Defining and Managing Governance, Risk Management, and Compliance

While the cost of noncompliance is reason enough to motivate enterprises to be more vigilant in their business practices, enterprises can in fact capitalize on the regulations they face. Companies should view compliance as a way to improve their internal business processes across the organization. To do this, companies must take a holistic approach from top down, and harness the strategic software category of governance, risk management, and compliance (GRC). However, this may be easier said than done. So why might a holistic approach to GRC be difficult to achieve?

As discussed in SAP Solutions for Governance, Risk, and Compliance, much of the value creation and innovation within companies takes place as a consequence of the intricate relationships between people, processes, and systems—all of which are, as a rule, patchy across different organizations, functions, and geographies. This fragmentation can hold any enterprise back in a number of ways:

* Organizational fragmentation caused by disconnected, department-driven GRC activities customarily results in inconsistent policies, difficulty in predicting risk, a lack of enterprise transparency, and duplication of effort. As enterprises increase collaboration with trading partners, the consequences of having no central body coordinating GRC activities enterprise-wide intensify because most legislation holds them accountable for good governance and compliance within their own organization, as well as across the extended enterprise (supply chain).

* Most businesses lack GRC information integrity because their departments use different metrics, standards, software, and methodologies for analyzing risk and compliance information. This system fragmentation makes it difficult to aggregate data; gain a complete view of enterprise-wide risks; effectively monitor these risks and compliance; and adjust business processes to meet changing requirements, market trends, and regulatory mandates.

* Policies and risks are generally defined and measured at the local geographic level, without proper consideration for their impact on the global, multinational, national, or regional mandates with which an organization must also comply. Decision makers are often unaware of the interdependencies between mandates and the risks of noncompliance in specific regions and markets, whereby one region's risk might be another one's opportunity.

* Internal GRC discipline fragmentation is also an issue, since at the corporate level, as well as the departmental or regional levels, there is general uncertainty around the meaning and scope of the disciplines of GRC. Most important, the management team may not recognize that these disciplines are inextricably linked and interdependent, and as a result, must function interdependently instead of as part of an integrated strategy.

To be successful, companies have to align their corporate strategies with more effective oversight and institutionalized policy setting, risk management, and business process control. The only way to accomplish this goal is through an overall approach to GRC that unifies the above fragmented areas. Only then can a company hope to capture new information about emerging threats and opportunities, and exploit them for competitive advantage.

According to AMR Research, approximately two-thirds of compliance cost is attributable to people. This is because fragmented GRC efforts tend to result in "people-powered GRC" (or inefficient, manual processes that are duplicated across departments). Of even greater significance might be the lost opportunities that result from a tactical, fragmented approach to managing GRC. Without a comprehensive and cohesive GRC strategy, companies are deprived of a means to effectively navigate today's highly regulated (and ever-changing) business environments, as well as of a critical driver of revenue and competitive advantage.

Therefore, a multiplicity of government regulations, growing pressure from financial markets, and increasing demands from stakeholders have renewed the focus on GRC. Some forward-thinking organizations no longer see GRC as discrete, project-based activities managed as separate functions. Rather, they are adopting an overarching GRC strategy that guides people, standardizes processes, and unifies technology to embed GRC at every organizational level. That is to say, in the face of shifting industry conditions, compliance mandates, and governance requirements, companies need to take a broader, more structured approach to managing GRC to proactively identify and forecast inefficiencies and errors, adopt a risk-based approach toward embedding controls in business processes, and continuously monitor operations to optimize and guide future policy (see SAP Solutions for Governance, Risk, and Compliance).

To manage information technology (IT) and business risks at all levels of the organization, GRC's integrated solutions must be capable of monitoring business processes and IT controls automatically. Not only should an integrated approach offer top executives an actionable dashboard showing a more complete and more accurate risk profile of the company, but it should also detect high-risk events, and prioritize risk responses and corrective or, even better, preventive action.

This is the final part of a series on how various industries address compliance issues. For more information, please see previous parts of this series: Thou Shalt Comply (and More, or Else): Looking at Sarbanes-Oxley , Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management , Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg , Automotive Industry and Food, Safety, and Drug Regulations , "Evergreen"—Environmental Regulations for High-tech and Electronics, Chemical, and Oil and Gas Industries , and Global Trade and the Role of Governance, Risk Management, and Compliance Software.

GRC Defined, Starting with the Central Repository

Delving deeper into the individual GRC components, governance entails the oversight role, with the idea of setting strategic objectives the company wants to pursue, and then managing these. To that end, governance typically relies on a repository to centrally manage all GRC content, guide governance strategies, and improve business performance.

Such a repository should centrally document and store records to streamline and manage GRC content, including control frameworks; corporate policies and procedures; regulations; industry mandates; business process flows; risk libraries; control libraries; test plans; evidence for compliance; etc). In other words, the central repository should enable consistent, effective, and efficient coverage of regulatory content (that is, frameworks, laws, internal company policies, etc.) by providing visibility into related requirements. Companies can then cross-reference their organizational policies and procedures with regulatory requirements to ensure compliance.

The key to a central repository is in centralizing and managing GRC content from multiple sources, and in its ability to model business processes and document associated objectives, risks, and control activities. Also important is the library of configurable business rules, business process controls, and IT controls to ensure proper segregation-of-duties (SOD), business process controls, and environmental and global trade compliance.

By harnessing a well-populated GRC repository, companies should benefit from enterprise-wide visibility into all GRC activities. This visibility should allow companies to analyze risk, make more informed decisions, and take a risk-based approach to satisfying multiple company initiatives and regulatory mandates.

In addition, users should be able to link these risks and controls to multiple security and control frameworks, such as the Committee of Sponsoring Organizations (COSO), the IT Infrastructure Library (ITIL), or the Control Objectives for Information and Related Technologies (COBIT), and to US mandates like the Sarbanes-Oxley Act (SOX) and the Food and Drug Administration (FDA) regulations. The repository often also enables adherence to official product classification schemas such as the US Harmonized Tariff Schedule (HTS) and the Export Control Classification Number (ECCN), which is issued by the Bureau of Industry and Security (BIS) for shipments that require an export license.

To illustrate the transformative power of a central GRC repository, consider all the necessary SOD needs defined within all pertinent compliance solutions. These SODs would then include access and authorization control applications that are integrated with the GRC repository application. This way, all of an organization's policies, initiatives, and regulations that require proper SODs (or, alternatively, that need appropriate definition and assignment of compensating controls) would be automatically documented within the GRC repository, complete with links to the appropriate access controls for automated monitoring. By doing so, the enterprises should be able to take advantage of opportunities that they might not have noticed before to improve efficiency and transparency, optimize risk-and-return portfolios, and increase business predictability by rationalizing controls and risk responses across the enterprise.

… Which (Ideally) Manages All Conceivable Risks

Risk management applications provide frameworks for identification of risk; analysis of potential impacts and appropriate responses; and the monitoring of mitigating actions and reporting—all in a structured manner. When implemented holistically, more effective risk management practices should be able to improve decision making and create significant value throughout the enterprise.

But too often, actual risk management practices are reactive, theoretical tasks performed in departmental silos, and these practices overlook critical interactions between risks. At the same time, because risk management is often regarded as a theoretical exercise with no practical methodology, organizations are not equipped to recognize critical risks; to analyze risk-reward trade-offs; and to respond appropriately based on quantitative cost and benefit analysis metrics. The idea is thus to deploy appropriate risk management applications, and implement proactive, collaborative processes throughout the entire enterprise. Such applications will enable companies to balance new business opportunities with financial, legal, and operational risks.

A full-fledged risk management application suite should provide a best-practice framework for enterprise risk identification, collaborative risk analysis, risk-response management, and continuous risk monitoring and reporting. Such an application suite should help users to effectively anticipate and respond to changing business conditions. The applications should also ideally include executive-level, personalized dashboards, scorecards, and reports that provide users with visibility into key risk metrics and policy compliance.

The aim is for users to be able to monitor the overall risk portfolio, including cohesive, global profiles of operational and entity-level risks ("heat maps"), and then to analyze risk in terms of severity and impact on a monetary and qualitative basis. Furthermore, users should be able to balance the costs of risk avoidance against new business opportunities. They should also be able to alert management when high-impact and high-probability risks exceed company-specific thresholds, and to prioritize corrective action using role-based dashboards and alerts.




SOURCE:
http://www.technologyevaluation.com/research/articles/the-challenges-of-defining-and-managing-governance-risk-management-and-compliance-18919/

How Can Insurance Carriers Retain and Reward True Producers?

Not long ago, we published an extensive report on Callidus Software (NASDAQ: CALD), a leading San Jose, California (US)-based provider of on-premise and on demand sales performance management (SPM) and enterprise incentive management (EIM) solutions for global companies across multiple industries (see Enterprise Incentive Management Leader Responds to Market Demands). The vendor's products allow large enterprises to strategically and holistically manage incentive-based compensation, establish sales quota targets, and align territories, which often result in improved sales and distribution performance (see Sizing the Enterprise Incentive Management OpportunityAnd the Challenges Ahead). Some of the vendor's high-profile customers or partners include 7-Eleven, Accenture, CUNA Mutual, Hewlett Packard (HP), IBM, Philips Medical Systems, Sun Microsystems, and Wachovia.

Since the time of our report, Callidus has been prospering, with continued growth and burgeoning customer wins (including several within the on demand space), a steadily improving profit and loss picture, and the forming of a strategic partnership with SAP. To this end, Callidus TrueComp and Callidus TrueInformation products have joined the privileged few on the list of "SAP-endorsed business solutions." Add to this good news the first Callidus-SAP win at Safety-Kleen; the largest Callidus user conference thus far (with about 500 attendees); an agreement with a provider of sales resource optimization software, the TerrAlign Group (www.terralign.com), to deliver the Callidus Territory Optimization solution; and finally, the launch of virtual training capabilities for Callidus users, the vendor has good reason to be upbeat.

TerrAlign developed the world's first desktop-based territory optimizer almost two decades ago for a leading pharmaceutical company, and is now the first and only software vendor to deliver a territory alignment and optimization solution on salesforce.com's Apex platform. TerrAlign also provides strategic services that include promotional response modeling, field force sizing, account profiling, call planning, territory optimization, and territory realignments.

This alliance and the resulting Callidus Territory Optimization product have broadened Callidus's product offerings to address the critical elements of effective SPM: territory, quota, and compensation management, as well as modeling and analytics (such as major realignment simulations, ongoing territory maintenance, what-if modeling, opportunity leveling, etc.). Owing to its integration with the flagship Callidus TrueComp product, this new offering aims at maximizing sales performance by optimizing territories and account assignments, assigning the "right" quota, and providing comprehensive geographic sales insight. This territory coverage, which is more efficient, should benefit customers with increased sales revenues and market share, decreased travel costs, and reduced turnover.

However, the vendor is not resting on its laurels. Callidus has recently shown its intent to oblige its customers within certain industries that have specific requirements. Callidus now has nearly $80 million (USD) in revenues and about 120 global user corporations across multiple industries as clients. These industries include retail banking (22 percent of the install base); insurance (21 percent); manufacturing, high tech, and life sciences (23 percent); retail and distribution (12 percent); and telecommunications (the remaining 22 percent of customers). Although Callidus's products can serve the pay-for-performance program needs of virtually all companies, the vendor has focused principally on the above six key market segments.

Covering All Horizontal SPM Functional Bases

Across any industry, the scope of SPM and EIM covers the planning phase. During this phase, sales and channel managers should be enabled to model and allocate quota and territory targets, with sales and finance managerial teams implementing and executing the sales plans, while sales representatives have to understand the plan. In short, the idea of this phase is to align incentives more closely to the direct sales force and channel objectives, ultimately contributing to the company's goals of profitability and increased revenues.

Then comes the execution phase. Sales and channel managers have to now gain the insight and understanding of the actual sales performance. With the sales force monitoring its own performance (and conducting its own calculations), the sales and finance teams have to resolve any issues that occur (often discrepancies between these teams' versions of the truth). This phase is where the "rubber meets the road," and the idea is to quickly and successfully launch new products into the market and to motivate the sales force to sell both the new and the existing (often cash cow), mature products. The goal, again, is to increase revenues, eliminate overpayments to the sales force and channel, and minimize (if not eliminate) disputes within the channel.

Last but not least is the visibility phase. Sales and finance teams must analyze the incentives' performance and understand the revenue performance and quota opportunities. For instance, if sales are lagging mid-quarter, the managers can simulate how to drive sales and change the incentives, and thus make strategic decisions that are more sound so that they are able to identify what factors effectively motivate the sales team. The idea is to also eliminate the so-called phenomenon of "shadow accounting" that results from a lack of visibility and the consequent mistrust between the sales representatives and payroll staffers (see Are Sales Incentives Even in Tune with the Corporate Strategy?).

To meet the (often conflicting) needs of sales management, financial managers, and sales forces, Callidus offers a number of modules within its broad SPM product suite. For instance, on the planning side are self-explanatory products like Callidus Quota Management, Callidus Territory Management, and Callidus TrueComp Modeling (for forecasting purposes). By embedding Hyperion performance management software, Callidus Quota Management aims at making quota creation and management easier by enabling sales and finance executives to identify and assign fact-based quota targets based on a multidimensional analysis of past sales, territory potential, growth, and quota performance data from the Callidus TrueComp Datamart. An accurate quota target can be created for a suitable sales executive in the appropriate territory at the right time by building multiple top-down and bottom-up quota allocations and roll-up what-if scenarios, and then by comparing them via side-by-side views and variance analysis.

The visibility phase is covered by Callidus TrueInformation (for sales transparency) and Callidus TrueAnalytics (for sales incentive insights). TrueInformation is the reporting component of the overall Callidus TrueComp Enterprise solution, and serves to distribute goal and achievement information to the extended enterprise by being a self-service, scalable, Web-based production reporting application for incentive compensation systems throughout an organization. The Callidus TrueAnalytics suite offers sales, marketing, and finance executives and analysts the strategic insight and ad hoc analysis capabilities they need to drive sales performance. The solution consists of graphical dashboards that can be configured to enable sales, marketing, and compensation professionals to monitor, analyze, and explore multidimensional elements. Such elements include sales performance by region, team, product, or channel; customer growth; and sales incentive costs.

The remaining execution phase falls to Callidus TrueComp Manager (for incentive plan agility in terms of quick and easy re-creation of compensation plans) and Callidus TrueResolution (an efficient workflow management solution). For example, Callidus TrueResolution is a rule-based application that aims at streamlining and automating the resolution of incentive compensation disputes. This reduces the associated cost and diversion of management and sales resources. The software automates functions such as changes, transfers, and splits to territory assignments; quota adjustments; organizational changes; and payee information updates. The application also allows sales professionals and business partners to submit and track their claims through a Web-based, self-service workflow process. It enables sales professionals to request updates to compensation data such as sales credit, compensation, quota, and organizational changes, and compensation issues can be resolved quickly compared to doing so using manual-, e-mail-, and telephone-based systems.

The huge volume of sales and incentive data and transactions must be integrated bidirectionally with such systems as sales order management, human resources (HR) and payroll, general ledger (G/L), accounts payable (A/P), sales force automation (SFA), and so on. In industries that rely heavily on indirect channels with a vast number of distributors, resellers, brokers, dealers, agents, etc., the situation is much more complicated. The issue of mistrust and claims of underpayment (or overpayment) are only compounded in a value chain of independently run entities, especially when there is a lack of visibility. Possibly the best example is the highly regulated insurance space (especially life insurance), whereby insurance carriers have to closely track the credentials (licenses, accreditations, appointments, etc.) of distributors, brokers, or dealers (all commonly referred to as producers), and provide integration to agency management systems.

Solving Insurance Incentives' Pain Points

Delving deeper into the requirements of some of its target industries, in mid-2007, Callidus unveiled Callidus TrueProducer, the first producer and distribution management software solution specifically designed for the insurance industry's unique product, regulatory, and organizational issues. TrueProducer is engineered for large and midsize insurance carriers that have extensive independent distribution channels or numerous captive (exclusive) or non-captive agents. Informally referred to as a channel manager solution (and in tune with partner relationship management [PRM] conceptssee What Does the Future Hold for PRM?), TrueProducer is Callidus's first industry-specific application. The insurance industry is the vendor's single most important sector; Callidus has more marquee insurance customers than anyone else in the market. While the product is useful in most sectors of insurance (property and casualty, for example), it is most needed in the life insurance area.

It might be useful at this point to analyze typical producer administration business processes throughout the three major SPM phases mentioned previously. Namely, during the planning phase, life insurance carriers have to sign up, or "on-board," a producer to sell their products, and design multiple and interlocking contract payment hierarchies and schedules (which are subject to the ever changing roles of producers and carrier product bundles).

Traditionally, on-boarding a new producer entails a number of time-consuming manual tasks. It starts with a producer filling out a carrier request form and signing a contract. After the producer is able to provide valid license information and other necessary credentials (such as appointments, education level, etc.), the carrier can then request an appointment for a new producer at a regulatory state institution or agency, and add that producer to its policy administration system. Most of the information needed is the producer's demographics data (that is, the producer's name, ID number, date of hire, address, e-mail address, etc.), the contract information data (relationship and payment schedule), and license and appointment data, which can be captured manually or, ideally, automatically.








SOURCE:
http://www.technologyevaluation.com/research/articles/how-can-insurance-carriers-retain-and-reward-true-producers-19050/

Attributes of Sarbanes-Oxley Tool Sets

The Sarbanes-Oxley Act (SOX) placed new requirements on American companies to ensure the integrity, reliability, and accuracy of financial reporting and corporate disclosures. While you could do this on your own or manually, why reinvent the audit controls wheel? Automated tool sets and repositories to facilitate SOX compliance are available in ample numbers. But like any piece of software, you have to know what to look for to meet your organization's expectations and avoid disappointments. This research note examines critical attributes of SOX tool sets, discussing how you can utilize them effectively to maximize the return on your investment of time and money.

Part One examined the first three components of the COSO Integrated Framework relative to selecting a SOX tool set.

Part Two discusses the information and communication, and monitoring components from a similar perspective and provides some tips for kicking off the tool set selection process.

What is COSO?

COSO stands for Committee of Sponsoring Organizations of the Treadway Commission. It is a voluntary private-sector organization dedicated to improving the quality of financial reporting through business ethics, effective internal controls, and corporate governance. The Securities and Exchange Commission (SEC) ruled that management must base its evaluation on a suitable, recognized control framework established by a group that has followed due-process procedures, including the broad distribution of the framework for public comment. Furthermore, the SEC points out in its final rule that the COSO Internal Control—Integrated Framework, which is depicted in the three-dimensional diagram to the right, satisfies this requirement. Accordingly, the majority of organizations have adopted this framework as the basis for compliance with Section 404 of SOX, namely Management Assessment of Internal Controls.

When evaluating SOX tool sets, doesn't it make sense to determine how well the proposed software satisfies critical components of the COSO framework? Of course it does. The remainder of this note examines the five components of the COSO framework, outlining the key characteristics and attributes you should consider in selecting a SOX tool set. Specifically, these components include:

* Control environment

* Risk assessment

* Control activities

* Information and communication

* Monitoring

A brief description and introduction, as denoted in italics, is provided of how each component will assist in achieving internal control objectives as depicted in the second dimension (top level view) of the framework. These control objectives provide for the following:

* Obtaining the efficiency and effectiveness of operations in meeting business objectives to include performance and profitability goals

* Ensuring the accuracy and reliability of financial reporting

* Verifying compliance with applicable laws and regulations

The third dimension (front to back view) of the framework includes the units and activities of an organization to which internal controls pertain. Internal controls are relevant to an entire organization and to any of its units, activities, and processes. Accordingly, you must apply internal controls uniformly across an organization's units and activities. This characteristic is common to all components and is mentioned here to ensure that you can integrate the selected SOX tool set into all levels of an organization and equally apply it in a top-down approach. It would make little sense to have a tool set that could only operate at a corporate level without being able to deploy it at a division or apply it to a process. As with any software selection project, the decision makers must be comprised of a diverse cross section of an organization's users to achieve this characteristic.

Information and Communication

The information and communication component of the COSO framework consists of processes and systems that support the identification, capture, and exchange of information in a form and timeframe that enable an organization to perform their responsibilities. Simply put, this means providing the right information to the right people, at the correct level, on a timely basis. Similarly, communication processes must be in place to permit people to discharge their responsibilities.

First and foremost, the SOX tool set must be able to model the performance of the organization to include the specific processes used to generate or contribute to the financial reporting of the organization. In so doing the tool set can then support real time activity audits. Just as you would map your manufacturing processes when selecting an ERP package, you must identify these critical financial processes sufficiently to verify that a reliable electronic image of your business can be defined in the tool set.

It stands to reason that your accountants need to verify that the tool set is in compliance with GAAP. Failed audits need to be highlighted for immediate follow-up. Reconciliation procedures must reside in the tool set to provide immediate notification regarding audit failures. The ability must exist to lock down the approved tool set to prevent unauthorized alteration to the model.

Finally, the tool set should be able to support the audit function in the following ways:

* Be "resource-centric" and understand corporate resources and relationships.

* Audit the administrative systems underlying business operations.

* Audit manual transactional input of transactions and support operations reviews and individual transaction processing.

* Integrate with other systems (such as the inventory management system) and cross-check the system counts against individual transactional processing product accumulations.

* Support internal and external audits by providing detailed logs of each transaction and the results of the business-model audit. The system will check every transactions, every resource and will be able to provide statistical sampling when needed for operations and personnel reviews.

* Log each activity that takes place as a record of accounting events and transactions.

* Provide alerts or warnings for appropriate internal management of activities not meeting the business model or new regulations coupled with instantaneous reporting and documentation of these alerts/warnings.




SOURCE:
http://www.technologyevaluation.com/research/articles/attributes-of-sarbanes-oxley-tool-sets-part-two-information-and-communication-monitoring-and-startup-tips-17127/

The Strategic Importance of Asset Management Part Two: Implications

The changing attitudes, understandings of physical assets, and market conditions bring a broad array of implications for those responsible for asset management. The majority of these can be explained as "new accountabilities." Many of these are accountabilities leveled at, or within, corporations themselves. However many will also be directed at the individuals taking or overseeing these decisions, often with daunting consequences for failure.

New Levels of Accountability

As previously highlighted, asset managers are beginning to find themselves increasingly called to account for the decisions that have been taken.

Decisions will increasingly be judged against:

* Higher standards for legislative and regulatory compliance

* Increased understanding of the role of assets in areas of productivity, cost, and quality

* Risk of damage to the corporate image of the company

* Failures to adequately understand production needs

* Failure to accurately determine capital planning requirements, based on current physical assets and future requirements

This leads to two conclusions. Firstly those responsible for taking decisions regarding physical assets need to have a deep understanding of all of the issues and implications of those decisions, as well as the necessary authority to act on them.

Secondly it will require the ability to adequately defend decisions taken. Not only in terms of considerations internal to the company, but also in terms of defence in the case of potential legal actions. It is this second conclusion that has the most impact for maintenance managers of the future.

The ability to state that asset management decisions are defendable is paramount. This means that they have been taken by qualified and experienced people; in a manner that is in line with internationally accepted standards on the issue; and in a manner that provably complies with the first two premises. That is to say, a manner that is totally auditable.

Although these may stretch into many areas of corporate management, there are three "in vogue" elements of today's market that are particularly of concern.

They are:

* ERP/EAM decision making and management

* Outsourcing of asset management functions

* The use of call centers as viable asset management tools


This is Part Two of a three-part note.

Part One discussed changing attitudes.

Part Three will present a new framework for asset management.

The EAM/ERP Market

Asset management, or enterprise asset management as it is often referred to within this industry, is one of the areas where there has been a definite decay in the decision-making process.

Although this area is by far the most expensive of the current range of solutions in asset management, it is easily the most misunderstood and counter-productive in many cases.

Prior to 2003 many maintenance systems were implemented as a result of an ERP implementation. A logical follow on to what has been considered the "main game" (often financial, supply chain, or information technology related). Decisions within this area have frequently been taken, or managed, by people with little or no true depth of knowledge in the asset management arena.

Even in organizations where the importance of asset management is understood those with a background in IT or finance, or other unrelated disciplines, are often responsible for these types of projects. As well as the decisions involved in executing the projects.

As has been explained earlier, the area of maintenance management is an area that is complex and not guided by recognized "common-sense" judgements. It is not an area that is easily nor rapidly understood by those outside of the discipline. While the use of quasi-experts may be sufficient in other areas of corporate activity, in asset management the stakes are simply too high.

Even in the most cavalier of boardrooms the corporate risk associated with this dangerous practice is becoming recognized. In the years that follow 2003, as accountability continues to be a marked factor of asset management, previous decisions will increasingly need to be revisited by those with the knowledge and depth of experience to do so.

This marks a dramatic change in the structure of this market sector. Decisions regarding selection, implementation, and post-implementation management must become more focused on the true areas of asset management.

Previously "requirements" were attached to processes currently in place, or more often a proposed future state of processes. As we move forward, this will become driven more by the requirements that companies have of their physical asset base, in order to achieve strategic advantages within their markets.

Outsourcing in Asset Management

Outsourcing has become one of the catch-cries of those offering solutions and regimes aimed at lowering direct costs. In some areas this may be relevant. Within the area of physical assets there are some major considerations that first need to be taken into account.

Regardless of who has been delegated the responsibility for maintaining the asset base, there is still only one asset owner. That is the corporation that operates and owns the assets. So while it remains possible to delegate responsibility, it is still not possible to delegate the legal ramifications of these responsibilities. This has been shown dramatically in the recent events, previously mentioned, in the United Kingdom.

This indicates that there are at least two areas of asset management that need to be retained under the strict control of the asset owners.

Firstly, is the judgement as to what should be done. The determination of exactly what maintenance regimes should be applied in order to comply with the corporate requirements of the physical assets. The asset owners are the only ones that can do this successfully as they are the only ones with full knowledge of the corporate objectives in this area.

Secondly, there is a need to retain control, in some form or other, over how things should be done. This can better be explained as the standards to which a task must be completed, as well as the dates within which a task must be completed.

Contracts for outsourced maintenance cannot be managed on the basis of merely handing over assets or a series of tasks to be managed. The execution of many tasks, derived in response to the asset requirements, have small tolerances for execution They are driven by the way in which a piece of equipment fails as well as the consequences of that failure.







SOURCE:
http://www.technologyevaluation.com/research/articles/the-strategic-importance-of-asset-management-part-two-implications-17139/