SlideShare a Scribd company logo

Sarbanes-Oxley Implications for Supply Chain

Scott Sykes, profile picture
Scott Sykes

1) The document discusses how the Sarbanes-Oxley Act (SOX) impacts supply chain management and presents opportunities for companies. SOX compliance places supply chain processes and IT applications at the center of discussion. 2) It notes that while SOX compliance is costly, it can be viewed as a catalyst to establish better governance, improve processes, and gain competitive advantages through a strategic rather than just tactical approach. 3) The presentation provides suggestions such as engaging supply chain leaders in SOX efforts to influence outcomes and identifying process improvement projects to undertake.

1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Sarbanes-Oxley and Your Supply Chain: Is SOX the “compelling event” many of us have been waiting for in the SCM community??? Scott R. Sykes Senior Principal SAP Charlotte, NC
Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
Context: SOX touches every corner of the enterprise ” You there, in the Executive Suite…. ...Take off your clothes." ” If you’re going to be naked … … you better be buff!” The business process and information technology implications of the Sarbanes-Oxley Act of 2002 have been characterized as replacing Adam Smith’s “Invisible Hand” with Uncle Sam’s “Index Finger…” Our Call to Action : How can we turn an unpleasant reality into a force of good and opportunity?
Context: Scandals accelerated a process already underway While it is true that the financial shenanigans of Enron, WorldCom (and others) served as visible catalysts for what ultimately became the known as “SOX,” the reality is that there was a subcurrent in the business sector already building with respect to openness, clarity and better reporting.
The Punchline: SOX is an SCM “Gotcha” Connecting the dots from SCM back to SOX Compliance puts SCM on the C-Suite Agenda … let’s be bold and play that card… SCM Professionals are going to get sucked into the SOX Projects sooner or later anyway! Meeting the compliance requirements for controls and documentation places Supply Chain Processes and SCM Information Technology applications squarely in the center of this discussion The challenges that Sarbanes-Oxley presents to our executive leadership teams creates a moment of opportunity to bring additional C-Suite attention and focus to supply chain management If you’ve had an SCM IT project sitting on the back-burner due to business case challenges, or resource constraint limitations, now is the time to dust off that recommendation report and re-submit your proposal
Context: The Supply Chain “Gotchas” in SOX Report on the adequacy of internal controls Financial reports must contain adjustments found by auditors The CEO and CFO must certify financial reports Establish procedures for confidential, anonymous complaints Requirements 404 401 301 Section The language that the Congress could settle upon to quickly get the legislation to the President’s Desk was unfortunately open-ended and vague, causing “ripple effects” in the business community that are still undulating today 24 months after the laws went into effect. “… to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes…” 302 Vague? Extends legislation beyond attestation to the numbers to also include a sign off on the control systems that fed those financial reports. “… the nature and characteristics of a company’s use of information technology in its information system affect the company’s internal control over financial reporting.” Public Co. Accounting Oversight Board (Auditing Standard 2003-017) October, 2003 The SCM Implication: Section 404, coupled with the adopted auditing standards places SCM processes squarely in the SOX crosshairs .
Context: The Supply Chain “Gotchas” in SOX The Congressional ambiguity of the initial legislation has created an extremely “noisy” software industry environment, a confused SCM environment, and an extremely conservative auditing environment. “ SOX compliance in a box” “ SOX in 90 days” “ Free SOX with your next upgrade…” Software Environment The rapid death of Arthur Andersen after the Enron case has created an extremely conservative compliance environment. As one compliance officer was recently quoted, “No external auditor wants to take the starring role in Enron II.” Auditing Environment What if my Asian supplier doesn’t use systems to track their production, packaging, and shipping processes? What do you mean I have to pre-pay my production capacity buys in Asia so that Finance has visibility to future obligations? What if I don’t know which carriers handle each leg of a global multi-modal shipment? We chose to outsource that process so we wouldn’t have to document and manage the processes! Now I have to do what? With what resources? By when? Huh? SCM Environment
Context: The Supply Chain “Gotchas” in SOX The Congressional ambiguity of the initial legislation has created an extremely “noisy” software industry environment, a confused SCM environment, and an extremely conservative auditing environment. “ SOX compliance in a box” “ SOX in 90 days” “ Free SOX with your next upgrade…” Software Environment The rapid death of Arthur Andersen after the Enron case has created an extremely conservative compliance environment. As one compliance officer was recently quoted, “No external auditor wants to take the starring role in Enron II.” Auditing Environment What if my Asian supplier doesn’t use systems to track their production, packaging, and shipping processes? What do you mean I have to pre-pay my production capacity buys in Asia so that Finance has visibility to future obligations? What if I don’t know which carriers handle each leg of a global multi-modal shipment? We chose to outsource that process so we wouldn’t have to document and manage the processes! Now I have to do what? With what resources? By when? Huh? SCM Environment Supply Chain Complexity combined with the tightening regulatory environment will play “Gotcha” on Somebody… “ A typical cross-border shipment…changes hands more than ten times, involves completing and filing about 35 documents, interfacing with about 25 parties, and being in compliance with over 600 regulations and 500 trade agreements that are constantly changing.” Source: ARC Advisory Group: “ Linking Supply Chain Security with Sarbanes-Oxley and the Bottom Line” (2004-August)
Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
Challenges: The Cost of Compliance & the Software Landscape The numbers vary significantly depending upon a few key variables (# facilities, # ERP instances, # of trading partners, # SKUs, etc.), but the key take-away is that irrespective of where you reside, or what industry sector you compete in … this is going to be costly, and resource intensive. Staffing increases Consulting fees Audit fees Legal fees Director fees Insurance premiums Incremental Technology Infrastructure Incremental Applications investment On-going incremental due diligence costs Cost of SOX Compliance ~ $1M for every $1B in revenue Source: Financial Executives International Research -- Software “Suspects” -- -- Cost Elements -- “ Niche” Players by the 100’s
Challenges: The Cost of Compliance & the Software Landscape Strengths Challenges Suite of Apps (SCM written to integrate to Financials) Scalable Infrastructure Compliance Apps Developed for new SAP Product Release (Netweaver Platform) -- requiring customers to do an upgrade to use applications Suite of Apps (SCM written to integrate to Financials) Scalable Infrastructure Prerequisite for an Oracle Database. More Money than God Windows and .Net Platform Positions Miniscule Business Applications presence for Public Co. Financials and SCM Operations Platform Independent Trusted Advisor role to clients No applications of their own Price and Speed to Market No “legacy” footprint to contend with in developing a “clean sheet of paper” compliance application Financial stability of start-up firms Business risk assessment of auditors assigning “bad grades” to clients with un-familiar software application brands. “ Niche” Players by the 100’s The analysis and literature on this topic points to the existing financials companies being the “safest bets” for developing and deploying SOX Compliance applications. For firms with heterogeneous landscapes, the jury is still out on whether a “forced consolidation” and standardization is in the offing … or if a “third alternative” will prevail (e.g., a separate data warehouse solution).
Opportunities: SAP Management of Internal Controls Continuous Improvement Scoping and Set-Up Document Processes & Controls Sign-Off, Prepare Certification / Internal Control Report Assess Control Design & Remediate Issues Test Operating Effective- ness Attest and Report Management Auditor CEO / CFO Internal Control Manager Org.Unit Manager Process Group Owner(s) ~ Purchasing, Logistics, Customer Service Control Owner(s) Evaluator Tester Issue & Remediation Plan Owner Internal & External Auditor SCM Plays Here.
What SAP is seeing in our business is more and more of our customers' concentration on complete business processes, such as order-to-cash. Such processes cut across business software applications and companies. As such, capturing, documenting, and controlling the macro process with accuracy and rigor is an essential part of becoming a best-in-class compliance management firm. An Example: Order-to-Cash is a primary SCM Business Process to be documented, controlled and managed for SOX Compliance Master Data Management Business Intelligence Exchange Infrastructure Enterprise Portal Auto ID Infrastructure (for RFID enabled business processes) Client-specific Custom Apps (e.g., Class II Narcotics Tracking) SAP Applications 3 rd Party Applications Multi-enterprise business processes Multi-lingual documentation requirements Multi-currency transaction flows Role-based portal views of the business process Secure access and controls Compliant and accurate record-keeping To the extent that the financial outputs of the Order-to-Cash business process are not adequately captured , stored and controlled to the satisfaction of the legislation’s guidelines, the compliance project efforts in 2005 should be creating continuous improvement priorities for 2006, 07, and beyond. This will become a “corporate DNA” initiative going forward for leading companies. Source: Werner Brandt Presentation to Morgan Stanley Conference, 2004-11-18, Barcelona, Spain RFID Transported Intelligence is in this layer
Opportunities: Use SOX Catalyst to Establish a “Platform for Better Governance” This project is not subject to the “value proposition and business case” discussions that many projects must succeed in … it is compulsory. As such, the opportunity exists to do more than “Simply stay out of jail,” but to rather use the budget and the focus to improve the operation of the business -- Representation of SAP Prescribed Scope for Best Practice Compliance -- Regulatory Capabilities within ERP FI, HR, QM, Mgmt Internal Controls, Operational Risk SAP NetWeaver Stakeholders Monitoring Disclosure C-level Executives Auto ID Infrastructure SAP and Partner Regulation Specific Composites PLM SRM CRM 3 rd Party Apps Process Integration Business Process Automation, Monitoring, Workflow Information Integration Knowledge Mgmt, Records Mgmt, Archiving, Reporting People Integration Compliance Executive Dashboard, Scorecards, Alerts Security Mgmt SCM Board
Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
Insights: Where are we now? Stakeholder Value Business Performance Just get it done approach Don’t just comply, achieve process improvements Strategic approach Gain competitive advantage Drive higher stakeholder trust
Insights: Be Proactive and Strategic for Long-Run Value Creation and Sustainable Process Improvement “ The benefits will come in the long haul, with greater credibility in the marketplace and higher stock price multiples.” -- William H. Donaldson, Chairman, SEC, December, 04 The case for a strategic investment approach: Gain process efficiencies Establish end-to-end supply chain process visibility and event documentation Bolster data accuracy Eliminate delays in reporting Lead with better insight Management credibility Increase corporate reputation Enhanced stock performance This project is not subject to the “value proposition and business case” discussions that many projects must succeed in … it is compulsory. As such, the opportunity exists to do more than “Simply stay out of jail,” but to rather use the budget and the focus to improve the operation of the business # of compliance projects Cost of compliance Tactical approach Long-run approach
Insights / Actions We have in SOX a “burning platform” business issue that creates the opportunity to turn a complex problem into an innovation catalyst. Get your SCM Leaders engaged in the SOX process, and create the platform of capabilities to ensure your ability to stay in front of this new requirement. SAP NetWeaver SOX is Driving the Sense of Urgency People mySAP Business Suite Technology Inherent Controls Configurable Controls Reporting Controls Security Controls Manual & Procedural Controls Business Objectives (Control, Certification & Risk Management) Many companies are working with SAP’s SOX solution. “ After attending the Sarbanes Oxley conference in Washington DC, I was thoroughly impressed on the thought and care SAP has put into developing the Management of Internal Controls (MIC) solution. ... In light of this, PG&E would like to become an early-adopter of the MIC tool” Peter Tam, PG&E
Insights / Actions Action Item #1 Do whatever it takes to pass the first test. Action Item #2 Identify and Prioritize the focus areas for improvement projects in 2005, 2006 and 2007 Action Item #3 Secure a permanent seat at the SOX Table for the supply chain organization Action Item #4 Deploy your senior personnel for this effort. For the SCM Organization, it is crucial that you take proactive steps in the SOX arena. If you do not do this project with Finance and IT, they will “do the project to you.” Either way, you’ll be involved… better to influence and shape the outcome to reflect your current and future SCM plans.
Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
Q & A Note: The published article on which this presentation is based is available on my website: http://www.scottsykes.com/Publication_LC_2005-02.html

More Related Content

PDF
SustainTech/ Sustainable investment technology & data framework
Lapman Lee ✔
 
PPTX
Securing big data (july 2012)
Marc Vael
 
PPT
Governance (Corporate And Technology)
Jerald Burget
 
PDF
Digital Transformation and Data Science
Matthew W. Bowers
 
PPTX
How to fix the Governance Model for the Public Sector (Government)
paul young cpa, cga
 
PPTX
Governance: The key to effecting successful Digital Transformation
Guy Pearce
 
PDF
Security in RegTech's Playground
John ILIADIS
 
PPTX
Hivos Seminar - Dar es Salaam 2010
Shujaa Solutions Ltd
 
SustainTech/ Sustainable investment technology & data framework
Lapman Lee ✔
 
Securing big data (july 2012)
Marc Vael
 
Governance (Corporate And Technology)
Jerald Burget
 
Digital Transformation and Data Science
Matthew W. Bowers
 
How to fix the Governance Model for the Public Sector (Government)
paul young cpa, cga
 
Governance: The key to effecting successful Digital Transformation
Guy Pearce
 
Security in RegTech's Playground
John ILIADIS
 
Hivos Seminar - Dar es Salaam 2010
Shujaa Solutions Ltd
 

What's hot (20)

PDF
AI and Blockchain Applications for ESG
Alex G. Lee, Ph.D. Esq. CLP
 
PDF
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
ClearedJobs.Net
 
PDF
The Internet of Things: An Overview
Ali Babaoglan Blog
 
PPTX
Vision 2030: A Connected Future
Wipro Digital
 
PDF
Creating a digital transformation vision
Ben Gilchriest
 
PDF
Le white paper de l'Ilnas sur la blockchain et les DLT
Paperjam_redaction
 
PDF
Infographic | The Growing Need for Fast, Secure Telehealth
Insight
 
PDF
Marlink IMO 2021 Guide to Cyber Risk Management
CHRIS CLIFFORD
 
PDF
2018 Insight Intelligent Technology Pulse Survey
Insight
 
PDF
What's Ahead for EHRs: Experts Weigh In
Booz Allen Hamilton
 
PDF
On Leading Digital Transformation One Page Book Summary
Alex G. Lee, Ph.D. Esq. CLP
 
PDF
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
PDF
Gartner eBook on Big Data
Jyrki Määttä
 
PPTX
Technology Innovation Trends In Insurance | Navdeep Arora
Navdeep Arora
 
PPTX
GRC– The Way Forward
Rochester Security Summit
 
PDF
8 Ways to Win Against Next-Gen Insurers
Nuxeo
 
PDF
Digital Strategy Framework for an Insurer
Tarun Pattnaik
 
PDF
Let's make money from big data!
B Spot
 
PDF
Global EHS market was valued us
Avengers Creation
 
PPTX
Digital Outlook: Healthcare Industry
Infosys
 
AI and Blockchain Applications for ESG
Alex G. Lee, Ph.D. Esq. CLP
 
Cyber Job Fair Job Seeker Handbook Oct 29, 2014, Baltimore, MD
ClearedJobs.Net
 
The Internet of Things: An Overview
Ali Babaoglan Blog
 
Vision 2030: A Connected Future
Wipro Digital
 
Creating a digital transformation vision
Ben Gilchriest
 
Le white paper de l'Ilnas sur la blockchain et les DLT
Paperjam_redaction
 
Infographic | The Growing Need for Fast, Secure Telehealth
Insight
 
Marlink IMO 2021 Guide to Cyber Risk Management
CHRIS CLIFFORD
 
2018 Insight Intelligent Technology Pulse Survey
Insight
 
What's Ahead for EHRs: Experts Weigh In
Booz Allen Hamilton
 
On Leading Digital Transformation One Page Book Summary
Alex G. Lee, Ph.D. Esq. CLP
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
Gartner eBook on Big Data
Jyrki Määttä
 
Technology Innovation Trends In Insurance | Navdeep Arora
Navdeep Arora
 
GRC– The Way Forward
Rochester Security Summit
 
8 Ways to Win Against Next-Gen Insurers
Nuxeo
 
Digital Strategy Framework for an Insurer
Tarun Pattnaik
 
Let's make money from big data!
B Spot
 
Global EHS market was valued us
Avengers Creation
 
Digital Outlook: Healthcare Industry
Infosys
 
Ad

Similar to Sarbanes-Oxley Implications for Supply Chain (20)

PPT
Fujitsu Scanners and Hyland Software Webinar Delivering Automation In The Len...
Kevin Neal
 
PPTX
SaaS Vs On Premise BI
LCWynne
 
PPTX
IT SOX 404 COMPLIANCE (1)_1689335175.pptx
RSAArcher
 
PDF
Regulatory & Compliance Account Opening
Axis Technology, LLC
 
PDF
SOA Open Source Implementation | Torry Harris Whitepaper
Torry Harris Business Solutions
 
PPT
Office Developers Conference - Financial Services OBAs
Mike Walker
 
PDF
cloud-forum-kurian-2196090copy-141218205922-conversion-gate01
Mohamed Sabra
 
PDF
Introduction to Oracle Cloud
johnnhernandez
 
PDF
Oracle Cloud Overview
Faraz Hemani
 
PDF
Peter Coffee at Southland Technology Conference
Peter Coffee
 
PPT
Soa To The Rescue
David Linthicum
 
PPT
I T E007 Warner 091807
Dreamforce07
 
PDF
"Disruption 101" Keynote Philly Phorum 2013
Peter Coffee
 
PDF
Transforming Financial Services with Event Streaming Data
confluent
 
DOCX
As an IT analyst for a company providing voting.docx
4934bk
 
PPTX
How to Bring Shadow IT to the Light
Rackspace
 
PPT
Web 2 0 To The Universal Soa
David Linthicum
 
DOCX
As an IT analyst for Ballot a company providing.docx
4934bk
 
PPT
Web 2 0 To The Global Soa Mapping The Journey 2006
David Linthicum
 
PDF
salesforce and AI, bigdata
Shen yifeng
 
Fujitsu Scanners and Hyland Software Webinar Delivering Automation In The Len...
Kevin Neal
 
SaaS Vs On Premise BI
LCWynne
 
IT SOX 404 COMPLIANCE (1)_1689335175.pptx
RSAArcher
 
Regulatory & Compliance Account Opening
Axis Technology, LLC
 
SOA Open Source Implementation | Torry Harris Whitepaper
Torry Harris Business Solutions
 
Office Developers Conference - Financial Services OBAs
Mike Walker
 
cloud-forum-kurian-2196090copy-141218205922-conversion-gate01
Mohamed Sabra
 
Introduction to Oracle Cloud
johnnhernandez
 
Oracle Cloud Overview
Faraz Hemani
 
Peter Coffee at Southland Technology Conference
Peter Coffee
 
Soa To The Rescue
David Linthicum
 
I T E007 Warner 091807
Dreamforce07
 
"Disruption 101" Keynote Philly Phorum 2013
Peter Coffee
 
Transforming Financial Services with Event Streaming Data
confluent
 
As an IT analyst for a company providing voting.docx
4934bk
 
How to Bring Shadow IT to the Light
Rackspace
 
Web 2 0 To The Universal Soa
David Linthicum
 
As an IT analyst for Ballot a company providing.docx
4934bk
 
Web 2 0 To The Global Soa Mapping The Journey 2006
David Linthicum
 
salesforce and AI, bigdata
Shen yifeng
 
Ad

Sarbanes-Oxley Implications for Supply Chain

  • 1. Sarbanes-Oxley and Your Supply Chain: Is SOX the “compelling event” many of us have been waiting for in the SCM community??? Scott R. Sykes Senior Principal SAP Charlotte, NC
  • 2. Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
  • 3. Context: SOX touches every corner of the enterprise ” You there, in the Executive Suite…. ...Take off your clothes." ” If you’re going to be naked … … you better be buff!” The business process and information technology implications of the Sarbanes-Oxley Act of 2002 have been characterized as replacing Adam Smith’s “Invisible Hand” with Uncle Sam’s “Index Finger…” Our Call to Action : How can we turn an unpleasant reality into a force of good and opportunity?
  • 4. Context: Scandals accelerated a process already underway While it is true that the financial shenanigans of Enron, WorldCom (and others) served as visible catalysts for what ultimately became the known as “SOX,” the reality is that there was a subcurrent in the business sector already building with respect to openness, clarity and better reporting.
  • 5. The Punchline: SOX is an SCM “Gotcha” Connecting the dots from SCM back to SOX Compliance puts SCM on the C-Suite Agenda … let’s be bold and play that card… SCM Professionals are going to get sucked into the SOX Projects sooner or later anyway! Meeting the compliance requirements for controls and documentation places Supply Chain Processes and SCM Information Technology applications squarely in the center of this discussion The challenges that Sarbanes-Oxley presents to our executive leadership teams creates a moment of opportunity to bring additional C-Suite attention and focus to supply chain management If you’ve had an SCM IT project sitting on the back-burner due to business case challenges, or resource constraint limitations, now is the time to dust off that recommendation report and re-submit your proposal
  • 6. Context: The Supply Chain “Gotchas” in SOX Report on the adequacy of internal controls Financial reports must contain adjustments found by auditors The CEO and CFO must certify financial reports Establish procedures for confidential, anonymous complaints Requirements 404 401 301 Section The language that the Congress could settle upon to quickly get the legislation to the President’s Desk was unfortunately open-ended and vague, causing “ripple effects” in the business community that are still undulating today 24 months after the laws went into effect. “… to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes…” 302 Vague? Extends legislation beyond attestation to the numbers to also include a sign off on the control systems that fed those financial reports. “… the nature and characteristics of a company’s use of information technology in its information system affect the company’s internal control over financial reporting.” Public Co. Accounting Oversight Board (Auditing Standard 2003-017) October, 2003 The SCM Implication: Section 404, coupled with the adopted auditing standards places SCM processes squarely in the SOX crosshairs .
  • 7. Context: The Supply Chain “Gotchas” in SOX The Congressional ambiguity of the initial legislation has created an extremely “noisy” software industry environment, a confused SCM environment, and an extremely conservative auditing environment. “ SOX compliance in a box” “ SOX in 90 days” “ Free SOX with your next upgrade…” Software Environment The rapid death of Arthur Andersen after the Enron case has created an extremely conservative compliance environment. As one compliance officer was recently quoted, “No external auditor wants to take the starring role in Enron II.” Auditing Environment What if my Asian supplier doesn’t use systems to track their production, packaging, and shipping processes? What do you mean I have to pre-pay my production capacity buys in Asia so that Finance has visibility to future obligations? What if I don’t know which carriers handle each leg of a global multi-modal shipment? We chose to outsource that process so we wouldn’t have to document and manage the processes! Now I have to do what? With what resources? By when? Huh? SCM Environment
  • 8. Context: The Supply Chain “Gotchas” in SOX The Congressional ambiguity of the initial legislation has created an extremely “noisy” software industry environment, a confused SCM environment, and an extremely conservative auditing environment. “ SOX compliance in a box” “ SOX in 90 days” “ Free SOX with your next upgrade…” Software Environment The rapid death of Arthur Andersen after the Enron case has created an extremely conservative compliance environment. As one compliance officer was recently quoted, “No external auditor wants to take the starring role in Enron II.” Auditing Environment What if my Asian supplier doesn’t use systems to track their production, packaging, and shipping processes? What do you mean I have to pre-pay my production capacity buys in Asia so that Finance has visibility to future obligations? What if I don’t know which carriers handle each leg of a global multi-modal shipment? We chose to outsource that process so we wouldn’t have to document and manage the processes! Now I have to do what? With what resources? By when? Huh? SCM Environment Supply Chain Complexity combined with the tightening regulatory environment will play “Gotcha” on Somebody… “ A typical cross-border shipment…changes hands more than ten times, involves completing and filing about 35 documents, interfacing with about 25 parties, and being in compliance with over 600 regulations and 500 trade agreements that are constantly changing.” Source: ARC Advisory Group: “ Linking Supply Chain Security with Sarbanes-Oxley and the Bottom Line” (2004-August)
  • 9. Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
  • 10. Challenges: The Cost of Compliance & the Software Landscape The numbers vary significantly depending upon a few key variables (# facilities, # ERP instances, # of trading partners, # SKUs, etc.), but the key take-away is that irrespective of where you reside, or what industry sector you compete in … this is going to be costly, and resource intensive. Staffing increases Consulting fees Audit fees Legal fees Director fees Insurance premiums Incremental Technology Infrastructure Incremental Applications investment On-going incremental due diligence costs Cost of SOX Compliance ~ $1M for every $1B in revenue Source: Financial Executives International Research -- Software “Suspects” -- -- Cost Elements -- “ Niche” Players by the 100’s
  • 11. Challenges: The Cost of Compliance & the Software Landscape Strengths Challenges Suite of Apps (SCM written to integrate to Financials) Scalable Infrastructure Compliance Apps Developed for new SAP Product Release (Netweaver Platform) -- requiring customers to do an upgrade to use applications Suite of Apps (SCM written to integrate to Financials) Scalable Infrastructure Prerequisite for an Oracle Database. More Money than God Windows and .Net Platform Positions Miniscule Business Applications presence for Public Co. Financials and SCM Operations Platform Independent Trusted Advisor role to clients No applications of their own Price and Speed to Market No “legacy” footprint to contend with in developing a “clean sheet of paper” compliance application Financial stability of start-up firms Business risk assessment of auditors assigning “bad grades” to clients with un-familiar software application brands. “ Niche” Players by the 100’s The analysis and literature on this topic points to the existing financials companies being the “safest bets” for developing and deploying SOX Compliance applications. For firms with heterogeneous landscapes, the jury is still out on whether a “forced consolidation” and standardization is in the offing … or if a “third alternative” will prevail (e.g., a separate data warehouse solution).
  • 12. Opportunities: SAP Management of Internal Controls Continuous Improvement Scoping and Set-Up Document Processes & Controls Sign-Off, Prepare Certification / Internal Control Report Assess Control Design & Remediate Issues Test Operating Effective- ness Attest and Report Management Auditor CEO / CFO Internal Control Manager Org.Unit Manager Process Group Owner(s) ~ Purchasing, Logistics, Customer Service Control Owner(s) Evaluator Tester Issue & Remediation Plan Owner Internal & External Auditor SCM Plays Here.
  • 13. What SAP is seeing in our business is more and more of our customers' concentration on complete business processes, such as order-to-cash. Such processes cut across business software applications and companies. As such, capturing, documenting, and controlling the macro process with accuracy and rigor is an essential part of becoming a best-in-class compliance management firm. An Example: Order-to-Cash is a primary SCM Business Process to be documented, controlled and managed for SOX Compliance Master Data Management Business Intelligence Exchange Infrastructure Enterprise Portal Auto ID Infrastructure (for RFID enabled business processes) Client-specific Custom Apps (e.g., Class II Narcotics Tracking) SAP Applications 3 rd Party Applications Multi-enterprise business processes Multi-lingual documentation requirements Multi-currency transaction flows Role-based portal views of the business process Secure access and controls Compliant and accurate record-keeping To the extent that the financial outputs of the Order-to-Cash business process are not adequately captured , stored and controlled to the satisfaction of the legislation’s guidelines, the compliance project efforts in 2005 should be creating continuous improvement priorities for 2006, 07, and beyond. This will become a “corporate DNA” initiative going forward for leading companies. Source: Werner Brandt Presentation to Morgan Stanley Conference, 2004-11-18, Barcelona, Spain RFID Transported Intelligence is in this layer
  • 14. Opportunities: Use SOX Catalyst to Establish a “Platform for Better Governance” This project is not subject to the “value proposition and business case” discussions that many projects must succeed in … it is compulsory. As such, the opportunity exists to do more than “Simply stay out of jail,” but to rather use the budget and the focus to improve the operation of the business -- Representation of SAP Prescribed Scope for Best Practice Compliance -- Regulatory Capabilities within ERP FI, HR, QM, Mgmt Internal Controls, Operational Risk SAP NetWeaver Stakeholders Monitoring Disclosure C-level Executives Auto ID Infrastructure SAP and Partner Regulation Specific Composites PLM SRM CRM 3 rd Party Apps Process Integration Business Process Automation, Monitoring, Workflow Information Integration Knowledge Mgmt, Records Mgmt, Archiving, Reporting People Integration Compliance Executive Dashboard, Scorecards, Alerts Security Mgmt SCM Board
  • 15. Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
  • 16. Insights: Where are we now? Stakeholder Value Business Performance Just get it done approach Don’t just comply, achieve process improvements Strategic approach Gain competitive advantage Drive higher stakeholder trust
  • 17. Insights: Be Proactive and Strategic for Long-Run Value Creation and Sustainable Process Improvement “ The benefits will come in the long haul, with greater credibility in the marketplace and higher stock price multiples.” -- William H. Donaldson, Chairman, SEC, December, 04 The case for a strategic investment approach: Gain process efficiencies Establish end-to-end supply chain process visibility and event documentation Bolster data accuracy Eliminate delays in reporting Lead with better insight Management credibility Increase corporate reputation Enhanced stock performance This project is not subject to the “value proposition and business case” discussions that many projects must succeed in … it is compulsory. As such, the opportunity exists to do more than “Simply stay out of jail,” but to rather use the budget and the focus to improve the operation of the business # of compliance projects Cost of compliance Tactical approach Long-run approach
  • 18. Insights / Actions We have in SOX a “burning platform” business issue that creates the opportunity to turn a complex problem into an innovation catalyst. Get your SCM Leaders engaged in the SOX process, and create the platform of capabilities to ensure your ability to stay in front of this new requirement. SAP NetWeaver SOX is Driving the Sense of Urgency People mySAP Business Suite Technology Inherent Controls Configurable Controls Reporting Controls Security Controls Manual & Procedural Controls Business Objectives (Control, Certification & Risk Management) Many companies are working with SAP’s SOX solution. “ After attending the Sarbanes Oxley conference in Washington DC, I was thoroughly impressed on the thought and care SAP has put into developing the Management of Internal Controls (MIC) solution. ... In light of this, PG&E would like to become an early-adopter of the MIC tool” Peter Tam, PG&E
  • 19. Insights / Actions Action Item #1 Do whatever it takes to pass the first test. Action Item #2 Identify and Prioritize the focus areas for improvement projects in 2005, 2006 and 2007 Action Item #3 Secure a permanent seat at the SOX Table for the supply chain organization Action Item #4 Deploy your senior personnel for this effort. For the SCM Organization, it is crucial that you take proactive steps in the SOX arena. If you do not do this project with Finance and IT, they will “do the project to you.” Either way, you’ll be involved… better to influence and shape the outcome to reflect your current and future SCM plans.
  • 20. Agenda Context Challenges / Opportunities Insights and Suggested Actions Q & A
  • 21. Q & A Note: The published article on which this presentation is based is available on my website: http://www.scottsykes.com/Publication_LC_2005-02.html

Editor's Notes

  • #2: Introduction Companies were under intense heat in 04, and the forecast is that it’s going to get hotter in 2005. Regulators, employees, shareholders and partners will all subject the corporation to greater scrutiny