SCM awash in compliance mandates

IT World Canada is pleased to offer research from Meta Group Inc. This content will be featured on for three months from the article’s publication date.

A vexing challenge supply chain organizations currently face is their inundation of compliance initiatives, including but not limited to the Sarbanes-Oxley Act, global trade, and health and safety. Undertaken individually, such initiatives are costly and consume valuable resources on important but low-value-adding tasks. Organizations must consider how best to organize and manage often-conflicting or overlapping compliance mandates.

META Trend: During 2004/05, external pressures to leverage new technologies (e.g., RFID, UCCnet), provide customized services, and improve visibility will drive companies to upgrade supply chain execution applications (e.g., warehousing, transportation, manufacturing). Concurrently, international trade, security, and compliance pressures will motivate companies to upgrade global trade, health/safety, and contingency planning solutions. Through 2008, companies will merge information processes among CRM, SCM, and PLM applications to holistically scrutinize demand/revenue flows across customer and product life cycles.

Governments around the world continually pass new laws placing more restrictions on how supply chain organizations manage the manufacturing, distribution, and sale of their products and services. Examples include global trade management, container security, department of transportation hours of service, environmental health and safety regulations, food safety regulations, and product material content tracking such as the European Union’s Reduction of Hazardous Substances directive. Likewise, accounting scandals have driven governments to enact laws like Sarbanes-Oxley (SOX) that force organizations, including their supply chain operations, to provide stronger financial accountability, transparency, and process controls. Indeed, each of these has its own nuances. There is no consistency across mandates, but they each have impacts on the supply chain. Organizations must find ways to address such issues with the least impact and the greatest added value to the business.

Organizations must stop addressing compliance mandates as one-offs. Creating one team focusing on environmental health and safety, another one addressing product content issues, and then one more documenting processes for SOX is far too costly and takes key people away from their day jobs. Organizations must start coordinating such efforts across compliance initiatives as much as possible.

Documenting Processes

Global 2000 organizations have spotty records in documenting supply chain process, especially as such processes extend outside the enterprise. Typically, process-documentation efforts are driven by application initiatives and less so around end-to-end business processes that might extend beyond an application. For example, an organization might be diligent in mapping the “receiving” and putting-away processes for its new warehouse management system. However, it might not put much effort into other inventory controls such as how to account for loss or damage, which might be more important to its accountants. In addition, organizations have not typically invested as much time and effort documenting extended supply chain management (SCM) processes that span multiple applications and increasingly in the current world of process outsourcing processes multiple organizations. Regrettably, too many process-documentation efforts end up in three-ring binders sitting on the credenza of an executive. Short of defining the configuration of an application, such efforts fail to become institutionalized in the day-to-day activities of the supply chain operation.

Sections 404 and 409 of SOX require that, where processes affect financial transactions, organizations must have clear definitions of what the specific processes are (e.g., cycle counting, accounting for loss or damage, receiving inventory), and what controls are or must be in place. In SCM, there are many activities that initiate or touch financial transactions, and these will force organizations to provide better process documentation and controls not only around specific applications, but also for all activities that affect transactions. Using returns as an example, organizations must consider the following questions: What is my return authorization process? What are the criteria for accepting a return? What documentation is required to support an activity like “destroy in field?” What if there are excessive returns due to a product recall or a quality issue? What is the financial impact? What controls and reporting are in place to show that these were legitimate returns and not financial shenanigans.

One of the key objectives for SOX is to reduce surprises. SOX Section 409 demands greater levels of visibility and transparency from SCM to ensure rapid disclosure of any material changes in the business. How does the business account for and manage obsolete inventory? How does it account for and manage write-offs such as pilferage and damage? How does it account for demand variances? How does it account for yield discrepancies where it is planning for 10 per cent yield loss, but all of a sudden it has 30 per cent loss? We believe process discipline is critical to supporting SOX and other compliance initiatives in SCM. In the past, it might have been okay to minimally document procedures for a given process. Now, organizations must be much more explicit in also capturing the decision criteria for taking certain actions, and they must be able to support these with the appropriate levels of reporting and control. This transparency and visibility demand that organizations have the appropriate controls in place so that senior management is aware of critical events, and that there is proper documentation to explain what happened and why.

Centralizing Command and Control

Many organizations are creating corporate-level positions like chief governance/compliance officer that are empowered to coordinate compliance initiatives across corporate entities and functional areas. Without question, there is a role for supply chain professionals to play in helping broader corporate compliance efforts. They can help identify where problems might occur in the supply chain and help develop controls that address those most efficiently. Supply chain operations must bring their various compliance initiatives under the auspices of a common organization. They should create a centralized group that coordinates activities with both the corporate compliance function and across the extended supply chain. They must do a better job of leveraging activities and people to minimize the amount of redundant effort and to avoid conflicting procedures. However, organizations must avoid creating a duplicate or redundant position in the supply chain area that believes it has a charter different from the corporate compliance group. They must work with, not against, operational areas to coordinate activities and to provide compliance expertise. They should help with documenting processes. As umbrella organizations, they should look across all initiatives and encourage information sharing and process documentation reuse and enforce consistency, quality, and discipline as much as possible.

Striving to Add Value

Undeniably, compliance mandates are first about risk mitigation and policy adherence, but smart organizations also consider leveraging compliance efforts to improve their businesses. Organizations can choose to focus process documentation efforts on capturing as-is processes, or they can use the same efforts to identify areas for process improvement. Considering the returns process, an organization might focus only on documenting the authorization and disposition process, or it might extend its efforts to include root-cause analysis to identify why return levels are high and what could be done to reduce them. As organizations put controls in place and have greater visibility into their supply chains, they will gain a greater understanding of how they can use such efforts for competitive advantage.

Business Impact: Coordinating SCM compliance initiatives and leveraging activities as much as possible will reduce cost and minimize the detrimental impact of compliance initiatives on SCM staff.

Bottom Line: Organizations must recognize that compliance initiatives and enforcement of these will only increase. The sooner they develop the means to address such initiatives most efficiently, the better it will be for their businesses. They should consider creating a group that coordinates compliance activities for SCM and that can function as a liaison to corporate compliance initiatives. They must also evolve process documentation from a narrow focus on applications and consider creating models and procedures that span end-to-end processes.


Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now