Managing the Aches and Pains of Long Cycle Times: Automating Controls for Pharmaceutical Manufacturers

One of the biggest challenges (or business pain points) for pharmaceutical manufacturers (or life sciences companies) is the long cycles that are required for research and development (R&D) and product approval. This is particularly a challenge for manufacturers of generic drugs, for which cycle times can average 20 months or more (and the full time-to-market period upwards of 12 years).

Why are long cycles a problem?

Simply put, it comes down to the familiar equation that “time = money.” More time needed means more capital spent, and manufacturers watch their bottom lines slip farther and farther away. To begin to formulate a plan to address the issue of long cycle times, it’s important to understand the factors that contribute to this challenge.

Long R&D cycles happen for a number of reasons. One is that there has been increasing need to comply with regulations, including the Food and Drug Administration’s (FDA’s) Title 21 Code of Federal Regulations (CFR) Part 11, for pharmaceutical manufacturers that are employing methods for electronic record-keeping and electronic and digital signatures.

This increasing need often means that additional administrative time must be spent on ensuring that the technical and procedural protocols are set up correctly and doing what they are supposed to do.

Another reason for long cycle times has to do with the need to ensure that all stages of product development are adequately documented for audits. Whether a manufacturer is using paper or electronic methods of data storage, there must be a reliable, consistent, secure, and accessible method of storing all documents related to the research, development, manufacture, and release of all drugs.

Every change to a document must be retained, and the integrity of the versions kept intact. For manufacturers straddling the line between paper-based and electronic methods, all paper-based documents need to be transferred and saved in digital form, a process that can require considerable time for scanning or manually entering data.

What are the business risks involved in longer R&D cycles and product approval?

Fewer products can be developed or manufactured concurrently, which means fewer products get to market. And fewer products to market can mean a decrease in the company’s in-coming cash flow (i.e. decreased profits). Additional worry may come from the fact that with this increase in time-to-market, other competing manufacturers may develop a similar drug and release it sooner, thereby further diminishing profits due to lost market share and a shortened product life cycle. A delayed or lengthened cycle time can seriously affect the return on investment (ROI) for a given new drug or product.

What can help?
A software solution that implements automated controls that address compliance issues, including 21 CFR Part 11.

How does 21 CFR Part 11 relate to product R&D and approvals?

For all of the processes involved in getting a drug to market, strict policies must be established and followed by a company regarding the use of electronic records. Each step of product R&D and approval processes must be, according to the dictates of 21 CFRR Part 11, consistent, reliable, and repeatable—in other words, each version of every document must be archived and easily retrieved for the purposes of inspection or auditing.

But this thorough documentation means that the approval process can be streamlined with automated functionality, as the time needed to send documents to the approving individual(s) will be reduced (with a centralized system, all users may have access to documents, providing they are authorized to do so according to level-specific electronic signatures; also, the system can be configured to send automatic notifications). Consequently, document turnaround time can be reduced, while the authenticity, integrity, non-repudiation, and confidentiality of documents is assured.

Furthermore, for the purposes of an audit, the automated system can aid a company by streamlining document retrieval. With a system that helps you organize and maintain accurate records of all processes, time isn’t wasted on following a lengthy paper trail of documents to ensure that changes have been authorized and tracked, and that all paper versions are now available.

However, it is very important to realize that using a software application off the shelf to automate all processes involved in electronic signatures, document archiving and change management, and tracking and auditing, will not automatically render your company compliant with 21 CFR Part 11.

You must also ensure that you configure the system so it provides you with the validation you need to be compliant—you must establish rules and policies for the application that are consistently followed so you can be assured your processes for electronic signatures and data management are compliant. Both procedural and administrative controls must be in place to ensure process compliance.

Taming the SOA Beast – Part 2

Mindreef joined the Progress Actional SOA Management product family that provides policy-based visibility, security, and control for services, middleware, and business processes. This acquisition continues Progress’ expansion of its burgeoning SOA portfolio and strengthens the company’s position as a leader in independent, standards-based, heterogeneous, distributed SOA enterprise infrastructures.

Prior to being acquired, Mindreef decoupled some plug-in features from its previously all-in-one SOAPscope Server suite.

One capability was SOAPscope Policy Rules Manager that tests compliance with rules such as whether the Simple Object Access Protocol (SOAP) and Web Services Description Language (WSDL) headers comply with the WS-I Basic Profile for Web services interoperability. Also, the feature checks whether the extensible markup language (XML) schema was formed properly, and whether the “contracts” between Web services are valid so that companies can ensure they won’t break at run-time because of faulty logic.

Another plug-in, called Load Check, provides a pre-test simulation of the system’s performance. The underlying idea was to mitigate the bad practice that, when developing Web services-based applications, the load or performance testing tends to be an afterthought that is often compensated for by purchasing extra hardware after the fact and at a hefty price.

Progress Actional + Mindreef

Like its parent, Mindreef has always designed its products as a good fit for third-party IT governance solutions, with the ability to check on whether Web services are well formed and remain consistent with business policies.

Progress does not release the number of customers it has for specific products or as a corporation, although it admits to gaining access to more than 3,000 of Mindreef’s customers at more than 1,200 organizations worldwide. The ideal customers for the combination of Progress Actional and Mindreef SOAPscope are those seeking full life-cycle quality management of their SOA environments, ranging from design through operational deployment.

Mindreef SOAPscope is a recognized testing and validation software product for SOA services at the design stage, while Actional is the market leading SOA management, validation and monitoring software for operational SOA. Thus, the combination of the two provides a solution that is likely to be the first in the market to address the entire SOA lifecycle with SOA quality, validation, and runtime governance.

Progress Actional and Mindreef provide a deep level of SOA management, testing, validation and run-time governance functionality, but not all organizations that have begun implementing SOA environments recognize the need to implement that functionality as yet. As a result, those companies that have felt the significant pain of having to diagnose why SOA composite applications have failed in order to get them rapidly back up and running, or who have discovered rogue Web services within their environments into which they have no visibility, should see the benefit of deploying Progress Actional and Mindreef.

Progress Actional and Mindreef are sold worldwide from offices in North America, Latin America, Europe, and Asia. A complete list of Progress Software offices is available here.

While hardly any player in the market currently has equal lifecycle SOA quality capabilities as the combination of Actional and Mindreef provides, traditional competitors for Actional include Amberpoint, SOA Software, IBM, Hewlett-Packard (HP), Layer 7 Technologies and Computer Associates (CA).

As for Mindreef, while it can also be hard to find a single product that functionally competes head to head with SOAPScope, some other vendors’ functionality is comparable to that found in SOAPScope. Namely, in sales situations, Mindreef sometimes runs across IBM Rational Software and HP/Mercury, and occasionally some of the smaller niche players like Parasoft Solutions, iTKO LISA, PushToTest, and Crosscheck Networks.

Forget Not about Oracle Fusion Either

The recent acquisition of the former middleware competitor, BEA Systems, has promoted Oracle into the middleware market leader, at least in the Java world. The idea behind the ambitiously broad Oracle Fusion Middleware (OFM) suite is the following:

* to enable the enterprise applications’ architecture shift to SOA
* to become a comprehensive platform for developing and deploying service-oriented enterprise applications
* to form the foundation for modernizing and integrating the burgeoning Oracle Applications portfolio

Oracle’s middleware product strategy is foremost to provide a complete (unified) and pre-integrated middleware suite that is also modular, standards-based, open, and thus “hot pluggable.” Furthermore, the strategy is to develop and deploy enterprise applications on the Internet via unifying SOA Management, business process management (BPM), business intelligence (BI), enterprise content management (ECM), and enterprise 2.0 capabilities.

The third part of the strategy, the lowest total cost of ownership (TCO), by managing systems, applications, and user identities on low cost hardware and storage systems, has been too overplayed by virtually all vendors to really ring as differentiating, but is certainly a worthwhile attempt by Oracle.

Asserting SOA Governance Competitiveness

As for the product strategy for the Oracle SOA Governance suite, as a subset of OFM, it starts with offering an integrated and complete lifecycle SOA governance platform entailing tools, service registry and repository, policy manager, monitoring console, and so on.

Additionally, the goal is to enable visibility into an organization’s service portfolio via the ability to discover, categorize, manage change, audit usage, and monitor Web services. Last but not least, as discussed in Part 1, the ultimate goal is to provide better control over the lifecycle of services by enforcing policy compliance from software development to operations.

But what really impressed me post-acquisition was Oracle’s due diligence and even (atypical) humility in admitting BEA’s advantages (e.g., in terms of Enterprise System Bus [ESB] and service mediation capabilities) and bundling it with Oracle’s established capabilities of workflow management and Web services orchestration. Other specific areas where BEA had superior technologies were Java virtual machines, transaction processing monitors and certain security products. Conversely, Oracle has products like BI, ECM and identity management, where BEA did not have products.

Accordingly, Oracle has stratified the combined Oracle and BEA middleware products into the following three groups:

1. Strategic products — BEA products that are being adopted immediately with limited re-design into OFM, since no corresponding Oracle products exist in a majority of cases. Where corresponding Oracle products exist, they will converge with BEA products with rapid integration over next 12-18 months;
2. Continued and converged products – BEA products that are being incrementally re-designed to integrate with OFM. There is gradual integration with existing OFM technology to broaden features with automated upgrades. Oracle hereby grants continued development and maintenance for at least nine years; and
3. Maintenance (a.k.a., “stabilized”) products – those products that even former independent BEA had marked as the end-of-life (EOL) ones due to limited adoption prior to Oracle’s acquisition. Oracle hereby promises continued maintenance with appropriate fixes for five years.

Translating this into the product offerings for Oracle SOA Governance, most of the Oracle and BEA products will end up in the strategic category, starting with BEA AquaLogic Enterprise Repository at the core. It is a repository to capture, share, and change manage SOA artifacts across the lifecycle, with capabilities like audit trail and metrics, service level agreement (SLAs) and policies management, rules and standards definition, WSDL and XML Schema Definition (XSD) schemas, capturing and modeling business requirements, and dependency management.

For its part, Oracle offers Oracle Service Registry, which is a standards-based Universal Description Discovery and Integration (UDDI) v3.0 registry to publish and discover Web services. Furthermore, Oracle Web Services Manager is a policy manager to define and manage security, auditing, and the quality of services (QoS) policies on Web services.

Taming the SOA Beast – Part 1

Certainly, I admit to not being a programmer or a techie expert (not to use somewhat derogatory words like “geek” or “nerd”) per se. Still, my engineering background and years of experience as a functional consultant should suffice for understanding the advantages and possible perils of service oriented architecture (SOA).

On one hand, SOA’s advantages of flexibility (agility), components’ reusability and standards-based interoperability have been well publicized. On the other hand, these benefits come at a price: the difficulty of governing and managing all these mushrooming “software components without borders”, as they stem from different origins and yet are able to “talk to each other” and exchange data and process steps, while being constantly updated by their respective originators (authors, owners, etc.).

At least one good (or comforting) fact about the traditional approach to application development was that old monolithic applications would have a defined beginning and end, and there was always clear control over the source code.

Instead, a new SOA paradigm entails composite applications assembled from diverse Web services (components) that can be written in different languages, and whose source code is hardly ever accessible by the consuming parties (other services). In fact, each component exposes itself only in terms what data and processes it needs as an input and what it will return as an output, but what goes “under the hood” remains largely a “black box” or someone’s educated guess at best.

Consequently, SOA causes radical changes in the well-established borders (if not their complete blurring) of software testing, since runtime (production) issues are melding with design-time (coding) issues, and the traditional silos between developers, software architects and their quality assurance (QA) peers appear to be diminishing when it comes to Web services.

Transparency is therefore crucial to eliminate the potential chaos and complexity of SOA. Otherwise, the introduction of SOA will have simply moved the problem area from a low level (coding) to a higher level (cross-enterprise processes), without a reduction in problems. In fact, the problems should only abound in a distributed, heterogeneous multi-enterprise environment.

Then and Now

Back to the traditional practices and mindset: the software world considers design as development-centric (i.e., a “sandbox” scenario), and runtime as operation-centric (i.e., a part of a real-life customer scenario). But with SOA that distinction blurs, since Web services are being updated on an ongoing basis, thus magnifying the issues of recurring operations testing and management.

Namely, companies still have to do component-based software testing (to ascertain whether the code is behaving as expected) at the micro (individual component) level, but there is also application development at the macro (business process) level, since composite applications are, well, composed of many disparate Web services. In other words, programmers are still doing traditional development work, but now that development work becomes involved in infrastructure issues too.

For instance, what if a Web service (e.g., obtaining exchange rates, weather information, street maps information, air flight information, corporate credit rating information, transportation carrier rates, etc.), which is part of a long chain (composite application), gets significantly modified or even goes out of commission? To that end, companies should have the option of restricting the service’s possibly negative influence in the chain (process) until a signaling mechanism is in place, which can highlight changes that may compromise the ultimate composite application.

Functional testing in such environments is a challenge because, by nature, Web services are not visual like conventional, user-facing software applications. In place of a front-end or user interface (UI), some astute testing software can overlay a form that allows team members to see the underlying schema (data structure) of the Web service being tested.

Furthermore, testing SOA applications is problematic since it is not only difficult for a company to know if a particular Web service will deliver on its “contract”, but also, even if it does, whether it will maintain the company’s adopted standards of performance (e.g., under increased loads) and security while complying with its adopted regulatory policies.

Thus, modern SOA software testing tools increasingly provide support for multiple roles, whereby architects can codify policies and rules, developers check for compliance during the test cycle, and support and operations staff can check for compliance issues when problems occur. The new crop of SOA testing tools also increasingly support a range of tests, including functional and regression testing, interoperability testing, and policy conformance. Contrary to traditional software testing tools that inspect code, Web services testing tools deal with the quality of the extensible markup language (XML) messaging layer.

And although both traditional and Web services testing tools deal with syntax, for Web services team members require higher-level awareness of business rules and service policies. This is owing to the highly distributed SOA environment that makes keeping track of changes difficult and underscores the new SOA management complexity.

In fact, change management in pre- and post-application development is essential to filter out redundant changes, prioritize changes, and resolve conflicting changes. But also, if a certain message between the points A and B doesn’t pass in a real-life scenario, there has to be awareness of what needs to be done to rectify it now and in the future.

The abovementioned examples of numerous problems inherent in SOA have caused the previously mentioned silo-ed areas to now come much closer to each other. These are the following: software lifecycle management, applications performance management and information technology (IT) governance, with change management acting as a core information source on all changes in the environment. This union should enable companies to discover which Web services and components exist, who the owners are, and which services and components are actually consumed and by which applications/business processes.

Progress Software Nabs Mindreef

As to be better positioned to deliver testing and governance products that are geared towards setting up continuous testing and validation to ensure the high reliability and quality of multi-tier, composite SOA applications, Progress Software Corporation recently acquired Mindreef. It is interesting to note the quietness of the event that was reported only briefly by ZDNet bloggers Joe Kendrick and Dana Gardner.

Mindreef was a privately held firm founded in 2002 by Frank Grossman and Jim Moskun who leveraged their deep expertise in Microsoft Windows, Java, and device drivers’ debugging and testing to create the Mindreef SOAPscope products for SOA testing and validation. Mindreef was acquired by Progress Software and included in the Progress Actional product group in June 2008.

Prior to being acquired by Progress Software in early 2006, Actional Corporation was an independent leading provider of Web services management (WSM) software for visibility and run-time governance of distributed IT systems in a SOA. Actional’s SOA management products were incorporated under the product name Progress Actional within Progress’ Enterprise Infrastructure Division, and is now a major element of the Progress SOA Portfolio.

In a nutshell, Mindreef has already been wrapped into Progress Actional product group, since it addresses SOA management at the design and testing phase, while Actional primarily addresses SOA management at the production (run-time) phase (e.g., tracing transactional tables). Thus, Progress now has an expanded solution that addresses the quality and management of the full SOA lifecycle, from early concept and design thru go-live implementation, on-boarding new Web services, and overall SOA production management.

Frank Grossman, former chief executive officer (CEO) and founder of Mindreef is now vice president (VP) of Technology for Progress Actional, reporting to Dan Foody, who is in charge of Progress Actional. For more information the acquisition’s rationale, see the frequently asked questions (FAQ) page here.

Since there is so much product integration in the planning stages at this point soon after announcement of the two recent acquisitions (the other one being of Iona Technologies), Progress hopes to have new slide decks to accompany analyst briefings on virtually all of its products over the next several months. Look for follow up blog posts from me at that time.

Zooming Into SOAPscope

Designed for easy use by architects, service and support personnel as well as SOA operations managers, the Mindreef SOAPscope product family comprises SOAPscope Server, SOAPscope Architect, SOAPscope Tester, and SOAPscope Developer.

Essentially, Mindreef products collect information about Simple Object Access Protocol (SOAP) transactions and use it to shed light on Web services communications. But while most of such logging tools store data in pesky flat files, SOAPscope stores it in a relational database for ease of use even by the folks who are not necessarily XML and SOAP experts.

Mindreef SOAPscope Server was initially called Mindreef Coral, and was re-released under the current name in mid 2006. Like many software testing tools, this collaborative testing product includes a “play” button when Web services are exercised based on specific scenarios. If services for some steps of the process scenario are not available, SOAPscope Server can even simulate them.

It’s About Process (or the Ability to be Responsive) — Part IV

In addition to the examples described in Part III, another example of the ResponsAbility software in use can be found in Grayhill, Inc. an electronics manufacturer from Lagrange, Illinois (US), servicing industrial and government customers. While the company has been a long-term WebSource CPQ user for sales configuration purposes, the ResponsAbility sibling was later introduced for managing several processes, among them for product returns or return merchandize authorizations (RMAs).

Customer return requests are either imported from the company’s enterprise resource planning (ERP) system or directly entered by customers and/or Grayhill associates into ResponsAbility as a “request for material return.” Based on the entered data via a customized form, the return is authorized or denied. Namely, a default assignee reviews a request and approves it, rejects it, or asks the customer for additional clarifications.

Upon authorization, when the goods are received a case gets assigned to the quality assurance (QA) team. This is another “gate review” step in the process where the quality team determines if the failure is due to a product defect or misuse (user-induced damage). If a case is determined to be a defect, then the part is repaired at no cost or a new part is sent to a customer.

The defective part is also sent to the engineering department for analysis to determine the root cause and future corrective actions. Namely, in order to ensure the highest quality for which Grayhill is known, the case cannot be closed until all the corrective and preventive action (CAPA) requirements are fulfilled. To that end, the following outputs must be generated: the detailed explanation of the root cause of the problem, the short-term fix, the long-term fix, sent a final report to the customer, etc.

If it is not a defective part case, the case is closed and the goods are returned to the customer, who may in turn elect to convert it to a special service request case type. Logically then, another workflow process is followed, consisting of steps such as creating a service estimate, approval, service fulfillment (repair), invoicing, etc.

In other words, in case of misuse, the customer is asked to authorize a repair for a fee. If and when an approval is received, the product is repaired and the case is closed. Similar to the new feature request vs. bug software example from Part III, a repair service for fee process follows its own workflow via the repair department and QA, and then is shipped to the customer.

Ken Hoving, Grayhill’s vice president (VP) of corporate quality said

“The Webcom solution allowed us to consolidate all of our customer corrective actions in one system and enable web access across the entire organization, including our customers, resulting in cycle time improvements and increased customer satisfaction.”

Also, the company asserts that due to all the system’s nifty drag-and-drop Web 2.0 personalization capabilities for both users and administrators, the BPM tool is not something that users feel forced to use, but they truly want to use it because it helps them to do a better job. They do not have to worry about forgetting to do something or missing a step in a rush, since ResponsAbility ensures that the process is thorough and consistent each time.

Another important process that ResponsAbility enables at Grayhill is SDPR (Special Design Pricing Request).

Namely, when a prospective customer inquires about a product that Grayhill does not currently manufacture as a standard, then such a request gets routed via a number of departments, starting with sales that captures the detailed inquiry/request. Then, the engineering team will estimate the cost/time to complete the special request, while the marketing and accounting staff will analyze the economic viability of the special job (it is still expected to be some batch/series production rather than a one-off engineer-to-order [ETO] product), and create a catalog number and its price (quote).

Before that happens and the sales department can communicate back to the customer Grayhill’s interest and official price (quote), several collaborative iterations have to take place between the customer, Grayhill and its vendors (e.g., the special tooling and fixtures’ cost and lead time discussion).

Product Information Management Example

Broan-NuTone, based in Hartford, Wisconsin (US), and North America’s leading manufacturer and distributor of residential ventilation products is another combined WebSource CPQ and ResponsAbility user. Its products include range hoods, ventilation fans, heater/fan/light combination units, Indoor Air Quality (IAQ) Fresh Air Systems, built-in heaters, whole-house fans, attic ventilators, paddle fans and trash compactors.

The company has thousands of products, each with a slew of attributes such as length, width, material, standards to comply with (e.g., the UL Safety Standard, Canadian Standards Association [CSA], CE-Marking, etc.), voltage, power, air flow, and so on. The goal is to publish all that vast catalog data electronically via WebSource CPQ.

However, that cannot happen without consolidating all of the above data for all of the company’s products. ResponsAbility comes into the picture here, whereby each product will go through a special product information management (PIM) workflow.

Namely, the engineering team will have to fill in over hundred data points for each product, the marketing staff will add in their pertinent data, and product management will then have to fill the various product prices (list price, distributor price, wholesale price, etc.). Once the PIM case is closed, a prepared Microsoft Excel document with all of the required data about all the products in a product family can be imported into WebSource CPQ.

“After months of review and the evaluation of numerous vendors to help implement a Product Information Management system, we chose ResponsAbility from Webcom”, stated Mark Hughes, Internet Marketing Manager at Broan-NuTone. “Having several thousand products to manage from conception to obsolescence, we wanted to have stability out of the box. We feel that ResponsAbility is the perfect fit,” added Hughes.

Underlying ResponsAbility Technology

With some research indicating customer acquisition costing multiple times more than customer retention, ResponsAbility complements Webcom’s quote-to-order (Q2O) solution, WebSource CPQ, and continues the company’s focus on simplifying complex business processes.

“Attaining your goals and objectives requires not only a focus on obtaining new business through a quote-to-order solution such as WebSource CPQ, but just as rigorous a focus on retaining your most treasured asset, your customers”, commented Aleksandar Ivanovic, Webcom’s chief executive officer (CEO) and founder.

“ResponsAbility is just the type of solution needed to help drive customer satisfaction, innovation and repeat business”, added Ivanovic. “Especially in today’s uncertain economy, driving productivity through repeatable and reliable processes is crucial to success, and ResponsAbility could be a valuable tool helping companies improve customer service through nimbleness and implement process control.”

However, in order not to create internal competition for research and development (R&D) resources, WebSource CPQ and ResponsAbility, although both being offered on-demand, have intentionally been developed on two different technologies, Microsoft .NET Framework and Java 2 Enterprise Edition (J2EE), respectively. For more information, see TEC’s earlier article entitled Understand J2EE and .NET Environments Before You Choose.

Some best-practices sharing between the two teams could still be possible on the user interface (UI) side, since both products leverage Asynchronous Java and XML (AJAX) for rich client enablement and Web 2.0 gadgets. Although the two products are currently English-only, a common translation mechanism for other languages is being developed. Both products will be able to leverage these schemas for deployments in several languages. However, the decision on which languages to tackle first and deliver has yet to be made.

But, in contrast to WebSource CPQ, ResponsAbility is enabled for the Hibernate database-independent object/relational persistence and query service. The product features full audit trail and archiving capabilities, and the ability to export data in the CSV (comma separated values), Microsoft Excel, extensible markup language (XML), Adobe PDF (portable data file), and RTF (rich text file) file formats.

KISS IT or Leave IT

Webcom’s main challenge with the new workflow/BPM product will be to balance its “keep it straight and simple (KISS)” mantra with the complexity of full-fledged BPM applications’ deployments. On the one hand, the vendor positions ResponsAbility as a “lite BPM” product, given that it features much more capabilities than a mere workflow product, but on the other hand, it is far more limited than any other notable BPM suite’s functional footprint at this stage.

To be fair, some BPM functional requirements can be rendered moot in the on-demand model. In fact, product versioning, acceptance testing and/or whether workflow notification mechanisms can integrate with desktop products or interact via email are all capabilities that are a “big deal” for client/server on-premise BPM deployments, but are virtually irrelevant in software as a service (SaaS) subscription-based deployments.

The same goes for integration with third-party integrated development environments (IDE’s) due to the web-based workflow modeling environment within ResponsAbility. Indeed, IDEs like Microsoft Visual Studio are relevant for on-premise programming development, i.e., for writing source code, compiling it and making it executable code. In contrast to that, workflow modeling within ResponsAbility does not require coding, compiling, server deployment, etc. Furthermore, the SaaS deployment model completely obviates the need to buy and install an IDE.

It might be interesting to note here that Salesforce.com, when it started several years ago (and likely even still today) only had a fraction of customer relationship management (CRM) functionality that Oracle Siebel has had (and still has today). Still, this functional deficiency did not stop the on-demand CRM pioneer from succeeding.

The goal is not necessarily to out-feature other software packages, since most of them already have so much functionality that much thereof is never implemented or used (as can be seen in TEC’s article entitled Application Erosion: Eating Away at Your Hard Earned Value).

Thus, Webcom’s main goal is to make ResponsAbility so easy to set up and so easy to use that there will never be a failed implementation or a disgruntled customer. The goal is to quickly and simply help people to get their respective jobs done in a way that they get almost addicted to the tool, so much so that they cannot even imagine doing it any other way.

For what is worth, getting back to the “eating own dog food” mantra from Part III, Webcom’s staff admits to being addicted to ResponsAbility. If they look at their own statistics, which are available in the application, each Webcom employee will have personally performed thousands of transactions therein.

In the next product release, due in the fall of 2008 (which is another advantage of the SaaS development, i.e., the frequency of new releases), Webcom will be adding several new features, such as visual workflow/process designer, rules and conditions, escalations, service level agreement (SLA) tiers, field dependencies, scheduled events, analytics (graphs, charts, trends), etc. Features like Web Services application programming interface (API), support for personal digital assistant (PDA) and other mobile devices, case and task interdependencies, etc. might come in future product releases.

While the vendor strongly believes that ease-of-use and ease-of-setup are far more important than a long list of out-of-the-box supported features, it is necessary to have some of those in the request for information (RFI)/request for proposal (RFP) phase of any selection project to avoid outright elimination.

It’s About Process (or Ability to be Responsive) — Part II

Full-fledged BPM system components thus include visual process modeling: a graphical depiction of a process that becomes a part of the application and governs how the business process performs when companies run the application.

They also feature Web and systems integration (SI) technologies, which include displaying and retrieving data via a Web browser and which enable companies to orchestrate the necessary people and legacy applications into their processes.

Another important BPM component is what’s been termed business activity monitoring (BAM), which gives reports on exactly how (and how well) the business processes and flows are working (for more information, see TEC’s article entitled “Business Activity Monitoring - Watching The Store For You”).

Optimizing processes that involve people and dynamic change has been traditionally difficult, and one barrier to optimization has been the lack of visibility and ownership for processes that span functional departments or business units, let alone different enterprises. In addition, the industry often changes faster than information technology (IT) departments can update the applications set that the business relies on to do its work, thus stifling innovation, growth, performance and so on.

But today, the pervasiveness of Web browsers and the emergence of simpler application integration technologies such as Web sevices, simple object access protocol (SOAP), extensible markup language (XML), business process execution language (BPEL), etc. have enabled IT staff to deploy technology that supports the business process across functional, technical and organizational silos.

In the broadest sense, BPM components address the issues of the following: process modeling, documentation, certification, collaboration, compliance, optimization, and automation (i.e., via a workflow engine that is rule-based).

Again, highly functional, top-of-the-range BPM suites use graphical (visual) process modeling tools that enable business users and business analysts (i.e., those people that are most familiar with the process) to implement and manage the process definition. To complete any transaction, the BPM suite must also call on various siloed legacy applications that hold necessary information, for example, customer, inventory or logistics data.

But to the ordinary user the complex process that runs over many enterprises and various systems should appear seamless. End-users should be spared the effort of hunting down the scattered information themselves, since the underlying BPM platform provides tools for:

* Business analysts to model (and change) the business processes and define the business rules that control how those processes behave;
* IT departments to integrate the necessary legacy systems;
* Joint teams to build applications for the end user that enforce the processes and rules; and
* Management to review process performance (e.g., the required time to resolve client return exceptions) and even adjust process parameters in real-time (e.g., increasing the dollar value threshold during peak periods to trigger management review and approvals of client returns).

Therefore, the most vital BPM attributes would be the following: being event-driven, orchestrated, intended for both internal and external processes/customers, and leveraging human-centric workflow and business analytics.

With the leading BPM platforms/suites, everyone in the company will be working on the same shared data and process model, so changes to the process can be put into action very quickly. This is because these sophisticated platforms provide integrated process modeling, real-time process monitoring, and Web-based management reporting — all working in unison to support rapid process innovation.

BPM — Much More than Integration

BPM is often used to integrate multiple enterprise applications and various internal and external users into a new process, but it goes way beyond mere integration. Whereas traditional enterprise application integration (EAI) products help companies to move data between applications, BPM adds interaction with people and the ability to support processes, which then become as manageable as data.

BPM integrates existing applications, Web services and people in order for companies to quickly change, destruct or construct processes as required. Again, BPM enables a company to more cost-effectively and quickly model and change its business processes to meet the specific requirements of a particular business. Via BPM, people can be involved in two ways:

1. From a rank-and-file employee point of view — BPM represents units of work from the business process as tasks, whereby each task contains work instructions, status, priority, due date and other attributes. Workers use BPM to monitor and execute the tasks that are assigned to them or to the workgroup to which they belong; and
2. From a manager or executive point of view — Managers and executives use BPM to monitor process performance by viewing graphical reports that summarize task status and alert them to process bottlenecks. They also frequently get involved with tasks by participating in approval or escalation process steps.

Thus, many BPM products provide real-time monitoring and insight into the process operation. The process flow model of BPM allows management the ability to not only easily identify bottlenecks and inefficiencies in the process, but also to more easily modify the process to improve productivity.

For instance, with industrial (plant-level) BPM deployments, companies can digitize their work processes and close the loop on performance with actual execution data. By applying BPM in manufacturing plants, companies can manage and audit their production more effectively and consistently thus improving their conformance, compliance, throughput, and ability to deliver. They can also empower their workforce by integrating people and their roles and by customizing individuals’ work styles and decision-making processes.

Astute BPM suites that focus on manufacturing can enable companies to close the loop on production process improvement, digitize good manufacturing practice (GMP) tasks, standard operating procedures (SOPs) and work instructions. They can also enable corrective action/exception management, Hazard Analysis and Critical Control Point (HACCP) monitoring procedures, and also orchestrate high-level processes and manage data between various disparate systems and empower domain experts to solve production problems immediately on the shop floor.

For more information on BPM, see TEC’s earlier articles entitled “Business Process Management: How to Orchestrate Your Business” , “Giving a Business Process Management Edge to Enterprise Resource Planning” and “Business Process Analysis versus Business Process Management.”

Special credit also goes to CIO Magazine’s articles entitled “ABC: An Introduction to Business Process Management (BPM)” and “Making Workflow Work and Flow for You.” All of the above articles were quite leveraged for this blog series thus far.

It’s About Process (or the Ability to be Responsive) — Part III

To that end, Webcom Inc. has leveraged its vast expertise earned while addressing many complex sales quote-to-order (Q2O) process issues (i.e., channel quote approvals, special pricing approvals, special non-standard product feature request approvals, etc.) and has created a brand new workflow engine, which can be (and is already) used for many generic business processes.

Such examples of processes would be: RMA (Return Material/Merchandize Authorization), NFR (New Feature Request), ECN (Engineering Change Notice), NPR (New Product Release), Bug Tracking, Engineering Change Request, and many other business processes that require approval steps.

The Ability to Respond, On-demand

In May 2008, Webcom announced the availability of ResponsAbility, its newest offering addressing the case management and workflow processing areas. ResponsAbility is designed to speed the “time-to-resolution” process, eliminate unnecessary time delays and improve overall value chain communications and productivity through improved transparency and collaboration.

The idea behind this case management and workflow solution was to help organizations keep their projects on track and their employees on the same page, thereby making the lives of internal and external team members much less complicated (and more productive and enjoyable).

This straightforward application provides a central location (repository) for managing the key aspects of many types of cases, including product and service defects, customer and supplier complaints, non-conformance issues, health and safety incidents, and RMAs. Separate tabs keep key information within easy reach, whereby team members can log issues as they arise, prioritize them, and update their status as appropriate.

Built-in reports let users see open issues by project, projects by stage, and many other categories. On a proactive side, the tool can be leveraged by companies to create and implement corrective and preventive actions (CAPA) and to support a plethora of regulatory and compliance requirements. All in all, users that have always had the responsibility now have the “ability to respond”, as required.

This case management software may not currently have all the bells-and-whistles associated with full-fledged BPM packages, such as programmatically driving a workflow engine, visual process modeling, process monitoring and optimization, or automatic task allocation based on workload. Still, it seems well suited for small and medium size companies, who can leverage such a software tool with an intuitive user interface (UI), for handling many, if not all of their processes, in an incremental manner.

The design and enforcement of processes is enabled because both administrators and end-users are able to design workflows, notifications, and data collection forms, as well as setting up permissions accordingly. The system manages cases by ushering each case through the resolution process, and by tracking the progress of each case throughout the entire process.

The multi-tenant software as a service (SaaS) delivery model ensures that a customer can be up and running quickly with all of the selected critical processes being modeled and functional. No onsite deployment is necessary and the software only requires a Web browser and some modest to minimal data and process setup to be up and running.

Brethren Software Vendors as Likely ResponsAbility Users?

For example, a software development company can deploy this tool within a day or two and allow its customers to report bugs. This information can then be internally routed according to a customized workflow to the support department, then to the engineering and testing staff, and then back to the customer for approval and case closure.

To elaborate, the Software Bug workflow logically starts with the customer reporting a software bug. Then a default assignee at the software vendor reviews it, and then either resolves it on the spot (hopefully) or assigns it to the software engineering staff by providing a test case. Then the software engineering team determines a cause for the bug and either provides a workaround, fully fixes the bug, or determines that the software behaves as designed after all.

At the same time, ResponsAbility can be used to allow customers to create new feature requests, which are then routed via a different customized workflow starting from project management, via development, release scheduling, back to development, quality assurance (QA), documentation (technical writers), product management, and finally to marketing teams.

Again, if the bug can be fixed, the case is assigned to the testing staff, back to the support team, and finally back to the customer for approval and case closure. But, if the issue turns out not to be the bug after all, the case is then converted to a new feature request and follows an entirely different workflow.

To that end, the New Product Feature Request process starts with customers, sales & service people, channels and/or product managers requesting a new feature. Often, the existing users (install base special interest groups [SIGs]) are allowed to vote on it, and based on the number of votes and other factors, some new features are assigned to the engineering department to estimate the effort entailed to implement the requested feature.

Based on the estimate and other criteria, some new features are then assigned to the engineering or research and development (R&D) departments for implementation. Upon implementation, the new feature is assigned to the QA department for testing and approvals. Finally, based on the QA results, a new feature is returned back to engineering for a rework or is scheduled for production (or general availability).

Apparently, various instances of a process (called cases) can be changed midstream. For example, something that was initially entered as a bug upon investigation may be classified as an expected behavior. The customer who did not expect such behavior from the software can then change a case type of this instance from a bug to a new feature request, without having to re-enter any information and this case will then follow the prescribed new feature workflow process.

Also, a built-in notification and permissions engine ensures that all communication and collaboration happens within ResponsAbility, so everybody is aware of anything that anybody ever stated about the case via comments, file attachments, etc.

Unlike some of the simple issue tracking software packages mentioned in Part II, ResponsAbility can be used not only for tracking things, but also for enforcing a process in order to ensure that things get done correctly. For example, a workflow engine can be set up to make sure that a process status cannot be changed from “bug fixed” to “in testing” until a concrete test case scenario is provided by a user via customizable online forms.

Webcom — “Eating Own Dog Food”

It might be interesting to note that Webcom, as a software developer itself, has since late 2006 been using ResponsAbility internally for its older sibling WebSource CPQ product’s bug tracking and new product features introduction.

The traditional model, whereby the dedicated product/project manager and support staff were the only bidirectional conduit between the client’s team (i.e., WebSource CPQ users and administrators, local project manager, application owners, stakeholders, etc.) and Webcom’s team (i.e., developers, modelers, QA, consultants, product managers, etc.), has over time been shown to have many disadvantages.

Namely, despite the dedicated project manager’s intimate knowledge of the individual client’s installation and the established relationship and hand-holding comfort level, the challenges have repeatedly been the bottleneck nature of the dedicated project management and support team, with no significant value being added by this additional layer of communication.

Sage ERP X3 Version 6: A Sneak Peek

We recently got a sneak peek of the new version of Sage ERP X3 that is scheduled to be released in October 2009. We were given a detailed demonstration of some of its core functional changes and advancements and we have summarized our findings differently.

Gabriel Gheorghiu’s Take on Version 6

There are features that are new to X3 and quite rare for an enterprise resource planning (ERP) solution for midsized companies.

Extended and Integrated Business Functionality Coverage

We saw it. It’s all in there—from purchasing to sales, to inventory and accounting, to customer relationship management (CRM) and production. Of course, it would take hours to see how it all works. To track performance and key performance indicators (KPIs), X3 uses the Crystal Reports generator, which houses a library of 400 reports and Business Objects technology for dashboards and Web access.

New Technologies for Collaboration and Monitoring

Integration with Microsoft Office allows users to create, edit, and save files without leaving the system. This also makes collaboration between users easier since all files are saved in the database. Another interesting option is that customers and vendors can interact with the system.

Complex but Reliable Security and Workflows

Workflows are really easy to define and modify: a click or drag-and-drop will suffice for simple processes. The Visual Process Designer comes with over 100 predefined processes. The level of complexity supported is supposed to be very high, but this is something that cannot be demonstrated but worth mentioning. Security is essential when processes become complex, and X3 offers Web encryption as well as access control by user, group, and role.

Flexible for Growth and Changing Needs

The modularity of the system allows companies to implement only the modules that they need (others can be added later). The Sage ERP X3 fourth generation language integrated development environment (4GL IDE) can be used to create custom applications, which can be integrated within the product. This is another feature that cannot be demonstrated during an online demo, but it’s worth mentioning since it’s one of the features that sets X3 apart from its competitors.

Finally, here are the major enhancements in Version 6 compared to Version 5 (see graph below):
- Finance has been entirely rebuilt and now completely covers the functionality for this module. The main changes are related to multi-country, multicurrency, and multi-legislation compliance, as well as advanced fixed assets and advanced budgeting.
- E-commerce functionality has been greatly improved, as well as the functionality for distribution (shipment preparation and landed cost), work order (WO), and manufacturing (made-to-order and sub contracting).
- Functionality like sales, purchases, stock management, material requirement planning (MRP), business intelligence (BI), and finance are now fully covered.

Khudsiya Quadri’s Take on Version 6

New versions of existing software are often not highly regarded. Most organizations fail to see the benefits of software upgrades because there are no magical answers to these questions: Is changing to a new system beneficial? Will it meet the business requirements?

The following should be considered by users and potential Sage ERP X3 system buyers

Multi design/Functionality Changes

Sage ERP X3’s financial module has been revamped in Version 6 to provide international coverage. Companies will benefit from the following suites: budget and cost accounting; fixed assets management; financial; commitment management; and personal accounting. Version 6 is capable of handling transfers and reporting information internationally between companies and subsidiaries. It makes multinational management operations seamless by combining decentralized information and the ability to handle multiple currencies, languages, companies, sites, legislations, and country-specific accounting rules and standards without losing the audit functionality.

Sage’s demonstration team also highlighted that Version 6 has built-in international capabilities, designed especially for midsized organizations. Their purpose is to lower the complexity and bring global operations together within the system. The pre-built settings containing country-specific standards and regulations make sharing common data and processes between different locations and sites easier. This speeds up the implementation process across multinational organizations with reduced IT costs.

Sage X3 Version 6 has very rich ergonomics and visual processes. The look and feel across all functional areas is the same, regardless of whether it’s Web client- or server-enabled. The user interface (UI) has multiple graphical presentations with a drag-and-drop capability for hierarchical datasets. The user has the ability to see agendas, spider Web presentations, and Gantt presentations (data elements) in real time and can drill into the specifics from the presentation right into the transactional view. The Sage Application Framework for Enterprise Technology (SAFE X3) visual process comes with over 100 standard work procedures in graphical view, with one-click access to the underlying systems’ functions to identify how the process is setup with transactions and entities being linked together for the complete visual of the process. Organizations can build their business process in the process designer tool and customize without having to change the source code.

Sage X3 Version 6 is compatible with Windows, Linux, Unix, SQL server, Oracle, client/server, or Web access regardless of what architecture design the organization currently has set up.

Scalability/Integration/Web Power

As the organization’s business grows, systems (within the organization) need to grow with the company’s business needs (without increasing cost). Sage ERP X3 Version 6 doesn’t require any add-ons, but rather, the ERP software comes with all the functionality needed by a midsized company (workflow, batch server, database administration, reporting tools, BI, and security management).

The application allows companies to systematize and prioritize their global development by business areas and regions. Companies can scale up from 10 to 1,000 users because they can use the system from any location (the ERP system can be accessed remotely or via a Web browser).

Collaboration between partners, suppliers, and customers is in real time, which helps manage end-to-end processes more cost-effectively. By having enhanced communication methods with real-time information availability, decision-makers can offer quicker responses to customers, suppliers, and vendors. In the demonstration, Sage presented a variety of scenarios. In one scenario suppliers or authorized vendors had secure access to the system in order to find information about upcoming requirements or changes to reflect the demand fluctuation from customers. This business process-enabled capability creates end-to-end visibility for all parties involved. This method reduces waste and eliminates gaps from the process with scalability and Web enhancement.

Throughout the presentation, multiple business processes were integrated within Sage X3 Version 6 (order entry, shipment delivery, etc.), and all tasks were seamlessly tracked in real time. Alerts were automatically generated if any issue arose, which helped resolve the problem without jeopardizing business performance. The embedded workflow functions enable organizations to automate information flow inside (and outside) the organization based on business process requirements.

Traffic Audits Make Strange Bedfellows

The audit is a process for verification of the numbers that you report to your advertisers. Audits can be performed in a number of different ways.

* Server-based audits examine data that is available at the server, most importantly traffic logs and web logs. An auditing organization will prowl through the logs to check for various kinds of impressions that should not be reported. This investigation will include an examination of the parameters you use to run your traffic analysis programs. Auditors may insert software in the web server that causes independent logs, totally under the auditor's control, to be created.

* Panel-based audits measure the surfing behavior of a sample panel of users, and attempt to project that statistically to the entire Web population

* Browser-based audits attempt to confirm actual ad displays. For example, an applet can be attached to an ad or to a page; the applet will report when the ad is actually displayed on some user's browser.

Larger consumer sites like Yahoo and Amazon.com, and their advertisers, use panel-based audits, and the numbers are sometimes front-page news. Smaller consumer sites and B2B sites generally don't have the volume for panel-based audits to be statistically significant, and rely mostly on server-based audits. Browser-based audits are a newer technique and are not heavily used.

How good are the different techniques? Jim Spaeth, President of the Advertising Research Foundation, tells of comparisons where on site X a server-based procedure showed 15% of the traffic shown by a panel-based audit, but on a second site Y the order of the methods was reversed, with the server-based procedure showing 300% of the traffic that the panel-based audit did. "This kind of result gives people chills down the back of the neck," Mr. Spaeth said. He also noted that different procedures of the same class also tend to produce different numbers.

Figure 1, from a comparison of three different measures of traffic on Yahoo in 1999, shows graphically how different techniques may differ; the Figure was originally published on TheStandard.com.



When your CFO faces an audit, it's always perfectly clear what's required. If there are problems, the auditor can explain exactly what they are. Try this: Ask your CFO if it would be surprising to have an audit performed by two different highly respected firms on the same business at the same time and get wildly different results. You already know what the answer is: some variant of "that shouldn't happen." That's because accounting firms and standards bodies have agreed on rules for audits that cover almost any question that could be asked. Yet, despite the apparent simplicity of the data that need to be analyzed and the fact that the Web is all technology all the time, the standards just aren't there yet.

This may be partly because there is no single recognized standards body as there is for financial accounting (within a country). However, that situation is starting to change as voluntary or ad hoc organizations put in the work to develop standards. One such organization is FAST, which stands for Future of Advertising Stakeholders. FAST has developed a number of draft standards for how and what to measure, and some are being adopted voluntarily. However there is no legal or even quasi-legal pressure to make sites, software manufacturers or auditing firms adhere to them.

One promising attempt to level the playing field is the planned September launch of Audit Central, a web site that will publish audit reports that have been made publicly available by the sites that were audited. The site is run by ABC Interactive, BPA International, and Engage I/Pro. These competing audit firms have a clear interest in improving the quality of audits and public recognition of their value. The site is scheduled to begin with approximately 600 reports, all from companies that have agreed to make their reports public.

One of the simplest measures that any site wants to know is how many different individuals - "unique visitors" in industry parlance - visit the site. FAST's draft standard on Metrics and Methodology suggests "three acceptable methods for identifying unique users: unique registration, unique cookies and unique IP address with heuristic." Of these, it suggests that unique registration is the best, "Sites that register visits should have no problem determining the page requests that belong to the same visitor. A site must use 100% registration in order to use this method validly."

Next is the use of unique cookies. If a unique cookie is dropped on every browser, the user can be uniquely identified even without any personal information. The third method calls for the use of IP addresses. However, IP addresses are only an approximate match to actual users. As FAST states, "It must be noted that IP addresses can and often do represent more than one user, so this measure does not necessarily represent the number of people reached. It should also be noted that dynamically assigned IP addresses impact the accuracy of this methodology."

Few websites require registration before showing any pages at all to a user, so the most practical way to track individuals uniquely is with cookies. (True some small percentage of users block cookies, but because there are so few they become largely irrelevant to the discussion). The standard doesn't say that a site has to drop cookies, only that if it doesn't it must have another way to count visitors.

If the site doesn't drop unique cookies then visitor calculations have to be done by making educated guesses based on IP address. Such guesses could take into account the time period between two pages served to the same IP address, the click trail as revealed in the referrer field, and other items. In the latter category are cookies that may be dropped by the web server without the website taking explicit action; Microsoft's IIS in particular can end up dropping quite a few. Any particular traffic program can use any of these means to count visitors, but there is no one best way to do so.

Important mandates of act of Sarbanes-Oxley and what they for the management of chain of provisioning mean

More and more, the companies realize of the importance to downwards adopt a holistic approach with their companies starting from top, and start to arm a category-government with software, a risk management, and a conformity strategic being born (GRC). For this purpose, their attention up to now was concentrated considerably on ensuring conformity the act of the USA Sarbanes-Oxley (SOX). The Finance managers (CFOs) and the senior officers (Presidents) of the publicly traded companies realize now much of the SOX of impact has on their companies, like misses conforming to the law to the 'standards strict and political of S, even unknowingly, can primarily finish the career of any director, and often in a ashamed way. For a discussion on the relation of the SOX to other laws of standardization, to see the thousand Shalt conforming (and more, or).

Although the law included a certain number of new mandates, two sections had clear implications for information systems of corporation, whereas some are particularly appropriate to the management of chain of provisioning (SCM). With knowknowing, section 404 (evaluation of management of the internal orders) requires management to evaluate the effectiveness of its own internal orders and procedures for financial informations every year. Section 409 (revelation in real-time) requires companies to reveal the physical changes their financial conditions or the operations on a fast and current basis. The section 404, which requires the audit of the internal orders, encouraged executives to re-examine and replace sometimes the operational systems which good are not integrated with their financial systems.

The section 401a (revelation except assessment of engagements) is an addition with the Law of values of 1934. The section 401a requires the revelation of material transactions except assessment, arrangements, engagements (contingent engagements including), and other reports/ratios of the transmitter [i.e., the company itself, a transmitter of the values] with other entities or people if these arrangements can exert a current or future material effect on the company the 'financial statement of S, operations, and so on.

This affects in particular contracts of service, like those typically written with carriers of ocean and the arrangements of inventory controlled by supplier (VMI) undertaken to protect the risk and to draw aside from the capital the assessment. More and more, the companies which adopt practices VMI to write-off the current capital of inventory can include a certain form of penalty clause in their contracts so that the lack employs materials or cancellation early agreements, and a section 401a clearly requires the lists time-settings in phase of these potential engagements. Moreover, the conditions of market could change and to make countermand companies of the agreements of long-term purchase with suppliers, penalties of cancellation or restocking charges consequently. The SOX requires companies to describe the precise details of these potential expenses and penalties. Along the similar lines, the companies must bring back and document all the stop or expenses of cancellation early in any agreements of lease or letters of intent (which are sometimes employed to facilitate with programs of delivery and completion periods of manufacture for the critical articles).

While the section 401a limited the applicability to some contracts of chain of provisioning, section 404 is largely appropriate to much process of SCM, including arrangements of provisioning outside. The provisioning outside the processes and of the transactions concerns the two sections 401 and 404, by which agreements except assessment with suppliers must be paid (401) and be subjected to the effective internal orders (404). The SOX be more to require in this respect that traditional standards auditantes. For example, section 404 directs the Securities and Exchange Commission of the USA (dryness) to prescribe the rules which require annual reports to include an internal report/ratio of order. This report/ratio of internal order must contain two elements: 1) it must state management the 'responsibility for S to establish and maintain orders (political including, procedures, and process) for financial informations, and 2) it must contain an evaluation of the effectiveness of these orders and procedures.

If the chain of provisioning must be really ordered at the level required by the SOX, then there must is a well structured process which functions through multiple functions, and not simply of the series of transactions pretending to be a process. The Presidents will look at thus with all the chiefs corporation-broad, including the directors of SCM, to take proactif and the role of collaboration in the corporative government, since each one must carry out that which passes from the audits is only one stage with the improvement of the corporative government, and which the listeners will never include/understand of the sectors of the chain of provisioning the same professionals in the manner SCM make (and vice versa).

The companies which aggressively move the direction required by Section 404 could even be likely to improve management of their chains of provisioning (i.e., carry out the excellence of chain of provisioning), and to gain a competitive advantage on their rivals. It is in particular true since other requirements of publicity (those instituted in the European Union [EU], for example) can also support condition of a more effective and more believable competition, for companies and their chains of provisioning.

The order requires the visibility through the process (components of order required the goods of completion and the customer services), and the information technology (IT) can be an required assistance to carry out this total visibility. However IT only is not sufficient to constitute the ordering of SOX-level. Meaning, the only advance of the inventory cannot replace the effectiveness and the effectiveness in all the activities of SCM. For example, as for the inventory control and with radiations of inventory, the majority of the companies have always the responsibility to order the inventory and the fixed immobilization. However, the implications of SOX would now instill the condition that stocktaking values are correctly stated, by which CFOs can more defer depreciations of inventory to avoid losses of radiation on reports/ratios of the incomes of quarterly results. In other words, the SOX requires more precise and convenient accountancy to make sure that the material is physically present, its state is correctly stated, and of the stocktaking values are recorded exactly in the plan of accountant.

As for the material transfers and the poor exactitude of inventory, the majority of the companies always have the responsibility for the activities of material order. In the past and too often, transfers of material and the transactions of inventory would not be treated in good time, creating of this fact a true inventory which is out of good state of walk with envisage-on-records the situation. The SOX, however, declares that all the movements of inventory or fixed immobilization must be now recorded in good time. In other words, all the movements will have a final financial impact on the company, and the recording of precise financial information is the base of the SOX.

Moreover, one system of accounts payable (AP) which systematically does not match the buying orders (position) and receipts to the supplier who the invoices before the payment could be vulnerable to the fraud, or even with a situation where somebody creates then factitious employees or suppliers wages them, and empochent the money itself. Traditionally, the departments of SCM within the companies (for example, departments of technology) adapted internal customers supposedly asepticize after the buying order in fact engagements. Under the payments of SOX, however, if the policies and the procedures specifically describe authorities of request and supply, and if those clearly declare that departments of SCM are not authorized to publish engagements of confirmation, then such actions by departments of SCM would be an apparent violation of SOX. Charge be defective to adhere to the internal orders as for the engagement of the funds of company and in accordance with the policies and with the procedures of company.

All this accentuates the importance to institute the so-called segregation-of-duties (GRASS) for possible practices conflict-of-interest in obtain-with-pay the processes, which include the reception, placement of order, invoices treating, and establishing the data and the principal installations of supplier (supplier). Section 404 is all about making sure that the companies have with process and procedures of approval proportioned in place to acquire the fraud or the flight, as well as to take care which orders and test are carried out to guarantee that these safeguards function.

Other examples of good practices as regards GRASS are not to allow a director of technology choose and pay suppliers, because some of these suppliers could, for example, being of the family members or better buddies of the director. The programmers of software should not carry out the test of quality on their own applications. Moreover, a system of invoicing which is not integrated with forwarding could make it possible a director to incorrectly identify the income which was not still gained. Many companies now also use many contemporary tools, such as charts of supply, applications of E-supply, and releases of total order, with the assistance or the execution of monitor of the expenditure of company. The goal of the SOX is to make sure that the companies institute with orders proportioned to supervise expenditure and engagements to make sure that social goods are safeguarded and of the policies are satisfied with.

The act of Sarbanes-Oxley can be right the end of an iceberg of conformity

The act of Sarbanes-Oxley (SOX) could be only one end of has iceberg of conformity for much of companies. With knowing, the international standards of financial informations (IFRS) is another whole of directives governing the statements of the financial account of the companies enumerated in Europe and in other areas, who was introduced on January 1, 2005 (see Claudia Delto 'article 2005 of S checking it Two time-Basle II, act of Sarbanes-Oxley, international standards of financial informations). IFRS and international standards of accountancy (IAS) were created by the international standards of accountancy embark (IASB) to support statements of the financial account internationally comparable. Payment 2002/3626 requires that approximately 7.000 companies enumerated in the European Union (EU) prepare their financial statements consolidated according to IFRS and IAS (see finances of ERP of mySAP: Conformity of IFRS).

Somewhat similar to the SOX, the framework of IAS was adopted by the European commission to increase transparency among companies functioning at the EU, with the goal to support the confidence of the savers and to optimize the working capital of exploitation and the risk management (see SAP for bank transactions: Conformity of standardization). Moreover, IFRS requires companies to provide extra informations and contains new standards for the evaluation, as well as of the clearer procedures to determine risks and the execution of company. The most substantial changes affect the fixed immobilization and the financial credits, to which the intangible goods such as the value of the shares or the investments to other companies count towards all the capital. The depreciations which are allowed by tax law but are higher than, for example, the countable rules German currents (GAAP) that the depreciation disappear and do not exert any negative effect on all the responsibilities. In other words, under IFRS, different the life and periods from depreciation of the capital apply that under any national GAAP (see checking it twice).

Moreover, according to old rules of accountancy, a company could evaluate its inventories at the historical cost (original cost per hour of purchase or payment) so that, for example, a supplier of goods of electronics could evaluate unsold DVDs and several-month-old man with the quantity which they could be sold several months ago. But, under IAS-2, when the files of company his financial reporting, it must give an up to date clear ready convertible asset (NRV). NRV is a precise evaluation of the products 'commercial values when the report/ratio is published, with the idea that all the capital of corporation must be evaluated with right value , rather than at the probably problematic historical cost. The companies will have to also explain the cost of all the plans of allowance of the employee, meaning that the cost of plans of options on titles must be reflected in accounts of company, and any deficit of the pension funds of company must be recorded accounts.

Companies in the USA are not directly affected by these payments, because they must conform to the payments of financial informations of the USA GAAP with the place. However, because these only statements of the financial account do not achieve the legal requirements for statements of the financial account local, books of financial accountancy will have to be maintained in the parallel so that they can be evaluated in terms of IFRS and local law (see checking it twice).



This condition has implications of great scale for companies of all the sizes, since the publicly traded companies must adhere to IFRS all while always conforming to the local tax, the dividend, and other payments, and thus need at least two whole of statements of the financial account. Moreover, because the financial markets require comparable numbers for decisions of investment, even of the non-listed companies will be forced to publish statements of the financial account IFRS-in conformity (see finances of ERP of mySAP: Conformity of IFRS). This requires the use of the systems of company which can in general maintain the accountancy parallel of the register of several registers (GL), and carries out parallel evaluations so that the companies can adhere to the complex standards accountancy, answer requirements of capital financial market and, and to ensure the reliability and the transparency of their financial informations.

In this way, the companies should be able to answer the various requirements of IFRS and local GAAP, as approach exits such as combinations of businesses, instruments, and payments share-based. Finally and especially, a well-conceived solution of company should not allow no matter whom modify a course of operation so stages of a certain number of conformity of SOX or IFRS would be neglected. In the same way, an conformity-informed system of company would not make it possible somebody to move (drag-and-drop) a field specific to a different screen if this information is required for another critical treatment.

For extra informations to see the thousand Shalt conforming (and more), or: Looking at Sarbanes-Oxley and important mandates of act of Sarbanes-Oxley and what they for the management of chain of provisioning mean.

Horizontal against vertical conditions of standardization

Apparently, much of human resources (hour) - relative payments, in addition to the directives mentioned above of financial informations, apply through many industries, and the majority of the companies must conform to them. Included in the long list of such payments are the equal occasion of employees (EEO); the portability and the responsibility for medical insurance disease for patient intimacy act ([HIPAA], see HIPAA-Observe for Security. accelerate conformity); Consolidated act of reconciliation of budget of Slow train (COBRA); Administration (OSHA); Act of safety of income of retirement of employees (ERISA); payments of discrimination and harassing; agreements of the trade unions (where applicable); and those of the standards of financial accountancy embark (FASB).

Since we live in a litigation-happy company, where a company is to be continued by an employee that to be audited by the services of receipts of the USA (IRS), it is not any surprise that the conditions of standardization and the exits of corporative government explain the modest increase in the demand of the compromise systems of hour. These systems of hour provide tools to produce the W-2 forms and 1099-R, the maintenance of the data in accordance with the laws of immigration, and the Americans with the information of incapacity of the act of incapacities (ADA). For more information, to see the thousand Shalt better controlling the human capital.



However, to complicate more far from the things, much of industries their own inherent conditions of standardization have. For example, the banks and the financial institutions must be in conformity with an increasing choice of legislation and national and international recommendations. For example, Gramm-Lixiviate-Bliley act (GLBA), signed in the law by former President Clinton of the USA, rigorously changed the financial businesses of conduit of institutions in manner. With this law, much of responsibilities were placed on banks and financial institutions to protect nonpublic customers the , the personal informations. The GLBA governs the collection and the revelation of the financial customers the personal financial information of the institutions. It also applies to the companies which receive such an information, if they are the financial institutions. With knowing, the rule of safeguards of GLBA requires of all the financial institutions to conceive, apply, and to maintain safeguards to protect information customer, and the rule applies not only to the financial institutions which collect information of their own customers, but also to the financial institutions who receive information customer of other financial institutions, such as agencies of report of credit.

Recently and frequently announced was the new capital Agreement of Basle, or Basle II, which establishes conditions so that the banks control the risks to issue loans. As discussed in test twice, the payment, whose execution was accomplished at the end of 2006, increases the level of the risk management and the level required of the revelation, and requires consequently the crucial changes of the institutions financial of the 'policies, the processes, and the systems. A recommendation published by the committee of Basle of banking control, Basle II is a recommendation to help the credit of the establishments to protect themselves from the risk from loss from credit and to increase total transparency their businesses in their daily work with the general market, liquidity, and risks. For this purpose, the banks must identify possible hazards and put side the capital to compensate for potential losses. Moreover, to make them call of Basle II with the banking controlling authorities to lead regular inspections of the finance companies to jointly supervise and analyze risks. In conclusion, the banks are made to publish their structure of capital in clean actions and their own situation of risk.

Consequently, like remarkable in test twice, before granting the credit in the future, the banks will have to evaluate the recipient 'the credit risk of S using an internal or external estimate. Consequently, the conditions under which the credit is granted will be attached more narrowly to the liquidity of the company of loan, which will assign to their tower the duration, interest rate, and the guarantee of the agreement of credit. To receive good evaluating Basle II, the reliable financial figures and well documented planning it is essential. A healthy financial management system must provide the compromise data necessary to this end, as well as the range of the functions to support Basle II as an element of the prolonged booklet of the analytical applications which must be particularly developed to carry out the financial analyses and of profitability and the risk management.