IT risk oversight is a hot topic for boards of leading companies. It is one of the critical components of an organization’s competitive advantage. Recent industry studies show that companies lose billions of dollars on failed IT-related projects that don’t reach their full potential. Because IT initiatives are usually enterprisewide, they naturally impact many aspects of the business. And ERP is no exception.
In 1990 the term “enterprise resource planning,” or ERP, was introduced to the world, with systems originally focused on resource planning in manufacturing. By the mid-1990s ERP systems expanded to include accounting, finance, human resources, and other core functions of the enterprise.
After 1991, systems matured to encompass real-time front-office functions around customer relationship management, e-business, and supplier relationships. Today, in real time of near real time, ERP systems are the backbone of global commerce, connecting with ERP systems beyond the corporate walls and allowing users to obtain agility, flexibility, and optimization.
From its earliest days, ERP has been pushing the managerial performance envelope. Initially, just having the information from the transaction initiation through to reporting was an incredible feat — even if you had to wait for multiple batches to occur over multiple days. Today, ERP is actually happening in-memory, at speeds thought unthinkable only a few years ago. Transactions are processed and, just about instantaneously, they are measurable and reportable. But this all comes at a significant price.
The cost of ERP has been largely mitigated by increases in productivity as technology has substituted for labor. But productivity is not the only objective facing executives. Today’s executives must quickly adapt to the challenges in their environment. They must also be able to anticipate tomorrow’s threats and opportunities before the competition does.
Executives must identify changes in the environment, make sense of those changes, and then decide what’s important. And they must do all of these things faster than their competitors.
All of these activities are data-driven, and there is no substitute for “data-driven decision making.” The best competitive advantage lies within the data in your ERP system. Today’s executives can’t afford to rely on intuition. They need the capability to merge enterprise data with advanced analytics to identify, make sense of, and even anticipate threats and opportunities. For example, executives need to be able to anticipate when they’re about to lose control, become unstable, or go chaotic.
A by-product of today’s highly complex operational environment is the increasing odds of business operations spiraling out of control or “going chaotic.” An operation that was once smooth and regular becomes erratic. Stable data patterns exhibit progressively more and more variance, hinting that “bad things” are about to happen.
The point at which a system goes chaotic is a “tipping point.” With ERP data and sophisticated analytical modeling, those erratic patterns, and maybe even the tipping point, will be on your radar well before all is lost. This allows proactive rather than reactive management. That is golden.
Chaos: What to look for
- The change of a control factor to a value high enough that chaotic or disorderly behavior sets in
- When a relatively small change in one process sets off a disproportionate change in other processes (this is called nonlinear behavior)
- When data gets “noisy,” as in normal transactions and the data patterns they exhibit start looking like a jagged EKG screen rather than a smooth line
Where to look for the data: Your ERP system
Of course none of the above is possible without valid and reliable data from your ERP system. So, a crucial question must be answered: How well are you managing the governance, risk, and compliance needs around your ERP?
OK, it is a relative question. It’s like asking someone, “Are you healthy?” Unless the person has had a recent physical, you will not get an answer based on facts. Better questions to ask might be: Could we do more, be more efficient, save more time and money, and stop erosion of value caused by substituting manual labor for technology and automation? Today’s competitive global economy and increasing pressure on margins and productivity demand asking the tough questions.
- What is the history of your system? If you have focused primarily on technical upgrades, odds are that business processes and associated controls could profit from the evolution of ERP. Have you fully explored and exploited all the functionality you have paid for?
- Do you have a current utilization assessment to determine how core ERP/GRC functionality is being used to automate manual processes? Automation produces data that is more accurate and more reliable than manually collected data, which is prone to human error.
- Have you incorporated performance analytics into your strategic and tactical toolkit? The first step in taming complexity and chaos lies in the data now running through your information infrastructure and merging it with new powerful quantitative techniques.
- Is there a process to evaluate new GRC requirements as regulation and compliance change? Is there a process to evaluate and incorporate new information needs? Is there a single source of truth for compliance?
- Have you achieved (or are there unmet needs) for cross-platform integration with your governance, risk and compliance functions? This addresses not only information needs but also integration of GRC technologies and other bolt-on applications. Current GRC technology provides for the consolidation of cross-platform data for a comprehensive single point of view across the business.
Think about GRC technology provided by ERP vendors such as Oracle and SAP as a strategic intervention that blends data, controls, and analytics in suites that give you a customized and comprehensive way to respond to emerging security, control, and compliance needs. GRC is a key enabler to this evolution.
You have already made the investment in an ERP system. Now use it to its fullest potential. Not to the potential as defined 10 years ago, but to its true potential in today’s uncertain and complex environment. As ERP has evolved over time, so too have GRC technologies. Today they provide more accuracy, control, and reliability for real-time decision making, made possible through monitoring.
About the Authors
Robert H. Clark is the Philadelphia-based lead partner in PricewaterhouseCoopers’ US SAP Controls Solutions practice and is PwC’s Global Alliance Partner for SAP in Governance, Risk and Compliance (GRC) solutions. In this capacity, Bob directs our global teams in the development of tools, methodologies, marketing and training for SAP GRC solutions.
Michael Baccala, PwC’s National Oracle GRC, Application Security and Controls Leader, is a principal who works with clients to develop, maintain and drive business success through the best use of technology and to leverage technology to solve compliance and risk management challenges. Michael is known for cultivating high-performing talent and developing teams who will consistently deliver exceptional value and service to clients.