IT risk oversight is a hot topic for boards of leading companies. It is one of the critical components of an organization’s competitive advantage. Recent industry studies show that companies lose billions of dollars on failed IT-related projects that don’t reach their full potential. Because IT initiatives are usually enterprisewide, they naturally impact many aspects of the business. And ERP is no exception.
In 1990 the term “enterprise resource planning,” or ERP, was introduced to the world, with systems originally focused on resource planning in manufacturing. By the mid-1990s ERP systems expanded to include accounting, finance, human resources, and other core functions of the enterprise.
After 1991, systems matured to encompass real-time front-office functions around customer relationship management, e-business, and supplier relationships. Today, in real time of near real time, ERP systems are the backbone of global commerce, connecting with ERP systems beyond the corporate walls and allowing users to obtain agility, flexibility, and optimization.
From its earliest days, ERP has been pushing the managerial performance envelope. Initially, just having the information from the transaction initiation through to reporting was an incredible feat — even if you had to wait for multiple batches to occur over multiple days. Today, ERP is actually happening in-memory, at speeds thought unthinkable only a few years ago. Transactions are processed and, just about instantaneously, they are measurable and reportable. But this all comes at a significant price.
The cost of ERP has been largely mitigated by increases in productivity as technology has substituted for labor. But productivity is not the only objective facing executives. Today’s executives must quickly adapt to the challenges in their environment. They must also be able to anticipate tomorrow’s threats and opportunities before the competition does.
Executives must identify changes in the environment, make sense of those changes, and then decide what’s important. And they must do all of these things faster than their competitors.
All of these activities are data-driven, and there is no substitute for “data-driven decision making.” The best competitive advantage lies within the data in your ERP system. Today’s executives can’t afford to rely on intuition. They need the capability to merge enterprise data with advanced analytics to identify, make sense of, and even anticipate threats and opportunities. For example, executives need to be able to anticipate when they’re about to lose control, become unstable, or go chaotic.
A by-product of today’s highly complex operational environment is the increasing odds of business operations spiraling out of control or “going chaotic.” An operation that was once smooth and regular becomes erratic. Stable data patterns exhibit progressively more and more variance, hinting that “bad things” are about to happen.
The point at which a system goes chaotic is a “tipping point.” With ERP data and sophisticated analytical modeling, those erratic patterns, and maybe even the tipping point, will be on your radar well before all is lost. This allows proactive rather than reactive management. That is golden.
Chaos: What to look for
- The change of a control factor to a value high enough that chaotic or disorderly behavior sets in
- When a relatively small change in one process sets off a disproportionate change in other processes (this is called nonlinear behavior)
- When data gets “noisy,” as in normal transactions and the data patterns they exhibit start looking like a jagged EKG screen rather than a smooth line
Where to look for the data: Your ERP system
Of course none of the above is possible without valid and reliable data from your ERP system. So, a crucial question must be answered: How well are you managing the governance, risk, and compliance needs around your ERP?
OK, it is a relative question. It’s like asking someone, “Are you healthy?” Unless the person has had a recent physical, you will not get an answer based on facts. Better questions to ask might be: Could we do more, be more efficient, save more time and money, and stop erosion of value caused by substituting manual labor for technology and automation? Today’s competitive global economy and increasing pressure on margins and productivity demand asking the tough questions.
- What is the history of your system? If you have focused primarily on technical upgrades, odds are that business processes and associated controls could profit from the evolution of ERP. Have you fully explored and exploited all the functionality you have paid for?
- Do you have a current utilization assessment to determine how core ERP/GRC functionality is being used to automate manual processes? Automation produces data that is more accurate and more reliable than manually collected data, which is prone to human error.
- Have you incorporated performance analytics into your strategic and tactical toolkit? The first step in taming complexity and chaos lies in the data now running through your information infrastructure and merging it with new powerful quantitative techniques.
- Is there a process to evaluate new GRC requirements as regulation and compliance change? Is there a process to evaluate and incorporate new information needs? Is there a single source of truth for compliance?
- Have you achieved (or are there unmet needs) for cross-platform integration with your governance, risk and compliance functions? This addresses not only information needs but also integration of GRC technologies and other bolt-on applications. Current GRC technology provides for the consolidation of cross-platform data for a comprehensive single point of view across the business.
Think about GRC technology provided by ERP vendors such as Oracle and SAP as a strategic intervention that blends data, controls, and analytics in suites that give you a customized and comprehensive way to respond to emerging security, control, and compliance needs. GRC is a key enabler to this evolution.
You have already made the investment in an ERP system. Now use it to its fullest potential. Not to the potential as defined 10 years ago, but to its true potential in today’s uncertain and complex environment. As ERP has evolved over time, so too have GRC technologies. Today they provide more accuracy, control, and reliability for real-time decision making, made possible through monitoring.
About the Authors
Robert H. Clark is the Philadelphia-based lead partner in PricewaterhouseCoopers’ US SAP Controls Solutions practice and is PwC’s Global Alliance Partner for SAP in Governance, Risk and Compliance (GRC) solutions. In this capacity, Bob directs our global teams in the development of tools, methodologies, marketing and training for SAP GRC solutions.
Michael Baccala, PwC’s National Oracle GRC, Application Security and Controls Leader, is a principal who works with clients to develop, maintain and drive business success through the best use of technology and to leverage technology to solve compliance and risk management challenges. Michael is known for cultivating high-performing talent and developing teams who will consistently deliver exceptional value and service to clients.
Bob is the Philadelphia-based lead partner in PwC’s US SAP Controls Solutions practice and is PwC's Global Alliance Partner for SAP in Governance, Risk and Compliance (GRC) solutions. In this capacity, Bob directs our global teams in the development of tools, methodologies, marketing and training for SAP GRC solutions. Bob has worked on large SAP business transformation projects, concentrating on transformation strategy, business case development and requirements, project risk mitigation, internal controls and security. Bob has supported clients in the ERP and systems integrator selection processes and counseled client executives and Boards of Directors on large ERP transformation projects. Bob has provided litigation support for two large multi-million dollar legal cases for trouble implementations where he shared his insights and recommendations on large project success and failure criteria. Bob has also provided independent feedback to clients on large business transformation projects, advising on overall readiness, implementation strategy, development methodology, service provider selection, outsourcing strategy, project governance and structure and improvement planning. During his 18 year career Bob has helped many clients evaluate and improve their utilization of technology to support and enable business strategy, focusing on maximizing their investments in technology and automation. He has advised clients on SAP security, controls and GRC Access Controls and Process Controls solutions in a variety of industries including chemicals, industrial products, pharmaceuticals, medical devices, retail and consumer manufactures. His engagements include: AmerisourceBergen, Sunoco Inc., Day and Zimmermann, Shire Pharmaceuticals, VWR International, E. I. DuPont de Nemours, Rohm and Haas/Dow Chemical, Ashland Chemical, PQ Corporation, The Campbell Soup Company, Bacardi International and AstraZeneca. Bob recently spoke at the 2011 SAP GRC Insiders Event on the topic of SAP Governance, Risk and Compliance and co-presented with SAP America at the keynote address for this event. Bob also spoke at this year's Sapphire in Orlando on SAP security and controls -leading practices and GRC technologies. Bob attended executive development programs at Insead Business School in France and the Anderson School at UCLA. He graduated with a BSBA in Finance from Villanova University where he frequently speaks on IT strategy and accounting information systems, and lectures as guest instructor at the Villanova School of Business. Bob serves on the Board of Directors for the Boys and Girls Clubs of Philadelphia and on the IT Strategy Committee for the YMCAs of Philadelphia and Vicinity.