Category Archives: Audit and Oversight

Developing a five-part SAP ERM strategy

Organizations have faced an increasing number of challenges with internal processes and external supply chains in recent years, leading to a growing realization among companies that enterprise risk management (ERM) is a necessary business process in its own right. An organization should develop a sound SAP ERM structure using five key elements in the SAP solution suite, including SAP GRC and SAP Business Suite applications.

Examples of supply chain risk over the last five years can be found everywhere. The 2011 tsunami in Japan wreaked havoc on automotive companies worldwide, many of whom depended on vendors in that country. Disney left Bangladesh as a contract manufacturing base after a factory fire, and later a devastating building collapse, which Disney blamed on the government of Bangladesh for lack of regulatory oversight.

Image courtesy of University of California

At the same time, companies are giving more attention to ensuring correct transfer of internal funds internationally (known as SWIFT accounts) to meet increasing financial auditing requirements. Corporate and institutional governance boards are also taking greater steps to reduce the potential for large scale fraud and low probability, high impact risks also known as “fat tail” or “black swan” risks.

The Five Elements

SAP customers often get derailed on how to structure business process audits – such as financial audits – using the vast SAP Business Suite and GRC tools available to them. To make that happen, companies should consider five key elements to successfully build out a strong and cohesive ERM program.

To learn more about the Five Elements of an SAP ERM strategy, read my article in its entirety on searchSAP.com.

Advertisements

Leave a comment

Filed under Audit and Oversight, Compliance, Financial Management, Operations, Program Management, Risk Management, Strategy, Supply Chain Management, Technology

Snowden Case Illustrates Gaps in Governance Policy

While the world watches Edward Snowden and his serendipitous travels and possible end game as he faces charges of US espionage at home, the security world has been asking the same question since the Guardian made its bombshell disclosures: How did this happen?

Photograph: The Guardian/AFP/Getty Images

Indeed despite any personal views on whether Snowden is a whistle-blower, a spy, or a confused young man one thing is certain.  With a relatively low analyst role inside of the National Security Agency (NSA), Snowden had access to large data piles of sensitive information – both metadata as well as content data – on the US surveillance programs.  While the deep content data was under the auspices of US government efforts to get a handle on thwarting terrorist attacks and cyber espionage from commercial and political entities, it illustrates what can happen when large organization do not pay attention to those able to come and go from their own systems and what information they can see.

Commercial organizations have been dealing with this problem for the past two decades.  In the outsourcing shift of the late 1990s and early 2000s, American and other Western-based companies looked to offshore security, network administration, and call center services to countries with lower wage knowledge workers.  Countries like Brazil, India and China began to sprout data centers and call centers creating huge demand for trained and skilled tech workers.  While many of these workers used their positions to eventually emigrate to developed nations, many remained close to families and absorbed good-wage, local jobs with very exciting large, multinational corporations.

And that’s when the fun stopped.  Once in, unless you have multi-tiered governance and access models over all systems users, these third party offshore providers found there were ways to increase their value by siphoning off intellectual property (IP) for use with related home country industries.  Granted the vast majority of offshore information technology providers were of good repute and legitimate in their contracts and task execution.  However while working for a government contractor – a large multi-national subject to ITAR and other commercial export and technology transfer laws – the candy store was discovered not only open but unlocked.

It seems in their haste and desire to spin-0ff a large offshore company that had been created for the purpose of taking care of their systems in a joint venture, headquarters personnel of this multinational corporation became aware of unusual logs in the use and view of certain key data files.  These files related to the design and manufacture of product governed by commercial and government controls, and did not have anything to do with the core systems management processes the offshore company was now contracted to provide and maintain.  In short, network administrators had such broad access based on the definition of their user profile they could essentially view, edit, delete and copy any product related files.  This led to a large discussion and renegotiation of the service level agreement between the multinational and offshore provider. Eventually a domestic systems management services provider was contracted to take on the network care over product and manufacturing data.

There will always be the Edward Snowden’s of the world, who feel they must act on what they see or re-purpose information that is available to them.  However with greater governance and controls of information policy we can limit the availability of future Snowden’s to have full visibility of information that is not on a need-to-know basis.  We have the tools and methods available to put these governance policies in place.  In both government and commercial sectors, responsible management is needed to do so.

Leave a comment

Filed under Audit and Oversight, Big Data, Business Analytics, Cloud Readiness, Compliance, Global Trade, Information Technology, Marketing and Social Business, Mergers and Acquisitions, Operations, Program Management, Risk Management, Technology

SAP Inside Track: Align Risk Management Goals, Audits with Actions

This week I had the pleasure of attending and speaking at the joint SAP Inside Track Toronto and ASUG Ontario chapter meetings.  My presentation on the topic of Enterprise Risk Management (ERM) using the five key elements of SAP Business Suite – including a case study on internal audit management – attracted some attention.  The presentation is available now on Slideshare and will also be posted to the ASUG Ontario chapter event page.

I also took fourth in the annual “Canuck Hunt” contest at SAPPHIRE 2013.  Mark Richardson of the Ontario Chapter has a nice photo of me with my prizes orbiting in the twitterverse for reader amusement…  Thanks again Mark and the rest of the ASUG Ontario team for a great program.  See you all next week in Grand Rapids on June 27 for the ASUG Michigan chapter meeting!

Leave a comment

Filed under Audit and Oversight, Business Analytics, Compliance, Enterprise Performance Management, Program Management, Risk Management, Strategy, Technology

Can Supply Chain Visibility Save Lives?

My recent SCN blog post “Focused Brand Management via Supply Chain Visibility” has received nearly 1,000 views since it was posted earlier in the month following my interview with Markus Rosemann, Head of Supply Chain Execution at SAP during the SAPPHIRE Orlando conference.  It is provided here as an abstract to create visibility in non-technical circles so we can all consider if increased supply chain visibility can detect issues before they occur. Or kill. 

Read the full article on SCN under the Business Trends topic for Sustainability and Supply Chain.

Rena Plaza collapse (image courtesy NY Times, Reuters)

In the wake of devastating tragedies in Bangladesh and Paskistan over the past 18 months, OEMs are developing action plans and mitigation strategies to avoid collateral brand damage associated with poorly run and often dangerously unsafe external contract manufacturers.  During my recent podcast for the IXN (Episode IXN002 on iTunes) I was asked what is the top challenge facing global supply chains.  My answer was terrifyingly predictive: brand management and the impact it has on brand sales when a horrific event happens overseas.  Two weeks later, over 1,000 workers (mothers, fathers, sisters and brothers) lost their lives in the building collapse at the Rena Plaza factory in Bangladesh.  While the death toll rose, Disney was one of the first brands to pull out of the country, and the EU developed a memorandum of understanding that many appareland footwear manufacturers were voluntarily adopting.

This week at SAPPHIRE I sat down with Markus Rosemann, Head of Supply Chain Execution, LOB Solution Management, to discuss this problem.  Given the actions of the previous several weeks this issue is top of mind in supply chain operations and risk management functions inside, it was a familiar topic.

Integrated supply chain issues for brand management is a critical success factor because as Rosemann put it, “you cannot lose on this front. How you integrate with your partners is a growing need, not only the process and order level (for example, who was manufacturing on Bangladesh and what percentage of your portfolio), but also the need for the supply network to create visibility.” While this has been an issue for years, the impact on brand management today creates a new need to track and trace supplier activity so companies can protect their brand.

Social and sentiment analysis can also play into that from a demand signal management perspective. Social plug-ins can see the sentiment analysis on brands, platform, and customer preferences. So what does this mean having a true voice of the customer in the wake of a horrific supplier event?  According to Rosemann, “that is finally changing, best margin is not the only driving force” in industries such as apparel and footwear. “This is an area that we see changing in the market place – demand patterns which are changing, and this can all be viewed inside real-time analytics. We see this as a huge opportunity to leverage the power of HANA, for massive data which can be analyzed and understood. From this, information can be pushed onto strategy, supply planning, and then sourced.  This is the real integration and opportunity for a real time supply chain.” I agree and none too soon.

2 Comments

Filed under Audit and Oversight, Big Data, Change Management and Leadership, Communication Planning, Compliance, Global Trade, Information Technology, Marketing and Social Business, Operations, Program Management, Risk Management, Strategy, Supply Chain Management, Sustainability, Technology

Minding the C-Suite Gap: Preliminary Results from CXO Study, Webinar Invitation

Preliminary findings of the CXO Engagement study conducted by Newport Consulting Group and the University of Oregon were released last week during the ISSP National Conference in Chicago. I highlight some of the key points from my exclusive article for Sustainable Industries Magazine.  Join us June 13 at 1PM ET for a full briefing on the study findings, registration is now open.

As we begin to crunch the numbers for our findings of the CXO Engagement Study sponsored by Newport Consulting Group and University of Oregon’s Sustainability Leadership Program, we can now begin to take a step back and gauge where we thought sustainability was falling down inside organizations and what can be done to make sustainability strategies more strategic with the help of the right people inside of the C-suite.

Over 140 organizations responded to our survey which cut across a broad swath of roles, activities, intentions and experiences. Before I get too deep into the analytics, I’d like to offer a personal word of thanks to those of you who took the time and responded. We may yet invite you to serve as interview subjects as we probe a bit deeper into some of the findings and rationale. To our knowledge this is the first time any group or institution has tried to correlate CXO behavior with perceived sustainability performance. We understand and acknowledge we are treading into new waters, and we appreciate you being along for the swim.

First, the high level numbers. There was a predominance of C-suite participants with C-level and vice president titles (38%); directors and managers represented the middle reporting management levels (41%), and the remainder were staff, project team members and consultants (21%). Participant primary job functions were dispersed across a number of areas including management (27%), sustainability/CSR (21%), operations (11%), with areas such as finance, human resources and marketing all represented under 10% levels.

Based on our preliminary findings, we can make some high-level determinations as to what is happening. This will lead over the next several weeks into a clearer picture as to why these things are happening (or not happening) inside organizations.

You can review these trends in my exclusive article for Sustainable Industries Magazine.  Join us June 13 at 1PM ET for a full briefing on the study findings, registration is now open.

Leave a comment

Filed under Audit and Oversight, Change Management and Leadership, Communication Planning, Compliance, Marketing and Social Business, Millennial Worker Shift, Operations, Program Management, Risk Management, Strategy, Sustainability

A New Study Examines Engagement of the Entire C-suite in Sustainability Strategy

As a follow-on to my recent article “Why Sustainability isn’t Sticking with the CXO,” Newport Consulting Group colleague Cindy Jennings challenges us to open up to the honest challenge that there is an “engagement gap” with the CXO.  Rather than to simply state the obvious, Cindy calls upon us to ask the brutally honest questions as to why this is so and what can we as both colleagues in the C-suite and as staff members and stakeholders do to change direction.

Many surveys studying the attitudes and leadership of various C-level executives have been conducted over the years. A new CXO Engagement Study conducted by the University of Oregon and Newport Consulting will examine the leadership engagement and influence, motivations and engagement tools of the entire C-suite.  Cindy provides some additional context in her open letter on Sustainable Industries Magazine:

What is driving the CXO “Engagement Gap?” (photo credit: jeffreyholmes.photoshelter.com)

For years I’ve been reading and quoting surveys about CEOs and chief marketing officers (CMOs) to various clients and those interested enough to listen. More recently, stories and studies about the need for higher-level engagement of chief information officer (CIO) or chief technology officer (CTO) and the chief human resources officer (CHO) are also giving sound reasoning. The Wall Street Journal covered the Deloitte “ReSources 2012” study that outlined opportunities for CIO leadership in energy management systems – one of the most consistently measured performance indicators. Andy Savitz, author of “Talent, Transformation and the Triple Bottom Line: How Companies Can Leverage Human Resources to Achieve Sustainable Growth,” makes the connection for companies on how to leverage their employees — and their HR departments — to achieve their sustainability goals.

There is also speculation that we have reached “peak sustainability” in that chief sustainability officer position creation is on the decline. Within that speculation is whether or not sustainability is starting to be adopted as a standard business strategy that no longer needs a specific champion, or if it is being absorbed by the existing c-Suite. Read the “State of Green Business 2013” for more on that subject.

I agree with my colleague William Newman in his article “3 reasons sustainability isn’t sticking” when he writes “Many [CXOs] are able to ‘talk the talk’ but only a minority are able to ‘walk the walk.’ The survey seeks to help leaders better walk the walk by determining which C-level executive or mix of executives are able to effectively lead and influence triple bottom line strategy for their company, and how they do it.

Visit Sustainable Industries Magazine to read Cindy’s full article.  The survey is live and will run through April 26, 2013. The findings will be shared complimentary with those sharing their own viewpoints on the topic.  You may participate in the study by visiting the University of Oregon survey site.

Leave a comment

Filed under Audit and Oversight, Change Management and Leadership, Communication Planning, Community and Municipal Outreach, Compliance, Financial Management, Marketing and Social Business, Operations, Procurement, Risk Management, Strategy, Sustainability

Why Sustainability Isn’t Sticking with the CXO Office

Over the next three months, I will be working with the University of Oregon Sustainability Leadership Program and Sustainable Industries to prepare for the online launch of new nationwide courses for the UO program.  In addition, SI, UO and Newport Consulting are partnering on a study of CXO sentiment around the topic of sustainability and executive engagement.  My article, the first of a series of three as part of this partnership also featuring colleague and Newport Consulting Principal Cindy Jennings, focuses on the issues facing the CXO office.  Cindy’s offering will suggest a hypothesis for why CXO behavior seems counter to triple bottom-line decision making.

Many CXOs survived a near-death experience during the Great Recession. Can they move from bottom-line thinking to triple bottom-line decision making?

It was the winter of 2009. Some would call it the “winter of our discontent” in the Motor City. As history would show, the U.S. automotive industry was hours away from stopping – not due to a major labor strike or natural disaster, but caused by a meltdown of the liquidity market.

I was meeting with a CXO who was affable and open to new ideas and conversations. We had met earlier at a local economic lunch and exchanged pleasantries. Now, in his C-level offices of a multi-billion dollar automotive supplier, his candor was striking.

“We just survived a near-death experience,” he summarized slowly and purposefully, as if he had given the answer a thousand times before to his employees. “As far as the triple-bottom line goes, we are going to focus on the bottom line for the next three to four years.”

And that was that. Sustainability and the thought of strategically embracing the triple-bottom line was off the table.

Fast forward those three to four years. While gains have been made to move executive thinking on the topic of sustainability and triple-bottom line decision making, little has changed in the psyche of CXO executives in many global organizations. Why?

No doubt the issue of sustainability is on the minds of executives. Countless studies confirm this. The now-infamousUN Global Compact Survey (2010) indicated 93% of global executives believed sustainability would have an impact or a profound impact on their operations. Striking in those figures was an improbably 100% affirmative response from automotive executives like the same CXO who scoffed at my overtures. A more recent study by Deloitte, CFOs Are Coming to the Table (2012), illustrates that spend on sustainability has risen commensurate with an increase in sustainability activities inside the organization. But the same study admits only 39% feel that it is important to communicate the value of sustainability to their employees.

If so many CXOs believe there is a strategic importance to move towards sustainable business models and triple-bottom line decision making, then why is it that a minority of those same executives feel the need to engage employees by communicating the importance of these business practices? I submit that there is an “engagement gap” among the majority of top executives when it comes to sustainability. Many are able to “talk the talk” but only a minority is able to “walk the walk.” I suggest three key areas to consider as possible reasons why this gap exists.

You can read the full article on the Sustainable Industries UO page.  Stay tuned for the next article in the series and an invitation to participate in our CXO Engagement Survey.

Leave a comment

Filed under Audit and Oversight, Change Management and Leadership, Compliance, Financial Management, Millennial Worker Shift, Operations, Risk Management, Sustainability