Category Archives: Program Management

Developing a five-part SAP ERM strategy

Organizations have faced an increasing number of challenges with internal processes and external supply chains in recent years, leading to a growing realization among companies that enterprise risk management (ERM) is a necessary business process in its own right. An organization should develop a sound SAP ERM structure using five key elements in the SAP solution suite, including SAP GRC and SAP Business Suite applications.

Examples of supply chain risk over the last five years can be found everywhere. The 2011 tsunami in Japan wreaked havoc on automotive companies worldwide, many of whom depended on vendors in that country. Disney left Bangladesh as a contract manufacturing base after a factory fire, and later a devastating building collapse, which Disney blamed on the government of Bangladesh for lack of regulatory oversight.

Image courtesy of University of California

At the same time, companies are giving more attention to ensuring correct transfer of internal funds internationally (known as SWIFT accounts) to meet increasing financial auditing requirements. Corporate and institutional governance boards are also taking greater steps to reduce the potential for large scale fraud and low probability, high impact risks also known as “fat tail” or “black swan” risks.

The Five Elements

SAP customers often get derailed on how to structure business process audits – such as financial audits – using the vast SAP Business Suite and GRC tools available to them. To make that happen, companies should consider five key elements to successfully build out a strong and cohesive ERM program.

To learn more about the Five Elements of an SAP ERM strategy, read my article in its entirety on searchSAP.com.

Leave a comment

Filed under Audit and Oversight, Compliance, Financial Management, Operations, Program Management, Risk Management, Strategy, Supply Chain Management, Technology

Snowden Case Illustrates Gaps in Governance Policy

While the world watches Edward Snowden and his serendipitous travels and possible end game as he faces charges of US espionage at home, the security world has been asking the same question since the Guardian made its bombshell disclosures: How did this happen?

Photograph: The Guardian/AFP/Getty Images

Indeed despite any personal views on whether Snowden is a whistle-blower, a spy, or a confused young man one thing is certain.  With a relatively low analyst role inside of the National Security Agency (NSA), Snowden had access to large data piles of sensitive information – both metadata as well as content data – on the US surveillance programs.  While the deep content data was under the auspices of US government efforts to get a handle on thwarting terrorist attacks and cyber espionage from commercial and political entities, it illustrates what can happen when large organization do not pay attention to those able to come and go from their own systems and what information they can see.

Commercial organizations have been dealing with this problem for the past two decades.  In the outsourcing shift of the late 1990s and early 2000s, American and other Western-based companies looked to offshore security, network administration, and call center services to countries with lower wage knowledge workers.  Countries like Brazil, India and China began to sprout data centers and call centers creating huge demand for trained and skilled tech workers.  While many of these workers used their positions to eventually emigrate to developed nations, many remained close to families and absorbed good-wage, local jobs with very exciting large, multinational corporations.

And that’s when the fun stopped.  Once in, unless you have multi-tiered governance and access models over all systems users, these third party offshore providers found there were ways to increase their value by siphoning off intellectual property (IP) for use with related home country industries.  Granted the vast majority of offshore information technology providers were of good repute and legitimate in their contracts and task execution.  However while working for a government contractor – a large multi-national subject to ITAR and other commercial export and technology transfer laws – the candy store was discovered not only open but unlocked.

It seems in their haste and desire to spin-0ff a large offshore company that had been created for the purpose of taking care of their systems in a joint venture, headquarters personnel of this multinational corporation became aware of unusual logs in the use and view of certain key data files.  These files related to the design and manufacture of product governed by commercial and government controls, and did not have anything to do with the core systems management processes the offshore company was now contracted to provide and maintain.  In short, network administrators had such broad access based on the definition of their user profile they could essentially view, edit, delete and copy any product related files.  This led to a large discussion and renegotiation of the service level agreement between the multinational and offshore provider. Eventually a domestic systems management services provider was contracted to take on the network care over product and manufacturing data.

There will always be the Edward Snowden’s of the world, who feel they must act on what they see or re-purpose information that is available to them.  However with greater governance and controls of information policy we can limit the availability of future Snowden’s to have full visibility of information that is not on a need-to-know basis.  We have the tools and methods available to put these governance policies in place.  In both government and commercial sectors, responsible management is needed to do so.

Leave a comment

Filed under Audit and Oversight, Big Data, Business Analytics, Cloud Readiness, Compliance, Global Trade, Information Technology, Marketing and Social Business, Mergers and Acquisitions, Operations, Program Management, Risk Management, Technology

SAP Inside Track: Align Risk Management Goals, Audits with Actions

This week I had the pleasure of attending and speaking at the joint SAP Inside Track Toronto and ASUG Ontario chapter meetings.  My presentation on the topic of Enterprise Risk Management (ERM) using the five key elements of SAP Business Suite – including a case study on internal audit management – attracted some attention.  The presentation is available now on Slideshare and will also be posted to the ASUG Ontario chapter event page.

I also took fourth in the annual “Canuck Hunt” contest at SAPPHIRE 2013.  Mark Richardson of the Ontario Chapter has a nice photo of me with my prizes orbiting in the twitterverse for reader amusement…  Thanks again Mark and the rest of the ASUG Ontario team for a great program.  See you all next week in Grand Rapids on June 27 for the ASUG Michigan chapter meeting!

Leave a comment

Filed under Audit and Oversight, Business Analytics, Compliance, Enterprise Performance Management, Program Management, Risk Management, Strategy, Technology

Can Supply Chain Visibility Save Lives?

My recent SCN blog post “Focused Brand Management via Supply Chain Visibility” has received nearly 1,000 views since it was posted earlier in the month following my interview with Markus Rosemann, Head of Supply Chain Execution at SAP during the SAPPHIRE Orlando conference.  It is provided here as an abstract to create visibility in non-technical circles so we can all consider if increased supply chain visibility can detect issues before they occur. Or kill. 

Read the full article on SCN under the Business Trends topic for Sustainability and Supply Chain.

Rena Plaza collapse (image courtesy NY Times, Reuters)

In the wake of devastating tragedies in Bangladesh and Paskistan over the past 18 months, OEMs are developing action plans and mitigation strategies to avoid collateral brand damage associated with poorly run and often dangerously unsafe external contract manufacturers.  During my recent podcast for the IXN (Episode IXN002 on iTunes) I was asked what is the top challenge facing global supply chains.  My answer was terrifyingly predictive: brand management and the impact it has on brand sales when a horrific event happens overseas.  Two weeks later, over 1,000 workers (mothers, fathers, sisters and brothers) lost their lives in the building collapse at the Rena Plaza factory in Bangladesh.  While the death toll rose, Disney was one of the first brands to pull out of the country, and the EU developed a memorandum of understanding that many appareland footwear manufacturers were voluntarily adopting.

This week at SAPPHIRE I sat down with Markus Rosemann, Head of Supply Chain Execution, LOB Solution Management, to discuss this problem.  Given the actions of the previous several weeks this issue is top of mind in supply chain operations and risk management functions inside, it was a familiar topic.

Integrated supply chain issues for brand management is a critical success factor because as Rosemann put it, “you cannot lose on this front. How you integrate with your partners is a growing need, not only the process and order level (for example, who was manufacturing on Bangladesh and what percentage of your portfolio), but also the need for the supply network to create visibility.” While this has been an issue for years, the impact on brand management today creates a new need to track and trace supplier activity so companies can protect their brand.

Social and sentiment analysis can also play into that from a demand signal management perspective. Social plug-ins can see the sentiment analysis on brands, platform, and customer preferences. So what does this mean having a true voice of the customer in the wake of a horrific supplier event?  According to Rosemann, “that is finally changing, best margin is not the only driving force” in industries such as apparel and footwear. “This is an area that we see changing in the market place – demand patterns which are changing, and this can all be viewed inside real-time analytics. We see this as a huge opportunity to leverage the power of HANA, for massive data which can be analyzed and understood. From this, information can be pushed onto strategy, supply planning, and then sourced.  This is the real integration and opportunity for a real time supply chain.” I agree and none too soon.

2 Comments

Filed under Audit and Oversight, Big Data, Change Management and Leadership, Communication Planning, Compliance, Global Trade, Information Technology, Marketing and Social Business, Operations, Program Management, Risk Management, Strategy, Supply Chain Management, Sustainability, Technology

Minding the C-Suite Gap: Preliminary Results from CXO Study, Webinar Invitation

Preliminary findings of the CXO Engagement study conducted by Newport Consulting Group and the University of Oregon were released last week during the ISSP National Conference in Chicago. I highlight some of the key points from my exclusive article for Sustainable Industries Magazine.  Join us June 13 at 1PM ET for a full briefing on the study findings, registration is now open.

As we begin to crunch the numbers for our findings of the CXO Engagement Study sponsored by Newport Consulting Group and University of Oregon’s Sustainability Leadership Program, we can now begin to take a step back and gauge where we thought sustainability was falling down inside organizations and what can be done to make sustainability strategies more strategic with the help of the right people inside of the C-suite.

Over 140 organizations responded to our survey which cut across a broad swath of roles, activities, intentions and experiences. Before I get too deep into the analytics, I’d like to offer a personal word of thanks to those of you who took the time and responded. We may yet invite you to serve as interview subjects as we probe a bit deeper into some of the findings and rationale. To our knowledge this is the first time any group or institution has tried to correlate CXO behavior with perceived sustainability performance. We understand and acknowledge we are treading into new waters, and we appreciate you being along for the swim.

First, the high level numbers. There was a predominance of C-suite participants with C-level and vice president titles (38%); directors and managers represented the middle reporting management levels (41%), and the remainder were staff, project team members and consultants (21%). Participant primary job functions were dispersed across a number of areas including management (27%), sustainability/CSR (21%), operations (11%), with areas such as finance, human resources and marketing all represented under 10% levels.

Based on our preliminary findings, we can make some high-level determinations as to what is happening. This will lead over the next several weeks into a clearer picture as to why these things are happening (or not happening) inside organizations.

You can review these trends in my exclusive article for Sustainable Industries Magazine.  Join us June 13 at 1PM ET for a full briefing on the study findings, registration is now open.

Leave a comment

Filed under Audit and Oversight, Change Management and Leadership, Communication Planning, Compliance, Marketing and Social Business, Millennial Worker Shift, Operations, Program Management, Risk Management, Strategy, Sustainability

SCOR 11 Goes Closed-loop with New Release, SAP Stays the Course

This week I completed a preliminary review of the new release of its Supply Chain Operations Reference (SCOR) model by the Supply Chain Council (SCC).  My findings are published in the full version of searchManufacturingERP.com online magazine.  Some highlights:

  • The Level 2 process “Enable” which was common across all Level 1 processes is no promoted to Level 1 status.  This in effect creates a closed-loop model for the first time similar to the Deming “Plan, Do, Check, Act” quality cycle.
  • SCOR 11 delineates certain best practices into specific areas of effectiveness.  This is very helpful for operational analysis and bench-marking using “level chart” and other similar techniques.
  • Best practice guidelines have been added to SCOR 11.

Major companies use the SCOR framework to ensure supply chain and operational consistency

SAP has long been a supporter in the area of adopting (and enabling) the SCOR framework for Supply Chain Performance Management, and has been the recipient of an Global Technology Advancement Award by the SCC in this area.  SAP Solution Manager, Stephanie Gruber says the SCOR framework is important for customer use inside their analytics environment to measure successful execution of business operations. “[Customers gain] complete visibility into supply chain performance, which complies with leading industry standards such as [SCOR] to define operational dependencies,” said Gruber.

Major customers such as Coca-Cola have leveraged SCPM as the key performance driver of their supply chain monitoring and management activities.  The new release of SCPM 2.0 also allows for integration into Risk Management (RM10) for comprehensive supply chain risk management tracking.

Read the full article here.  Thanks again to Stephanie for being available for comment.

Leave a comment

Filed under Business Analytics, Compliance, Enterprise Performance Management, Global Trade, Information Technology, Operations, Program Management, Risk Management, Strategy, Supply Chain Management, Sustainability, Technology

Addressing New Conflict Minerals Requirements: Key Success Factors for Processes and Reporting

As part of our ongoing work with compliance software maker iPoint-Systems, we recently published interview findings of trends in various manufacturing industries around the Dodd-Frank Section 1502 “Conflict Minerals” provision.  2013 marks the first mandatory reporting period in the United States based on the Security and Exchange Commission (SEC) final ruling in August, 2012.  Our article looks at what some of the organizations are doing – and not doing – to ready themselves for new process and reporting activities.

As companies spent the recent year-end holidays closing their fiscal books and creating program budgets for new products and services into 2013, a small and seemingly obscure clause in one of the widest reaching financial reform acts in modern history has added concern and challenge to product manufacturers across industry segments.

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 contains a small but very important section addressing so-called “conflict minerals” – referred to as 3TGs (tin, tantalum, tungsten, and gold) – harvested from the Democratic Republic of Congo and surrounding countries. The people in these areas are experiencing war atrocities, human slavery, and other human rights violations cited by the United Nations.

As such, Section 1502 of the Dodd-Frank Act suggested that this issue requires an aggressive supply chain reporting mandate. The U.S. Securities and Exchange Commission (SEC) made final rulings on this provision in late August 2012 ascribing any publicly traded company and their suppliers to “include a description of the measures it took to exercise due diligence on the conflict minerals’ source and chain of custody” and file a new SEC form SD beginning in 2014 for the 2013 calendar year. The initial reporting period for tracking compliance efforts begins in January, 2013.

Far-reaching Impacts

According to leading industry experts in the field, the effects of the conflict minerals provisions are extensive. “It’s not just whether you are a public company, in which case you for sure must report and show due diligence through your supply chain. Also, private companies and companies that are part of the US company’s supply chains will be affected, as the requirements are cascaded down the value chain. It has been suggested by the SEC that the number of companies that may contain trace elements of conflict minerals could be in excess of 280,000,” notes Thomas Bley, senior project manager for software maker iPoint-systems and participant in a number of industry work groups.

One of the challenges that make conflict mineral compliance to Dodd-Frank so encompassing is the level of trace elements of 3TGs found in most electronics components, used in everything from computers to automobiles to household appliances. It is difficult for one company on its own to trace the flow of materials in raw form back to the component suppliers, however Dodd-Frank requires even deeper due diligence to determine the actual location of the mineral smelter. Some organizations have stated publicly that obtaining declarations of conflict minerals to a level of only 40-60% is sufficient.

“That’s a risky proposition,” suggests Bley. “While there are no penalties for using conflict minerals in company products, the regulations require that a ‘reasonable country of origin inquiry’ is performed. Those companies that lag in this area risk ‘named and shamed’ by the consumer public and nongovernmental organizations (NGOs),” creating a possible impact on brand reputation and sales.

You may read the full article on the Ethisphere website.  Kind thanks to Thomas Bley, Katie Boehm, Andreas Schiffleitner  and Stefan Lenssen for their support on this project.  You may follow iPoint-Systems (@iPointWorld) and Ethisphere (@Ethisphere) on Twitter.

Leave a comment

Filed under Audit and Oversight, Cloud Computing, Compliance, Global Trade, Information Technology, Operations, Procurement, Program Management, Risk Management, Supply Chain Management, Sustainability, Technology

Increase Data Visualization in Mobile Apps Using the Mobile Analytics Kit

The convergence of data visualization, mobile computing, and big (really big) data means that executives today have extraordinary oversight capabilities into the operational execution, sales planning, and financial management of their organizations. Dynamic data visualization and analytics offer trends, forecasts, exceptions, and abnormalities with deep drill-down capabilities both at the on-premises desktop level and in mobile device applications.

The realm of these capabilities is only limited by the ability to harvest and consume this information in an in-memory or real-time basis. Research firm Gartner Group suggests that this convergence of analytics, big data, and mobile computing may automate many decision-making tasks facing executives today, freeing up new cycles for strategy setting, business innovation,value creation. [1]

MAKit StackTo craft such a technology environment to enable development of visually rich, deeply analytic mobile computing apps, an organization needs to take stock of its “data inventory” and how this information needs to be used and consumed by executives, managers, staff, and partners to accomplish business tasks.

Using the SAP Mobile Analytics Kit (MAKit), data visualization — once the exclusive domain of the desktop — is now available on mobile devices. These elements can be used in combination to create a mobile decision support environment.

As part of their corporate mobile computing strategy,  large, multinational organizations need to address some of the same issues that a consumer-based mobile computing strategy would consider. When determining how to best create your mobile environment to support decision making, you need to consider some basic questions:

  • Which tasks are to be accomplished inside the enterprise?
  • How much information is required? How often is this information required to be refreshed? Does it need to be live data in a real-time, in-memory environment?
  • Who are the users who consume the information that is needed? Is it a small or large group? Do they consume the information freely and consistently throughout the day or only during particular decision points or recurring business cycles (e.g., month-end or invoice processing)?
  • Will the users of the information be operating on multiple mobile platform devices or only one? (While this is more specific to corporate mobile computing, many firms have had success with bring-your-own-device user adoption approaches.)

While many inside the SAP ecosystem advocate for a long-term move to real-time, in-memory, big-data computing, the fact remains that many industry sectors and companies within those sectors have non-amortized IT assets and low near-term infrastructure budgets that are obstacles to an immediate move into an SAP HANA-centric environment. Understanding this, there are different ways organizations can consider making data visualization available and accessible in on-premise as well as mobile environments.

See [1] Burton, Betsy and Allega, Philip. “2012 Hype Cycle for Enterprise Architecture,” Gartner Group  (Report ID:G00234608). 25 July 2012.  To learn about the best practices to bring data visualization to mobile apps, you may read the full version of this article by visiting the SAP Experts site (subscription required).  Many thanks to Scott Wallask of BI Expert (@BI_ScottWIS) for his enthusiasm for this article after my recent presentation with Anton Ansalmar (@Antona23) from Rapid Consulting at the SAP Insider Enterprise Mobility conference this fall.

Leave a comment

Filed under Business Analytics, Cloud Computing, Cloud Readiness, Information Technology, Mobile Society, Operations, Program Management, Risk Management, Technology

Enterprise Risk Management: New Ways to Tackle Old Problems

My recent contribution for the SAP Community Network is now available including an overview of the recent SAP Inside Track program in Newtown Square, PA and my presentation on Enterprise Risk Management (ERM).

First of all some key findings as a summary from my presentation:

1. ERM activities are of huge importance to large enterprises and mid-size supplier companies.  Whether it is based on capital, treasury, environmental, natural disaster, or logistics risks …. companies overwhelmingly (by 93% according to one study from 2011) understand the importance of ERM activities as part of the board room to the shop floor.

2. There is a disparity between trained skills and practitioners with the talent required to successfully enable ERM processes in many companies.  Only 33% of all companies report that there are the skills and talents necessary to meet near-term and mid-term ERM requirements in large enterprises.  (Note to practitioners: rest now since it will become increasingly busy as demand rises for your skills!)

3. Executives do not fully understand the importance of ERM processes and – worse – do not understand the key risk drivers in their organization as much as they should.  Only 15% of executives admit that they fully understand what their needs are in this area, while 32% admit they essentially have no clue (“limited to no understanding”) of what key risk impacts affect their business.

Suffice it to say there is a HUGE opportunity for risk practitioners, armed with the right methods, tools and approaches, to make a significant impact in how organizations manage and monitor enterprise risk.  Big time.

Read the full SCN blog post here (login and registration may be required).

Leave a comment

Filed under Audit and Oversight, Business Analytics, Compliance, Enterprise Performance Management, Operations, Program Management, Risk Management, Strategy, Technology

Using Social Business Tools to Increase Performance Management and Reporting in Sustainability Programs

Latest installment of my recent eBook series of articles on social media and social business practices supporting sustainability initiatives. In Part 1 of this article series, I introduced a framework for social media – including an information life cycle – used in sustainability programs.  In Part 2 of the series, I  address the strategic intent for reporting and green marketing of sustainability goals to outside audiences, what I call “Stage 1″ activities.  In Part 3 of the series, I consider  the strategic messaging used to promote internal stakeholder adoption, what I call “Stage 3″ activities.  In this installment – Part 4 of the series - I look at social business solutions available to report and monitor performance of sustainability programs, what is referred to as “Stage 3″ activities of the information life cycle of sustainability programs.

A sustainability program, like any business initiative, is focused on the development of goals and objectives and tasks associated with achieving those goals and objectives.  The nature of triple bottom-line (3BL) activities creates both structure and duplicity in terms of measuring the performance of many of these goals and tasks.  Structure can be found in the regulatory nature of financial, environmental and social performance aspects of a sustainability program can be viewed prescriptively from a compliance context.  For example, certain greenhouse gas (GHG) targets are known and specific reduction goals suggest the end game.  However sustainability programs are susceptible to the duplicity nature of what to monitor and how to monitor key metrics which often times are not germane to the specific objectives of a program.  Strategic initiatives, such as creating green-inspired products and services, are also very difficult to measure in early start-up phases, as are many entrepreneurial activities.

Fortunately best practices and solutions have emerged which can lend themselves to the adequate tracking of the right metrics, at the right time, and in a proper manner so that accurate reporting against internally stated goals and objectives can occur.  Many of the large software platforms used in business – Microsoft, SAP and Oracle – maintain contextual databases of information which can be harvested, mined and represented.  In some cases these platforms also contain fully-capable performance management tools as well as social business platforms.  These can be integrated into project microsite environments, discussion board and messaging sites, with direct access to business intelligence (BI) and analytic capabilities.

The end result in many of these scenarios is scorecards and dashboards – renderings of metrics and measures at either the strategic or tactical levels, respectively. Scorecards and dashboards can be drilled into deep, contextual levels, to determine the underlying causes of why an organization is or is not meeting its sustainability targets.  For example, a Chief Sustainability Officer (CSO) can review scorecards and dashboards in the SAP performance management environment, and then notify specific project or department heads of an issue in one of the implementation projects – such as not meeting environmental health and safety goals – by integrated email.

Click here to read the complete article on Sustainable Business Forum.  The final article in the series I will consider how companies take performance management information of sustainability programs and promote this information outward into its internal supply chain, so-called “Stage 4″ activities of the information life cycle.

Leave a comment

Filed under Business Analytics, Change Management and Leadership, Compliance, Enterprise Performance Management, Information Technology, Operations, Procurement, Program Management, Risk Management, Strategy, Supply Chain Management, Sustainability, Technology