White paper. Selecting Manufacturing ERP Compliance

Size: px

Start display at page:

Download "White paper. Selecting Manufacturing ERP Compliance"

Reynold Campbell
5 years ago
Views:

1 White paper Selecting Manufacturing ERP for ISO Compliance

2 content Not just altruism... 2 How can ERP technology help?... 3 General considerations... 8 Conclusion... 9 About IFS... 12

3 Selecting Manufacturing ERP for ISO Compliance By Bill Leedale Senior Advisor IFS North America The UN Global Compact is an initiative, supported by heads of state of more than 190 countries, to encourage businesses worldwide to adopt sustainable and socially responsible policies, and to report on their implementation. It has been in existence since Since 2005, The International Organization for Standards (ISO) has been working on a standard to provide guidelines for social responsibility. ISO 26000, which is targeted for publication in September of 2010, concentrates on many of the same areas of best practice outlined in the UN Global Compact. While ISO is not an actual extension of the UN Global Compact, ISO and the UN do have a memorandum of understanding which states that the ISO standard will be consistent with the compact, and that the UN Global Compact Office will have the opportunity to review the standard as it moves towards completion. In this whitepaper, we will discuss the compelling business reasons for industrial companies to pay close attention to ISO and the UN Global Compact. We will also explore the different ways that enterprise software like enterprise resources planning (ERP) and enterprise asset management (EAM) can be leveraged to help document compliance with the various requirements of the ISO standard. There is a need for companies to be aware of and be able to manage their impact and practices in the areas of social responsibility mutually seen as important by ISO and the UN. Specifically, the standard and compact focus on four key domains: Human Rights Labor Relations The Environment Corruption The importance of documenting and managing corporate social responsibility practices becomes eminently clear when we consider the tragedy surrounding the 2010 explosion of the BP Deepwater Horizon offshore oil rig. BP s reputation as a good corporate citizen has certainly been diminished. Moreover, they may be held liable for damages due to their actions, particularly if they cannot document that they had been following accepted practices for two of the key areas dealt with ISO environmental protection and labor relations. 1

4 Not just altruism The current events in the Gulf are only the latest examples of how social responsibility is of critical importance to an enterprise from not only the standpoint of public perception, but from the standpoint of protecting the interests of investors and other stakeholders. The incident currently involving BP is only the most recent example of how environmental or other crisis situations stemming from corporate social responsibility exposures impact the value of the company. Consider earlier examples like Union Carbide and the disastrous chemical leak in Bhopal, India which not only claimed the lives of thousands and continues to affect the regional ecosystem, but immediately led to a 12-point drop in Union Carbide Stock. Other corporate liabilities can result not just from catastrophic events but from day-to-day practices that have not been well-documented from a social responsibility practice. Consider the situation faced by a number of Wisconsin paper mills saddled with the cost of cleanup of polychlorinated biphenyls (PCBs) from carbonless copy papers after depositing them in the Fox River between 1973 and The liability incurred by these companies for this dredging and disposal of the carcinogenic chemicals has saddled each of them with substantial financial obligations that impact them to this day. The example of the paper industry in the Fox River Valley proves that simply trying to do the right thing is not enough. PCB-laden carbonless copy papers were phased out early on. It was recycling of these papers that, paradoxically, lead to continuing discharge of PCBs into the river system, indicating that a very high level of due diligence and management sophistication is necessary when it comes to environmental matters. Major US companies including Wal-Mart have found themselves pursued in court and potentially held liable for substantial back wages and other costs due to violations of labor and human rights standards, either within their own organization or at vendors plants. Employers including Mohawk Industries have also been successfully sued under the Racketeer Influenced and Corrupt Organizations (RICO) Act for knowingly employing and exploiting undocumented workers. Anti-discrimination protections in the 1986 Immigration and Nationality Act, meanwhile, forbid employers from targeting employees for undue documentation requirements based on their ethnic background or country of origin. So the ability to document corporate social responsibility initiatives in the area of employee relations and human rights offers yet another real risk management benefit. The fact that failure in the area of corporate social responsibility impacts every measure of corporate performance and enterprise value is not lost on investors and market insiders, and accounting practices are already changing to adopt many principles of social responsibility. Substantial rules are already in force, including several statements of position (SOP) from the Accounting Standards Executive Committee of the American Institute of Certified Public Accountants (CPAs). Because public companies must be audited by 2

5 CPA firms, the following pieces of AIC positions ought to be of concern to manufacturers: Guidance on Accounting for Contingencies requires that liabilities be recognized in the financial statements if a loss is probable and the amount is estimable. This of course would include losses that would result from changing regulations that would require refit of existing manufacturing processes or product designs, refit of product in the field or reclamation or product at end of life. At the very least, even if the loss is not estimable, the likely loss must be accounted for in footnotes to financial reporting. These SOPs also require that environmental contamination costs be expensed as incurred unless these costs extend the life or increase capacity of the property or mitigate or prevent future environmental contamination that could occur otherwise or if these costs are realized while preparing the asset for sale. An SOP on Environmental Remediation Liabilities covers auditing and accounting topics dealing with environmental issues. It details the responsibilities of corporations involved in mandated environmental cleanup, and responsibilities of corporations to avoid environmental destruction. Moreover, 3,700 of the world s largest companies globally receive a survey from the Carbon Disclosure Project, and most voluntarily submit their information to this nonprofit, which shares data with institutional investors and the public. More and more, investors are looking for corporate responsibility reports on public companies, perhaps driven by a belief that companies that fail to offer this information may be hiding conditions that could lead to substantial cost impacts in the future. Due to these market pressures largely from the investor sector, public companies will be under increasing pressure to document social responsibility profiles of their own operations as well as their supply chain. Private companies that comprise the supply chain need to prepare to satisfy the corporate responsibility requirements of their customers. How can ERP technology help? EAM, ERP and other enterprise software can help industry comply with ISO by formalizing best management practices affecting the four key areas of human rights, labor relations, the environment and corruption and centralizing related information for streamlined reporting, investigation and preventive and detective controls. Labor and Human Rights: In the often-overlapping areas of labor relations and human rights, enterprise software needs to at a bare minimum allow a company to 3

ERP must allow a company to track the qualifications of applications to ensure that hiring is not in fact driven by race, nationality, gender or other protected statuses.

6 ERP must allow a company to track the qualifications of applications to ensure that hiring is not in fact driven by race, nationality, gender or other protected statuses. document that they are not breaking local labor laws or regulations. ISO 26000, however, also implores companies to exceed the requirements of local labor laws so as to protect the human rights of employees. Enterprise software needs to, at a bare minimum, document that employees are of the requisite age as child labor is one of the main abuses that the compact and ISO are targeting. There are certain allowances made in developing countries, and these allowances need to be accounted for in the software environment. Age requirements can be documented internally in the human resources component of an ERP package, but also have an impact on supply chain management. Apart from ensuring age appropriateness of internal employees, a company compliant with ISO must work to ensure that they are not complicit in the human rights abuses of their suppliers. This means that it will be important for companies to be able to collect information on the employment practices of their suppliers and retain that information in a format that will allow it to be tracked on an ongoing basis. One again, the human resources component of an ERP package like IFS Applications can be employed, and you can simply set up the employee records for your suppliers employees. Or, a document management tool within an ERP environment could be employed to record and retain this data in a workable format. While much of the data on suppliers employees comes second hand as it is self-reported, it is still contingent on the ISO compliant company to prove that they are performing appropriate due diligence. 4

Tracking training of employees is one way to ensure that qualified people are performing work as well as proving that a company is investing in their employees and helping them better their skill

7 Tracking training of employees is one way to ensure that qualified people are performing work as well as proving that a company is investing in their employees and helping them better their skill sets and prospects in the workforce. While human rights in a general sense have to do with ensuring the dignity of those in the workplace, there are other areas of labor management that have to do with preventing unnecessary risk to employees, ensuring the right to work and granting the right to a fair day s pay for a fair day s work. These are also dealt with in the standard. In clause 6.4 of the ISO labor provision, however, additional concepts are introduced, including: grievance processes and other elements of employer/employee relationships conditions of work social protections health and safety at work The area where an ERP system can be most useful in ensuring proper labor practices is in how it can document the training and skill sets of each employee to help ensure that any differences in compensation stem from justifiable causes rather than race, gender, nationality, etc. Even prior to hiring, data must be captured on would-be employees. While most companies will have hiring policies that forbid discrimination by the various categories of protected status, proving that those policies are followed is more difficult. 5

That is why ERP software needs to include applicant tracking that allows comparison of the qualifications of those applying for jobs with the qualifications of those who are hired.

8 That is why ERP software needs to include applicant tracking that allows comparison of the qualifications of those applying for jobs with the qualifications of those who are hired. The Environment: In the standard, businesses are asked to take a precautionary approach to protecting the environment, take on initiatives to promote greater environmental responsibility and encourage the development and profusion of environmentally-friendly technologies. Identifying and implementing enterprise technology that will allow for efficient environmental management has been a challenge for many industrial companies. This is in large part because a vanishingly small number of ERP products offer environmental footprint management functionality as a built-in module. Failing the availability of such functionality, it becomes necessary to purchase various third party products that typically deal only with carbon emissions rather than the full spectrum of air, water, landfill, product lifecycles and end-of-life impacts. These third party products must then be either integrated with an ERP package or run in stand-alone fashion forcing an industrial company to realize significant and perhaps unsustainable costs not only from the software licensing but systems integration and/or duplicate administrative effort resulting from maintaining information in two separate systems. Ideally, an ERP package should support ISO by providing, within the ERP suite itself, a configurable tool for capturing data on the entire spectrum of ERP packages that offer embedded and comprehensive environmental footprint management tools will give industrial companies a distinct advantage in documenting ISO requirements for environmental responsibility and stewardship. 6

9 environmental impacts. This would allow, for instance, a company doing substantial electronics business in Europe to focus on the substances covered in Registration, Evaluation, Authorization and Restriction of Chemicals (REACH), Waste Electrical and Electronic Equipment (WEEE) and Restriction of Hazardous Substances (RoHS) regulations. A capital equipment manufacturer could focus on the lifecycle environmental impact of their long-lived product, along with decommissioning costs. A company with an extensive and far-flung supply chain could focus on decision support for selecting vendors based on proximity. Environmental footprint management built into ERP also streamlines reporting, and provides for a more direct and credible source of information given that data tampering is harder to accomplish given the preventive and detective controls within a modern ERP system. Access to processes and data within an enterprise application can be tightly controlled. This allows for segregation of duties that can prevent a single individual from engaging in corrupt practices. Corruption Prevention: The mention of preventive and detective controls offers a convenient transition into the remaining area of best practice dealt with in the standard the prevention of corruption. To a certain extent, ERP products that include functionality for Sarbanes-Oxley compliance can help mitigate against certain corrupt practices by executives within the company. Sarbanes-Oxley compliance typically involves rigid segregation of duties so that no single person can, for instance, create a vendor in the ERP system and then approve checks to that vendor. This would prevent someone from either paying large sums to themselves or to another 7

10 individual inside or outside of the company for illicit purposes. At the very least, these preventive controls would mean that non-authorized funds cannot be paid without a good deal of collusion among various parties in the enterprise. Detective controls can also be built into an ERP package to ensure that any illicit payments that are made can be recognized after the fact and tracked to their source. Combined with a formal corporate policy forbidding corruption through the bribery of government or corporate officials, these preventive and detective controls can be remarkably effective in deterring corruption. General considerations Obviously, human rights, labor practices, environmental degradation and corruption are bigger problems in some companies and parts of the world than they are in others. That is why a company should really look for, in ERP or other enterprise software, a way to assign and manage risk in its decision making. When, for instance, selecting suppliers, a vendor s documented history of poor labor practices or a spotty environmental record can be taken into consideration. The risk of corporate exposure to litigation, public opprobrium or other problems associated with a breach in the four areas of corporate social responsibility can be monetized and dealt with in an objective fashion. Risk management functionality that is embedded directly in an enterprise application instead of a stand-alone solution, will be preferable for one simple reason. Risk management functionality can allow a company to quantify risk including risk in the areas dealt with by ISO and mitigate those risks proactively. 8

Selecting Manufacturing erp for iso 26000 compliance When risks are identified and a risk mitigation plan created, risk management that exists directly in an ERP system used widely throughout a

11 Selecting Manufacturing erp for iso compliance When risks are identified and a risk mitigation plan created, risk management that exists directly in an ERP system used widely throughout a company will allow execution of that mitigation plan to be automated to a much greater degree. A separate risk management tool will really leave executives guessing as to whether the risk mitigation plan they created is being followed, and that could lead to some very unpleasant surprises. conclusion We live in an age of heightened social awareness among corporate leaders, and this is probably a good trend. We all want to do well by doing good, but the devil is always in the details. And Corporate Social Responsibility management and reporting involves many, many details. While there is no certification for ISO 26000, the right enterprise software platform can streamline the practices outlined in ISO and provide an authoritative, thorough view of actual environmental, human rights, labor and ethics practices. Lacking an enterprise solution, it is hard to operationalize a corporate social responsibility plan and even harder to prove to the satisfaction of investors, customers and other stakeholders, that the plan is being followed. Bill leedale is responsible for knowledge transfer in north america for the manufacturing product suite within ifs applications. he has over 20 years of hands-on experience in the manufacturing arena from leading large-scale implementation projects to managing business process reengineering engagements for global companies. leedale holds a B.a. in Business and economics from Wittenberg University in Springfield, ohio and an m.b.a. from ohio State University, columbus, ohio. he is an author of the current apics body of knowledge and a contributor to apics current lean enterprise WorKShoP. his certifications include certified Fellow in Production and inventory management (cfpim), and certification in integrated resource management (cirm). the 10 principles of the un global compact human rights principle 1: Businesses should support and respect the protection of internationally proclaimed human rights; and principle 2: make sure that they are not complicit in human rights abuses. labor principle 3: Businesses should uphold the freedom of association and the effective recognition of the right to collective bargaining; principle 4: the elimination of all forms of forced and compulsory labor; principle 5: the effective abolition of child labor; and principle 6: the elimination of discrimination in respect of employment and occupation. environment principle 7: Businesses should support a precautionary approach to environmental challenges; principle 8: undertake initiatives to promote greater environmental responsibility; and principle 9: encourage the development and diffusion of environmentally friendly technologies. anti-corruption principle 10: Businesses should work against corruption in all its forms, including extortion and bribery. 9

12 About IFS IFS is a public company (OMX STO: IFS) founded in 1983 that develops, supplies, and implements IFS Applications, a componentbased extended ERP suite built on SOA technology. IFS focuses on agile businesses where any of four core processes are strategic: service & asset management, manufacturing, supply chain and projects. The company has 2,000 customers and is present in more than 50 countries with 2,700 employees in total. Net revenue in 2009 was SKr 2.6 billion. More details can be found at For further information, to info@ifsworld.com Americas Argentina, Brazil, Canada, Mexico, United States Asia Pacific Australia, Indonesia, Japan, Malaysia, new Zealand, Philippines, PR China, Singapore, Thailand Europe east and central asia BALKANS, Czech Republic, GEORGIA, Hungary, Israel, KAZAKHSTAN, Poland, RUSSIA and cis, Slovakia, Turkey, UKRAINE Europe Central AUSTRIA, Belgium, GERMANY, ITALY, netherlands, SWITZERLAND Europe West France, Portugal, Spain, United Kingdom Middle East and africa India, South Africa, Sri Lanka, United Arab Emirates Nordic Denmark, Norway, Sweden Finland and the Baltic area Estonia, Finland, Latvia, Lithuania This document may contain statements of possible future functionality for IFS software products and technology. Such statements of future functionalit y are for information purp oses only and should not be interpreted as any commitment or representation. IFS and all IFS product names are tr ademarks of IFS. The names of actual c ompanies and products mentioned herein may be the trademarks of their respective owners. IFS AB 2010 En Production: IFS Corporate Marketing, August 2010.