Rather than complying with the growing number of legal and regulatory requirements in a reactive manner from the bottom up, more and more, enterprises are realizing the value of taking a holistic approach to regulatory compliance from top down. To that end, enterprises are beginning to harness the emerging strategic software category of governance, risk management, and compliance (GRC).
This new three letter acronym (TLA) has already earned a posting at Wikipedia. Some analysts have come up with meaningful definitions thereof, while leading vendors are on their way to delivering coherent GRC solution suites. For an extensive exploration of GRC, please see the following article series: Thou Shalt Comply (and More), or Else: Looking at Sarbanes-Oxley , Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management, The Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg, Automotive Industry and Food, Safety, and Drug Regulations, "Evergreen"—Environmental Regulations for High-tech and Electronics, Chemical, and Oil and Gas Industries, Global Trade and the Role of Governance, Risk Management, and Compliance Software, The Challenges of Defining and Managing Governance, Risk Management, and Compliance, and Process-based Governance, Risk Management, and Compliance.
SAP AG is one leading enterprise resource planning (ERP) vendor that is seriously looking at providing enterprises with the necessary software to support GRC. While the vendor does not necessarily have a solution for each and every possible requirement (such as employee training, tracking and certification, or regulatory reporting in tune with every possible localized law), SAP nonetheless leads the market with its SAP Environment, Health & Safety (SAP EH&S) application suite.
This suite's central database makes it much easier to manage product safety specifications, hazardous substance inventories, and dangerous goods for safe handling, tracking, document management, and risk calculation (see SAP for Chemicals Functionality). Users can also create permits for hazardous waste and ensure that authorized waste quantities are not exceeded by selecting suitable disposal firms and by allocating disposal costs among internal departments. The product also supports the full range of industrial hygiene and safety processes, and centrally manages core tasks such as risk assessments, exposure logs, incident management, exposure profiles, and safety management of specific work areas.
Given that there are so many bases to be covered, a composite application like SAP xApp Emissions Management (or SAP xApp xEM, provided jointly by SAP and TechniData) is typically required to provide the capabilities enterprises need to handle the following:
* Emissions management—by leveraging tools for emissions monitoring, compliance tracking, and regulatory reporting including greenhouse gas monitoring, allowance management, and National Allocation Plan (NAP) reporting and trading. SAP xApp xEM tracks, analyzes, and records emission data. The solution's integration with plant and equipment maintenance systems supports equipment calibration and maintenance tasks, since sophisticated tools calculate emissions (such as greenhouse gases) that cannot be measured directly. When a reference value exceeds normal plant values for operations, automatic notifications are fired off to determine the impact and trigger changes necessary to correct operations. The reporting functionality in SAP xApp xEM helps toward fulfilling legal requirements for documentation and reporting to regulatory authorities.
* Compliance management—to operate facilities and manage processes according to relevant regulations, with capabilities for data monitoring, task monitoring, exception tracking, incident management, and reporting. Both compliance and emissions management have to support information flow across the user enterprise, enabling the enterprise to maintain compliance status; monitor and control plant facilities and permits, including emissions permits; track performance benchmarks; and communicate with key stakeholders.
* Permit management—the process of applying for and obtaining the appropriate licenses and permits, with capabilities for application management, change management, and reporting.
* Chemicals safety management—to provide information on product safety, dangerous goods, and labeling to international markets, allowing companies to control global business processes. This also enables companies to save resources in procurement; in exchanging substance and recipe information; in categorization; and in authoring the required documentation of customers or personnel, such as safety data sheets (SDS), transport emergency cards (or tremcards [TM]), the Occupational Safety and Health Administration's right to know (OSHA RTK) information, and labels.
* Environmental health and safety (EH&S) surveillance—to enable enterprises to deal with increasing legislative pressure in the areas of industrial hygiene and safety, occupational health care, and hazardous substance management, thereby facilitating cross-company and interdepartmental cooperation.
* Environmental product compliance (EPC)—to provide capabilities for compliant product design and to help avoid risk in the supply chain. EPC supports collaboration with suppliers, partners, and customers. The software collects, organizes, analyzes, and evaluates data about various products, factories, suppliers, countries, and customers. Such information is needed to provide proof of compliance with environmental directives that regulate the development, manufacture, distribution, disposal, or recycling of products. The software documents product content and regulatory or sector-specific substances lists; integrates compliance checks and analyses with central business processes; and automates communications with customers and suppliers. For example, when a product is being checked for compliance with the Restriction of Hazardous Substances (RoHS) directive, the solution verifies that all the necessary information (such as the lead content of a supplied part, for instance) is in place. If this data has not been provided, the solution automatically requests the supplier's manufacturing department to disclose the exact lead weight percentage of the product, and notifies the user when the supplier has provided the data.
SAP's Commitment to GRC
As indicated with the SAP Global Trade Services (SAP GTS) and SAP xApp xEM examples, SAP, the largest of enterprise application providers, has long committed to placing compliance at the core of its broad suite of products. This is because the vendor has recognized the growing role of enterprise systems in assisting user companies to meet the increasing challenges of corporate compliance and risk management. Customers are looking for potent compliance solutions that work across heterogeneous information technology (IT) environments to reduce risk and cost, as well as provide improved business control.
By embedding compliance into all pertinent business processes, SAP hopes to make compliance repeatable, sustainable, and less costly for companies of all sizes in all industry segments. To that end, it has long espoused a number of individual tools and modules, such as SAP Audit Information System (SAP AIS), SAP Strategic Enterprise Management (SAP SEM), SAP Records Management (SAP RM), and SAP Management of Internal Controls (SAP MIC).
As an example, SAP MIC's aim has been to support a best-practice system to document and test internal checks and auditing. As a core component of mySAP ERP, it contains functions for data analysis and reporting, as well as financial and risk management. The solution also ensures that all financial processes comply with the US Sarbanes-Oxley Act (SOX) requirements.
Another component that has been serving some complex compliance requirements (such as EH&S) very well is master data management (MDM). This is especially true in light of globally dispersed supply chains, but the need for product quality, specifications consistency, and brand protection have also been parts of SAP's platform (see SAP Bolsters NetWeaver's MDM Capabilities).
This GRC offering, which until recently was largely fragmented, has been helped by a number of partner point solutions. Key software and technology partners integrate applications through the service-oriented architecture (SOA)- and business performance management (BPM)-enabled SAP NetWeaver platform to provide the much needed transparency over the extended GRC ecosystem (see Multipurpose SAP NetWeaver).
A few years back, SAP stated its strategy to use "fill-in" acquisitions to add to its broad solution offerings by gaining specific technologies and capabilities that meet the needs of its customers—within or across industries. To that end, in addition to the above mentioned SAP xApp xEM, VitalSprings Technologies also released the VSxApp risk management composite application. This solution is designed to work with back-office systems to integrate human resources (HR), payroll, and financial applications in order to address specific health care benefits and the financial impact that health care plans might have on businesses.
Also based on the NetWeaver technology, key performance indicators (KPIs) integrate both SAP and non-SAP data to enable the creation of what-if scenarios based on company information and parameters from payers. This allows employers to calculate health benefit expenses and to ultimately negotiate better health plan rates. Similar alliance examples include Approva, Security Weaver, Atrion International, ArisGlobal, and ACL, to name only some.
SAP has "opened up" the content portion of its EH&S offering, thereby allowing multiple vendors to provide key information that might lower the total cost of ownership (TCO) of the system. Atrion International was the first vendor to be certified under SAP EH&S Open Content Connector (OCC) certification program in mid-2005. The EH&S OCC is an open, extensible markup language (XML)-based interface to load external content into SAP EH&S specification databases. To that end, Atrion provides a full range of content (data, rules, phrases, forms, and pictograms) to SAP EH&S clients, allowing them to address global regulatory requirements.
This new three letter acronym (TLA) has already earned a posting at Wikipedia. Some analysts have come up with meaningful definitions thereof, while leading vendors are on their way to delivering coherent GRC solution suites. For an extensive exploration of GRC, please see the following article series: Thou Shalt Comply (and More), or Else: Looking at Sarbanes-Oxley , Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management, The Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg, Automotive Industry and Food, Safety, and Drug Regulations, "Evergreen"—Environmental Regulations for High-tech and Electronics, Chemical, and Oil and Gas Industries, Global Trade and the Role of Governance, Risk Management, and Compliance Software, The Challenges of Defining and Managing Governance, Risk Management, and Compliance, and Process-based Governance, Risk Management, and Compliance.
SAP AG is one leading enterprise resource planning (ERP) vendor that is seriously looking at providing enterprises with the necessary software to support GRC. While the vendor does not necessarily have a solution for each and every possible requirement (such as employee training, tracking and certification, or regulatory reporting in tune with every possible localized law), SAP nonetheless leads the market with its SAP Environment, Health & Safety (SAP EH&S) application suite.
This suite's central database makes it much easier to manage product safety specifications, hazardous substance inventories, and dangerous goods for safe handling, tracking, document management, and risk calculation (see SAP for Chemicals Functionality). Users can also create permits for hazardous waste and ensure that authorized waste quantities are not exceeded by selecting suitable disposal firms and by allocating disposal costs among internal departments. The product also supports the full range of industrial hygiene and safety processes, and centrally manages core tasks such as risk assessments, exposure logs, incident management, exposure profiles, and safety management of specific work areas.
Given that there are so many bases to be covered, a composite application like SAP xApp Emissions Management (or SAP xApp xEM, provided jointly by SAP and TechniData) is typically required to provide the capabilities enterprises need to handle the following:
* Emissions management—by leveraging tools for emissions monitoring, compliance tracking, and regulatory reporting including greenhouse gas monitoring, allowance management, and National Allocation Plan (NAP) reporting and trading. SAP xApp xEM tracks, analyzes, and records emission data. The solution's integration with plant and equipment maintenance systems supports equipment calibration and maintenance tasks, since sophisticated tools calculate emissions (such as greenhouse gases) that cannot be measured directly. When a reference value exceeds normal plant values for operations, automatic notifications are fired off to determine the impact and trigger changes necessary to correct operations. The reporting functionality in SAP xApp xEM helps toward fulfilling legal requirements for documentation and reporting to regulatory authorities.
* Compliance management—to operate facilities and manage processes according to relevant regulations, with capabilities for data monitoring, task monitoring, exception tracking, incident management, and reporting. Both compliance and emissions management have to support information flow across the user enterprise, enabling the enterprise to maintain compliance status; monitor and control plant facilities and permits, including emissions permits; track performance benchmarks; and communicate with key stakeholders.
* Permit management—the process of applying for and obtaining the appropriate licenses and permits, with capabilities for application management, change management, and reporting.
* Chemicals safety management—to provide information on product safety, dangerous goods, and labeling to international markets, allowing companies to control global business processes. This also enables companies to save resources in procurement; in exchanging substance and recipe information; in categorization; and in authoring the required documentation of customers or personnel, such as safety data sheets (SDS), transport emergency cards (or tremcards [TM]), the Occupational Safety and Health Administration's right to know (OSHA RTK) information, and labels.
* Environmental health and safety (EH&S) surveillance—to enable enterprises to deal with increasing legislative pressure in the areas of industrial hygiene and safety, occupational health care, and hazardous substance management, thereby facilitating cross-company and interdepartmental cooperation.
* Environmental product compliance (EPC)—to provide capabilities for compliant product design and to help avoid risk in the supply chain. EPC supports collaboration with suppliers, partners, and customers. The software collects, organizes, analyzes, and evaluates data about various products, factories, suppliers, countries, and customers. Such information is needed to provide proof of compliance with environmental directives that regulate the development, manufacture, distribution, disposal, or recycling of products. The software documents product content and regulatory or sector-specific substances lists; integrates compliance checks and analyses with central business processes; and automates communications with customers and suppliers. For example, when a product is being checked for compliance with the Restriction of Hazardous Substances (RoHS) directive, the solution verifies that all the necessary information (such as the lead content of a supplied part, for instance) is in place. If this data has not been provided, the solution automatically requests the supplier's manufacturing department to disclose the exact lead weight percentage of the product, and notifies the user when the supplier has provided the data.
SAP's Commitment to GRC
As indicated with the SAP Global Trade Services (SAP GTS) and SAP xApp xEM examples, SAP, the largest of enterprise application providers, has long committed to placing compliance at the core of its broad suite of products. This is because the vendor has recognized the growing role of enterprise systems in assisting user companies to meet the increasing challenges of corporate compliance and risk management. Customers are looking for potent compliance solutions that work across heterogeneous information technology (IT) environments to reduce risk and cost, as well as provide improved business control.
By embedding compliance into all pertinent business processes, SAP hopes to make compliance repeatable, sustainable, and less costly for companies of all sizes in all industry segments. To that end, it has long espoused a number of individual tools and modules, such as SAP Audit Information System (SAP AIS), SAP Strategic Enterprise Management (SAP SEM), SAP Records Management (SAP RM), and SAP Management of Internal Controls (SAP MIC).
As an example, SAP MIC's aim has been to support a best-practice system to document and test internal checks and auditing. As a core component of mySAP ERP, it contains functions for data analysis and reporting, as well as financial and risk management. The solution also ensures that all financial processes comply with the US Sarbanes-Oxley Act (SOX) requirements.
Another component that has been serving some complex compliance requirements (such as EH&S) very well is master data management (MDM). This is especially true in light of globally dispersed supply chains, but the need for product quality, specifications consistency, and brand protection have also been parts of SAP's platform (see SAP Bolsters NetWeaver's MDM Capabilities).
This GRC offering, which until recently was largely fragmented, has been helped by a number of partner point solutions. Key software and technology partners integrate applications through the service-oriented architecture (SOA)- and business performance management (BPM)-enabled SAP NetWeaver platform to provide the much needed transparency over the extended GRC ecosystem (see Multipurpose SAP NetWeaver).
A few years back, SAP stated its strategy to use "fill-in" acquisitions to add to its broad solution offerings by gaining specific technologies and capabilities that meet the needs of its customers—within or across industries. To that end, in addition to the above mentioned SAP xApp xEM, VitalSprings Technologies also released the VSxApp risk management composite application. This solution is designed to work with back-office systems to integrate human resources (HR), payroll, and financial applications in order to address specific health care benefits and the financial impact that health care plans might have on businesses.
Also based on the NetWeaver technology, key performance indicators (KPIs) integrate both SAP and non-SAP data to enable the creation of what-if scenarios based on company information and parameters from payers. This allows employers to calculate health benefit expenses and to ultimately negotiate better health plan rates. Similar alliance examples include Approva, Security Weaver, Atrion International, ArisGlobal, and ACL, to name only some.
SAP has "opened up" the content portion of its EH&S offering, thereby allowing multiple vendors to provide key information that might lower the total cost of ownership (TCO) of the system. Atrion International was the first vendor to be certified under SAP EH&S Open Content Connector (OCC) certification program in mid-2005. The EH&S OCC is an open, extensible markup language (XML)-based interface to load external content into SAP EH&S specification databases. To that end, Atrion provides a full range of content (data, rules, phrases, forms, and pictograms) to SAP EH&S clients, allowing them to address global regulatory requirements.
0 comments:
Post a Comment