Jan. 10, 2007

While stringent legislation such as Sarbanes-Oxley and the Healthcare Insurance Portability and Accountability Act (HIPAA) and voluntary frameworks like Basel II have taken the limelight in the B2B sector, enterprises are also asked to comply with tough guidelines for business activities such as procurement, supply chain management and specifically the handling of customer data.

However, despite the large amounts of money companies have had to spend on consulting, change management, training and important software modifications in order to become Sarbanes-Oxley (SOX) compliant, there is disturbing new evidence that much of that investment simply does not offer visibility into non-SOX-related compliance processes.

About 56 percent of enterprises simply do not know how many non-compliant events have taken place within their walls in the past month, according to a survey of 200 finance and procurement executives from Aberdeen Research.

Sales conducted in the B2B segment, like any other complex business activity functions according to the logic of the OODA loop: Observe, Orient, Decide, Act. If you can't observe, you are blind: your OODA loop is skewed before it even begins, and competitors will be able to surpass you more easily.

In the present instance, compliance automation and related activity is useless if, at the dashboard level, a CFO, CCO, or other executive is unable to observe the breakdown of non-compliant events.

As proof that 'visibility equals prevention' consider that enterprises with best-in-class visibility had fewer non-compliant events than the rest of the survey respondents. Fully one-third of the best-in-class had no non-compliant events in the month prior to the survey, whereas only 15 percent of the enterprises with reduced visibility could report similar success.

Sadly, reduced visibility around supply chain and procurement compliance implies direct dollar losses for the enterprise.

Aberdeen's survey respondents listed the risk factors: bad publicity (e.g. from not being able to see compliance violations around customer data privacy), fines and penalties, legal action, formal complaints, and even overpayments to suppliers.

Taken together, these repercussions could add up to billions of dollars. Aberdeen offers a particularly poignant example of loss: "All of procurement's successes in product development, price savings and supply availability will be easily lost amid a single, critical failure in your supply chain resulting from non-compliance!

The trickle-down impact on customers and revenue is unambiguously huge."

Yet, despite the fact that nearly three-fourths of surveyed companies have a compliance visibility initiative underway to mitigate against these risks, most or about 73 percent of their initiatives still remain manual.

Manual compliance visibility is just about meaningless. In a large enterprise, there are tens of thousands of events that could be potentially non-compliant, and only an automated solution can hope to bring any kind of order to this voluminous patchwork of events.

While it would be easy for many enterprise supply managers to reach across to repurpose technology bought for SOX for other compliance purposes, the fact that manual and home-grown systems still predominate when it comes to procurement and supply chain compliance means that most enterprises have not yet taken advantage of this expedient.

Stated differently, you could leverage the tools in a procurement system like that of Ariba to address compliance. Regardless of the system of record from which you begin, C-level sponsorship would certainly help to kick-start this initiative, which promises a lot of ROI.

Remember, SOX and e-procurement systems are common and bought and paid for, and Aberdeen says they can easily be extended to address compliance in other fields over a relatively small implementation timeframe.

Source: Line 56