Global Trade and the Role of Governance, Risk Management, and Compliance Software

To conduct business globally, logically companies need to comply with local laws, satisfy trade security measures, meet documentation requirements, understand complicated tariffs, and coordinate various parties. Handling these tasks manually increases the risk of failure, which can be costly when trading across borders. In fact, according to a United Nations (UN) study, the inefficient administration of customs processes accounts for 7 percent of the cost of international trade, or more precisely—$420 billion (USD) annually.

The fast-paced nature of international trade means there cannot be any delays in moving product from point to point. Due to the greater threat of terrorism and other factors, governments have tightened rules on the import and export of certain goods across borders. A number of these governments have created lists of parties restricted from engaging in international trade (see Infor Accelerates Import/Export Of Goods Through International Supply Chain In Accordance With Government Recommendations).

Again, a well-attuned global trade management (GTM) application suite is often needed so that companies can master the manifold challenges of international trade. Such an application could enable companies to automate and streamline complex import and export processes; ensure regulatory compliance; expedite customs clearance; mitigate the financial risk of global transactions; and take full advantage of international trade agreements.

In fact, these tools (preferably unicode-enabled) should help user enterprises manage and standardize trade compliance processes throughout the entire organization. The software should automatically screen business partners against official sanctioned party lists, check for embargo restrictions, and manage export and import licenses. Further, GTM applications should expedite customs processes by facilitating interactions between the user enterprise and customs agencies, driving more efficient movement of goods and information across international borders. Last but not least, the software should also let users tap into the opportunities available through trade agreements, such as the North American Free Trade Agreement (NAFTA) and those of the European Union (EU). In addition, the software should automate and streamline all aspects of restitution management to ensure more efficient export refund processing, and to lessen the risk of forfeiting securities.

Potential benefits of harnessing GTM tools include a better design of business controls and more effective operations by focusing skilled resources on activities that require expertise and judgment. Also, companies could reduce cost and increase assurance by shifting from point-in-time testing to continuous controls monitoring, thereby evaluating and prioritizing response to highest impact control violation risk. Again, as with handling environment, health, and safety (EH&S), a composite application is typically needed to help enterprises establish a single, corporate-wide standard for trade processes across disparate enterprise systems. Such would be SAP's Global Trade Services (SAP GTS) composite application (see GTM Solutions—Always Watch Out for SAP), which has been allowing user enterprises to

  • ensure regulatory trade compliance (thus avoiding costly fines and penalties, and helping to ensure national security);
  • expedite customs clearance and reduce delays at national borders (thereby reducing cycle times and enabling faster deliver to customers);
  • automate customs warehousing procedures (thereby deferring or eliminating duty payments);
  • accelerate and optimize product classification (thus increasing efficiency and minimizing import duties);
  • mitigate the financial risk of global transactions (by ensuring that all parties concerned meet their contractual obligations); and
  • take advantage of international trade agreements (that is, not merely surviving, but rather thriving in today's fiercely contested global markets).

Traditional enterprise resource planning (ERP) vendors have lately tuned into the need for GTM, as seen in QAD's recent acquisition of Precision Software and Oracle's acquisition of G-Log. Further, in late 2006, Infor began providing importers, exporters, and manufacturers a more secure supply chain with the availability of Infor Restricted Party Screening. This solution enables companies to quickly and accurately identify parties subject to government regulations, thereby speeding up the delivery of international goods through US borders. The product is a real-time, Web-based supply chain solution that automatically updates the daily changes to the government party lists; notifies the user of possible supplier issues; provides a complete audit and history of shipment screening; and enables the batch screening of customer lists, employees, suppliers, and vendors (see Infor Accelerates Import/Export Of Goods Through International Supply Chain In Accordance With Government Recommendations).

Customers using Restricted Party Screening are able to demonstrate to governments that they maintain a secure supply chain, and are therefore eligible for such programs as Customs-Trade Partnership Against Terrorism (C-TPAT), which expedites border clearance. C-TPAT is a joint US government-business initiative to build cooperative relationships in order to strengthen supply chain and border security. As a part of this, US Customs requests that businesses ensure the integrity of their security practices and communicate their security guidelines to their partners within the supply chain (see Infor Accelerates Import/Export Of Goods Through International Supply Chain In Accordance With Government Recommendations). C-TPAT is based on the idea that achieving the highest levels of security requires cooperation between the US government and supply chain participants such as importers, carriers, brokers, warehouse operators, and manufacturers.

Infor Restricted Party Screening supports multiple lists published by the US, Canada, the United Kingdom (UK), and Japan, as well as the UN. The solution is available as a stand-alone, or it can be embedded within Infor Transportation Management. Infor Transportation Management is a solution that provides global visibility into inbound and outbound supply chains as part of the Infor Supply Chain Management suite (see Infor Accelerates Import/Export Of Goods Through International Supply Chain In Accordance With Government Recommendations), which was lately bolstered by the acquisition of SSA Global (see SSA Global Forms a Strategic Unit with an Extended-ERP Savvy).

This is a continuation of a series discussing how various industries are addressing compliance issues. For more information, please see previous parts of this series: Thou Shalt Comply (and More, or Else): Looking at Sarbanes-Oxley, Important Sarbanes-Oxley Act Mandates and What They Mean for Supply Chain Management, Sarbanes-Oxley Act May Be Just the Tip of a Compliance Iceberg, Automotive Industry and Food, Safety, and Drug Regulations, and "Evergreen"—Environmental Regulations for High-tech and Electronics, Chemical, and Oil and Gas Industries.

Global Trade—Perplexing and Scary! Now What?

Given the overwhelming, acronyms-laden regulatory alphabet soup, any business, but especially a small-to-medium business (SMB), today faces a daunting task. It is seemingly no longer enough for a company to develop a strong business plan, have a breakthrough product or service that provides a competitive edge in the marketplace, and build strong and effective distribution channels to have all of the prerequisites of success.

The complexities of today's business world have created new risks, a heap of regulations, and complex reporting requirements that can overpower a lean and focused organization, regardless of its size. But, as stated earlier, compliance should be about more than just meeting the letter of the law. Rather, it should be about ensuring transparency, mitigating risk, maintaining customer confidence, and enabling profitable growth. In fact, it should be about parlaying these must-haves into becoming a better (leaner) operation. It becomes apparent that effective overall and continuous governance, risk management, and compliance (GRC) requires a coherent ecosystem of solutions that form a platform that can be leveraged across multiple initiatives, such as to

  • prioritize and balance core compliance objectives within business and budgetary constraints;
  • preserve critical internal controls as the enterprise systems upgrade or add new solutions to the current information technology (IT) landscape;
  • prepare the business and enterprise systems for internal and external audits;
  • standardize, communicate, and enforce compliance initiatives across the entire business;
  • avoid segregation of duties (SOD) conflicts (by instituting key controls within the underlying enterprise system), and to protect sensitive data with the right security and authorization techniques;
  • continuously monitor, test, and document the efficacy of internal controls, and to validate and reconcile data for compliant reporting;
  • tighten critical business processes and close gaps that could jeopardize compliance with the US Sarbanes-Oxley Act (SOX), Occupational Safety and Health Administration (OSHA), Food and Drug Administration (FDA), and other regulations; and
  • comply with both domestic and international financial and customs regulations, such as Basel II and International Financial Reporting Standards (IFRS).

See SAP Insider Conference for Governance, Risk and Compliance (GRC) 2007.

Therefore, rather than merely complying with the mushrooming legal and regulatory requirements in a firefighting, knee-jerk, or disjointed manner from bottom up, enterprises are increasingly realizing that a holistic approach from top down is necessary. By harnessing the emerging, strategic software category of GRC, enterprises will be better able to deal with the myriad of compliance issues that are today's business reality.

A unified GRC approach should enable commercial companies and government businesses alike to establish integrated frameworks of centrally managed GRC processes and information. Such an approach should enhance businesses' abilities to identify and collaboratively analyze risks detected at multiple levels and regional locations of their organizations.

Yet, when it comes to compliance, most companies still largely respond in banal ways. However, initial alarms and knee-jerk corrective actions gradually cede to rational thinking, more coherent work plans, and eventually, remediation activities that are based on acceptable levels of business risk. For an honorable minority that operates in an atmosphere of compliance (that is, not approaching control and compliance in reaction to external regulations, but rather in the context of a disciplined approach) and corporate governance, these environments start straight with thought-out work plans, and they treat such efforts as part of everyday work.

Parlaying Regulatory Nuisance into Competitive Advantage?

This question and its answer are analogous to our own lives. While we can survive without eating healthy food or exercising, chances are we might live much longer, and without health risks and a need for medical remedies, by wholeheartedly embracing these best practices of living. The same holds true for compliance. Even if an enterprise does not necessarily have to comply with the likes of SOX, Financial Accounting Standards Board (FASB), Anti-Money-Laundering (AML) and the Bank Secrecy Act (BSA), or the Know-Your-Customer section of the USA Patriot Act initiatives, it is likely that following the practices that these laws dictate as a matter of course (rather than regarding them as nuisances) will lead to better intrinsic controls, and hence smoother and more risk-free operations.

For instance, if drug companies see the regulations described in Automotive Industry and Food, Safety, and Drug Regulations merely as requirements that must be met, then implementing procedures to meet these requirements will be considered nothing other than a challenging and tedious task. However, if drug companies see compliance with these regulations as a way to improve internal business processes, it then becomes an opportunity.

As an example, the FDA is permitting manufacturers to benefit from emerging technologies to streamline record keeping and compliance. This technology can increase the usability of the information gathered by integrating both business processes and audit functions without compromising the quality of regulatory compliance. Thus, the opportunity to improve business practices can be significant. Potential benefits may include the following: lowered cost of data collection; increased accuracy of data; increased data analysis capabilities; reduction of regulatory errors (for example, by eliminating wrong filings); improved control over production, quality, and other processes; quicker search and retrieval of electronic records; improved information transfer between departments (for example, between operations and quality); improved information transfer between companies (for example, between an external research organization and its sponsoring enterprise); improved product recalls record, etc (see The Bio-terrorism Act of 2002 Update and Compliance Issues for the Small to Mid-sized Food Industry).

Needless to say, the improved business practices can also lower an enterprise's long-term cost of compliance. Specifically, the cost of noncompliance can be defined as the cost that would be incurred if a company were found to be out of compliance, factored by the risk of being found out of compliance. The cost of noncompliance can include additional inspections, lost production, non-sellable product, product recalls, plant shutdowns, fines, or even the incarceration of executives (see FDA Compliance For The Life Sciences).

As another example, implementing and ensuring compliance with employee safety guidelines, monitoring emissions (which are often delineated by regulatory permits), and even validating the origin and composition of chemical products are all mission-critical processes that contribute to the cost of doing business. In other words, as explained in So, What's the Big Deal with Chemicals?, a new complexity that comes from some process industries is the introduction of hazardous materials and dangerous goods that are closely regulated and must be reported, which creates two conditions that can be greatly simplified by software.

First, when creating a new formula or modifying an existing one, the formula must be analyzed for the presence of hazardous materials. This check requires a continuously updated and current list of regulated materials that are considered hazardous. Also required is the percentage of these materials relative to the other ingredients.

Second, the reporting of hazardous materials must comply with a specific format, namely material safety data sheets (MSDS). These sheets will usually accompany the customer's bill of lading (BOL), and must therefore be integrated with the billing process. While copies of MSDS can be kept on file and manually matched with the BOL, most companies will not want to risk noncompliance, and would rather seek an automated remedy.

However, companies that prefer to "live on the edge" (chance being less meticulous in their approaches to compliance) will rely on manual procedures to determine when a formula and product requires an updated MSDS. More prudent companies, on the other hand, will seek to have update notifications incorporated into their enterprise-wide software, and to have new MSDS automatically generated when needed. The programming of hazardous material compliance is not trivial when one considers that it involves list processing and matching, percent of total analysis, scheduling, and formatting.

Possibly an extreme example of companies turning regulation and GRC into opportunities (growth and hefty profits) would be the recently publicized corporate social responsibility (CSR) programs, with companies like Starbucks,, Google, or Polo Ralph Lauren posting tremendous growth and profits while being impressively philanthropic. The CSR programs of these businesses have included helping coffee farmers sustain their farms and meet quality standards; environmental initiatives to reduce waste and preserve the earth's natural resources; giving free software to nonprofit organizations; building centers for cancer care and prevention; supporting volunteerism among employees; removing fur from its fashion collections; educational outreach; and monitoring of the global supply base for adherence to fair labor practices (see Sirkisoon, Hagerty, and Carter's 2006 article The 21st Century Business: Contribute to Society and Profit).

Certainly, these companies benefited from strengthened corporate brand and reputation, increased business opportunities (including investment in markets for future corporate development), and improved strategic risk management. AMR Research defines CSR as a company's obligation to make decisions based not only on the financial and economic factors of the business, but also on the social and environmental consequences of its activities. Within CSR, Aim Research segments initiatives into five categories:

  1. Environmental action—programs to reduce pollution, save energy, and recycle
  2. Ethical—codes of practice with respect to diversity and accountability to employees and partners
  3. Philanthropic—charitable contributions to support medical, artistic, or cultural development
  4. Responsible sourcing—fair labor standards and economic development
  5. Social issues—educational outreach, scholarships, and volunteerism

In the next (and final) part of this series on how different industries address issues of compliance, the software category of governance, risk management, and compliance will be looked at more closely, with a focus on how enterprises can best implement such enterprise applications in order to reap the most benefits.

Part Six of the series Thou Shalt Comply (and More), or Else

comments powered by Disqus