Select Page
Three Ways to Make Compliance Everyone’s Business

Three Ways to Make Compliance Everyone’s Business

Compliance acronyms often become the “inside jokes” of an industry, a sort of alphabet soup, but the language of business governance can quickly result in confusion. Clever letter combinations echo the rules and regulations of businesses, especially for companies in manufacturing and distribution. Compliance is a company-wide issue that affects everyone from owner to customer. With that in mind, here are three ways to reduce the stress of compliance management by making the rules of the road everyone’s business:

1. Know the compliance acronyms that affect your business

2. Optimize your ERP for reporting and metrics tracking

3. Bring in experts when compliance involves advanced cybersecurity, data privacy regulation, or highly sensitive record management

Business Compliance

Rules and regulations serve to keep your data protected. Here are a few of the most common regulations that govern business data:

GDPR (General Data Protection Regulation)

Information that leaves the European Union must comply with GDPR even in countries that are not part of the EU. With comprehensive regulations for security and privacy in data handling, GDPR essentially protects your company from a security breach. If you draw any traffic from the European Union, you must follow the rules of general data protection regulation (GDPR).

HIPAA (Health Insurance Portability and Accountability Act of 1996)

HIPAA compliance is very common, yet many medical facilities miss important steps necessary to meet the fine print of HIPAA laws. All organizations that interact with medical practices in any way must comply with HIPAA. Health and humans services organizations obviously fall within HIPAA privacy rule, but HIPAA violations are seen across industries as more companies host data subject to these health information laws. Small businesses often fail to comply because of limited in-house expertise, which is why 2021 is moving more and more owners toward partnership with a small business IT provider that offers compliance care.

Here are a few of the types of companies that must process data in ways that comply with HIPAA rules and regulations:

Here are signs that you are keeping up with HIPAA compliance:

Failure to comply with even a single HIPAA security rule has resulted in fines of 1.5 million for small companies and up to 16 million for large scandals. Large scale security breaches are common, and everyone handling or interacting with the medical industry needs to be ready for a cyber attack. Physical theft, such as mobile device theft, is also common, so in-house strategies must include data protection from employees and other on-site actors such as third-party consultants.

PCI DSS (Payment Card Industry Data Security Standard)

Payment data is sensitive data, and is therefore protected by advanced compliance standards. Fortunately, these regulations demand solutions that benefit all businesses. If you collect credit card information for any reason, you must ensure PCI DSS compliance. All credit card information must be encrypted. Data access must be limited and tracked so that information stays in trusted hands.

Information transmission requires firewall protection, cybersecurity software solutions, and proactive security management. The network must be accessed for vulnerabilities, and all software must stay updated, patched, and in compliance with the PCI DSS regulations. A penetration test is the best way to see if your company is at risk of a data breach.

EstesGroup can help you create a compliance plan for your business. Compliance acronyms abound, but the right IT solution will quickly make the rules and regulations of your industry as simple as saying the alphabet.

Get business compliance peace of mind by signing up for a security audit and network assessment today.

Five Ways to Ensure ERP Satisfies Financial Compliance

Five Ways to Ensure ERP Satisfies Financial Compliance

Every business has financial compliance requirements from many sources. ERP is your primary tool — helping you prepare the required reports easily, timely, and consistently.

ERP Financial Compliance

Set up ERP to produce the reporting needed.

The first step toward financial compliance is a complete understanding of what your financial compliance requirements are. There are national requirements such as those from standards boards and, in the US, GAAP, or generally accepted accounting principles, is one. Income taxes and securities exchange reports build on GAAP.

Financial reporting goes well beyond national requirements. States and provinces have their own requirements for any business operating within their boundaries. Other requirements at various local levels can be easy to miss, as they come from cities, counties, regional districts, and an assortment of commissions. These have the force of law behind them and require compliance and reporting. Sales and value-added taxes are in this category along with property taxes. Don’t forget trade unions that want reports of payroll and hours by work categories.

Regulations from this wide variety of sources have a common denominator in the requirement of documented processes to collect data and issue reports consistently.

Understand how data is created in ERP and where it is kept.

Once we determine what reporting is required, we move to figuring out how to get the data needed for those reports. ERP systems are based on finance and accounting and many data elements will be there ready to use. ERP is made up from thousands of tables, and some data will be available, but some effort will be needed to find it and extract it for use.

You might find some required data simply is not built into your ERP, but you already collect it in some other database. Here you might be able to create a user-definable field to store that data within ERP where it can easily be combined with other data from ERP. You might also need to integrate some other system with ERP to make the data available.

Ensure that your accountant is part of your ERP selection and implementation teams. Their role is to understand reporting requirements and make sure the ERP you implement satisfies those requirements.

Document the source of your required data and the processes that develop that data. Develop and save reports you design to collect your data for financial reporting. At the same time, develop reporting to satisfy any future audit requirements from the authorities.

Use ERP to manage the data trail.

Data for your reporting will be a combination of static and dynamic data. The static data largely is field names such as ‘date’ and ‘amount’. Dynamic data is that coming from all of your transactions. Your ERP includes many built-in tools to capture normal transactions like sales invoice amounts and purchase order payment amounts. Your unique ERP configuration settings might modify those built-in tools. For example, you can value inventory as LIFO or FIFO, and that setting will modify your inventory valuation, as well as cost of sales.

Since data is the result of all the transactions performed over time, any steps you can take to reduce errors will enhance the accuracy of your reports. Training, self-validations, and management supervision all help improve accuracy. Another method of improving accuracy is to automate as many repetitive steps as possible. When a transaction is automated, once the coding is complete, the results of the transaction will never vary.

Analyze your ERP data and use it for advantage.

You took advantage of the built-in tools available in ERP and you have automated and secured many of your transactions. Now your accountants are free to analyze. Look carefully at the data collected and check it again. Does it best show the results required by financial compliance? How can you improve the report? Is there a message to your management that was hidden but can help improve your business? These are your data; the data do not belong to the agency requiring compliance.

Build an analytics team and use this team to mine your data, seeking ways to help everyone. Your CFO needs a dashboard that displays all of the key metrics in a way that enables fast, informed decisions. Build dashboards to enhance decision-making at every level where any decision is made.

Report consistently across the globe.

Because the data for all financial compliance reporting comes from or through your ERP data, consistency is always maintained. Much compliance reporting is publicly available so that auditors from one agency can easily verify that consistent data was reported to another agency.

Even where comparisons cannot be made, you know the reporting is consistent. A compliance report filed in France is derived from the same data as a similar report filed in the USA. Only the filters are changed.

Because the reports are centralized and accessible anywhere, the headquarters can run a report intended for a compliance agency anywhere in the world.

Every business has financial compliance requirements. ERP will enable us to meet those requirements without undue burden. At the same time, ERP enables consistent reporting wherever we have requirements and provides tools we can use for our own benefit too.

Are you concerned about more than financial compliance?

Compliance can be challenging, especially in regard to ever-evolving cybersecurity regulations. Sign up for a security audit today to see if your systems are compliant in regard to data management & privacy laws. Not ready for an assessment? Watch a video interview with EstesGroup’s CEO, Bruce Grant, to see how ERP & IT consultants can help manufacturers stay on top of industry rules & regulations. Read our article on cGMP compliance & ERP to get more insight into how regulatory organizations affect your business.

cGMP Compliance & ERP

cGMP Compliance & ERP

What is cGMP?

cGMP stands for current Good Manufacturing Practice and, more than just initials, it is at the center of the US Food and Drug Administration’s efforts to protect citizens from potential hazards related to food and beverages, cosmetics, pharmaceuticals, and medical devices. ERP is the system used by businesses for accounting, inventory management, sales order processing and many other processes central to maintaining management control. ERP is where businesses keep the records that show they are complying with good manufacturing practice.

cGMP Compliance ERP

What does cGMP look like for manufacturers?

Process Control

Process control is critical in these controlled industries. We need to define exactly how our product flows through manufacture. Who will perform the necessary manufacturing steps? What ingredients or component parts are required? When does each step take place related to the previous and following steps? Where will we manufacture our products – in which facility and using which equipment? Why are we taking these measures to control our process? How will we document exactly what we did and compare it to what we said we would do?

Training

An ERP system has a record of each employee. That record goes well beyond payroll and human resources. If we add the training each person has had and their current work qualifications, we can use ERP to work with our cGMP process. We can now schedule specific people within our overall production schedule. The people scheduled are limited to only those who have required training and certification based on the rules we established within our business. Next we can use ERP to track exactly who worked on each manufacturing step. This enables us to pass any audits. We also now can know who might have made any error or failed to precisely follow our defined process.

Compliance Department

Inventory

Our cGMP includes a specific list of ingredients or component materials required to produce our product. Our list can further limit the materials used to those from specific suppliers or items commonly available from multiple sources. ERP helps us track each item by lot number so that we never inadvertently mix a lot in the same batch. Lot tracking sets up our ability to manage any potential recall. We know which output batch had an issue and know exactly which ingredient lots we used in that batch. We can also use ERP to avoid any chance of using an item beyond its shelf life.

Recipe or Routing

ERP provides us with the manufacturing path that we know meets cGMP. Step one is performed on certain equipment and specified operations must take place then. We can measure the outcome of step one and ensure production is ready for step two. Since we know the duration of every step, we can schedule equipment and personnel and provide the completion date and time for our customer.

Facilities and Equipment

Our cGMP specifies that products must be made only in approved manufacturing facilities and then only using specifically approved equipment within those facilities. The production schedules we use from ERP will use those limits and help us manage capacity requirements now and in the future. Manufacturers must identify what hazards might exist and establish control points best suited to capture and control those hazards. This requirement is known as HACCP or Hazard And Critical Control Points.

Testing and Measurement

Throughout the cycle of production, we will test and measure the product using values stored in the quality module of our ERP system. The tools we use are maintained and recalibrated as we define in cGMP and our test results include the specific tools used as well as the results. Testing and measurement looks for statistically significant variances and enables us to determine corrective and preventative actions and track those to completion all within our ERP.

Quality Management System

cGMP requires that we have an active quality management system that is fully documented. ERP is one of our primary record keeping tools and supports cGMP fully. Any business whose activities fall under the cGMP rules of the FDA should ensure their ERP fully supports their required control systems.

Are you facing ERP cGMP regulation challenges?

Our ERP consultants are here to help you navigate everything from ERP implementation to private cloud hosting deployment. EstesGroup’s managed IT specialists help clients with backup solutions, disaster recovery, hosting solutions, cybersecurity, and more.

ERP Training After Go-Live

ERP Training After Go-Live

Make Training Part of your ERP Project Plan

Your employees just had a grand celebration. Your ERP project is complete! The months of hard toil, testing, trepidation, and training are in the past. Or, maybe the education has only begun?

ERP Training After Go-Live

Here are some considerations for the post-go-live phase of your ERP project:

Replacement personnel

People come and go normally in any business. A usual process is for the outgoing person to train the one incoming. Often that works adequately well. But a better way might be to enroll the new person in formal training where they get instructions in precisely the methods preferred by the business along with training in how their new tasks relate to the overall processes.

Knowledge Capture

Your employees and ERP users develop improvements in the ways they work every day. Could the improvement found by factory quality assurance people benefit accounts payable? A training specialist would recognize the improvement from a broader perspective and include it in future training for A/P and other functions.

Feedback

The initial training provided to everyone incorporated the best processes known at that time. People will complain if that process is cumbersome and will suggest improvements. Listening to feedback from every source allows processes to improve and future training to enable those improvements.

New requirements

Your customer asks for a change after go-live. Your supplier wants to change some delivery options. Changes occur frequently and ongoing training allows all to be properly trained so that those changes in requirements can be met.

Improvements that were not part of requirements

You had a list of requirements the ERP was intended to resolve. You might also have had a second list of improvements desired but not part of the requirements. Now that the requirements are complete, begin implementing some of those “nice to have” features that will help. Ongoing training is the way to implement those changes across your enterprise.

Process validation

Your ERP project was intended to bring cost savings and many other benefits to your business. Those benefits provided the return on your investment. Now, after implementation, measure the results. Are you getting what was expected? Is the use of ERP part of any shortfall? Better training might bring the system use up so the results you want are still achievable. You could also determine further process changes are needed to get those results and people will need training to use those improvements.

Ongoing review training

Implement an audit system to verify people are using the ERP system properly and completely. No training will cause a complete change of behavior. We all slide day by day and begin to take shortcuts. An audit will find behavior slippage and provide a chance for correction. The same audit might also find someone has worked out a better process that ought to be shared around the company.

Technology updates

Network and computer systems gain new technology regularly. Maybe there is a process that can now be sped up? Maybe there is another that now can be automated. Take advantage of these gains and update your training at the same time. Your ERP provider improves their software and makes these changes frequently. If you have a system in the cloud, like SYSPRO, those improvements are there immediately for your use, and an auxiliary solutions, like ERP hosting, can improve everything from cybersecurity to business process management. Pay attention to the updates, many can be used to your benefit right away and others could help with a small process change on your side. As with hardware updates, update your training too.

Continuous improvement

Training provides a path for continuous improvement. You can develop a great training program as part of your ERP project. Keep it alive and help your business thrive.

3 Ways to Spring your Epicor Installation Ahead

3 Ways to Spring your Epicor Installation Ahead

Spring Cleaning & New Growth for Epicor ERP

While individuals differ in their opinion of daylight savings time, the metaphor of “springing ahead” feels perfect for the enterprise resource planning (ERP) season. Spring is, after all, the time of growth and expansion. So how do companies make the most of this season? Successful Epicor customers often find ways to move their implementation forward, following through on the ERP resolutions made in winter. 

Whether you’re heading toward a great spring-loaded leap forward or merely some spring cleaning, there are many things that you can do to help your Epicor application spring ahead in terms of functionality, capability and overall return on investment (ROI).

Epicor Installation Manufacturing Tool Sparks

Spring your Epicor Installation Ahead with a Master File Cleanup

Daily problems in business operations often have their source in the master file records. Master file records are the kind of data that gradually deteriorates over time, if not cared for with vigor. Cleaning up the customer, supplier, and part master tables allows companies to quickly resolve multiple ongoing issues. I’ve seen many companies perform annual intensive data cleanup efforts to rectify such ongoing issues, and this often results in a system that is more predictable and more scalable over time. With each master file, countless questions can be asked to verify the accuracy of this foundational data.

These might include some of the following:

  • Customer Master: Are customer contacts up to date? How about the terms? Are credit limits in need of a review?
  • Supplier Master: Is banking information correct? Are purchase points defined correctly? Are terms up to date?
  • Part Master: Is supply-side information correctly configured to handle demand? Are part costs in line? What about customer and supplier-based part pricing?

Spring your ERP Ahead with a User Security Review

Cleaning up security within the ERP application is a simple step that can improve the maintenance and maintainability of the application. One significant question would be to ask whether your company utilizes individual user security or group security. The use of group-based security tends to keep the management of security much cleaner than the individual method, as users inherit permissions from the security groups, which ensures consistent and predicable access, without the scramble of managing individual permissions on every user account. Has your individual user security gotten out of hand? It’s never too late to rationalize security groups and roll back some of the disarray. This is one simple way of keeping your Epicor installation from becoming risky business.

Within this general structure, attention should be take to a few key functions, as to ensure that they are adequately managed:

  • Part Maintenance: Who has the ability to create and maintain parts? In many organizations, too many individuals have this ability, and it can create a significant amount of disruption if they are not doing so in a consistent manner.
  • Quantity Adjustments: The ability to adjust inventory quantities on the fly is a powerful but dangerous capability. Often, quantity adjustments are made to cover other issues, such as incorrect quality practices or inaccurate material issuing tendencies. Limiting quantity adjustments to a few reliable individuals is key to preventing inventory problems from spinning out of control.
  • Job Entry: Who should be able to modify a job? There are several settings (backflush, make direct, purchase direct, etc.) that can radically affect the application. Tightening the screws on job entry is often a means of ensuring successful supply for the jobs in question.

Spring Ahead with Focused Education

In an ERP context, education should be distinguished from training. Training generally refers to basic instruction geared for general end users, to allow them to perform processes accurately and consistently. Education differs from simple training in that it focuses much more on the underlying mechanics of the ERP system than on performing specific pre-defined tasks. When a larger critical mass of super users understands the underlying mechanisms of the system, you are better able to make decisions and further refine your system, improving efficiency and handling new challenges as they arise. Also, as new employees enter the organization, providing them with a solid understanding of the system can prevent needless backtracking. This is especially true for an Epicor installation.

So, what areas of the application could use some additional deep dives? Here are a few:

  • Transaction types: What’s the different between MFG-STK and MFG-WIP? It’s an important distinction.
  • Non-Stock: Understanding the effects of the non-stock flag on Sales Order Entry, the Engineering Workbench, and Job Entry is fundamental to successfully managing parts through the system.
  • Phantom BOMs — phantoms may help simplify your job BOMs, consolidate engineering levels, and simplify transactions.
  • Labor Entry Method: How does backflushing differ from Quantity Only? These are subtle but important differences, and the ramifications are widespread.
  • Backflushing Materials: Backflushing is another opportunity to make the system more efficient, but it relies on a solid understanding of the related hierarchy.

A Clean Epicor Installation Enables Growth

Spring, after all, is the season of growth, so push to move your Epicor ERP application forward this season, and sew the seeds for a bountiful harvest in 2021. Ready for optimal growth? Get the Epicor consulting services or Prophet 21 services you need to get ahead of the season. Take a tour of Epicor in a future-proof environment with a free ECHO cloud hosting demo. ECHO supports all ERP systems, including cloud-ready P21cloud-ready SYSPRO.

 

Partnering with your ERP Consultancy

Partnering with your ERP Consultancy

How the Right ERP Consultancy Can Take the Risk Out of ERP Implementation

Implementing ERP presents many challenges. One of these involves the simple dilemma of finding good help. Implementing ERP is not a one-man band, but rather a symphony of interconnected members, each doing their part in the performance. Your ERP consulting partner is one such member of the overall team and can significantly impact the success of an ERP implementation. With that in mind, here are a few considerations that will help you make the best choice when finding a consulting partner.

ERP Consultancy Partnership Meeting

An ERP Consultancy Provides a Path of Success

Scope

At the beginning of your project, define what completion is and how to objectively measure the project’s completion. That definition might evolve as the project moves along, but it’s helpful to define your destination before you embark. This helps you understand how long you will need consulting assistance — completion means the consultant can move along to their next client. You will need to write that final check. Completion also means it is time for you and all the people in your enterprise to sit back and smile. Plan for that success.

Requirements

Consider the needs of your organization and the expertise you already have within your business. You might have a person you think is ready to lead your project: they have the skills and training, but a consultant could guide them and provide experienced mentorship along the way. Or, you might have a very lean organization and need to use a consultant as a full-time manager of the project and then plan to cut the consultant loose when the project is complete.

Culture

Culture is a very important consideration. The consultant who is successful working with a strict top-down leadership style will be different from a consultant who would succeed in an environment where each manager is independent and is expected to make decisions on their own. Your consultant must fit into your existing style and work well with your personnel.

Business Interaction

Negotiations with your consulting partner will begin with senior members of that organization. Those people might not be the same people who will actually work at your business with your own employees. Part of your agreement with the consultant should be control over consultant staff and their ability to get along with your employees.

Logistics

Provide your consultant with access to your systems, a place to sit, and an open communication line to everyone. Introduce the consultant to your staff and let people know who they are and the important work they will be doing on your behalf. Reinforce the call to open communications as needed throughout the project. Many ERP projects are a means of providing tools for future expansions or other plans that likely are confidential. Ensure the consultant understands and has signed appropriate non-disclosure agreements.

Change Management

You will hire a consultant that has the expertise to work with your business eventually to a successful completion of your ERP project. The relationship is not entirely technical. Your employees and system users all react to change in their own unique ways. Some will adapt quickly and embrace the new processes. Others will fight to keep the old process they are already comfortable using. Most will fall somewhere in between, neither fighting change nor immediately accepting change but will, in the end, use your new ERP system. A few might never accept the changes and will part from your business.

Managing change and helping your people along is one of the critical components of your ERP project. The ERP consultant you hire probably has the expertise you need in this area and you should take full advantage of it so your people can stay satisfied.

Data Management

Part of the ERP project will be data conversion from your legacy systems and loading that data into the new ERP. Many IT staff do not have the bandwidth to handle this work in addition to their current jobs. Often this work will be managed by your consultant. Consider who will handle data not only during the project’s duration, but also who will pick up the responsibilities thereafter.

Verification

As the project moves along, you will test specific transactions and the overall system to ensure the results meet your needs and expectations. Use your own people for some of the manual tests. Not only will they help with the project step, they will gain some training and become ambassadors representing all of your ERP users. The consultant will be a guide to setting up and managing testing. The consultant might have automated test processes too which will perform tests that follow your processes and repeat tests 24 hours a day. You will gain many additional test cycles and avoid human errors in testing.

Training

Think about how to train your people to use ERP when the project is complete. You can train a few to train the many and use your existing resources. You could also use the consultants to design and implement needed ERP training for you and your team.

Collaboration With Your ERP Consultancy of Choice

Fundamental to the idea of ERP is the notion of collaboration. Enterprise applications build bridges within the enterprise, and between the enterprise and the outside world. The act of implementing ERP is similarly an act of collaboration. In this light, when choosing a system integrator, ensure that they are an implementation partner, and not merely a consultancy for hire — for it is through people and partnership that the true benefits of ERP are realized.

Want to learn more about how an ERP consultancy can help your business?