Compliance again… But not Orson Welles’ SOX

SOX (Sarbanes-Oxley)  has made the word "compliance" almost trendy, in that compliance officers can now get dates and meet girls and stuff,  but in the clamour of section 404, seperation of duties and so on,  it is easy to forget that there are other laws requiring vendor and customer attention.

technorati tag:

 I was in a meeting here at SAP and I thought I heard someone say  "Roseweed".  I figured we had some film buffs in the product name concoction department. (it sounded much better than sticking a "my" in front of an Acronym, but that is a rant for another day…). As the token HR guy in the meeting I kept quiet, luckily. they were talking about RoHS/WEEE

Seriously though these are two very significant EU Directives. (I lifted the text from the hi tech industry site on

RoHS. Restriction of Hazardous Substances RoHS will apply to manufacturers of electrical and electronics equipment that do business in the European Union (EU). As of July 1, 2006, RoHS will prohibit the sale of electronics products that contain more than 0.01% of cadmium, mercury, lead, hexavalent chromium, polybrominated biphenyls (PBBs), and polybrominated diphenyl/ether (PBDE). Violations can result in stiff penalties, significant loss of sales, and a negative impact on brand perception in the environmentally conscious European market.

Waste Electrical and Electronic Equipment (WEEE) Directive — WEEE establishes rules for the collection, treatment, recycling, and recovery of electronic waste in the EU. The directive states that electronics manufacturers and importers must manage and pay for the recycling of electrical and electronics waste. Member countries must meet WEEE recycling targets by the end of 2006.

There is an interesting article in the IT Director that covers the WEEE issues in the UK. (A Directive is a European Union legal instruction, binding on all Member States but which must be implemented through national legislation within a prescribed time-scale.
at a country level) Like trains, they are often late to arrive in the UK.

Manufacturers and retailers have to make significant changes to business processes, products and the systems that support them. At SAP we have done a lot of work to adapt our solutions to help customers cope with these regulations.

There is also a lot of interest in REACH, another environment planned directive that has major implications for the chemical, food and other industries, not just here but globally. The folks in birkenstocks here in Walldorf are following these development closely as they may impact our industry solutions and even the core ERP applications. (for those interested here is a fascinating enviro blog Grist  – delightfully written)

If you are interested there is a whitepaper here from SAP that is worth a peek. 

Another area that is hot in compliance is emissions management. We have an x-app here developed together with technidata. These guys are also experts in RoHS Weee and so on.

If you look to Virsa for SOX and financial and Technidata for enviro. compliance , I think this is what SOA is all about in practice. I have been trying to understand Netweaver, SOA, ESA and so on for sometime, with fridges and so on,  but when you see this kind of development, it all starts to make sense. Netweaver for me is mainly about leveraging SAP core applications, SAP's years of experience with niche expertise in a technically effective, efficent, sustainable way. It isn't about bespoke application anarchy, or a best of breed application lovefest. (There is an interesting post by charles on SOA)

SOA and ESA will change a lot of things, but deep industry and functional knowledge will always be at the heart of SAP's success.

Sandboxes….and the law continued

This is on from the post where I raised the data protection law issues of  "we’ve created a simple, one-click process for cloning your entire Salesforce deployment an exact replica that includes all customizations and data." Sfdc offering. (see the other post for all the details)

This was picked up by Niel  last night. But as I was wading through some stuff on messrs Sarbanes and Oxley,and I thought "hang on" this may be more than just a "EU privacy thing"

Almost everything gets linked to SOX today so I may stretching this stretching this a bit (repeat: I'm not a lawyer), but surely there is a SOX management of internal controls issue here too. All sorts of confidential information such as pipeline would reside in the "exact data" you would be extracting. Even some of the configuration would be confidental in nature. I suspect most auditors would be very uncomfortable with this sort of "exact data" residing in a sandbox, with all sorts of IT bods accessing it. The issue becomes worse if you are then using this "exact data" to test an interface to an appexchange application. Who knows where it may end up being passed to….

If I look to the Numerix comments on  Niel, your company notes some sensible best practice.

Limit Real Data Exposure. Information used in testing efforts can be exposed to numerous groups: internal testing teams, outsourced testers and consultants. In addition, information such as payroll checks and invoices, are likely to be printed as part of the testing process. Making information available to this growing number of teams increases the likelihood of falling out of compliance with legislation, including HIPPA and the Data Protection Act (UK). So, limit access to real data and scramble data early in the testing cycle.

As part of such an offering, SaaS, or otherwise, I'd expect to see a strong scrambling feature and clear guidelines on handling test data. Perhaps these are part of the offering? If they are, surely they should be positioned in the marketing?
technorati tag:

Enterprise RSS, web 2.0 and HR

I've always thought I'm pretty up to date on HR related technologies. I've been a good boy, reading the analysts, keeping an eye on the competition, and trying to figure out what we are doing here at SAP. (often the hardest job)  However, since I started looking at the blogsphere, I have realised there is much to learn. zoliblog led me to innovation creators.  Thanks. The world is so much bigger than my cosy ERP space.

This whitepaper is well worth a read it it provided me with a wake up call.  The collaboration tools that have emerged in the social web, as Rod notes, is  moving fast to the enterprise space. Collaboration, Knowledge management and the like are due a serious second coming. I'm not sure that open source will drive all this into the enterprise, but the concepts are thought provoking.

Much of the HR technology discussion with customers here in Europe is still on whether to do Employee Self Service or not! (see my earlier post on Banking and HR). Transaction processing is clearly moving to shared services and-or BPO (subject of a future post) We need to move the discussion on a bit me thinks.

I'm not sure that many HR folks out there grasp how these socialising networks will fundamentally change recruiting, learning, succession,and intra-company networks and structures. Microsoft's recruiting seems very impressive. Their folks get it. see Stroud's blog. 

These solutions are sure to shake up the enterprise apps space. The SAPs, Microsofts and Oracles will adapt. But this stuff will hit the niche HR guys hard, I'm not sure they can finance the shift.

technorati tag:

a feeling of embarrassment that leaves you confused, or the big word of the day

The Financial Times reported on an  interview with an Oracle Executive today. "SAP has definitely benefited from what happened with the PeopleSoft merger, especially the uncertainty around that," Oracle executive John Wookey said. "There was an 18-month discombobulation in the marketplace. It hurt PeopleSoft; it hurt us."

For those of you that don't use this in everyday conversation, when used as a noun discombobulation means "a feeling of embarassment that leaves you confused." 

Exactly what happens when you go shopping and then wonder where the 18 Billion went….

technorati tag:


The Deal Architect blog by Vinnie Mirchandani recently looked at Analytics. Here are my two pennies' worth.

At SAP we spend much more time talking about analytics to customers today than ever before. Analytic software has come on leaps and bounds over the last few years. (not just the SAP stuff, but then I'm biased). The challenge isn't getting the data out anymore, or putting it into nice graphs or charts. It is that analytics really only starts once you have the results.

Innumeracy is a big issue, especially with many of the HR management types I deal with. (Fabulous book on innumeracy by Paulos made me wake up after avoiding the topic for 20 years- math teacher and I didn't get on at high school)

I spoke with  a senior HR guy at a major German auto manufacturer a few months ago. He was doing some tremdenous stuff on the implications of the ageing workforce, combining it with all sorts of demographic and market data and providing his board with some key scenarios to ponder. He could talk about causality, statistical significance, probablities, deviations and the like.  Analytics is a tremedous competitive advantage for this company. The difference between him and most "end-users" of analytics was vast, but then he had a PhD in statistics.  He could also explain things to people who didn't.

technorati tag:

There is an Australian, Peter Howes, who is on a mission to fix HR innumeracy. I hope he succeeds.

Bluntly put: Analytics is only as good as the person doing the analysis.

technorati tag:

Compliance stuff.

Wrote this on the plane on the way back from Sweden. They speak better english than anywhere else in the world, even England.  

I spent the last six months of 2005 working closely with the Virsa systems and the Virsa team. For my sins I managed the relationship between Virsa  EMEA team and our field organisation.  Virsa is in the right place at the right time. Jasvir Gill and his team are really on the ball.  I wish I had some shares.

It is a great example of how SAP’s ecosystem model can work well. The partner gets to leverage the SAP sales channel and brand, reaching a bigger and better target audience. SAP gets to market with a solution quicker than we could have done by playing catch up. The customer wins because they get the support and the integration commitment from SAP, yet the focus of a niche player.  I’m looking forward to seeing this ecosystem model grow with other organisations. We are still learning  a lot from working with Virsa about how to make a small company leverage the SAP machine.

Compliance is going to be big and just get bigger. SOX is just the tip of the iceberg. People that understand the legal issues and the technology solutions are going to be in serious demand. As the laws get more complex and demanding, technology will need to play a much greater role in policing, warning, optimising and reporting on compliance. (I hope so as I’m the middle of a the world’s longest lasting PhD on the relationship between law and enterprise applications.) I’m keen to share ideas with others working on compliance related issues, either from a law or technology perspective. Let me know what you think about the convergence of enterprise risk and compliance

Those boring things that SAP has always been pedantically disciplined about, audit, security, authorisation, rules, workflow, access control and so on have suddenly become trendy. In the past it was sometimes seen as “German” overengineering, especially in the sales cycle.  Audit information systems and internal controls weren’t cool things to demo. Now they are. Thanks messrs Sarbanes and Oxley. Keep it coming.

There is lots of good stuff out there on the SAP community. Check it out.  hug an auditor today.

Banking and HR Technology….

 Banking and Human Resources:  some parallels.
Banks, like many of us, were caught up in the internet hype of the late 1990’s. Online banking promised to revolutionize all forms of banking, removing the need for branches and such like. Traditional banks and insurance companies launched internet only banks. The high street bank branch was doomed, it seemed.

Banks now realize that retail banking requires a multi-channel approach. Not all customers are the same, and not all banking processes are equal. Banks today deliver a multi-channel experience. It may make sense to do a simple bank transfer online, but I may wish to talk to someone on the phone about my mortgage, and I’d like some face to face advice from an expert on balancing my investment portfolio or setting up as an independent contractor.  Also, a 25 year old graphic designer is likely to have a different channel mix from a pensioner, although the silver surfer community is the fastest growing of all.

Banks have become very sophisticated in managing this multi-channel approach. It has taken a number of years to get the balance, and as new technologies emerge, the model needs re-balancing.  The best banks though, know that managing the channel model is the key to cost management, customer satisfaction, and ultimately, profitability.

I’m of the view that HR needs to do the same. In talking with many companies today, I can segment them into three groups.

Technophobe: Self service is not for us. Our managers and employees want to deal face to face with HR. ESS (employee self service)  and MSS (manager self service)  is just pushing work to the managers, they should get on with managing not self service.

Technophile: With ESS, we don’t need HR anymore. Managers and employees can access the system 24-7  and do everything online themselves.

Technorealist: We deploy a mix of interaction models. We use the web, the phone, email and face to face meetings; depending on the type of services, the customer receiving the service, and our cost model.

I don’t expect the bank teller to advise me on whether invest in a hedge fund, and I don’t expect a hedge fund advisor to transfer money from my current account to pay the electricity bill. Why is it that some companies seem to think that the HR generalist, who processes my sick leave form can advise me on building a high performance team, and can help me structure a compensation plan that will retain my top performers?

The dissonance between work and home continues to grow. Most of your employees are familiar with eBay, Amazon, Yahoo, Google and so on. They can submit their tax returns online, pay parking fines, congestion charges and even do online banking.

ESS is not the answer to all HR questions. But neither is an HR generalist on every corridor. The best HR functions today work like the best banks do. They understand the customer demographics, and the service demands, and deliver the most convenient service at the price point that makes sense. They provide efficient transactional services, accurately and cheaply, with a minimum of fuss. And they provide advice and guidance when it really counts.