Expand +



A 4-Step Blueprint for Achieving Sustainable Compliance!

by Neetin Datar | SAPinsider

January 1, 2006

Businesses that regard compliance as an expensive distraction tend to take a piecemeal approach, implementing one-off solutions to meet specific regulatory requirements. But with a more strategic view, your compliance efforts can lend business value to your company. Learn the four steps to take to ensure your governance, risk, and compliance strategy is sustainable -- that is, aligned with your overall corporate strategy and executed within a sustainable cost structure.

A more stringent regulatory environment, increased pressure from shareholders, and even demands from business partners1 are forcing enterprises to add a new dimension to their corporate strategy: effectively managing risk and compliance while at the same time bolstering shareholder value and trust.

The Sarbanes-Oxley Act is just one high-profile regulation in a growing list of current and proposed requirements across industries and markets — there are mandates for everything from data security, privacy, record retention, human resources, payroll, and taxes to bioterrorism, homeland security, health and safety, and international trade to environmental directives at regional, national, and local levels. Corporations and their officers face stiff financial and criminal penalties for noncompliance, and corporate reputation has taken on greater meaning as accounting scandals have driven companies to devise an effective governance, risk, and compliance model for their business.

We're seeing two very different responses to this challenge.

Expensive Distraction or Competitive Differentiation?

Some businesses simply regard regulatory compliance as an expensive distraction. And since a variety of vendors are offering myriad point solutions to meet requirements today, it's tempting for companies to take a piecemeal approach to compliance. But the reality is setting in that continually adding one-off solutions in response to each regulation is ultimately very expensive. With this tactical approach, costs and risks are only likely to go up as every new vendor brings added complexity to a company's IT landscape. The costs for integration, maintenance, and training also have to be tallied up.

Leaders with a more strategic and proactive view see corporate compliance and governance as an opportunity for market differentiation as a best-run business. This view is not only winning favor at a strategic business level, but it is proving itself in the capital markets as well. Research shows that firms with weaker corporate governance strategies are less profitable; they have lower return on assets, lower return on equity, and lower return on investment than do firms with stronger governance.2

What's more, in some compliance scenarios, companies are even seeing measurable cost savings. SAP can help to meet the immediate compliance requirements — SAP offerings, including mySAP ERP, cover a broad array of regulations, across industry- and country-specific requirements (see sidebar). At the same time, we are enabling our customers to look beyond short-term compliance issues, helping them take a strategic view, which has garnered praise from analysts and customers alike.

There's no denying that complying with regulations has a cost. But by taking a more strategic view, your compliance efforts can also lend business value to your company — so that you go beyond a "compliance for compliance's sake" mentality. This approach puts a strong foundation in place for the long term — such that a governance, risk, and compliance strategy is both aligned with the overall corporate strategy and is executed within a sustainable cost structure.

This article offers a blueprint of four steps you can take toward achieving not just compliance, but sustainable compliance. So, what needs to be done within your organization, and how can SAP help?

One of SAP's differentiators is its extremely broad positioning on all types of compliance issues facing global companies. Specific application functionality, a common compliance architecture/platform, and partners — both service and software — are all part of its approach. The company has made great strides in instilling a "compliance is strategic" message with its customers and prospects, and much of its brand messaging revolves around ubiquitous compliance — from SOX to Basel II to Reduction of Hazardous Substances (RoHS) requirements in Europe, as well as myriad other environmental and trade regulations.

— John Hagerty, Vice President,
AMR Research

Step 1: Ingrain Compliance at Every Level

Successful compliance efforts begin with a shift in thinking in order to see compliance efforts in terms of business value, not just costs. A successful strategy also regards compliance as a core value of the company — part of its DNA, if you will. Compliance should be a concern for every level of company hierarchy. Forward-thinking companies are ensuring that compliance gets ingrained into every step of how they do business.

Such companies are also very much aware of the importance of the "people factor" to the success of their governance and compliance strategy. Employee buy-in and ownership is essential.

Step 2: Standardize on a Flexible Platform

Our research indicates that most compliance regulations actually draw upon a common set of IT resources: executive dashboards, scorecards and analytics, alerting and reporting, security management, archiving, content and records management, workflow, and business process automation.

Instead of companies having to buy these technology components separately each time they face a new regulation, a flexible platform is in order. Such a platform enables enterprises to standardize, reuse, and leverage their previous and current compliance efforts. SAP provides such capabilities through the SAP NetWeaver platform, which gives enterprises a common, flexible compliance architecture, allowing them to integrate SAP and non-SAP systems for compliance more cohesively and cost-effectively. Many SAP customers today are successfully upgrading to mySAP ERP, taking advantage of the latest functionality but also gaining access to SAP NetWeaver.

A Sampling of Regulations Supported by SAP Solutions

SAP has a long, proven history of providing compliance solutions. SAP continues to invest, innovate, and deliver solutions for more recent regulations:


Regulation SAP Application/Industry Solution
Cross-Industry Regulations
Sarbanes-Oxley Act of 2002

• Management of Internal Controls (MIC), Audit Information System (AIS), and Whistleblower functionality in mySAP ERP

• SAP Compliance Calibrator by Virsa Systems

Sanctioned Party List Screening; Trade Export and Import Control; Reporting • SAP Global Trade Services
CAN-SPAM Bill and REDUCE Act (US) • mySAP CRM marketing and email response management system (ERMS) capabilities
Do-Not-Call Registry (US) • mySAP CRM marketing and interaction center capabilities
International Financial Reporting Standards (EU) • mySAP ERP
Human Resources, Payroll, and Taxes • mySAP ERP
Industry-Specific Regulations
Title 21 CFR Part 11

• SAP for Life Sciences

• SAP for Compliant Manufacturing (mySAP ERP), Enterprise Laboratory Information Management System (QM), and Plant Maintenance (PM)

• SAP for High Tech, especially medical devices using compliant manufacturing

EU Data Protection Directive 95/46/EC

• SAP for Life Sciences

• Electronic records and electronic signatures

EU GMP Guideline (EU Directive 91/356), Annex 11

• SAP for Life Sciences

• SAP for Compliant Manufacturing (mySAP ERP), Enterprise Laboratory Information Management System (QM), and Plant Maintenance (PM)

• SAP for High Tech, especially medical devices using compliant manufacturing

FDA Bar Code Initiative • SAP for Life Sciences
FDA Bioterrorism Act of 2002; EU General Food Law 2005 • SAP for Consumer Products
Kyoto Protocol;
Clean Air Act
• SAP xApp Emissions Management (SAPxEM) for the Oil and Gas, Utilities, and Chemicals industries
Reduction of Hazardous Substances (RoHS); Waste Electrical and Electronic Equipment (WEEE)

• SAP for High Tech

• SAP Environmental Health and Safety and Compliance for Products (CfP) from TechniData, an SAP partner

Basel II

• SAP for Banking

• SAP Basel II

Myriad environmental regulations for responsible care, dangerous goods, hazardous waste, toxic substances, material safety data sheets (MSDS), and industrial hygiene and safety (by various countries and regions)

• SAP for Chemicals

• SAP Environmental Health and Safety capabilities like Dangerous Goods, Waste Management, and Product Safety

Partner Ecosystem Mandates
Wal-Mart mandate; other entities demanding RFID tags

• SAP Auto-ID Infrastructure (SAP AII) in SAP NetWeaver

• SAP for Retail, Consumer Products

For more information on SAP solutions that support regulatory compliance mandates, please visit

Step 3: Simplify, Simplify Again, and Simplify Some More

Complex IT and application landscapes can make even simple things very difficult to achieve. Due to factors like growth, globalization, mergers, and acquisitions, a company's IT system landscape tends to get more complex and heterogeneous over time. Companies often end up with disparate and fragmented processes across business units and divisions.

Take, for example, the order-to-cash or procure-to-pay process. It's not uncommon to find companies, even today, having four, five, or even more systems handling these critical business processes. Such disparate processes offer ripe opportunities to further simplify the overall IT landscape and standardize processes throughout the organization. IT system and vendor consolidation forms an important part of any company's strategy, as each system in the landscape represents cost and risk in terms of compliance and internal controls. This tactic undoubtedly leads to higher quality of compliance, but also helps cut costs overall.

Enterprise-wide deployment of ERP should be seen as the backbone for compliance, and it's important for businesses to build off of this strong foundation. Businesses that are now in the market for an ERP system are making compliance part of their checklist and evaluation criteria. With SAP's long and proven history in the compliance arena, such companies are taking comfort in the fact that SAP can help them meet their short- and long-term needs. This trend points to companies replacing their legacy IT systems with mySAP ERP. For example, a large management software company recently selected mySAP ERP to replace their numerous legacy and third-party applications. The company is rolling out mySAP ERP globally to better meet their regulatory challenges in internal controls, financial reporting, and fiscal transparency.

Step 4: Extend Your IT Investments with Composite Applications

Composite applications are self-contained programs that bring data from different sources into single application logic, and they can be easily plugged in to a company's existing IT landscape with minimal disruption. Composites developed by SAP or our partners are powered by SAP NetWeaver, giving them interoperability with SAP and non-SAP systems.

Since SAP NetWeaver is the common platform for all SAP solutions, these composite applications do not add more complexity to the existing IT landscape. In fact, the consolidated platform enables companies to extend their IT investments and, more importantly, help fill specific process gaps — including requirements stemming from new compliance regulations. Many companies have successfully adopted a composite applications strategy, as depicted in Figure 1.

Figure 1
Extending IT Investments with SAP NetWeaver and Composite Applications

A Composite Application at Work for Compliance

SAP Global Trade Services (SAP GTS) is a great example of a composite application in the compliance arena. Security concerns in the post-9/11 era have given rise to a host of new trade regulations, and companies need to know their business partners throughout the global supply chain. Governments around the world regularly publish and update "watch lists" or "sanctioned party lists." Businesses must ensure that they are not trading with entities on these lists, as noncompliance can be expensive — with trade licenses being revoked in some extreme cases.

Under such strict, regulated conditions, it behooves companies to have proper automation and controls in place. This is where SAP GTS comes in. SAP GTS is a composite application that screens business partners proactively during the order-to-cash and procure-to-pay processes and alerts compliance managers of any exceptions so that corrective actions can be taken in a timely manner. The screenshot below shows a dashboard that a compliance manager can access in SAP GTS to track how many orders are on hold due to the sanctioned party list screening process. Companies can manage risk more proactively and move toward a "management by exceptions" philosophy, increasing knowledge-worker productivity. All actions are logged and time-stamped into an audit trail so that due diligence can be demonstrated in case of an audit.

SAP GTS also helps manage several other trade compliance issues, such as import/export license management, country embargo checking, duties and taxes paid during entry of products into a country, accurate documentation to clear customs, and electronic communication as mandated by local governments.

Today, SAP GTS is widely adopted by customers as it helps cut risks, time, and cost while providing more visibility into their global trade activities. For example, a large high-tech company easily snapped SAP GTS into their .NET environment to quickly achieve trade compliance. And they did it with minimal disruption to their existing IT landscape and processes — proof positive of the power of composite applications that are designed to take on specific challenges and be agnostic to backend IT systems. For more SAP GTS solution details, please visit

 Compliance Manager Operational Dashboard


SAP provides comprehensive and unified compliance solutions to tackle current and emerging compliance regulations. Our integrated but flexible approach allows new compliance initiatives to easily leverage the work accomplished for previous ones — leading to lower compliance costs while bringing process efficiencies. Our approach also facilitates greater control, accuracy, completeness, accessibility, and insight across the enterprise, enabling CEOs to govern with confidence and gain stakeholder trust.

7 Tips for a Successful Compliance and Governance Initiative

  • Think strategic, not tactical.

  • Think processes, not projects.

  • Think enterprise wide, not in silos.

  • Focus on business value, not just on cost of compliance.

  • Think company DNA, and make compliance part of its core.

  • Think agility and aim for a flexible compliance architecture.

  • Technology is an important enabler of data quality, accountability, and efficiency.

  • Make compliance repeatable, scalable, and cost-effective.

For comprehensive information on all SAP cross-industry and industry-specific regulatory solutions, as well as SAP NetWeaver capabilities for compliance, please visit

1- Consider examples such as the RFID mandates from Wal-Mart, Metro, Boeing, and the US Department of Defense.

2- See Lawrence D. Brown, Ph.D., Georgia State University, "The Correlation Between Corporate Governance and Company Performance," a research study commissioned by ISS (Institutional Shareholder Services), conducted in 2004.

Neetin Datar is the Director of Solution Marketing for Compliance Suite at SAP. He has been with SAP since 1994, working on teams that helped forge SAP's rapid growth in the mid-market, online procurement, online selling, global trade, and compliance markets. Neetin holds an MS in Industrial Engineering from the University of Oklahoma at Norman and is a frequent speaker at events including SAPPHIRE and the Logistics and Supply Chain Management conference.


An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!