Transcription
EpicorGovernance,Risk, andComplianceInspiring business pathways to a secure, compliant, andsustainable enterprise.
Epicor Governance, Risk, and ComplianceGovernance, Risk, andComplianceAchieving visibility and effective controls within the enterprise can be a formidable challenge when many of the processes andprocedures in place remain manual and fragmented. Effective Governance, Risk and Compliance (GRC) initiatives help companies,and their employees stay compliant, and ensure that employees and partners at all levels of the organization are aware of theassociated risks of non-compliance.GRC touches every person and every function in an organization in some way. Whether GRC becomes an intolerable burden thatincreases company overhead or an enabler of efficiency and success depends upon its actual, day-to-day impact on the employees’work and whether that impact is enabling or debilitating.XXRisk ManagementXXGlobal Trade ComplianceXXSecurity ManagementXXEnvironmental and Energy ManagementXXCorporate Governance2
Epicor Governance, Risk, and ComplianceRisk Managementcomplete audit trail of all changes made to the data, EpicorImproved Data Governance andProtection with an IntegratedEnterprise Solutionregardless of where the change originated. When potentialExpectations are rising among auditors, regulatory bodies,timely and effective manner.GRC records the who, what, when, and where of the changesecurity problems arise, the response must be instantaneous.Epicor provides automated alerting and BPM event capabilitiesto assist your organization by managing these situations in acustomers, and other stakeholders regarding the protectionof corporate information against piracy, fraud, and sabotageEnterprise Performance Managementconcerns. Enterprise Resource Planning (ERP) systems control theMany of the requirements for effective GRC programs involvemajority of the information that could potentially be at risk. accelerated disclosure of information to external entities. Thisrequires companies to have better visibility of changes than theyIt is not uncommon for companies to use multiple enterprisehad in the past. Epicor GRC incorporates the ability to infusesoftware solutions in different divisions or business entities.business insight through Epicor EPM—a solution that supportsAdditionally, they may be running multiple instances or copiesoverall risk management objectives by keeping users abreast ofof the same software, and have a variety of stand-alone orchanges in the business. For example, Epicor EPM can be setpoint solution applications—such as order entry or generalup to alert management of the large credit exposure of one ofledger—that are not integrated, or at best minimally integrated.their largest customers or can continuously monitor suppliers forThere may also be a variety of separate databases, tools, andadherence to contractual obligations and cost overrunsspreadsheets used for reporting, all which may be generatingon projects.different versions of the truth.Cross-Organization Benefits ofIntegrated GRC SolutionThe business environment today requires corporations tomaintain very high standards of corporate governance anddata protection. Most organizations realize that compliancewith regulations that enforce these values actually makes goodbusiness sense, allowing them to reap the benefits of higherprofitability, faster and more accurate reporting and increasedlevels of customer satisfaction. Epicor GRC allows organizationsto embrace data governance and data protection strategies,help control risk, effectively handle regulatory compliance andultimately drive business performance.Automatically track changes with risk mitigation tools such as tableand field level audit capabilities.Security ManagementThe only way to truly manage and mitigate risk across theEpicor GRC provides comprehensive user and group securityorganization is to have a fully integrated end-to-end solutionto restrict data and application accessibility as needed. Securityproviding your organization with one single, verifiable set ofcan be granted at user and group levels for all security objectsfinancial and operational metrics. Epicor GRC provides anincluding forms, fields, reports, menus, and method calls. Dataintegrated enterprise solution with built-in application-level risktier security is also available for both tables and columns. Theremitigation tools and Business Process Management—providingis also an option to use Microsoft Windows Authentication toaudit trails and secure workflow automation, the key elementssupport a Windows single sign-on and password policy.of data integrity and security. With the ability to generate a3
Epicor Governance, Risk, and ComplianceBusiness SecurityBusiness security includes ensuring that individual users andgroups of users have access to the business functions and datathat they attempt to view or update.Change LogsAutomated change logs capture changes as they happen,helping companies better manage the accuracy of data.This includes monitoring all changes to records (before andafter values), who made those changes, and when thosechanges were made. Users are also prompted for audit notesof why changes have been made. You are also able to createnotifications from change log events using Epicor BusinessEpicor supports comprehensive management of user, process anddata security settings.Activity Management (BAM).Audit LogsProduct SecurityA permanent audit trail of access and changes is the onlyProduct security includes protection to ensure that theway to validate what is actually happening and to monitorapplication only allows use of modules and product variationsthe preventive controls and processes intended to ensurethat have been purchased and licensed.transactional validity. The combination of preventive controlswith continuous monitoring gives executives and auditorsApplication Securitythe confidence to attest to financial results and associatedApplication security ensures that the business logic protects theIT controls. Data audit logs support compliance with otherdatabase from corruption by always ensuring that an updateregulations such as FDA Title 21 CFR Part 11, HIPAA, and Baselis valid, regardless of the source of the transaction. This isII to name a few of the more common regulatory requirementsnecessary in a service-based architecture since the business logicthat companies face.can be called from many environments including a desktopapplication, external web services, browser-based clients, andAutomation Tool for Epicorother smart devices.The Automation Tool for Epicor (ATE) can do everything yourusers can do in Epicor ERP and is a very efficient way to eitherAccess Securityrun repetitive tasks that may differ only in the selection criteria orAccess security verifies that whomever (or whatever) isrun tasks that need to be launched unattended. ATE can also beattempting to access the application server is permitted to do so.used to as part of your change management process to test theThis includes login security to the menu system either by entry oflatest Epicor hotfixes using automated test scripts matched touser ID and password, or via Windows Authentication, sessionyour business activities and data. Industries that require softwaresecurity (same as login security) for application componentsvalidation matched to intended results will benefit from this tool.that are run directly from the desktop or other non-menu areas,and services security through Epicor to ensure that an externalsystem may access the business logic when allowed.4
Epicor Governance, Risk, and ComplianceCredit Card Authorizationand EncryptionEpicor credit card authorization used in conjunction with Epicor’snetwork of global payment providers meet Payment CardIndustry standards for data encryption and secure transmissionand storage of sensitive financial credit card information.Business ProcessManagementAs the global regulatory environment grows ever morechallenging for companies, it is becoming increasingly importantEnsure transactional integrity and compliancy of data using EpicorBPM to manage hold and event actions.to have embedded controls in your enterprise application sothat your users can be more productive. Epicor GRC helps youService Connect Workflowsmove away from the management of day-to-day complianceby leveraging technology and optimizing operational efficiency.Build and execute workflow throughout the system for yourEpicor BPM in combination with Epicor Service Connect, allowsunique business rules.you to identify risky processes to your organization and toeffectively mitigate risk through business-defined workflows.Electronic SignatureBPM and Service Connect essentially identify and improveInvoke and require electronic signature for processes with secureprocesses to make your business more efficient, moreauthorization and password.disciplined, and better able to adapt to change. BPM isCorporate Governanceparticularly important when it comes to the management ofGRC internal controls, processes, and procedures. Many ofThe current business environment is simultaneously complextoday’s businesses have already spent the time and effort toand increasingly regulated, which can challenge even the largestdocument and outline their business processes, some to meetbusinesses to remain competitive in today’s global markets.strict regulatory and quality standards for their industry andThis fact is perhaps most important when it comes to financialothers for improved business efficiency. Epicor incorporatescontrol—which encompasses all aspects of the financial healthBPM technology to enable organizations to automate, align andof the organization. Epicor GRC helps control this risk—streamline business processes for continuous improvement andcompliance with GRC guidelines.effectively enabling users to handle regulatory compliance andBPM and Service Connect provide a framework for building GRCorganizational financial visibility and control over financialprocess-driven integration points that give companies seamlessreporting, planning and forecasting processes.ultimately driving business performance by providing cross-integration capabilities with other applications and businesses.Organizations are under increased pressure to file accurateBPM automates delivery of information to employees internalfinancial results in a timely manner. While spreadsheets mayto your organization that are responsible for managing andhave provided an adequate solution in the past, as reportingmonitoring internal controls. Service Connect logs workflowdeadlines shrink and controls become more stringent, they willprocessing for both transactional integrity and compliancy.no longer be a viable option. Epicor GRC can help organizationsService Connect processes are available for review and trackingmeet these shortened deadlines in a variety of ways—fromwhile in progress or after the process completes.5
Epicor Governance, Risk, and Complianceconsolidating financial information to providing drill-down andAFR creates reports using the elements familiar to an accountantdrill-across access from financial reports to transactional detail.or financial professional. These include spreadsheet terms suchas Rows and Columns. It also provides an additional element ofBottom line, when companies adequately report, plan, budget,reporting hierarchy or trees allowing the viewer to generate theforecast, and periodically review and update budgets andreport for the area of the business which is their responsibility.forecasts, they exhibit a more mature level of internal control. ABecause the reports are parameter driven, the viewer cancompany that is unable to perform these functions well can playgenerate the report at any time by selecting the parametersa major part in motivating financial fraud and not living up toof time, company, Book or organizational element as requiredthe tenets of financial laws and legislation. Integrated enterprisewithout the need for intervention by the financial team.software applications go a long way in helping organizationsAFR helps organizations support GAAP, IFRS anddocument their internal controls, remove manual processes, andSarbanes-Oxley regulations.achieve greater visibility to their financial data. Epicor Financial Report WriterA standard part of Epicor General Ledger, Epicor Financial ReportWriter provides the ability to meet GRC reporting needs throughcomprehensive financial statement development, reporting anddistribution, including publication out to a spreadsheet.Financial PlannerEpicor Financial Planner is a comprehensive budgeting,forecasting, and planning tool that empowers and simplifiesthe entire ongoing process for organizations. Comprising a fullMicrosoft Excel front end it takes the parts of the budgetingprocess that people are used to without having to learn a newManage, report, and distribute financial information securely.toolset and extending on this with functions such as spreadingand pulling in actual ERP data. This intuitive interface sits onGlobal Trade Compliancetop of a secure SQL database that holds all of the budgetinginformation as well as controlling the defined workflow processIn order to conduct business globally, you need enterprisefor the business and security levels allocated to the budget users.business software that enables compliance with local laws,satisfies international security measures and meets the myriadAdvanced Financial Reportingof local and regional documentation requirements. EpicorEpicor Advanced Financial Reporting (AFR) allows creation,applications provide a comprehensive platform for managingmanagement and viewing of financial data in a user friendlythese trade compliance necessities.and easy to manage environment. Financial reports are differentfrom other reports because each line has to be defined in termsGlobal Trade Standards—Itemsof account ranges or sets for which a certain total needs to beEpicor GRC allows for the definition of the global tradecalculated, versus other types of reports which do not requirestandards for items, such as UPC UCC-12, EAN UCC-13, EANdefinitions of such complex groups. AFR simplifies reportUCC-8, and GTIN-14. Application functionality allows for acreation by exposing a user friendly interface which speaks withglobal trade standard to apply to an item and in the processthe user in financial terms without requiring familiarity with SQLcreates a global trade standard bar code which is able to bequery syntax or the database structure.scanned on any part number field.6
Epicor Governance, Risk, and ComplianceLanded CostLanded cost functionality offers significant benefits forInternational Shippingand Documentationcustomers who import or ship in materials either for resale orEpicor GRC supports integration with manifesting andfor use in manufacturing. The cost of freight, insuranceinternational export shipment processing solutions, whichand import duties can have a big impact on margins. Thisprovides for functionality to track hazardous material shippingfunctionality allows businesses to track costs accurately againstfor both domestic and international shipments. There is alsothe parts to which they apply, ensuring that the selling orsupport for international trade agreements such as NAFTA.assembly price then reflects the true cost of the materials, partsEpicor GRC can also provide the harmonized tariff scheduleor finished goods.(HTS) codes, which determine eligibility for preferential statusunder international trade agreements such as NAFTA, and printCountry of Originthe necessary export documents as part of the internationalshipping process.Epicor GRC supports the needs of manufacturers anddistributors by tracking Country of Origin, which supports thepercent of Content by Country requirements that are needed forISO extension in Europe.RoHS/WEEE ComplianceThe Restrictions of Hazardous Substances (RoHS) directive andWaste Electrical and Electronic Equipment directive (WEEEDirective) set collection, recycling and recovery targets forelectrical goods and are primarily directives that affected allcompanies selling electronic equipment into the European Union(EU). Epicor GRC supports tracking the compliance status ofparts in accordance with various legislative requirements whilealso tracking the ultimate consumption and disposal of thosetargeted parts to ensure the proper compliance with RoHS andWEEE directives.Track and manage compliance status of parts subject tointernational directives.Product Lifecycle ManagementEpicor PLM serves as a central knowledge repository forQuality Managementprocess and product history, and promotes integration andIndustry and regulatory compliance requires three basicdata exchange among all enterprise users who interact withcapabilities: process control, documentation and visibility.products. Epicor PLM offers integration with more than twelveThe Compliance & Audit solution, implemented in concertCAD systems while managing all documentation associatedwith Epicor Advanced Quality Management core capabilities,with a product throughout its entire lifecycle. Additionally, Epicorenables you to automate your business processes, share keyPLM supports GRC initiatives through sophisticated documentinformation, provide process documentation, traceability, andmanagement, critical for those organizations that need excellenttrack existing and potential issues through effective resolution.audit tracking and control of documentation across theEpicor Advanced Quality Management provides audit trailenterprise, including support for RoHS.visibility of inventory transactions occurring in inspection and7
Epicor Governance, Risk, and ComplianceEnergy Monitoringduring discrepant material report (DMR) processing. Additionally,to help businesses manage compliance documentation such asWith Energy Monitoring from Epicor Mattec MES, you canCertificates of Analysis (COA), Certificates of Quality (COQ), orsolve even the most complicated energy use and planningCertificates of Compliance, Epicor includes the ability to checkproblems. We help businesses reduce energy consumption andfor Certificates of Compliance at receiving of materials frompinpoint energy savings opportunities right at the source–bysuppliers, receiving of in-process parts from outside operationmonitoring energy use on equipment. It doesn’t matter whatsuppliers, and before shipping products to customers.your energy agenda or focus is, we can give you the powerto achieve your goals; ISO 50001, ISO 14001, SEP, energyWith planning to production coverage for quality, Epicorsavings, environmental policies, sustainable practices, corporateAdvanced Quality Management puts companies in a constantcitizenship, and social responsibility.state of compliance. Quality Performance Management providesturnkey support for ISO, automotive (TS), aerospace (AS), andFDA (cGMP, FDA 21 CFR Part 11).Environmental andEnergy ManagementAs the world continues to analyze energy availability and thelong-term effects of climate change, businesses too are turningtheir attention to areas of opportunity—reduction of carbonemissions, energy conservation and supply chain sustainability.Despite the fact that government incentives in this area arestill in their infancy, many businesses are finding that theseinitiatives go beyond simple good-citizenship to real businessopportunities and bottom line savings that can contributeEnsure optimized delivery routes and lower miles traveled by yourfleet, ultimately reducing costs and carbon emissions.financial value to the organization while meeting demandingcustomer requirements.LogisticsIn the near future, having the ability to maintain and trackLogistics software can manage the fastest distance from pointcarbon emissions will become a much more strategic initiativeto point; reduce fuel used and carbon emissions created duringwithin most organizations. While an emerging a
A standard part of Epicor General Ledger, Epicor Financial Report Writer provides the ability to meet GRC reporting needs through comprehensive financial statement development, reporting and distribution, including publication out to a spreadsheet. Financial Planner Epicor
