Page 328 -
P. 328
286 Chapter 10 • Global, Ethics, and Security Management
able to receive tax benefits by having greener practices and measureable results. This will not
only benefit the organization but also the planet. Throughout the growth of business, history
shows that we have done much damage by polluting the planet. Ideally ERP will help organiza-
tions to become wholly green and be able to recycle all of their energy and hardware. The green
market is growing and is expected to go from $47 billion in 2009 to 223.7 billion in 2013. This
will prove to be a very profitable venture for ERP vendors and organizations that use ERP.
COMPLIANCE ISSUES
The pressure in today’s competitive environment requires the use of enterprise systems such as ERP
to be effective and efficient in the management of the business operations. No commercial enterprise,
government, or institution is an exception to this requirement. The validation of these systems to attest
that they are fit for the specified purpose and meet user and compliance requirements is critical.
Although no organization is subject to pressure to validate the system, other forces have pushed them
toward embracing the concept. Thus, complying with specific regulations such as FDA, HIPAA, and
SOX is becoming critical for the system to be valuable. It has been proven that only performing
system validation or software validation does not mean that the system has been designed to meet
these requirements. The validation concept and the compliance requirements of computerized
systems are often misunderstood and thus need clarification. Business managers, who have the
primary responsibility for ensuring that the ERP objectives in terms of compliance requirements
are met, must know the principles surrounding ERP system validation and regulatory compliance.
Ultimately, the validation would ensure that the system meets its requirements. According to Tim
Flanigan and Robert Mackey, the fear of validation can be replaced with its embracement once it’s
understood that validation could be and should be beneficial to the overall ERP investment project.
SOX Compliance and EU Regulations
SARBANES–OXLEY ACT The Sarbanes–Oxley Act of 2002, sponsored by U.S. Senator Paul
Sarbanes and U.S. Representative Michael Oxley, represents the biggest change to federal secu-
rities laws in a long time. It came as a result of the large corporate financial scandals involving
Enron, WorldCom, Global Crossing, and Arthur Andersen. Sections 404 and 409 relate to IT
controls. Section 404 illustrates rules set up on internal controls. It discusses the necessity for
clear responsibility in IT systems, as well as for maintaining an adequate internal control struc-
ture and procedures for financial reporting. Section 409 illustrates real-time information
30
concerning material changes in the operational or financial condition of a company. In order to
comply with these sections, companies must have adequate controls on the business processes
and information systems that feed their financial reports.
In an article, Rob Smith describes seven different control considerations for information
technology (see Appendix D). It is clear after reading these that SOX must be kept in mind when
implementing an ERP system. You want to make sure that internal controls such as separation of
duties, safeguarding of information, and the like are in place. With internal controls in an ERP
system you will be able manage risks and monitor the reliability and integrity of financial reporting.
Because most ERP systems contain data that feed the financial reports, compliance of SOX is
definitely a topic to cover when choosing and implementing an ERP system.
30
Smith, R. Seven Things You Need to Know About IT Controls. Sarbanes-Oxley 404/409. http://www.techrepublic.com/
whitepapers/sarbanes-oxley-404409-seven-things-you-need-to-know-about-it-controls/113303 (accessed October 2004).
