Compliance

Patient Data Security: How Digital Fax Technology Can Help Healthcare Remain Secure and Compliant

Please Note: This blog article was originally written and published by Jacob Block. The security of Protected Health Information (PHI) is a primary concern forhealthcare institutions. PHI management is important not just for patient careand privacy, but also to meet strict regulatory compliance mandates. In thethird installment of a bi-annual survey of healthcare providers, a reportpublished in April details the current state of patient data security. Thereport was commissioned by Kroll Advisory Solutions, a leading risk consultingfirm, and published by HIMSS Analytics, a world leader in healthcare ITreporting. The reason for the report stems from concern over patient data security inlight of increased adoption of mobile technology for the exchange of electronic health records (EHR) and, more specifically PHI. Bymoving PHI to mobile devices, it becomes more vulnerable to breaches. In fact, 31 percent of survey respondents indicated that “information available on aportable device was among the factors most likely to contribute to the risk of abreach.” An earlier report by the Department of Health and Human Services (HHS) foundthat 207 data breaches in 2010 affected 500 people or more and were causedby: • Theft• Loss• Unauthorized access/disclosure• Human/technological error• Improper disposal Theft accounted for almost half of all breaches that year and affected anestimated 2,979,121 individuals. In the HIMSS survey, more than half of allbreaches were internal, but third-party sources were also recorded. Almost allrespondents require third parties to sign a business agreement before handlingEHR, but only about half indicated they ensure that their third-party vendorsconduct regular risk analysis to identify vulnerabilities. The HIMSS Analytics report found that on top of security issues, healthcareinstitutions are being torn in two directions. On the one hand, they are taskedwith protecting PHI, but on the other they are expected to comply with amultitude of strict regulatory mandates like HIPAA and HITECH. “Whileorganizations are actively taking steps to ensure that patient data is secure,they are so focused on meeting compliance requirements that they have littleawareness of the efficacy of their security programs.” Debate also remains over who exactly oversees which elements of EHR: “Asorganizations struggle to address data and privacy breaches, a lack of ownershipfor the issue across the industry remains. Various titles hold responsibilityfor pieces of the compliance puzzle, ensuring that their organizations meet themandates and regulations set forth, but the overall security picture continuesto elude most.” The keys then are: • Controlled document access• Confidence in third-party vendors• Clearly defined security and privacy roles The good news, according to the report, is that the priority of compliancehas raised awareness about the gaps in patient data security. Respondents rankedtheir preparedness at an average of 6.40 on a scale of one to seven in 2012,compared to 6.06 in 2010 and 5.88 in 2008. While mobile devices remain a concern, technology isn’t always to blame fordata breaches, and can in fact be the solution. Such is the case for thethousands of healthcare institutions using fax and document delivery solutionsto manage their EHR. Fax is still the preferred method of secure documentdelivery for healthcare institutions worldwide, and new fax technologies arechanging the way we interact with fax. No longer are workers sending and receiving paper documents at a fax machinein a public area. Instead, they can fax securely via encrypted email, orsecurely over IP from private, password-protected workstations. Othertechnologies include archiving tools that can capture, file, distribute andmanage millions of documents from a single repository, and can control exactlywhich users can see a particular record. This allows only the appropriatehealthcare professionals easy and immediate access to EHR not only to provide faster, better care for patients, but also to respond quickly to externalrequests for information. Tasked with both patient data security and regulatory compliance, digitalfax technology can solve problems for the smallest clinic to the largesthealthcare network. In light of the HIMSS report’s findings, implementing asecure document management system is good for patients and good forbusiness. See the full report here. To learn more about EHR management solutions for healthcare providers, visitOpenText’s Fax and Document Delivery Group healthcare page.

Read More

EDI Invoices are e-Invoices. Right..? (part 2)

There are plenty of EU rules and regulations to help us understand what constitutes a compliant electronic tax invoice. EDI as a means to exchange electronic invoices is long-established and proven since 1994, but in some countries there has been confusion around how EDI provides tax compliance. In the past, companies would run an EDI program to gain business benefits but accounts payable/receivable would also process paper invoices, to ensure tax compliance. While there have been different VAT rules and regulations in different member states since 1990, it wasn’t until 2001 that clear VAT rules for e-Invoicing were issued by the EC, and mapped out how paper could be completely removed from the invoicing process, in a tax compliant manner. The 2001 legislation later harmonised in 2006, set out the rules for data validation, authenticity and integrity, and archiving.   One country in particular seized on these new regulations to provide explicitly clear rules on how both digital signatures and EDI can provide compliant e-Invoicing. In July of 2003 the French tax authorities new rules on e-Invoicing came into force. The French legislation combined each of the three core pillars of compliance into a single EDI process and since that time there has been little confusion around compliant EDI. This has resulted in a thriving compliant EDI industry in France whereas elsewhere, only the “authenticity and integrity” element for EDI has been used. Authenticity & Integrity According to the current EC VAT Directive the authenticity of the origin, the integrity of the content and the legibility of an invoice, whether on paper or in electronic form, shall be ensured from the point in time of issue until the end of the period for storage of the invoice. EDI achieves this transferring data within a secure network and messages sent and received are identical. This may be supported by interchange agreements, summary lists and sometimes by a trading partner list. A well-managed EDI process will store the different evidence components, including evidence that the chosen security and other controls are complied with, in such a way as to convince an auditor quickly that the archived invoices messages are authentic and unchanged since issuance. Companies issuing invoices must ensure the authenticity of the origin of the document, essentially this means that the issuing company is who they say they are and they issue documents within a secure channel. Trading parties must implement and maintain different security procedures and measures, including the verification of the origin, the non-repudiation of origin, the receipt, and the confidentiality of EDI invoice messages. Networked EDI EDI networks are private, secure networks where EDI related information can be exchanged between companies. Connectivity to the EDI network must be over a secure channel to guarantee the “integrity” of invoices, for example FTPS,           VPN,   AS2 or secure FTP within a secure shell protocol are all acceptable methods. Processes engrained within the EDI network ensure that the message transferred maintains integrity across the end to end process and any transfer errors are captured and dealt with. To ensure authenticity within an EDI network, trading partners will typically require a secure account and connection with an EDI network provider to both send and receive electronic documents. A well-managed EDI network process maintains a trading partner list that identifies all trading partners exchanging invoices. This list validates the trading relationship between trading counterparties. The provider will also keep a record of all trading party interchange agreements and maintain a summary list of all transactions between trading counterparties verifying each message and indicating any anomalies detected at transmission. During an enrolment campaign, suppliers will typically be part of a customer’s vendor master list, inferring an element of trust between the two trading partners. In an EDI network each supplier goes through an enrolment process and credit check to authenticate the company and if successful they have a secure account and connection within the network and “authenticity” is assured.            When networked EDI is combined with data and archiving compliance, it can both provide an end-to-end tax compliant process. The decision for your company is quite simple, is upgrading my existing EDI process the simplest, most cost-effective, and efficient e-Invoicing program to implement?         Point-to-Point Point-to-point connections can also ensure “integrity”, providing the protocol used is secure, again, the examples of      FTPS, VPN, AS2, or secure FTP within a secure shell protocol are all acceptable methods. But it is a little more difficult to quantify “authenticity” for point-to-point connections, by using a secure connection between your company and your trading partners authenticity is “inferred”, but perhaps not guaranteed unless you mandate secure procedures. If your company is using point-to-point to directly connect to your trading partners you must ask yourself what process both trading partners have in place to ensure the “authenticity” of invoices. I would recommend talking to your tax advisor on best practise.           AS2 is perhaps the most commonly used protocol for point-to-point connections and deserves a separate mention as AS2 can provide both “authenticity” and “integrity” at the same time because a digital signature is embedded into the protocol. Because a digital signature is embedded over the protocol, this doubly ensures the “integrity” of invoices, but “authenticity of the origin” of the invoices is also ensured by the electronic certificate, so if your company is running a point-to-point EDI program the recommended method of ensuring a compliant process is using AS2 with a digital signature. Web EDI Web EDI has generated some controversy over its ability to be compliant but as far as ensuring “integrity” is concerned as long as invoices are issued over HTTPS they will be compliant.  Web EDI provides “authenticity” as long as account security and enrolment process has the same controls as the EDI network enrolment process. Typically any web-form solution will require a secure log-on and therefore the trading party must have a secure account with the EDI network provider.  The enrolment of web suppliers is driven from a vendor master list from the buyer, during the enrolment process the supplier is asked a set of validation questions and successful suppliers are given a secure account. This web EDI enrolment process is typical of many of the alternative e-Invoicing service providers. Managed Services Another option is EDI outsourcing, which is simply a method of using external resources to manage your EDI environment on a day to day basis. A company can choose to outsource part of an EDI process such as on-boarding a group of trading partners, or they could decide to outsource the management of the entire EDI process. Most EDI implementations need access to resources that can develop maps, on-board trading partners and implement new communication protocols. Many companies do not have the internal resources to undertake this type of work and prefer to outsource it.  As long as the underlying EDI method used by the EDI outsource team assures authenticity and integrity, then outsourced EDI can ensure compliant invoices. Data Validation & Archiving So we can see that as far as authenticity and integrity is concerned, EDI can provide a tax compliant process. Some methods have compliance engrained into the process and other methods require certain procedures to be in place alongside. But so far, none of the methods discussed include data validation or archiving. GXS developed its e-Invoicing solutions to include each of the three elements of tax compliance – data validation, authenticity & integrity and archiving. Our solutions are inclusive of both digital signatures and EDI and the choice for our customers is simple, whether to upgrade their existing EDI process, or to leverage digital signatures where appropriate.                        So if you are considering an e-Invoicing program, why would you choose the EDI method?  Your company may already be processing EDI invoices. If so, your company will be able to extend existing contracts and SLAs and leverage a solution that will overlay your existing EDI processes. Many of your suppliers are pre-connected to EDI networks and this will reduce your initial investment plus allow you to get to ROI quickly. Any suppliers that are not can easily connect through web-forms. It should be re-iterated that EDI is not expensive any more. Suppliers can connect through cost-effective solutions, from web-forms for low-volumes through to integrated desktop solutions for mid-volumes. Many EDI network providers are pre-connected, and interoperability across networks is well established which opens up trading counterparty connections across multiple networks.           In conclusion, EDI does provide compliant e-Invoicing as long as you combine each of the different elements of tax compliance into a single process.

Read More

A Simple and Compliant Solution to the Paper Problem in Healthcare

Please Note: This blog article was originally written and published by a Fax and Document Distribution Group team member. Managing excessive paper-based medical records is not for the faint of heart — especially when compliance violations can result in fines that well exceed seven figures. Healthcare organizations that employ a virtually “paperless” EMR or EHR solution may believe that they are immune to penalties but that’s simply not the case. Send a fax to the wrong person or leave a fax in whole or part at an unattended fax machine and you could be subject to costly fines. In fact, the number and amount of compliancy fines in the US is at an all-time high. Join OpenText on April 12th at 2:00PM Eastern / 11:00AM Pacific for an educational webinar, where you will hear from security and privacy expert Rebecca Herold, AKA the Privacy Professor,and learn about the risks associated with paper-based communicationsand processes. During the webcast, attendees will also hear from ChrisPatterson, the IT Administrator for Florida Heart and VascularAssociates, and see how they integrated an OpenText digital faxingsolution to achieve HIPAA compliance, improve processes, and dramatically lower costs. Who should attend? Healthcare Compliance Officers adopting new healthcare compliance initiatives Healthcare Professionals wanting to protect and secure patient information Healthcare Practice Managers seeking to improve productivity and patient care Healthcare Informatics roles searching for ways to improve workflow and streamline business processes Register today!

Read More

Expanding the Envelope of BPM

Submitted by: Process Matters Blogger on: March 16, 2012 Organizationalleaders face difficult decisions when it comes to balancing changeagainst ROI expectations. Does change justify the cost in terms of time, money and resources? At the end of the day, executives are lookingsolutions that can help them create and sustain an agile business whileminimizing waste. Over the years organizations have achieved atremendous amount of success by using business process management (BPM)tools to do exactly this. Increasing operational efficiency, swiftlyresponding to new compliance mandates, dramatically improving workerproductivity, eliminating bottlenecks and cutting costs are the oftentouted benefits of BPM. However, despite thousands of BPM successstories, many questions remain about how to get the most out of your BPMinvestment. A few weeks ago Clay Richardson Senior Analyst at Forrester Research, Nathaniel Palmer Editor-in-Chief of BPM.comand Donna Tellam, Director, User Experience Specialist of OpenText BPShosted a roundtable-style webinar in which they discussed some of thelesser-known ways organizations can maximize the value of BPM. Here are afew key takeaways that can help you achieve the best possible return onyour BPM investment. Start small, think big, move fastThemajority of BPM projects are mission critical in nature and thereforehave a much higher internal risk. Clay suggests that organizations startwith a project that is big enough to demonstrate clear value to themanagement team, but still small enough that it doesn’t put yourorganization at too much risk. With the right amount agility in yourprocess improvement efforts, you can rapidly drive organizationalchanges. For example, one company had a big vision for BPM. In order toprove the potential value of enterprise-wide BPM deployment to theirorganization they selected a specific project where they could engagethe line of business manager. The scope of the project was small enoughthat only a fraction of the users were affected by the change. By havingthe line of business manger involved throughout the entire project,they were able to fully experience and convey how BPM could transformtheir organizational operations. Once users catch a glimpse of what BPMcan do, the team is almost bombarded with requests to automate keyprocesses across a variety of departments within the business. Breaking alarge, often complex vision into bite-sized projects pieces can be aneffective way to demonstrate the incremental value of BPM while settingthe stage for how BPM can be expanded to support broader initiatives andgoals. People driving changeA compellingevent is often the catalyst for a BPM project. However, some of the mostsuccessful BPM implementations start with a person, rather than anevent, driving change. These process improvement projects begin with achange agent that truly understands the strategic value of BPM. Thischange agent is either in a senior management position or has theattention of senior management and is positioned to gain executivesponsorship. It is important for the change agent to collaborate withthe person responsible for shaping the BPM project so that they canarticulate the need and value of process automation.Securing the rightexecutive sponsor and team for a BPM project is also critical to thesuccess and adoption of BPM within organizations.This support must besecured from the outset and can make or break BPM projects. The metricsTodemonstrate value, you must understand and measure your success – whichcan be tricky. Successful organizations measure how effective they areable to transition their organization into a more process-drivenculture. You can do this by taking a look at the number of processautomation projects you do in a given year and how many of thoseprojects take advantage of BPM capabilities. As your BPM teamshifts its focus from the typical cost-cutting objectives that involveautomating the manual, mundane tasks and towards value innovation, youwill begin to see how these improvements impact customer-facingactivities. By improving core processes that would typically takeseveral days, weeks (or even months) you are better prepared and havemore time and resources to devote to delivering innovation, improvingcustomer service and getting products to market faster. If you arenew to BPM or want to squeeze more value out of your BPMimplementation, I strongly suggest you check out Clay Richardson’sForrester Report, The ROI of BPM Suites. For those of you craving more information, download our recent webinar and podcast which unveils the steps to taking your BPM project to the next level.

Read More

Make Your Faxes Mobile

The use of mobile devices such as smartphones and tablets is becoming increasingly popular in everyday business. Mobile devices are used in virtually every industry and have become an integral element of core business processes. Let’s look at the three major ways in which mobilitytrends impact organizations: 1. Mobile devices use a wide range of differing operating systems 2. Employees are bringing their owndevices into the workplace, driving the need for enterprise-grade Bring-Your-Own-Device (BYOD) strategies 3. Consumer applications are mobile, and employees expect business apps to follow Gartner predicts that by 2014, 90 percent of organizations will support corporate applications on personal mobile devices . In line withthese trends, the need for mobile access to RightFax has become apriority. To this end, OpenText teamed up with Cortado, a leading provider of virtual desktop technology. Cortado Corporate Server Integrating mobile devices into corporate IT structures poses a challenge to administrators because of the wide variety of devices and their varying operating systems and security features. Cortado CorporateServer provides users with the solution to accommodating differentmobile platforms: it gives employees with smartphones and tablet PCssecure access to corporate network resources and allows them to usetraditional desktop functions while on the go, just as if they were attheir workstation in the office. Users can access files and informationon the corporate network at any time with their mobile devices, andeither print directly to the nearest printer or send documents via fax.On the backend, the Cortado Corporate Server acts as a mobile devicemanagement system and allows secure management of users, profiles, andpolicies. Cortado Connector for RightFax The Cortado Connector for RightFax simply integrates RightFax with theCortado Corporate Server. This module is the interface between CortadoCorporate Server and RightFax. Utilizing the Cortado software, themodule will pick up the Cortado application output files and send themout through the RightFax server. Most common file formats in Windowsenvironments are supported. Fax status reports must be configured withinRightFax and can be sent to the fax sender’s mailbox. Description of the RightFax – Cortado Integration Cortado Corporate Server’s integration with RightFax allows users with amobile device or tablet to send documents via fax either from withinthe office environment or remotely. Cortado enables those documents tobe retrieved from a file-share on the organization’s local network orfrom the local device itself. This overcomes security and complianceissues customers face when they are, for example, out of the office andtrying to send a document via fax, but are unable to use theorganization’s central RightFax server. The Result Cortado Corporate Server and RightFax work together to offer customers numerous benefits: • Fax documents from a mobile device with ease • Send any document as a fax – whetherfrom the corporate network, local directories on the device, or as anattachment from an email program • Trigger and fax up-to-date database reports • Reduce data traffic by eliminating download of centrally-stored files • Create fax documents on the fly on your smartphone or tablet PC • Receive fax status notifications on the device For organizations, the result of the RightFax and Cortado Corporate Server integration is a solution that brings a reduction in cost and ITadministration, while simultaneously increasing productivity, security,and compliance. RightFax & Cortado: The right fax solution for every BYOD strategy! Martin van Ginkel Strategic Alliances Manager EMEA OpenText Corporation

Read More

Exposing the value of BPM

Submitted by: Process Matters Blogger on: February 20, 2012 Inefficientprocesses can make or break your organizations ability to succeed. Eachyear organizations dish out hundreds, even millions, of dollarsleveraging the wrong resources to try and improve ineffective businessprocesses. Companies that are unable to adapt to new industryregulations, changing business models and competitor innovation arefacing the reality of failure. The bar is set high and now more thanever, consumers expect (and often demand) more from organizations. Asbusiness leaders look past slow-to-change packaged applications andtowards new ways to improve mission-critical processes, manyorganizations have started to embrace business process management (BPM)technologies. While the adoption of BPM suites increases each year, manyorganizations have yet to realize the rich benefits they can achieve byextending their BPM implementation beyond its traditional cost-cuttingfocus. Not surprising, Clay Richardson, senior analyst at Forrester refers to some of the major benefits of process automation as low-hanging fruit – whichincludes for example, the elimination of bottlenecks – such as dataentry duplication – to increase operational efficiency. Other benefitsinclude the ability to quickly and effectively respond to compliance andprocess change, improve worker productivity, and increase collaborationbetween business and IT.¹ However, as an organization’s understanding,awareness and use of BPM matures, many key stakeholders begin to realizethey can leverage these tools to continuously improve and transformtheir business. BPM has the potential to deliver significant ROIand transform your organization. According to Forrester Research, manyorganizations who have achieved significant success have shifted theirBPM priorities from reducing costs to improving customer experience andincreasing value innovation. These companies see a tremendous return oninvestment in the form of increased competitiveness, customer growth,accelerated time to market, and improved operating model flexibility. Organizationshave the ability to continuously improve and change the way theyoperate by using BPM. With the right information, resources and team,businesses can achieve a strategic advantage over the competition. Ifyou’re interested in learning more about identifying and measuring theROI your organization can achieve from BPM, I encourage you to join ClayRichardson, Nathaniel Palmer, and Donna Tellam on Tuesday, February21st at 11:00 AM EST for a free webinar on Unlocking the Secrets of BPM ROI. You may also click here to access a free copy of Forrester’s ROI of BPM Suites report. ¹Forrester Research, “The ROI of BPM Suites” by Clay Richardson, August 22, 2011.

Read More

SWIFT Faces Tough Predicament as EU and US Pressure to Suspend Iranian Banks Rises

B2B Integration Networks are making the front pages of the newspaper again today as SWIFT faces growing pressure to block Iranian banks from using its network.  An article from the Associate Press this morning provides a full background on the story stating “The United States and Europe are considering unprecedented punishment against Iran that could immediately cripple the country’s financial lifeline.”  SWIFT was also mentioned in the front page headline story of today’s Wall Street Journal. SWIFT, of course, is the world’s largest electronic banking network connecting approximately 10,000 financial institutions in over 200 countries around the world.  SWIFT does not actually perform funds transfers or foreign exchange transactions.  Instead, SWIFT’s role is to transport electronic messages that instruct banks to move money and exchange currencies among one another.  As a result, SWIFT is the B2B integration network that connects the international financial community upon which the global economy depends. My purpose in posting about this topic is not to be critical of SWIFT.  I don’t envy the quandary SWIFT is facing.  No matter what action they take SWIFT will likely be the target of criticism from some faction within the global banking community.  Instead my purpose in this post is to illustrate the critical, strategic role that B2B integration technologies play in the global economy.  Without the ability to share files and messages between different organizations, commerce as we know it comes to a halt. Consider this – After years of imposing economic sanctions against Iran which have failed to deter its nuclear agenda, the two most powerful governments in the world are now considering severing B2B integration links as the most effective weapon against Iran.  Why?  Because Iran uses the SWIFT network to coordinate financial transactions related to its petroleum products – the country’s principle export.  A Reuters article published last week stated that “Nineteen banks and 25 connected institutions from Iran sent and received some 2 million messages in 2010. They included banks the U.S. accuses of financing Iran’s nuclear programme or terrorism – Mellat, Post, Saderat and Sepah.” Loss of SWIFT connectivity could significantly impact the Iranian economy with increased inflation and currency devaluation. SWIFT has always operated as a trusted, neutral network which does not judge the merits of the transactions it moves.  However, the cooperative’s bylaws do prohibit from facilitating illegal transactions.  SWIFT needs to act carefully as an action it takes could set precedent for future disputes.  For example, suppose that tensions between China and Taiwan escalate in the future.  Could China pressure SWIFT to cut off financial access to Taiwanese banks? The AP article this morning stated that “Lawyers familiar with SWIFT’s operations said it could bar processing actions with any Iranian party or third parties representing Iran, though that would open the consortium to complaints of favoritism or political influence. It could permit the processing but quarantine Iranian transactions, or require warnings to those doing business with Iran. Penalties on Iran short of expulsion could allow SWIFT to preserve a greater appearance of neutrality but make business partners think twice, lawyers said.” On February 5th, SWIFT issued the following statement on its web site in response to US Congressional pressure on Iran: “Regarding the recent legislation proposed by the US Senate Banking Committee regarding Iran, SWIFT fully understands and appreciates the gravity of the situation.  We are working with US and EU authorities, as well as discussing with the G10 central banks which oversee SWIFT, to find the right multilateral legal framework which will enable SWIFT to address the issues.” This month’s challenges with Iran are not the first time that controversy has emerged surrounding SWIFT and its financial transactions.  In 2006, a front page story in the New York Times discussed how the banking network had been used to identify the money laundering activities of international terrorist organizations.  The US Terrorist Finance Tracking Program to monitor SWIFT transactions led to the capture of high profile targets such as Riduan Isamuddin, known as the “Osama Bin Laden of Southeast Asia.”

Read More

Governance: It Doesn’t Matter What, It Really Matters Who

As I just got back fromLegalTech NY, where I spent many hours speaking with General Counsels and IT Directors about their business requirements, I wanted to share and repost a blog, which is relevant to those discussions. The following is a guest post by Dave Martin Originally posted on Dave Martin’sblog on SharePointProMagazine. Read the other posts in this series here. Over the years one of the many things I’ve been involved with is governance.To most the word governance is synonymous with compliance, which is then in turn synonymous with records management.After that the focus becomes very specific.What I recommend people do when trying to understand how they should approach governance is to approach it as a strategy and make sure that strategy involves and intertwines three things: people, process and technology. If this sounds familiar it was an integral part the first post I wrote in this series around understanding SharePoint from a big picture perspective.When it comes to governance specifically there is a certain part of this triumvirate that stands out: the people.We often run headstrong into governance deployments without really understanding who needs to be involved before the code hits the servers and processes are under way. The very first step organizations need to take is defining that small group, who will steer the solution to and through implementation.Obviously IT pops up first as we look to define this working group, and they are unquestionably a very big part as they will be responsible for the technology doing what it needs to do.Another group that should also be considered a bit of a no-brainer is the group or department, or in many cases, the individual responsible for records.This person may be by title the compliance officer, records manager, IT security or legal counsel, regardless they are responsible for the information policy management of the organization.And lastly, but certainly not least we must include someone, or some group that represents the line of business worker, or end-user. Surprisingly, I have seen this last group consistently excluded from the planning process.Not because they are a problem or difficult to work with, but because the people that are actually going to use the solution are often an afterthought, or as IT would consider them: the customer.DO NOT forget to include this group!At the end of the day they will literally make or break the deployment’s success causing problems for both those other groups at the table as they won’t understand the technology (frustrating IT) or they don’t execute according to policy (putting the company at risk). Once we have the right contributors at the table we can start to define the governance strategy.When people are defining their governance strategy I always promote that they ask themselves a few key questions to help better understand what they want to do, who it will affect and what they need to do it.Once these questions have been answered a plan can be more easily defined. The first question is: do you understand your content?This is very important and can also be made as a statement: know your content!We have content broadly spread across our environment, not just in SharePoint.If we are planning to move large portions of that content into SharePoint – file share replacement is one of the top uses of SharePoint – think about what you are moving over.Is this relevant data? Is this data that must live under compliance?Is this duplicate data?Is this active data? This last question is an important one to consider in terms of SharePoint.SharePoint is an active content solution, and a relatively costly place to store content.If you are moving massive volumes of data into SharePoint it just does not make sense to move old, inactive content into SharePoint from a cost perspective.This content should move directly into an archive that lives on a lower and cheaper tier of storage. Once again we must consider “the who” for a second here.Even though we are moving content out of SharePoint and into a more cost effective compliant place we cannot forget that users should be able to access it or restore it (permissions pending) directly from SharePoint. My next question is: what are your specific compliance requirements?This varies widely from company to company and industry to industry – every company has corporate policies specific to their internal requirements, and many companies have to adhere to industry regulations.SharePoint does a great job of managing the content in SharePoint as records, but does an even better job when supported by partners.As broad as SharePoint’s records capabilities are when it comes to supporting industry regulations and government guidelines like the Department of Defense 5015.2 (DoD 5015.2), physical records and records living outside of SharePoint’s native repositories a third-party add-on solution is a requirement. And for my last question, we go back to “the who” again: How will we govern the people?Again, for most, information governance has to do with the information, but we must also be sure to govern the people if we are going to be successful.This question relates to how we are enabling people to leverage the core strengths of SharePoint, and this all starts with the creation of Sites and filling them with content.Organizations have to have a Site provisioning plan in place or they risk putting the organization as a whole at risk.Site sprawl is not just a myth, it is a reality, but it doesn’t have to be feared.Attaching a lifecycle and policies to a Site at the point of creation will ensure that Sites are connected to the data center and can be managed under the watchful eye of IT.Not only this, but we can now monitor those same sites and move them to the appropriate tier of storage once they have become dormant or inactive.Site provisioning allows organizations to permit the creation of as many or as few sites required all in a controlled fashion. As you can see, understanding “the who” when defining your governance strategy for SharePoint is a pretty big deal.Not to downplay the value of process or technology, but to use an analogy: it is the person that drives the car down the right road, and it really helps when that person knows where they’re going.Just like a good governance plan for SharePoint, people who drive cars will get to their destination faster if they have good maps. To find out more, join me on February 21st at noon EST where I’ll be participating in the webinar Extending SharePoint Across Your Information Infrastructure. You’ll learn key concepts required to turn SharePoint into a multifaceted, stable, and powerful IT tool set.

Read More

5 Tax-Compliance Questions You Should Include in Any e-Invoicing RFP

e-Invoicing promises significant benefits.  But, if you deal with suppliers or customers in countries that collect Value-Added Taxes (VAT) you must be certain that your e-invoicing solution enables you to easily comply with the varying country-specific e-invoicing regulations.  Otherwise, you could be subject to sanctions, including fines and the possibility of having to repay already-deducted VAT amounts, which averages 20 percent of transaction values. So, be sure to include the following five questions in your e-invoicing RFP to ensure you end up with a long-term, sustainable solution that meets your needs. 1.      Data Requirements – Does the solution support varying country-specific data requirements? If so, which ones, and how are they implemented? Countries vary in their requirements for the data content of electronic invoices. For example, a UK invoice is required to display the place of legal seat but not the legal form of the company, while a French invoice is required to display both.  Australia requires little information about the company itself to be on the invoice, but requires transactional details such as item quantities, item prices, VAT rates, and VAT amounts. Mexico and Brazil require invoices to be dynamically registered in tax authority systems and information provided by these authorities must be included on invoices. Your solution must include the data required by the laws of each government in addition to those of the buyer and supplier. 2.      Authenticity and Integrity – Does the solution support varying country-specific requirements for guaranteeing the authenticity and integrity of electronic invoices?  If so, which ones, and how are they implemented? Different countries allow different methods for ensuring the authenticity and integrity of electronic invoices. These include digitally signed EDI invoices, digitally signed PDF invoices and non-signed EDI invoices. When using digital signatures for signed EDI or signed PDFs in the European Union, some member states require software-based electronic signatures – called “advanced” electronic signatures– while others require one of a variety of hardware-based electronic signatures – called “qualified” electronic signatures. In other member states, digital signatures are an option rather than mandatory, but your trading partner may still insist on their use. For example, in Spain it is a common business practice to digitally sign EDI invoices even though digital signatures are not mandated by law. Most countries permit EDI invoices without the addition of digital signatures as described above as the official legal invoice for tax audit purposes. This is sometimes referred to as “non-signed” or “un-signed EDI.” Electronic data interchange (EDI) has been a popular method of exchanging electronic invoices for more than 20 years and, when the invoices are exchanged within a secure network, the authenticity of their origin and the integrity of the content is ensured. However, some countries may still require additional compliance documentation. For example, France requires a comprehensive trading partner list and a daily, automatically generated invoice summary report to be available during an audit in addition to the legal invoice.  In many countries, tax auditors will also request human readable copies of your EDI invoices.  Your e-invoicing solution must be able to provide such additional compliance documentation as required on a country-by-country basis. If your company deals with suppliers or customers in different countries your solution must be able to automatically identify the appropriate rules to apply and support all the variations. 3.      Archiving – How does the solution provide invoice archiving? One of the major components of the country-by-country e-invoicing regulations is the requirement that both buyer and supplier archive the legal invoice—the digitally signed PDF, the digitally signed EDI document, or the non-signed EDI document. In the case of digitally signed documents, the electronic-signature certificate proving the integrity of the invoice must be stored as well. All archived invoices must be rendered in a human-readable format upon request of the tax auditor. In the case of non-signed EDI, some countries such as France also require the archival of additional compliance documentation, such as the comprehensive trading partner list and daily invoice summary, including invoice number, amount due and an electronic audit trail to provide validation that an invoice was indeed processed and delivered without any modification. All data must be stored in accordance with the local data protection laws. Many countries require the archival of digital invoices for extended time frames, which may be as long as 11 years. Furthermore, some regulate the location of the archive — within a country or a region. Your e-invoicing solution must allow for these data storage requirements in a secure environment, while providing an audit trail of all transactions. 4.      How does the solution speed compliance with auditor requests? Government authorities frequently conduct audits to ensure compliance with all necessary regulations. These audits can be extremely time-consuming and resource-intensive. Time spent gathering and providing information to the auditor is time that these resources are not working on their normal activities and projects.  Furthermore, you must be able to provide the auditors with your legal invoices in human-readable format upon request.  If your legal invoices are signed or non-signed EDI invoices, they must be quickly and easily converted as needed.   Your solution should enable you and/or the tax auditor to easily search the electronic archive for any and all invoices in question with minimal effort. 5.      How does the solution keep up with frequently changing tax regulations? e-Invoicing regulations around the world are changing regularly. As these changes occur, they may require updates to your solution to ensure that it remains compliant with local laws and that it fulfils the requirements of local tax authorities. The e-invoicing solution should include a facility to ensure that the system is always updated to reflect the latest changes in the regulations.

Read More

Submitted by: Process Matters Blogger on: January 23, 2012 InNovember and December, Gartner released the Magic Quadrants forEnterprise Architecture (EA) and Business Process Analysis (BPA)respectively.We thought we’d discuss some of Gartner’s observationsabout trends in both EA and BPA along with many questions we’ve heardfrom our customers and prospects over the years.We are thrilled aboutour leadership positions in both of these reports; however, I can’t help but think that many of our customers who use ourtools could be getting far more from their EA investments. While EA andBPA tools are maturing it seems like many decision makers in largeorganizations don’t have a clear, holistic understanding about the valuethey can bring to the table. Over the next few days I’ll be taking adeep dive into some of the most popular questions organizations haveabout EA and BPA. Question: What sort of value do organizations achieve from Enterprise Architecture? Answer:Almost every article, blog post, seminar, and book about enterprisearchitecture (EA) includes some mention of the need for enterprisearchitects to demonstrate move value to the business.The truth is thatfew architects get much practical, actionable advice on how to do that. Many business leaders don’t really understand the value of variousframeworks and taxonomies and have a difficult time understanding theattention to detail that architects focus on when developing theirmodeling methodologies. Not only do business leaders not understand, butmany are unwilling to take the time to learn. I’ve seen businessmangers glaze over when architects start talking about something assimple as their modeling assumptions. The most successfulcompanies embrace architecture as a way to instill a discipline thatdrives the translation of business strategy and vision into theenterprise to facilitate the change needed to reach the broader businessgoals. Architecture also defines the path for an organization to evolveas it implements those the necessary changes. In today’shyper-competitive global economy organizations cannot depend on a few“individuals” to instinctively make the right decisions to manage andexecute this type of large-scale change. Especially when companies arefocusing on objectives like improving customer experience andconsistency across all channels of communication, the focus onindividual contributions can actually impede the success of the broadergoal. To expand on this point, take a minute to read a recent blog post by HP’s Terry White, which cites research by Dana Gartner, president and principal analyst at Interarbor Solutions, and Jeanne Ross, Director and Principal Research Scientist at the MIT Center for Information Systems Research. Among other important things it suggests that to fully realize thevalue of architecture, “there’s a cultural shift that takes place in anorganization, when it commits to doing business in a new way, and thatcultural shift starts with abandoning a culture of heroes and accepting aculture of discipline.” Organizations have to strive for a higher levelof maturity and embrace a new culture of discipline before they canfully realize the value of architecture. This is not to say thatorganizations with less maturity don’t derive value from EA.Organizationshave demonstrated millions of dollars in savings witharchitectural initiatives focused on Application Portfolio Management,IT management, compliance and improving the effectiveness of keyprocesses.So my answer to this question is the value thatorganizations can achieve from EA initiatives depends on the businessproblem you are asking your architecture team to solve. Companies whoview EA as an essential discipline for business transformation derivesignificantly more value than companies who take a more narrow view. Infact, many of our customers who have taken the time to connect with thebusiness teams have also seen an increase in their penetration andacceptance by the organization. However, keep in mind that this requiresconstant coaching. Realization of a deeper value of transformation canbe accelerated when architects become more skilled at identifying keybusiness leaders that understand the value of leveraging best practices, standardization, process optimization, or other capabilities enabled bygood architecture. I recently had a conversation with one of our largercustomers, one of the world’s largest financial institutions, who toldme that he needed to have 150 conversations with key business leaders toopen the door to another 150 conversations that he needed to have todrive the kind of value his team was able to deliver. What do youthink? Stay tuned for our next question in this series and feel free tolet us know what questions you’d like answered.

Read More

E-Invoicing Will See Increased Government Adoption in 2012

This past weekend I shared my thoughts on the likely changes to global trade instruments in 2012.  Whilst Bank Payment Obligations and Supply Chain Finance will be popular topics in 2012, I think the fastest growing area of the financial supply chain will continue to be e-invoicing.  However, the growth (on a percentage basis) in the commercial sector may be eclipsed by adoption in the public sector this year.

Read More

Impacting Business with Enterprise Architecture: What the Future Holds for EA Efforts

Submitted by: Process Matters Blogger on: January 5, 2012 Clichéas it may be, I can’t stop myself from turning the page on the calendarof a new year and turning my mind to my personal goals for the year.Naturally, many organizations have a tendency to follow suit.Bolsteredby this spirit of the possible,organizations begin to envisionthemselves achieving their goals – to rethink the way their businessoperates with renewed desire to drive innovation, increase speed tomarket and dramatically improve customer service. To bring life to those enterprise aspirations, business andtechnology leaders should look to 2012 as a year to continue improvingtheir collaborative efforts to achieve business change. There are noindications that the new year will bring any relief from the increasingpace of technology and business change, nor the increasing demands frommore educated and socially connected customers. 2011 continued the trendtoward business driving IT and 2012 offers the opportunity to make thisshift pay off for organizations. Many organizations who are focused onbridging the gap between business and IT groups will achieve far morebenefits if they fuse these two groupsinto business teams workingcollaboratively to drive transformations. So, what does 2012 have in store for EA teams? In its yearly series, Gartner Inc. recently predicted that manyorganizations will begin to leverage EA tools to drive business valueand impact. According to the report, “Gartner Predicts: Opportunitiesfor EA to Lead Business Transformation in Turbulent Times,” December 1,2011, Phillip Allega, Betsy Burton, et all. “EA practitioners will beginto shift their focus to begin to think about their role differentlyand, in many cases, employ a new way of working.” With only 40% of EAprograms worldwide reporting to IT, EA’s focus must shift from IT andoperations to delivery of demonstrable business value. As I read through the report, I found the following assumptions particularly interesting. The managed diversity approach“By 2015, 25%of Global 1000 organizations will produce cohesive EA artifacts thatsupport the diversity of complex business ecosystems.” When undergoing a business transformation initiative, organizationsmust account for global operational diversity. According to the report,“the managed diversity style defines choices or options for whatprojects or customers can leverage without defining only strict, rigidstandards. Managed diversity does not mean that there are no standards,but rather that EA planning achieves a balance between the need for aset of standards that help control costs and the need for a diversity ofsolutions to increase innovation, business growth and competitiveadvantage across locations that the organization operates in.” Properly executed, EA can help organizations achieve the delicatebalance of identifying and propagating best practices, maximizingtechnology investments, ensuring compliance with local regulatorybodies, and risk reduction with the flexibility to adapt businesssystems to compete in global markets. With flexible but definedguardrails, organizations typically find a significant increased speedin their ability to execute when teams are empowered to leverage theelements they need with the guidanceto avoid critical mistakes. Working together“By year-end 2014, 50% of Global 1000 organizations will support EA as a collaborative business and IT effort.” Successful organizations have already started moving their EA teams out of IT and into the business. Gartner’s survey results indicate thatwhile 68% of EA programs in the US report to the IT organization thispicture is already considerably different worldwide. China, whoprimarily looks to EA for business transformation initiatives, reportsto business leadership 76% of the time. This shift in reportingrelationships naturally drives changes in the focus and composition ofproject teams. The complementary nature of skills, perspectives andinsights from enterprise architects and business peoplecan combine to produce dramatically better results. Organizations cannot drivebusiness growth without carefully selecting the members of the projectteam. I particularly appreciated Gartner’s caution, “do not assume thatjust because business leaders are collaborating and engaging in EA, theeffort will be “business strategy driven.” Executive leadership shouldbe mindful that they have defined a clear business strategy thatincludes actionable directives to provide the context in which thesecollaborative teams can drive execution. Increased focus on the decision process“Through year-end 2014, 60% of organizations will continue to focus EA on assurance, rather than governance.” According to the report, there are two key challenges whenimplementing EA governance: 1) they lack training and criticalunderstanding of the topic, and 2) they focus exclusively on control andassurance. This is a problem because EA practitioners often lack anunderstanding of how the business uses information to makes businessdecisions. Quite honestly, it is easier to focus on control andstandardization because this space is more comfortable for individualswith a technical background. Increasing collaboration between IT andbusiness can be part of this solution but only if architects dig deeperto understand the decision process, the relative value of investmentpriorities in the context of the business strategy and which standardsprovide value to the organization. This level of understanding requiresmore than collaboration between the groups.It requires a true respectand commitment to understanding how the organization defines and drivesbusiness value and how they can then become a part of driving thatchange. What is your take on Gartner’s predictions for EA this year? Do yousee your EA team driving or reacting to these predicted trends?Willthis be your year to deliver strategic business value? Leave yourcomments below and we can discuss.

Read More

How do you go about expanding your B2B platform into a new market? – Part2

In this blog I would like to discuss some of the more technical considerations that have to be taken into account when expanding to new markets. From understanding the technical capabilities of your trading partner community through to deploying the right B2B tools, ensuring that you have 100% trading partner participation is crucial to the smooth running of your supply chain.  So what should you consider? Understand the technical capabilities of your supplier – When connecting with a trading partner for the first time it would be worthwhile undertaking a B2B connectivity and technology audit.  For example how does the trading partner connect to the internet at the moment?, what type of business applications do they currently use?, do they have any internal resources to look after their IT infrastructure?, if using business applications, are they behind the firewall or hosted and delivered as-a-service?, do they connect electronically with any other customers?, if so how do they achieve this?,  the sooner you can understand the technical landscape of your trading partner, the sooner you can start planning to support their needs and deploy your B2B/IT infrastructure. You also have to bear in mind that the type of document they send through could be dependent on the communications infrastructure that might be available, for example a small supplier in Thailand might only have a slow speed dial up connection.  To ensure 100% participation by your trading partner community you must be able to embrace each and every need of your trading partner, no matter how small they might be or what level of IT adoption they might have. Are you deploying the right B2B solution for each user? – When dealing with trading partners in emerging markets it is important to understand the current B2B capabilities (if they exist) of the trading partners that you will be dealing with. If you are working with a trading partner in India or China for example, there will be a high probability that they could be using paper or even Microsoft Excel based ways of exchanging information with their customers. If using paper and to ensure 100% integration with your B2B processes then you may need to offer a web form based method for these particular suppliers to submit information electronically to your B2B platform. Alternatively, Microsoft Excel is one of the most commonly used business applications in China so you might want to think about how you can exchange these types of files and more importantly utilise the information contained within a spreadsheet.  If you can find a way of integrating spreadsheet content to your B2B platform then it will minimise any re-keying of information and hence minimise any errors getting into your business systems. So what about back end integration? – Another reason for ensuring that your trading partner community is 100% enabled is to ensure that externally sourced information can enter other back end business systems, such as ERP platforms, as seamlessly as possible. For example if you are running SAP, will your trading partner be able to send you an SAP IDOC file directly or will this be required to be converted by your B2B provider or internally by your own resources?  Which accounts package are they using and will you be able to integrate to it? Given that your production lines or equipment may be waiting to receive B2B related information from your trading partner it is important to consider back end integration and how these trading partners will connect to your back end IT infrastructure. Successfully integrating to back office systems  will help to bring additional benefits to your B2B platform, this includes reducing rework of incorrect data and speeding up the flow of information across your extended enterprise. Have you thought about extending supply chain visibility? – If you are sourcing goods from a trading partner in an emerging market, as well as ensuring that business documents can be exchanged electronically it is important to ensure that the physical supply chain can be monitored end-to-end as well. Key to this will be to ensure that you can monitor transactions across borders, customs agencies and multi-modal methods of logistics and transportation. If goods are delayed at a country border then the customer ordering the goods needs to be made aware of the situation. Being able to inform your customers of when their products or goods are to be delivered can often be a key measure of customer satisfaction and competitive advantage. So in addition to conducting a technology audit it may be worthwhile finding out which logistics partners and countries the supplier does business with already. Have you thought about how your business might expand or contract? – In these uncertain economic times it is important that your B2B platform can scale up or down depending on the exact needs of your business. If you have five Chinese suppliers on-boarded to your B2B platform, what happens if you need to onboard a further ten trading partners in a short time frame?  Would you be able to scale up your B2B infrastructure accordingly?, would you be able to support the inevitable changes to your existing B2B platform in order to accommodate these new trading partners?  Does your existing B2B infrastructure and accompanying service contract have the flexibility to incorporate a volume increase in B2B traffic? Factoring in likely changes to your B2B infrastructure at the planning stage, if you know what they are likely to be, can save you a lot of time in the long run. GXS has been helping companies globalise their B2B infrastructures for many years, from onboarding trading partners in China to connecting to a new third party logistics provider, GXS has the solutions to achieve this.

Read More

Why the Time is Right for Manufacturers to Adopt e-Invoicing

In previous blog entries I have often described the manufacturing industry as being truly global in nature. The industry has to work across different country borders, different languages, different time zones and customers expect their goods to be delivered on time irrespective of where a manufacturing company’s production facilities are based. One of the key drivers for electronic invoicing or e-Invoicing adoption across Europe for example has come from the country governments. They have been working feverishly to get suppliers to their public sector organisations to automate the way in which they exchange invoices in country and across other member countries of the European Union. As well as the significant costs savings this can bring to a manufacturer, it also introduces green benefits by helping to reduce the amount of paper based invoices that flow across supply chains. Improved cash flow was highlighted as one of the key factors facing the survival of many smaller suppliers during the most recent economic downturn. Many smaller suppliers are using paper based methods for invoicing their customers but to increase speed of payment they should be considering the adoption of e-Invoicing.  For the purposes of this blog entry let me just describe some of issues that are driving many companies in Europe to adopt an e-Invoicing strategy. So the first challenge facing manufacturers in Europe is that they have to operate across 27 different countries that make up the European Union. Each country has its own tax rate applied to purchases, each has their own requirements for applying digital signatures to electronic invoices and in addition as electronic invoices are required to be archived, yes you guessed it, each country has its own rules with regards to how long electronic invoices are required to be archived for. So you could say that with these three issues alone no wonder electronic invoicing has taken some time to gain adoption across Europe. Now of course European based manufacturers may be using contract manufacturers in emerging markets such as Brazil or even Mexico, but even these countries have their own ways of processing electronic invoices. So how do manufacturers get round these issues? The analyst firm Gartner compiled a report in 2009 which looked at European specific e-Invoicing regulations. The European Association of Corporate Treasurers identified that the average processing cost of a paper based invoice in Europe was around 30 euros. The association also identified that by using e-Invoicing, an 80% cost savings is possible. Confirming this data, other case studies highlighted that e-Invoicing has proved to reduce the cost of processing one invoice to less than 5 euros.  e-Invoicing offers many other benefits including improvements in accounts payable processes by reducing invoice processing time and minimising manual intervention. This leads to a reduction in operating expense.  This factor alone makes some companies start e-Invoicing related projects, it makes many other companies begin evaluating such projects. As manufacturing companies source from many different suppliers across Europe and indeed the rest of the world, e-Invoicing can be deceptively challenging, this is why it is important to choose the correct vendor who can help implement an e-Invoicing strategy at either a European or global level. Implementing an e-Invoicing strategy may be a daunting challenge, especially as it will affect internal business processes, mutual agreements among business partners, financial transactions, taxes and legal compliance and of course the associated IT infrastructure that supports all of this. Each company will implement an e-Invoicing strategy in a slightly different way due to how internal business processes must be adhered to. In addition, each implementation will have to cater for a diverse range of users, for example IT staff, admin payments/accounting staff and of course tax auditors. Each of these groups of users will have varying levels of IT understanding and so it is important that users are shielded from the complexities of using such systems. For this reason many e-Invoicing solutions in Europe are delivered as a service, not just so that users can use the system with ease but to ensure that the system is deployed quickly and smoothly so that tangible benefits can be realised in a short space of time. The diagram below highlights typical order-to-pay and order-to-cash processes. In 2001 the European Commission implemented a directive (2001/115/EC) that would provide a way for countries in the EU to simplify, modernise and harmonise the conditions laid down for invoicing in respect of VAT in the EU. A key goal of the directive was to promote the efficient cross-border creation, transmission, acceptance storage and retrieval of invoices. In 2005, Denmark became the first European country to make e-Invoicing mandatory for the public sector. In 2012 Norway will become the latest EU country to adopt e-invoicing as they will be asking all SMEs supplying the Norwegian public sector to send invoices electronically. Further information on this can be found on the Pan-European Public Procurement Online portal (PEPPOL) by clicking here. The Nordic countries have traditionally been early adopters of e-Business technologies due to the fact that they have one of the best broadband and communications infrastructures of any country in the EU. The e-Invoicing directive requires that invoicing parties guarantee the authenticity and integrity of e-Invoices in transport and in storage, through the use of e-signatures, EDI or by other means. Some member states are more prescriptive than others and so it is up to each government tax office to rule whether a specific method of guaranteeing authenticity and integrity is acceptable.  Many government tax offices around the world simply do not have the necessary knowledge to do this. Many companies will start to realise significant benefits when they have implemented an e-Invoicing solution, for example more streamlined payment processes, reduced human efforts to process invoices, and providing a complete set of data that can automatically reconcile the invoice with the goods or services received, typically by integration with an ERP package such as SAP or Oracle. e-Invoicing provides benefits for senders as well as receivers, for example improved customer satisfaction, reduced admin costs in credit collection, more effective capital management and cash-flow control. So why is e-Invoicing starting to go mainstream now?, well there is strong user demand due to the significant cost savings that can be realised, increasing maturity and effectiveness of e-Invoicing solutions such as those offered by GXS, more governments are mandating e-Invoicing, especially in the EU and finally there are more and more user cases being released that highlight the benefits that have been realised by many companies today. Manufacturers have just emerged from one of the most severe economic downturns of recent years and if the news is to be believed we are not out of the woods yet with a potential double dip recession looming in the near future. So how do manufacturers go about implementing an e-invoicing solution whilst at the same time remaining focused on their core competency which of course is manufacturing goods or products? How do manufacturers navigate their way through implementing e-Invoicing?, let alone ensure that invoices have the correct e-signature applied and then make sure that e-Invoices are archived for the correct period of time depending on which country they are doing business with? To address these issues and to help companies get a better understanding of how e-Invoicing solutions should be implemented, GXS will be launching a new microsite in the near future called e-Invoicing Basics. This new educational resource provides an introduction to the area of e-Invoicing, what it consists, how it should be deployed and the business benefits that it can bring to a company. You can get a preview of the new microsite by CLICKING HERE. The site is very similar in nature to our popular EDI Basics microsite which was originally launched nearly five years ago. In a future blog entry I will take a deeper look at the area of e-Invoicing and how it is being deployed across multi-country business environments.

Read More

SWIFT and Sibos 2011: Financial Services Growth in 2012 and Beyond

Amid a week in which Moody’s downgraded three top US banks and the global stock market fell into bear territory, SWIFT held its annual  Sibos Conference in Toronto, Ontario, Canada. Billed as the world’s premier financial services event, this year’s Sibos brought together more than 7,000 leaders from financial institutions, market infrastructures, multinational corporations and technology partners from around the globe. Facilitated and organized by SWIFT, the global provider of secure messaging services, this year’s conference program focused on four big topics: Regulation re-visited, technology, changing landscape and new expectations. There were a number of “big ideas” discussed during the plenary sessions including pursuing growth, emerging markets and the impact of regulation. In the opening plenary, John Havens, President and Chief Operating Officer of Citigroup,  stated that to survive higher capital requirements, lower leverage rates and higher funding levels, the banking industry will have to “fundamentally restructure in order to recapture much of that lost revenue.” Banks will need to become leaner, fitter and more ruthless in how they manage costs and pursue revenues. However, Havens saw opportunity for banks to help corporate customers navigate the new macro-economic landscape and understand and access new markets. In a plenary session dedicated to “Where’s the Growth in 2012 and Beyond,” Tim Keaney, Vice Chairman & CEO Asset Servicing, BNY Mellon, said that he now spends as much of his technology budget on compliance as he spent three years ago on developing new products and services and accessing new markets for clients. Keaney admitted it is challenging to explain to customers that regulation is raising costs and increasing lead times. The customers understand that the cost of doing business is higher, but they expect associated benefits from increased regulations. The speakers advocated proactive client engagement. Keaney said “When there is a change affecting our clients, it is an opportunity. Clients are very willing to sit down and talk about what we can do differently to help them–usually that will result in a good product idea that clients are willing to pay for.” Paul Simpson, Head of Global Transaction Services, Bank of America Merrill Lynch (BAML), concurred, stating “Just because I’ve served clients in a particular way for 15 years, have I really stepped back in the last two years and asked whether it’s the optimal way to serve the client going forward?” Simpson also discussed the huge growth he’s seen at BAML in middle market companies expanding into high growth countries. He said that banks need to step up and be more supportive of this global growth. M.D. Mallya, Chairman, Indian Banks’ Association stated that the number of emerging market companies in the global top 1000 used to be 10 to 15, and now numbers into the hundreds. Mallya also talked about this shift from West to East: “Money is flowing east, follow the money.” John Coverdale, Group General Manager, Head of Global Transaction Banking, HSBC Holdings plc, pointed out that the emerging markets are not dealing with legacy systems, whether regulatory or infrastructure based. This provides a situation where there will be regulatory arbitrage (and advantage). One speaker talked about how “profit challenged” institutions see opportunity in outsourcing non-core functions to specialists—not simply “taking somebody else’s mess for less.” In a separate session, David Robertson, Partner, Treasury Strategies, voiced a similar view: “Our clients of all sizes are globalizing profoundly. In response, banks and other providers are expanding their footprint, but they’re also seeking deeper and more comprehensive partnerships.” How do these trends impact transaction banking technology? Some emerging economies are growing three times as fast as the US and EMEA. Large corporate and middle market companies expanding into these markets require sophisticated treasury technology and associated bank integration solutions to manage cash flows, working capital and liquidity. Technology firms able to service their clients across international footprints, whether that client is a financial institution or corporation, can deliver global solutions delivered with local resources and knowledge.

Read More

How to Get the US Treasury to Pay Its Bills Faster

With the entire world focused on the US debt ceiling debate over the past few weeks many suppliers have become increasingly nervous about the federal government’s ability to pay its bills.  Fortunately, three weeks ago the US Treasury announced a new program which would enable suppliers to be paid even faster than they have before.  And the program does not involve raising taxes or cutting social programs.  By the end of 2012 the Treasury Department will implement the Internet Payment Platform (IPP). The key to the IPP program is the requirement for suppliers to exchange information electronically with government agencies.  Agencies can send electronic purchase orders for items they buy such as computers, furniture, office supplies and professional services.  Suppliers can respond with order acknowledgements, shipping notices and electronic invoices.  The official press release stated: “Treasury estimates that adopting IPP across the federal government would reduce the cost of entering invoices and responding to invoice inquiries by as much as 50 percent or $450 million annually.  These government-wide savings equal roughly one quarter of the $2.1 billion of the efficiency savings that the President’s 2012 Budget called upon agencies to identify.” IPP is an example of Business-to-Government (B2G) technology which has been growing in usage since the late 1990s.  For example, the Department of Defense’s Wide-Area Workflow platform processes more than 7 million invoices a year from over 90,000 vendors.  B2G technologies have become widely used in many European nations in the past few years. Starting in 2005, Denmark mandated that all vendors selling to the public sector submit invoices electronically.  Since then Norway, Sweden, Spain, Switzerland, Finland and Italy have all signed mandates shifting public sector invoicing to electronic formats. Paper invoices are fraught with problems which cause delays.  Paper invoices can get lost in the mailing, routing, workflow or approval process.  Because there is no validation on a paper invoice before it is submitted, the bill may not have all the necessary information for approval. For example, the invoices may not have the appropriate accounting information required to enter the expense in the general ledger.  Or the supplier may not have provided the address or bank account number that the payment should be routed to. The quantities, prices and descriptions of items on the invoice may not match what was on the original purchase order or shipping documentation.  Each of these problems creates an exception scenario that requires contacting the supplier for resolution.  Exceptions lead to additional cost for the government and risk of delayed payment to the supplier. Electronic invoicing reduces the likelihood of lost invoices by creating an audit trail of each step in the workflow.  Invoices entered via the IPP web site can be validated to ensure all of the required fields have been entered.  Electronic invoices can also be automatically matched to the purchasing and shipping documents.  The result is the removal of manual handling of invoices.  This straight through processing accelerates approval and payment cycles. IPP is an already in use by the Department of the Interior; the Small Business Administration; and the Bureau of Engraving and Printing.  The Department of Agriculture and Social Security Administration are in the process of deploying IPP.  The vision for IPP is for all government agencies to use the platform.  Such a shared service model would not only reduce costs for federal agencies, but it would simplify for processes for suppliers.  Companies selling to the US government would have a single portal by which to receive purchase orders, submit invoices and check on payment status. Doing business with the government remains a complex art attempting only by those who know the system.  Unfortunately, the complexity deters many suppliers from engaging in government sales, which lowers competition.  As taxpayers we all benefit from programs which encourage competition and lower prices for federal purchases.  IPP is a great example of a cross-agency solution which will not only increase competition, but help to reduce budget deficits in the coming years.

Read More

GSA Advantage – An Example of How B2G Technologies Can Help to Lower the US Federal Deficit

Just a few weeks remain until the August 2nd deadline set by the Treasury Department for raising the US government’s $14.3 trillion debt ceiling.  President Obama held a news conference this morning rejecting any proposals for a short-term 30, 60 or 90 day extension. If a deal is not reached in the next few weeks the Treasury Department will begin a complex process of trying to decide who to pay and who not to pay.  It may choose to pay bondholders first to avoid risk of default.  Payments to social security, military service members and government personnel could be suspended indefinitely.  Regardless of what political solution prevails there will undoubtedly be a renewed focus on how to reduce government expenses.  B2B e-commerce, or I should say B2G (Business-to-Government) e-commerce technologies, can play a critical role in reducing the cost of government purchases. One of the best examples of B2G technologies is the GSA Advantage web site.  GSA offers a purchasing portal that federal agencies can use to acquire goods and services.  GSA Advantage looks similar to most retail B2C e-commerce sites.  However, it is specially designed for use by government personnel.  Products and services are organized into approximately 20 categories such as building and industrial supplies; IT solutions and electronics; vehicles and watercraft.  There are a number of aspects of GSA’s site that I find particularly compelling: First, access to GSA Advantage is not limited to government personnel.   Anyone can browse the site.  Of course, only government employees can actually make purchases.   I love the transparency offered to taxpayers on exactly what products the government can buy.  Furthermore, I like being able to view the actual prices being paid for the merchandise.  Private-sector procurement professionals should visit the GSA site regularly to understand what the €œmost favored nation€ pricing for a particular item is. Second, GSA Advantage offers advanced search and filtering capabilities specifically designed for government buyers.  For example, you can filter product searches to include only companies participating in the Ability One program, such as the National Institute for the Severely Handicapped. Skilcraft, which is the brand name for products manufactured by the National Industries for the Blind, offers 3000 different SKUs ranging from office supplies to call center services.  GSA Advantage also allows you to search for products offered by small businesses.  There are many different categories of small businesses including “Women-Owned Small Businesses” and “Veteran-Owned Small Businesses.” Another category is Historically Underutilized Business zones, which are called HUBzones.  Examples of qualified HUBzone companies might be those based within the boundaries of a Native American Indian reservation or those businesses established on former military base locations. Third, all of the items being sold on GSA Advantage are from the GSA schedule, which means that terms and conditions have been pre-negotiated.  As a result, discounts, payment terms, shipping costs, warranty coverage, return policies and customer support levels have already been standardized in advance.  GSA Advantage greatly simplifies the process for acquiring goods and services.  A buyer selects items from the web site by adding them to a shopping cart.  A checkout process occurs in which the government employee utilizes a SmartPay commercial credit card to complete the purchase.  There is no invoicing or payment process required as the financial settlement occurs via the SmartPay process. B2G technologies such as GSA Advantage play a critical role in lowering government expenses for everyday purchases.  By leveraging e-commerce technologies public sector organizations can make it easier for more suppliers to sell goods and services to the government.  As we all know, increased competition from more suppliers will lead to lower costs.  B2G technologies also lower the administrative costs associated with purchases.  The combination of commercial credit cards and online B2B storefronts such as GSA Advantage can yield savings of $50 to $100 per order by eliminating the need for time-consuming purchase orders requisition and invoices approval processes. Of course, GSA Advantage is just one of many opportunities for the government to use B2G e-commerce technologies to reduce costs.  More examples and thoughts to come in future posts.

Read More

Introducing GXS Data Quality and Compliance Service (DQC) – Foundation for “ERP Firewalls”

For those of us in Product Management, there aren’t many things that are more fulfilling than new product introductions. It gives me great pleasure to share details around an exciting product launch! GXS today announces general availability of the next-generation Data Quality and Compliance service (DQC) for the GXS Trading Grid, the world’s largest integration cloud. Data Quality and Compliance is a multi-enterprise PaaS solution that provides real-time visibility and control by automatically tracking in-flight B2B transactions and processes against business and compliance rules to detect and prevent errors. It applies both document-level and business process rule validation to data allowing for proactive recognition of business impacting problems. An AMR Research (now Gartner) report entitled ERP Projects Create Significant B2B Opportunities found that one-third of all data housed in an ERP system originated outside the organization. This study found that external data came from three key sources: customers and distributors (43%), suppliers and contract manufacturers (31%), and third-party logistics providers and transportation carriers (17%). Furthermore, research conducted in the discrete manufacturing segment found that, on average, 2.9% of transactions originating from external trading partners required exception processing or error handling. The consequences of exception processing resulting from poor data quality are numerous and highlight the need for B2B integration solutions to play a vital role in monitoring and improving the quality, accuracy and timeliness of supply chain data exchanged between organizations. GXS Data Quality and Compliance (DQC) delivers capabilities for validation, exception management, collaboration, and reporting to allow for specific  problems to be effectively resolved and repeat problems to be driven out of the business altogether. Visibility tools allow users to research issues, highlight trends and conduct root-cause analysis to business problems and data quality issues. These tools are designed to improve the quality and timeliness of B2B transactions in audit mode. DQC ushers in several features that have evolved, benefiting from inputs provided by several beta customers in the retail, consumer products and manufacturing sectors. Highlights of these capabilities are: Compliance-Guide Modeling   A flexible, business-rule modeling database captures and maps a company’s exact trading partner requirements, such as compliance guides, routing guides and service level agreements. Transaction Validation – The validation service sits on top of the GXS stack and utilizes a validation engine to evaluate inbound/outbound transactions against documented rules and requirements, flagging errors and issues with drill-down to root-cause data. Exception Management – The service provides exception management capabilities that can be as simple as enabling notifications to trigger real-time email alerts by role and organization. Complex exception management processes are enabled via a flexible workflow engine, including generation of production issues and alerts for exceptions that users are expected to take action on. Online Reporting and Analytics – Automated reports provide visibility to partner performance and key metrics.  Reports can be customized, shared, subscribed to, exported and drilled into, making it easy to collaborate with partners on issues. Scorecards – The service provides the ability to view a consolidated scorecard that represents key performance indicators (KPI’s) for the business or individual trading partner scorecards to measure against specific metrics and SLAs. We’re actively working with several global organizations to help them leverage the GXS Data Quality and Compliance Service and achieve supply chain goals.

Read More

Insurance Technology: Time to Get Your Head in the Clouds

As the spring 2011 conference season winds down, I attended the ACORD/LOMA Insurance Systems Forum in San Diego, CA. ACORD (Association for Cooperative Operations Research and Development) is a global, nonprofit standards development organization serving the insurance industry. LOMA (Life Office Management Association) provides training and education for insurance professionals worldwide. The event is billed as the premier business and technology event for insurance professionals. One of my goals at ACORD/LOMA was to better understand cloud computing in the insurance industry. There were several sessions that touched on cloud and Software-as-a-Service (SaaS). One of the most interesting was “Cloud Computing for Insurers: Time to Get Your Head in the Clouds” by Bob Hirsch, Director Technology Strategy and Architecture, Deloitte Consulting LLP. Bob provided some interesting thoughts on why cloud isn’t more prevalent in insurance. One reason is that cloud vendors have been slow to meet the regulatory demands of insurance. Another is that vendors are not in the “core” space–most cloud implementations are at the “edge for specific workloads.” Insurance firms also have concerns about data loss, security and privacy, audit and assurance, backup and disaster recovery, vendor “lock in”, and IT organizational readiness. Bob described vendor “lock in” as the inability to easily migrate your company’s information from the cloud provider’s data center to your own if you decide to bring processing back in-house. Bob suggested that with quality datasets, computing advances and maturing tools, analytics could become a strategic cornerstone of the enterprise.  As an example, he talked about the cost savings from moving volatile computing needs to the cloud. Bob explained that insurance companies need to run stochastic models each quarter to estimate risk. Large insurers are running grids of 2500 nodes and growing for this type of computing. Running the models can take 24 to 48 hours, but the rest of the time the servers are idle.  Bob stated that current grid systems can be modified to be cloud aware and “burst” capacity to clouds as needed by storing the grid image in the cloud and deploying it across servers as needed for periods of peak demand. Bob also walked through a cost/benefit analysis for Monte Carlo simulations for hedge funds which have limited in-house IT resources. The analysis showed in-house monthly costs of $14,280 vs. $6,930 for cloud, a 51% savings. For the moment, Bob said that smaller insurance firms are ahead of larger ones with using cloud-based applications.  This is because insurance systems are very fragmented within larger organizations and they are slow to consolidate systems across the enterprise.

Read More

How ENS Helps to Secure Supply Chain Shipments into the European Union

For many years customs agencies around the world first learned of an ocean based shipment’s existence as it approached a port. This notification came in the form of a manifest which was prepared and filed by the carrier of the goods. These manifests often contained very vague descriptions of the contents of a shipment and a more detailed customs declaration was sent by the importer at a later date. This process was in place for years but over the past ten years, heightened security tensions around the world led many countries to tighten up on the screening of all imported goods. North America was one of the first countries to tighten its import procedures with the introduction of the Advanced Trade Data Initiative which was then superseded by the 10+2 compliance procedure in early 2010. Ten pieces of information about the shipment were provided by the importer and two were provided by the carrier. This information allows U.S customs to pre-screen shipments to check and make sure that goods are safe for import. The more formal name of this import procedure is the Importer Security Filing (ISF) and my colleague Pradheep Sampath wrote a blog on this subject just after it was introduced in North America in early 2010. Other countries have been busy trying to replicate the success of the 10+2 system and in January 2011 the member countries of the European Union introduced a similar pre-screening process called an Entry Summary Declaration or ENS for short. Each of the 27 member countries making up the EU have been actively establishing their programs albeit on slightly different time schedules and in some cases using different names. For example in the UK their version of ENS is called Import Control System (ICS) and was introduced on 2nd November 2010. The main differences between the North American ISF and the EU’s ENS are twofold, firstly unlike ISF which is filed by the importer and the carrier, the carrier is solely responsible for filing the EU’s ENS declaration. Secondly, unlike the 12 elements contained in ISF, ENS has nearly twice as many data elements. Now as you can imagine trying to come up with an agreement of what information would be required by 27 different countries was not easy but an agreement was made and all shipments into the European countries now require the following 22 pieces of information to be sent to the port of entry before the shipment leaves its point of origin. Seller/Consignor (EORI #) Buyer/Consignee (EORI #) House BL Number Master BL Number CarrierPerson Entering the Filing Notify Party Country of Origin At least the first four digits of the HTSUS Number (Commodity Harmonized Tariff Schedule of the EU) Place of Loading Location First Port of Entry in EU Description of Goods (Not required if four or six digit HTS is provided) Packaging Type Code Number of Packages Shipment Marks and Numbers Container Number Container Seal Number Gross Weight in Kilos UN Dangerous Goods Code Transportation Method of Payment Code Date of Arrival First Port EU Declaration Date Following the introduction of ISF in North America, U.S Customs and Border Patrol estimated that as of July 2010, nearly 80% of importers were ISF compliant, this figure is likely to be even higher now.  Further information on the ISF procedure is available for download here. There are two significant benefits that customs agencies around the world are seeing from the introduction of ISF, ENS and other shipping notification processes.  Firstly through the submission of a standard set of information to support an imported consignment of goods means that more accurate information about consignments is being used across the supply chain.  Secondly with shipping information having to be sent ahead of time, preferably electronically via EDI, it means that supply chains are becoming more secure and it is helping for example to reduce the amount of counterfeit goods entering the western economies.  If any counterfeit goods are found then with the additional information submitted via ISF or ENS it will be a lot easier to track down where these counterfeit goods originated from. Further information about ENS can be found at the European Customs Portal and I will discuss how GXS can help improve the visibility of global shipments in a future blog entry.

Read More