4
APRIL, 2005
However the engineering solution may not be cash positive over the whole business unless all issues are taken into consideration. Broadcasting and the press are full of the after effects of Enron and WorldCom resulting in a plethora of legislation and corporate standards. But we in Europe should not be complacent and point to the US as the place that all of this type of activity has been going on. In Europe we have seen Parmalat in Italy and Ahold which have been equally disastrous. On top of this we have seen the impact of September 11th and the objective of stopping terrorists money laundering and curtailing their powers of purchasing explosives to further their horrendous activities. In the US legislation quickly followed with the creation of the Patriot Act which was shadowed by Sarbanes-Oxley (SOX). In Europe we are taking our share of legislation with Basel Accord covering financial movements, Chapter 27 of the Companies Act covering auditing standards and a whole raft of new International Accounting Standards and EU Directives that demand transparency of management and disclosure of information. Have a look at the 8th, 10th and 11th EU directives that are not quite the same as SOX but get pretty damn near to it. What we are seeing is a convergence of control and legislation across the world. So how does this impinge upon putting in an RFID project? One aspect of what we are looking at is the valuation, control and confirmation of stock and all of the invoicing and statistics that follow. In fact RFID would become the means for driving the financial actions of the enterprise. Looking back to SOX much is written about section 404 that demands that: - •
Management has the responsibility for establishing an adequate internal
control structure and procedures for financial reporting So unless the RFID system is put in with these facts in mind a system could be developed that did not give a system that is controlled. Imagine that the tags that are read are placed on the wrong pallets. Or that that tags in some way have been read twice or that there are tags and no stock. Commercially this would be a disaster but legally a company could be reporting to its stock exchange interim or quarterly figures that are incorrect. For large companies engaged in the supply chain or the retail sector, the results might be considered fraudulent as the share price might be overstated or understated and the interim results totally inaccurate. Furthermore it would signify that proper control of the systems had not taken place. But the matter goes further. It is not just the CEO or CFO that is liable. Under the legislation any person in a management position is responsible. Thus the IT manager or CTO becomes liable as does anyone involved in the development of a system. It is almost inevitable that small or medium sized public companies will not have all of their internal controls documented. Thus the auditors of the company will have to rely on increased audit activities to ensure that the accounts are true and accurate. So up go the audit costs. To overcome this it is necessary to ensure that the internal procedures are properly implemented. For the large quoted company caught under the furore of section 404 they will be required to verify that their supplies are properly controlled which in turn may mean that their suppliers have to be audited or that the supplier must produce a written confirmation that their systems are controlled. This seems straight forward enough, but now look at section 302 of SOX. This section covers “Corporate Responsibility for Financial Reports.” But this is not just for the bean counters. The act says that: -
So where
are we now with the excitement of getting the RFID project in? To achieve this standard it is obvious that what is a required is a compliance committee that works for the main board ensuing that all of the internal processes are controlled and documented. The question is - do the companies who are involved in implementing RFID in supply chain (or any other facet of business that affects the balance sheet and financial reports) properly document their procedures. And what techniques have been implemented for continuous assessment and improvement? As mentioned earlier this legislation covers the US stock market but the rules apply equally to any foreign company that is quoted on the NYSE. Some companies have been trying to de-register but if they have more that 300 American shareholders anywhere around the world they are caught by the legislation and lose the benefits of the stock market listing. The law also applies to subsidiaries of US companies that have to comply with SOX anywhere in the world. In Europe the EU directives 10 & 11 address cross border trading. And the audit trail could go further to any supply or subcontractor or off shoring supplier to these companies. So how does this all fit with IT and RFID? It would seem to be miles off the target. IT is the cornerstone of every business. Stock records, invoicing, purchasing, and every system in the supply chain is completed on a computer. So the CTO or IT Director/Manager is responsible. So too is the project manager who is driving any RFID project. The system should be documented and reviewed by all disciplines within the company and perhaps by the auditors as the project continues. But how can a system of continual system of process improvement and documented control be implemented? The swift answer is carefully and with a determination to see that the RFID project is properly documented. To ensure that it is implemented in consideration with all of the other processes and procedures within the business. A company will probably need to appoint a Compliance officer who steers a compliance committee. I can hear now the cries of “not another committee” But regrettably there seems to be little chance of achieving the standards without some form of internal control to oversee any system changes. Thus the
RFID project manager should answer to or be the Compliance Officer. And
this will not be a post that is given “old Jack” as he has
been here for years and we think he is too old but too expensive to get
rid of! He (or her if it is Jill) may be the right person because of their
knowledge of the business but equally the company may have to recruit.
And with the legal responsibility of the Officer they will not be cheap!! Well the first is CMMI. Some companies in the retail and supply chain area are already working on this. CMM was developed by Carnegie Mellon University originally for the aerospace industry to assess its subcontractors and suppliers. Now extended to CMMI the technique is an on-going process of self checking and improvement of the company systems and procedures. Just what SOX needs. The EU directives do not demand as much but if you stick with SOX you certainly will not fall short of what is required within the EU. On top of this is by implementing IT Infrastructure Library (ITIL) the problem is largely solved. Briefly ITIL consists of 7 sets covering 5 disciplines. These are: - •
Service level Management So when looking at the implementation of the RFID project a project manager must take these factors into the equation. The cost of doing this should be brought into any ROI calculation but set against the costs that the business will save in audit fees. If a company has CMMI level 3 and has implemented ITIL then the customers will be more than happy to trade with them if all other factors are right. When Jo Soap (apologies to anyone of this name – this is purely co-incidental) arrives from the IT Company with the software that will give the ROI on an RFID project – beware. Recently the VAT Inspectors have expressed a desire to have remote access to all of a company’s accounting records for no less than 6 years data available, in order that they can interrogate them at will. Thus RFID data retention could be huge – but this is only a request by Customs & Excise and it creates large problems with all sorts of legislation not least the Data Protection Act. So in summary one should use RFID and get the project in but be careful of the pitfalls. Get it right and all of those nice things will land in the enterprise. Get it wrong and it could cost you dear. Recently COMPTIA (the Computer Technology Industry Association) have identified from a survey that there is as much as an 80% shortage of skilled staff to implement RFID projects. In order to overcome the shortage they are launching a certification programme at the end of this year. However Microsoft feels that the shortage will soon be plugged with the growth in RFID consultancies and their RFID Services Platform to be launched in 2006. RFID is a profitable development so go for it. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Business
is constantly looking for ways to improve its processes and systems in
order to reduce investment in stocks, people and anything else that costs
money. It may be a rude word in many areas but without profit there is
no business. That is unless you are owned by the Government (no matter
which colour) and then increased funding can obtained by raising this
tax or that tax. So with the advancement of technology and the benefits
derived from the economies of scale RFID is a really good vehicle to increase
profits.