Expert InformationEN News Type - 19.02.20
Compliance: Computers Lending a (Virtual) Hand
Six approaches which facilitate the compliance with external and internal regulations in SMEs
Laws, regulations and other rules are continuously growing, both in numbers and in size. It is no longer possible to manually check, let alone document, compliance with all regulations. In this article, ERP provider proALPHA has compiled seven examples of how an ERP system can significantly facilitate compliance.
EU regulations, federal and provincial laws, sectoral rules, and customer policies – a company's working environment presents a lot of restrictions and obstacles. Companies must make use of technical solutions in order to reliably and time-efficiently implement all regulations – there is simply no way around it. An ERP system can support this undertaking in various ways:
- GDPR: More relevant than ever
Things calmed down again after the last minute panic in May 2018. What a fallacy. German courts are currently imposing severe penalties in their first judgments. This means that small and mid-sized companies should always ensure the protection of personal data within their company. ERP systems provide practical automatisms for this purpose, e.g. for deleting data which is no longer relevant and must no longer be retained.
- Ensure legal compliance
It may sound obvious, but it's not: Companies ought to ensure that their ERP system – be it as on-premises software or cloud solution – meets the requirements of regulations like the generally accepted principles for keeping and storing accounts, records and documents in electronic form and for data access (GoBD). This covers the recording, storing and audit-proofing of relevant data and documents. Especially the legally required retrograde and progressive traceability of business transactions can oftentimes only be ensured by means of automatic document links within an ERP system.
- Procedural documentation
Procedural documentation is also a significant part of the GoBD. It must completely and coherently define content, structure, procedure, and results of the data processing for every system used. Business process designers help with the corresponding description of organizational structures and business processes. Integrated into the ERP, they offer another very practical advantage: The visualized processes illustrate optimization potentials. Important: Since systems and procedures change over the years, the procedural documentation must be continuously adjusted, and previous versions must be archived.
- Pay attention to export control and sanctions lists
Even within the EU, it is possible that an export is only permitted under certain conditions. For so-called dual-use technologies, which can be used in civilian and military applications the like, a check of the special end use is mandatory according to article 4 of the EC dual-use regulation, regardless of the company's size. The same goes for the EU anti-terrorism regulation: Every company is required to check its business contacts against the current national and international sanctions lists, even if it is only active within Germany or the EU. This can hardly be managed manually. This process can also be supported by additional solutions integrated into the ERP, which take care of the check.
- Guarantee traceability
Full traceability is not only a concern of compliance. It also offers tangible advantages in liability. Furthermore, it helps avoid recalls that might lead to a loss of reputation. However, this requires you to be able to verify the origin of parts, semi-finished products, and materials, e.g. by means of a hierarchy of serial or lot numbers defined in the ERP system.
- Sensitize your employees
Systems supporting the compliance with certain regulations do not ensure compliance per se. They only lay the foundations. Employees must be trained accordingly and follow the rules. This can also be supported by an ERP system, for example, by means of workflows which regularly remind employees of important rules of conduct or teach them about new ones. The confirmation of notice can then be archived automatically.
Managing directors should not take compliance lightly, for in case of a deliberate violation of obligation insurances for directors and officers (D&O) usually refuse benefits. This means that the managing director is personally liable. In addition to the here mentioned universal regulations, there are numerous industry-specific requirements. Most of them can be mapped by means of a digital documentation workflow in combination with an archiving system.
Susanne Koerber-Wilhelm will be happy to answer your questions and provide you with further information about proALPHA.
+49 89 92306841-445 firstname.lastname@example.org