Protecting Mission-Critical Manufacturing Data with an ERP Firewall

7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall

1/11

Protecting Mission-Critical

Manufacturing Data withan ERP Firewall

A GXS White Paper for the Active Business


2/11

In todays manufacturing sector, outsourcing is becoming the norm, rather than

the exception. Companies are specializing their value chains. Original equipment

manufacturers (OEMs) that were traditionally production-oriented are increasingly

outsourcing many of their manufacturing and supply chain functions to third parties

(contract manufacturers, freight forwarders and third-party logistics providers).

Back-ofce functions, such as accounts payable (AP), human resources (HR) and

information technology (IT) management, are steadily being sourced to specialized

business process outsourcing (BPO) rms. The overall result of this outsourcing phe-

nomenon is that manufacturers are more dependent than ever on business partnersto perform daily operations. Additionally, enterprise IT systems are more dependent

on data originating in the applications of these partners. In order to gain visibility to

outsourced, external processes, manufacturers must be able to synchronize data in

real time with their business partners.

Thirty Percent of ERP Data Originates Outside the Enterprise

A 2009 AMR Research report entitled ERP Projects Create Signicant B2B Opportuni-

ties ound that one-third o all data housed in an enterprise resource planning (ERP)

system originated outside the organization. AMR ound that external data came rom

three key sources: customers and distributors (43%), suppliers and contract manuacturers

(31%), and third-party logistics providers and transportation carriers (17%) (see Figure 1).

Figure 1

AMRs study results put into perspective the critical role that business-to-business (B2B)

integration technologies play in enabling ERP. The study also underscores the need to

monitor the quality o inormation fowing in and out o external interaces. Hundreds o

millions o dollars have been invested in master data or products, customers, employees,

assets and suppliers in the past ew years. However, there has been relatively little ocuson inormation quality or non-master, transactional data related to a specic order. Data

throughout the liecycle o an order originates rom a variety o sources (see Figure 2). The

original purchase order might come rom a customer. Shipment status updates might origi-

nate rom transportation carriers and third-party logistics providers. Payment details might

be consolidated, enriched and delivered by banking institutions. Unortunately, the trading

partners conducting the highest volumes o B2B transactions are also the ones causing the

highest numbers o data quality issues.

2 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape

Source of Externally Originated Data in ERP

Customers & Distributors

Suppliers & Contract Manufacturers

Third-Party Logistics Providers &Transportation Carriers

Other

9%

43%

31%

17%


3/11

Figure 2

Bad Data from Suppliers

Supplier data is notoriously bad, especially rom smaller vendors. However, buyers typicallyhave enough leverage with vendors to require them to conorm to data quality rules.

Common examples o bad data passed rom suppliers into ERP applications include:

Shipment and Order MismatchesFrequently, the quantities or part numbers in a

shipment do not exactly match the original purchase order. Suppliers may over- or

under-ship quantities due to pallet conguration. One part number or stock-keeping

unit (SKU) may be substituted or another due to inventory shortages or product

discontinuations.

Shipping TolerancesSuppliers requently over- or under-ship relative to the quan-

tity requested. For example, a buyer may have issued a purchase order (PO) or 500

units o a particular SKU. However, the vendor shipped a ull pallet conguration

consisting o 512 units. For high volume SKUs, such over-shipments may be allow-

able because the inventory will be depleted quickly. In other scenarios with lower

turn or higher priced SKUs, over-shipping may not be acceptable.

Country-Specic Invoice FieldsEach o the countries in the European Union

speciy that certain elds must be populated in an invoice or it to be considered

legally valid. Examples o mandatory elds include value-added tax (VAT) identica-

tion numbers, buyer/seller name and address, nature o goods supplied or services

rendered, VAT rate, and amount paid. Several Latin American countries have intro-

duced e-invoicing regulations in recent years, as well.

Invoice with no Purchase OrderBuying organizations oten use POs as a business

control to ensure that only authorized personnel are placing orders with preerred

vendors. The existence o an invoice without a PO suggests that someone is circum-

venting the normal procurement process. However, there are certain types o services

such as telecommunications, utilities and acilities leases or which there is typically

no PO corresponding to an invoice.

Business Application

Enterprise Resource

Planning

Procurement and

Sourcing

Transportation

Management System

Finance and Accounting

Treasury Workstation

Human Resources

Information Technology

Customer Forecasts, Customer

Orders

Product Catalog, Pricing,

Promotions, Vendor

Shipment Status, Import/Export

Documentation

Supplier Invoices, Customer

Invoices, Remittance Advices,

Payroll, General LedgerBank Account Statements, Foreign

Exchange Transactions, Securities

Ownership

Recruiting, Performance,

Compensation, Employee Records

Data Center, Network, Application

Status, Trouble Ticket Status

Customers, Distributors, Brokers,

Agents, Resellers

Vendors, Suppliers, Transportation

Providers

Providers, Freight Forwarders, Customs

Brokers, LTL, TL, Parcel Carriers, 3PLs

Vendors, Customers, F&A BPO

Providers, Payroll BPO Providers

Cash Management Banks,

Securities Broker/Dealers,

Foreign Exchange Banks

HR BPO Providers

IT Outsourcing Providers

Data Types External Data Sources

Protecting Mission-Critical Manufacturing Data with an ERP Firewall 3A GXS White Paper


4/11

Multiple Purchase Orders in one InvoiceMost companies preer that invoices

only contain line items rom a single purchase order. Mixing items rom dierent

purchase orders creates challenges during invoice approval, especially when the POs

originated rom dierent divisions or ERP applications.

Invoice on Goods Not ShippedMost buying organizations have negotiated pay-

ment terms o 30, 60 or 90 days with vendors. The invoice date is typically the start

o the payment period. To avoid premature billing, most buyers state that invoices

will not be accepted until the goods have been shipped and the corresponding ad-vance ship notice (ASN) processed.

Invoice, Receipt and Order MismatchesFrequently, the quantity, price or part

numbers on invoices do not match the corresponding elds on the original order

or the physical goods received. In such scenarios, additional research must be

perormed beore the invoice can be processed or payment.

Bad Data from Logistics Providers

Logistics data is requently incomplete and inaccurate. Bad data leads to poor supply

chain visibility, lack o carrier perormance metrics and the inability to adequately plan

receiving eorts. Common examples o bad data passed rom logistics providers into

ERP applications include:

Missing Time ZoneMany shipment status messages provide a date and timestamp

or a logistics activity, but not an accurate time zone. Consequently, the date

and time inormation is not useul or decision making or carrier perormance

measurements.

Missing QuantityMany suppliers populate the quantity eld in an ASN, but ail

to provide the unit o measurement. For example, an ASN might speciy that 3000

o a specic item has been shipped, but not state whether the unit o measurementis individual units or cases.

Missing CurrencyShipment messages oten contain the reight charges associated

with a container or load. However, suppliers requently do not populate the unit o

measurement or the currency. Consequently, the customer does not know whether

the amount specied refects the currency o the originating or destination country.

Meaningless CodesBuyers, suppliers and transportation carriers each use dier-

ent codes in electronic data interchange (EDI) documents to represent locations,

vendors and countries. However, the codes are oten company-specic, making them

meaningless once they travel rom one trading partner to another.

Out-of-Sequence DataDue to the asynchronous nature o B2B communications,

documents can arrive in a dierent sequence than the one in which they were cre-

ated. For example, an ocean reight status message might arrive prior to the ASN

indicating that the goods have let the point o origin.



5/11


Backdated ShipmentsSuppliers and carriers sometimes attempt to backdate elec-

tronic documents or orders that were supposed to be ullled on an earlier date.

This allows them to avoid costly invoice deductions and penalties or missing their

perormance commitments, but can cause their trading partners conusion.

Bad Data from Customers

In terms o data quality, customers are a companys most challenging trading partners.

They are the greatest source o bad data, and the group that companies have the leastamount o infuence over. Examples o common problems rom inbound customer data

include:

Discontinued SKUs or Part NumbersManuacturers requently change the part

numbers or global trade identication numbers (GTINs) or their products.

A GTIN or part number might be retired and replaced with a newer model when

there is a substantial change to packaging, pricing, product eatures or brand name.

In other cases, a GTIN or part might be discontinued due to lower than expected

sales volumes.

Unknown LocationLocations are oten specied by codes in EDI documents. Cus-

tomers may request that shipments be delivered to a warehouse, manuacturing plant

or retail store code that is not listed in the suppliers location database. This is com-

mon with new stores, plants and warehouses.

Inaccurate Pricing or TermsWhile sales orders containing invalid part numbers or

ship-to locations can be corrected manually, errors in pricing or contract terms are

not easily xed. In many cases, the transmission o a PO acknowledgement consti-

tutes acceptance o the customers pricing, terms and conditions. Suppose a customer

transmits an order or 100 units o SKU ABC at a price o $50. However, SKU ABCs

negotiated price or this customer is actually $500. Furthermore, the minimum order

quantity o SKU ABC is 1000 units. I the supplier acknowledges the PO withoutcorrecting the data, they may be orced to accept the lower price and order quantity.

Out-of-Sequence PO ChangesStudies have ound that the average PO changes 4.4

times during its liecycle. Due to the asynchronous nature o B2B integration, it is

possible that PO changes may be received by a supplier out o sequence. For example,

the third update in a series o our might be received last (e.g. a sequence o 1-2-4-3).

I the suppliers ERP application does not re-correlate the sequence o changes, then

the order will be ullled incorrectly, resulting in customer satisaction issues and pos-

sible compliance penalties.

Incomplete Order DataCustomers sometimes send orders, orecasts and requests

or quotes without all o the required data elds necessary to process or conrm the

request. Customers also use reerence data that is meaningul to their internal applica-

tions, but not to their suppliers. For example, a customer sends their purchase order

number or part number in a document, but what is needed by the receiving ERP

application in order to process the request is the suppliers sales order number or

part number.


6/11

The Impacts of Bad Data

Both line o business managers and IT personnel should be concerned about the conse-

quences o this growing problem. Bad data pollutes a manuacturers ERP system, resulting

in decreased ROI rom the ERP investment and a corresponding loss o productivity and

prot. A study by AMR Research conducted in the discrete manuacturing segment ound

that, on average, 2.9% o transactions originating rom external trading partners required

exception processing or error handling. The consequences o exception processing resulting

rom poor data quality are numerous: Longer Time to ProcessTime-sensitive processes may be delayed while accounting,

warehouse and customer service personnel research and resolve data issues. For ex-

ample, i an invoice is posted to an accounts payable system without a general ledger

number to apply the cost against, then an accounting clerk must contact the supplier

or internal buyer to capture the appropriate data. I a purchase order is pushed to

an order management system with an invalid part number or SKU, then the sales

organization must contact the customer to discuss an appropriate substitution.

Higher Cost to ProcessPersonnel must spend time and eort manually correcting

data in the ERP application or xing problems resulting rom processing bad data.Higher volumes o manual processes unnecessarily infate costs and erode prot

margins. For example, in the retail industry, studies have determined that over

60% o invoices have data errorsand each error typically costs between $40 and

$400 to correct.

More Mistakes During ProcessingThe probability o an error occurring increases

exponentially with the introduction o manual processes. However, human interven-

tion can be relatively inexpensive compared to scenarios where bad data goes unde-

tected. Consider the costs or a manuacturer that misses a contract commitment or

ullls a major order incorrectly.

Data quality errors might seem insignicant when considered at the microscopic level o

each individual order. However, increased days sales outstanding (DSO) costs rom invoice

processing delays and customer penalties rom ailed ulllments can quickly compound

and have a substantial nancial impact (see Figure 3).

The Need for an ERP Firewall

Why arent ERP applications designed to capture business process and data quality errors?

Actually, SAP and Oracle can provide extensive business logic and data integrity checks

within their applications. When an end user keys data in to a graphical interace, the native

ERP business logic can be congured to detect a wide variety o errors. However, when thedata fows through a B2B integration gateway and is subsequently uploaded into an ERP

database, very little data-checking occurs.

What can manuacturers running ERP do to prevent bad data rom corrupting their

enterprise applications? One option is to hire a systems integrator to develop custom code



7/11

to enorce data integrity standards or B2B imports and exports. Additionally, a new set o

user interaces would be required to manage exceptions identied by the data checks. Any

customizations to ERP applications come with signicant overhead. With each new release

o the vendors sotware, the customer must perorm extensive regression testing and, oten,

sotware updates.


(Per Month)

Costs of Processing ErrorsUSD

Transactions per Month (Thousands)

(Millions)

$600k

$500k

$400k

$300k$200k

$100k

100 200 300 400 500 600

Consider, for example, a $5B manufacturing company that experiences a 2.9% error rate in its monthly

transaction volume of 600K messages. The manufacturing company could be spending more than

$500K per month just to resolve data errors on inbound B2B transactions.

Figure 3

Customer

A

Integration Middleware

Customer

B

Customization to Support Large Accounts


ERP FIREWALL

Consolidated ERP Application


Customer

C

Customer

A

Customer

B

Customer

C

Integration Middleware

Consolidated ERP Application

Customer-specific technology, business process anddata field customizations within internal applications

Customer-specific technology, business process anddata field customizations within internal applications

Figure 4


8/11

Perhaps a better option is to deploy an application at the edge o the enterprise that in-

spects incoming and outgoing documents rom trading partners or data integrity issues.

The application would eectively be acting as an ERP rewall or bad data. The rewall

would inspect the contents o EDI, XML and other les in a demilitarized zone (DMZ)

or content quality. Bad data would be rejected and returned to the sender or held in a

queue or exception processing. Good data would be passed through or immediate pro-

cessing. The reality is that once bad data gets into the enterprise, it is the manuacturers

problem to deal with, regardless o where it originated. An ERP rewall is designed to

identiy and correct bad data beore it gets that ar (see Figure 4).

ERP Firewall Dened

An ERP rewall is an application that permits, denies or corrects electronic data inter-

changes between an enterprises applications and those o its external business partners,

based upon a congurable set o rules or criteria(see Figure 5).

An ERP rewall ensures that bad data rom external business partners doesnt enter the

manuacturers ERP system, polluting the quality o inormation in their enterprise appli-

cations. Much like a normal rewall, an ERP rewall examines all incoming and outgoing

data against a pre-congured rule set. A traditional rewall rule might be to block all in-

coming clear text FTP trac on port 21. Similarly, an ERP rewall rule might be to block

all ANSI X12 EDI ormats which are not ormatted, addressed or structured correctly.

Another example o a rule set might be to route any 810/INVOIC documents without a

street address, general ledger code or appropriate tax identier to an exception queue or

manual resolution by the supplier.


Customers & Distributors

ERP

APPS

LogisticsProviders

F

inancialInstitutions

Direct & Indirect Material Suppliers

Figure 5


9/11

ERP Firewall Severity Classes and Actions

There are our typical actions that an ERP rewall might take based upon its congured

rule set (see Figure 6). The action taken will, o course, depend upon the scenario

encountered:

FatalIn this scenario, the electronic document is beyond repair. Not only will

the document ail during later processing, but it could result in nancial losses to the

company or its trading partners i not stopped. As a result, the rewall should reject

the electronic document entirely by sending a ailure notication back to

the originator.

ErrorThe electronic document has a critical error that will ail upon attempted

processing. In this scenario, the error can be remedied, but only with the manual

intervention o an end-user at the originating company. For such scenarios, the

rewall should quarantine the electronic document in an exception queue or the

originator to review and repair.

WarningThe electronic document has a minor data quality error that will not dis-

rupt processing, but should be corrected, i possible, in uture scenarios. The rewall

will pass the document through to the ERP, but will also log the data quality issues

in a report. The logged warnings should be examined or requency and root cause.

The most common occurrences should be identied and remedied through collabo-

ration with the originating trading partner.

Auto-FixIn this scenario, the original document has an error that can be automati-

cally corrected by the rewall. This is the real power o the ERP rewall. In many


AUTOFIX

Correct then Retransmit

Incoming Document

FATAL

Rejectable Document

WARNING

Pass Through and Log

ERROR

Hold in Exception Queue

EDIEDI

34

1 2

Figure 6


10/11

cases, bad data can be corrected automatically beore reaching the ERP. For example,

missing elds may be looked up in a table, database, or via an application web

services call. The original document is then augmented or enriched with the new

elds and then orwarded or processing. Additional auto-x unctionality can split

documents and then route them to dierent ERP systems. Conversely, outputs rom

multiple ERPs could be merged into a single document. Another unction is data

ltering, in which unnecessary data can be stripped out o incoming or outgoing

documents to simpliy processing at the destination.

ERP FirewallsNecessary Data Protection for theManufacturing Industry

Manuacturers are investing tens o millions o dollars to consolidate, standardize, upgrade

and extend their ERP applications in order to optimize their value. However, these eorts

are undermined when bad data rom business partners corrupts and pollutes the ERP (see

Figure 7). An ERP rewall, which can be implemented at a small raction o the typical

annual sotware maintenance royalty, can reduce bad data by up to 50% with a ew simple

rule setssignicantly improving long-term ROI.


Figure 7

ROI Payback from Investment in ERPReduced by Poor Data Quality

Projected ROI

Source: GXS-Hypothetical Analysis

Year 1

Year 2 Year 3 Year 4 Year 5

Actual ROI

$600k

$500k

$400k

$300k

$200k

$100k

$(200)

$(300)

$(400)

$-

$(100)


11/11

About GXS

GXS is a leading B2B integration services provider and operates the worlds largest integration cloud, GXS Trading Grid. Our software and services help

more than 400,000 businesses, including 72 percent of the Fortune 500 and 22 of the top 25 supply chains, extend their partner networks, automate

receiving processes, manage electronic payments, and improve supply chain visibility. GXS Managed Services, our unique approach to improving B2B

integration operations, combines GXS Trading Grid with our process orchestration services and global team to manage a companys multi-enterprise

processes. Based in Gaithersburg, Maryland, GXS has direct operations in 20 countries, employing more than 2,400 professionals. To learn more, see

http://www.gxs.com, read our blog at http://www.gxsblogs.com, follow us on Twitter at http://twitter.com/gxs and join us on LinkedIn at http://www.

linkedin.com/company/gxs. You can also access our public lings w ith the Securities and Exchange Commission at http://www.sec.gov/edgar.shtml.

Copyright 2012 GXS, Inc. All Rights Reserved. August 2012 A

North AmericA ANd

GlobAl heAdquArters

GXS

9711 Washingtonian Blvd.

Gaithersburg, MD 20878US

+1-800-560-4347 t

+1-301-340-4000 t

+1-301-340-5299 f

www.gxs.com

euroPe, middle eAst ANd

AFricA heAdquArters

uNited KiNGdom

GXS Limited

18 Station Road

Sunbury-on-Thames

Middlesex TW16 6SU

England+44 (0)1932 776047 t

+44 (0)1932 776216 f

www.gxs.eu

AsiA heAdquArters

hoNG KoNG

GXS International

Room 1609-10

16/F China Resources Building

26 Harbour Road

Wanchai, Hong Kong

+852 2884-6088 t

+852 2513-0650 f

www.gxs.asia.com

JAPAN heAdquArters

toKYo

GXS Co., Ltd.

3F Akasaka 1-Chome,

Minato-ku, Tokyo 107-0052

+81-3-5574-7545 t

+81-3-5574-7560 f

www.gxs.co.jp

Documents

Protecting Mission-Critical Manufacturing Data with an ERP Firewall