7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
1/11
Protecting Mission-Critical
Manufacturing Data withan ERP Firewall
A GXS White Paper for the Active Business
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
2/11
In todays manufacturing sector, outsourcing is becoming the norm, rather than
the exception. Companies are specializing their value chains. Original equipment
manufacturers (OEMs) that were traditionally production-oriented are increasingly
outsourcing many of their manufacturing and supply chain functions to third parties
(contract manufacturers, freight forwarders and third-party logistics providers).
Back-ofce functions, such as accounts payable (AP), human resources (HR) and
information technology (IT) management, are steadily being sourced to specialized
business process outsourcing (BPO) rms. The overall result of this outsourcing phe-
nomenon is that manufacturers are more dependent than ever on business partnersto perform daily operations. Additionally, enterprise IT systems are more dependent
on data originating in the applications of these partners. In order to gain visibility to
outsourced, external processes, manufacturers must be able to synchronize data in
real time with their business partners.
Thirty Percent of ERP Data Originates Outside the Enterprise
A 2009 AMR Research report entitled ERP Projects Create Signicant B2B Opportuni-
ties ound that one-third o all data housed in an enterprise resource planning (ERP)
system originated outside the organization. AMR ound that external data came rom
three key sources: customers and distributors (43%), suppliers and contract manuacturers
(31%), and third-party logistics providers and transportation carriers (17%) (see Figure 1).
Figure 1
AMRs study results put into perspective the critical role that business-to-business (B2B)
integration technologies play in enabling ERP. The study also underscores the need to
monitor the quality o inormation fowing in and out o external interaces. Hundreds o
millions o dollars have been invested in master data or products, customers, employees,
assets and suppliers in the past ew years. However, there has been relatively little ocuson inormation quality or non-master, transactional data related to a specic order. Data
throughout the liecycle o an order originates rom a variety o sources (see Figure 2). The
original purchase order might come rom a customer. Shipment status updates might origi-
nate rom transportation carriers and third-party logistics providers. Payment details might
be consolidated, enriched and delivered by banking institutions. Unortunately, the trading
partners conducting the highest volumes o B2B transactions are also the ones causing the
highest numbers o data quality issues.
2 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape
Source of Externally Originated Data in ERP
Customers & Distributors
Suppliers & Contract Manufacturers
Third-Party Logistics Providers &Transportation Carriers
Other
9%
43%
31%
17%
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
3/11
Figure 2
Bad Data from Suppliers
Supplier data is notoriously bad, especially rom smaller vendors. However, buyers typicallyhave enough leverage with vendors to require them to conorm to data quality rules.
Common examples o bad data passed rom suppliers into ERP applications include:
Shipment and Order MismatchesFrequently, the quantities or part numbers in a
shipment do not exactly match the original purchase order. Suppliers may over- or
under-ship quantities due to pallet conguration. One part number or stock-keeping
unit (SKU) may be substituted or another due to inventory shortages or product
discontinuations.
Shipping TolerancesSuppliers requently over- or under-ship relative to the quan-
tity requested. For example, a buyer may have issued a purchase order (PO) or 500
units o a particular SKU. However, the vendor shipped a ull pallet conguration
consisting o 512 units. For high volume SKUs, such over-shipments may be allow-
able because the inventory will be depleted quickly. In other scenarios with lower
turn or higher priced SKUs, over-shipping may not be acceptable.
Country-Specic Invoice FieldsEach o the countries in the European Union
speciy that certain elds must be populated in an invoice or it to be considered
legally valid. Examples o mandatory elds include value-added tax (VAT) identica-
tion numbers, buyer/seller name and address, nature o goods supplied or services
rendered, VAT rate, and amount paid. Several Latin American countries have intro-
duced e-invoicing regulations in recent years, as well.
Invoice with no Purchase OrderBuying organizations oten use POs as a business
control to ensure that only authorized personnel are placing orders with preerred
vendors. The existence o an invoice without a PO suggests that someone is circum-
venting the normal procurement process. However, there are certain types o services
such as telecommunications, utilities and acilities leases or which there is typically
no PO corresponding to an invoice.
Business Application
Enterprise Resource
Planning
Procurement and
Sourcing
Transportation
Management System
Finance and Accounting
Treasury Workstation
Human Resources
Information Technology
Customer Forecasts, Customer
Orders
Product Catalog, Pricing,
Promotions, Vendor
Shipment Status, Import/Export
Documentation
Supplier Invoices, Customer
Invoices, Remittance Advices,
Payroll, General LedgerBank Account Statements, Foreign
Exchange Transactions, Securities
Ownership
Recruiting, Performance,
Compensation, Employee Records
Data Center, Network, Application
Status, Trouble Ticket Status
Customers, Distributors, Brokers,
Agents, Resellers
Vendors, Suppliers, Transportation
Providers
Providers, Freight Forwarders, Customs
Brokers, LTL, TL, Parcel Carriers, 3PLs
Vendors, Customers, F&A BPO
Providers, Payroll BPO Providers
Cash Management Banks,
Securities Broker/Dealers,
Foreign Exchange Banks
HR BPO Providers
IT Outsourcing Providers
Data Types External Data Sources
Protecting Mission-Critical Manufacturing Data with an ERP Firewall 3A GXS White Paper
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
4/11
Multiple Purchase Orders in one InvoiceMost companies preer that invoices
only contain line items rom a single purchase order. Mixing items rom dierent
purchase orders creates challenges during invoice approval, especially when the POs
originated rom dierent divisions or ERP applications.
Invoice on Goods Not ShippedMost buying organizations have negotiated pay-
ment terms o 30, 60 or 90 days with vendors. The invoice date is typically the start
o the payment period. To avoid premature billing, most buyers state that invoices
will not be accepted until the goods have been shipped and the corresponding ad-vance ship notice (ASN) processed.
Invoice, Receipt and Order MismatchesFrequently, the quantity, price or part
numbers on invoices do not match the corresponding elds on the original order
or the physical goods received. In such scenarios, additional research must be
perormed beore the invoice can be processed or payment.
Bad Data from Logistics Providers
Logistics data is requently incomplete and inaccurate. Bad data leads to poor supply
chain visibility, lack o carrier perormance metrics and the inability to adequately plan
receiving eorts. Common examples o bad data passed rom logistics providers into
ERP applications include:
Missing Time ZoneMany shipment status messages provide a date and timestamp
or a logistics activity, but not an accurate time zone. Consequently, the date
and time inormation is not useul or decision making or carrier perormance
measurements.
Missing QuantityMany suppliers populate the quantity eld in an ASN, but ail
to provide the unit o measurement. For example, an ASN might speciy that 3000
o a specic item has been shipped, but not state whether the unit o measurementis individual units or cases.
Missing CurrencyShipment messages oten contain the reight charges associated
with a container or load. However, suppliers requently do not populate the unit o
measurement or the currency. Consequently, the customer does not know whether
the amount specied refects the currency o the originating or destination country.
Meaningless CodesBuyers, suppliers and transportation carriers each use dier-
ent codes in electronic data interchange (EDI) documents to represent locations,
vendors and countries. However, the codes are oten company-specic, making them
meaningless once they travel rom one trading partner to another.
Out-of-Sequence DataDue to the asynchronous nature o B2B communications,
documents can arrive in a dierent sequence than the one in which they were cre-
ated. For example, an ocean reight status message might arrive prior to the ASN
indicating that the goods have let the point o origin.
4 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
5/11
Protecting Mission-Critical Manufacturing Data with an ERP Firewall 5A GXS White Paper
Backdated ShipmentsSuppliers and carriers sometimes attempt to backdate elec-
tronic documents or orders that were supposed to be ullled on an earlier date.
This allows them to avoid costly invoice deductions and penalties or missing their
perormance commitments, but can cause their trading partners conusion.
Bad Data from Customers
In terms o data quality, customers are a companys most challenging trading partners.
They are the greatest source o bad data, and the group that companies have the leastamount o infuence over. Examples o common problems rom inbound customer data
include:
Discontinued SKUs or Part NumbersManuacturers requently change the part
numbers or global trade identication numbers (GTINs) or their products.
A GTIN or part number might be retired and replaced with a newer model when
there is a substantial change to packaging, pricing, product eatures or brand name.
In other cases, a GTIN or part might be discontinued due to lower than expected
sales volumes.
Unknown LocationLocations are oten specied by codes in EDI documents. Cus-
tomers may request that shipments be delivered to a warehouse, manuacturing plant
or retail store code that is not listed in the suppliers location database. This is com-
mon with new stores, plants and warehouses.
Inaccurate Pricing or TermsWhile sales orders containing invalid part numbers or
ship-to locations can be corrected manually, errors in pricing or contract terms are
not easily xed. In many cases, the transmission o a PO acknowledgement consti-
tutes acceptance o the customers pricing, terms and conditions. Suppose a customer
transmits an order or 100 units o SKU ABC at a price o $50. However, SKU ABCs
negotiated price or this customer is actually $500. Furthermore, the minimum order
quantity o SKU ABC is 1000 units. I the supplier acknowledges the PO withoutcorrecting the data, they may be orced to accept the lower price and order quantity.
Out-of-Sequence PO ChangesStudies have ound that the average PO changes 4.4
times during its liecycle. Due to the asynchronous nature o B2B integration, it is
possible that PO changes may be received by a supplier out o sequence. For example,
the third update in a series o our might be received last (e.g. a sequence o 1-2-4-3).
I the suppliers ERP application does not re-correlate the sequence o changes, then
the order will be ullled incorrectly, resulting in customer satisaction issues and pos-
sible compliance penalties.
Incomplete Order DataCustomers sometimes send orders, orecasts and requests
or quotes without all o the required data elds necessary to process or conrm the
request. Customers also use reerence data that is meaningul to their internal applica-
tions, but not to their suppliers. For example, a customer sends their purchase order
number or part number in a document, but what is needed by the receiving ERP
application in order to process the request is the suppliers sales order number or
part number.
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
6/11
The Impacts of Bad Data
Both line o business managers and IT personnel should be concerned about the conse-
quences o this growing problem. Bad data pollutes a manuacturers ERP system, resulting
in decreased ROI rom the ERP investment and a corresponding loss o productivity and
prot. A study by AMR Research conducted in the discrete manuacturing segment ound
that, on average, 2.9% o transactions originating rom external trading partners required
exception processing or error handling. The consequences o exception processing resulting
rom poor data quality are numerous: Longer Time to ProcessTime-sensitive processes may be delayed while accounting,
warehouse and customer service personnel research and resolve data issues. For ex-
ample, i an invoice is posted to an accounts payable system without a general ledger
number to apply the cost against, then an accounting clerk must contact the supplier
or internal buyer to capture the appropriate data. I a purchase order is pushed to
an order management system with an invalid part number or SKU, then the sales
organization must contact the customer to discuss an appropriate substitution.
Higher Cost to ProcessPersonnel must spend time and eort manually correcting
data in the ERP application or xing problems resulting rom processing bad data.Higher volumes o manual processes unnecessarily infate costs and erode prot
margins. For example, in the retail industry, studies have determined that over
60% o invoices have data errorsand each error typically costs between $40 and
$400 to correct.
More Mistakes During ProcessingThe probability o an error occurring increases
exponentially with the introduction o manual processes. However, human interven-
tion can be relatively inexpensive compared to scenarios where bad data goes unde-
tected. Consider the costs or a manuacturer that misses a contract commitment or
ullls a major order incorrectly.
Data quality errors might seem insignicant when considered at the microscopic level o
each individual order. However, increased days sales outstanding (DSO) costs rom invoice
processing delays and customer penalties rom ailed ulllments can quickly compound
and have a substantial nancial impact (see Figure 3).
The Need for an ERP Firewall
Why arent ERP applications designed to capture business process and data quality errors?
Actually, SAP and Oracle can provide extensive business logic and data integrity checks
within their applications. When an end user keys data in to a graphical interace, the native
ERP business logic can be congured to detect a wide variety o errors. However, when thedata fows through a B2B integration gateway and is subsequently uploaded into an ERP
database, very little data-checking occurs.
What can manuacturers running ERP do to prevent bad data rom corrupting their
enterprise applications? One option is to hire a systems integrator to develop custom code
6 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
7/11
to enorce data integrity standards or B2B imports and exports. Additionally, a new set o
user interaces would be required to manage exceptions identied by the data checks. Any
customizations to ERP applications come with signicant overhead. With each new release
o the vendors sotware, the customer must perorm extensive regression testing and, oten,
sotware updates.
Protecting Mission-Critical Manufacturing Data with an ERP Firewall 7A GXS White Paper
(Per Month)
Costs of Processing ErrorsUSD
Transactions per Month (Thousands)
(Millions)
$600k
$500k
$400k
$300k$200k
$100k
100 200 300 400 500 600
Consider, for example, a $5B manufacturing company that experiences a 2.9% error rate in its monthly
transaction volume of 600K messages. The manufacturing company could be spending more than
$500K per month just to resolve data errors on inbound B2B transactions.
Figure 3
Customer
A
Integration Middleware
Customer
B
Customization to Support Large Accounts
Customization to Support Large Accounts
ERP FIREWALL
Consolidated ERP Application
Customization to Support Large Accounts
Customer
C
Customer
A
Customer
B
Customer
C
Integration Middleware
Consolidated ERP Application
Customer-specific technology, business process anddata field customizations within internal applications
Customer-specific technology, business process anddata field customizations within internal applications
Figure 4
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
8/11
Perhaps a better option is to deploy an application at the edge o the enterprise that in-
spects incoming and outgoing documents rom trading partners or data integrity issues.
The application would eectively be acting as an ERP rewall or bad data. The rewall
would inspect the contents o EDI, XML and other les in a demilitarized zone (DMZ)
or content quality. Bad data would be rejected and returned to the sender or held in a
queue or exception processing. Good data would be passed through or immediate pro-
cessing. The reality is that once bad data gets into the enterprise, it is the manuacturers
problem to deal with, regardless o where it originated. An ERP rewall is designed to
identiy and correct bad data beore it gets that ar (see Figure 4).
ERP Firewall Dened
An ERP rewall is an application that permits, denies or corrects electronic data inter-
changes between an enterprises applications and those o its external business partners,
based upon a congurable set o rules or criteria(see Figure 5).
An ERP rewall ensures that bad data rom external business partners doesnt enter the
manuacturers ERP system, polluting the quality o inormation in their enterprise appli-
cations. Much like a normal rewall, an ERP rewall examines all incoming and outgoing
data against a pre-congured rule set. A traditional rewall rule might be to block all in-
coming clear text FTP trac on port 21. Similarly, an ERP rewall rule might be to block
all ANSI X12 EDI ormats which are not ormatted, addressed or structured correctly.
Another example o a rule set might be to route any 810/INVOIC documents without a
street address, general ledger code or appropriate tax identier to an exception queue or
manual resolution by the supplier.
8 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape
Customers & Distributors
ERP
APPS
LogisticsProviders
F
inancialInstitutions
Direct & Indirect Material Suppliers
Figure 5
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
9/11
ERP Firewall Severity Classes and Actions
There are our typical actions that an ERP rewall might take based upon its congured
rule set (see Figure 6). The action taken will, o course, depend upon the scenario
encountered:
FatalIn this scenario, the electronic document is beyond repair. Not only will
the document ail during later processing, but it could result in nancial losses to the
company or its trading partners i not stopped. As a result, the rewall should reject
the electronic document entirely by sending a ailure notication back to
the originator.
ErrorThe electronic document has a critical error that will ail upon attempted
processing. In this scenario, the error can be remedied, but only with the manual
intervention o an end-user at the originating company. For such scenarios, the
rewall should quarantine the electronic document in an exception queue or the
originator to review and repair.
WarningThe electronic document has a minor data quality error that will not dis-
rupt processing, but should be corrected, i possible, in uture scenarios. The rewall
will pass the document through to the ERP, but will also log the data quality issues
in a report. The logged warnings should be examined or requency and root cause.
The most common occurrences should be identied and remedied through collabo-
ration with the originating trading partner.
Auto-FixIn this scenario, the original document has an error that can be automati-
cally corrected by the rewall. This is the real power o the ERP rewall. In many
Protecting Mission-Critical Manufacturing Data with an ERP Firewall 9A GXS White Paper
AUTOFIX
Correct then Retransmit
Incoming Document
FATAL
Rejectable Document
WARNING
Pass Through and Log
ERROR
Hold in Exception Queue
EDIEDI
34
1 2
Figure 6
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
10/11
cases, bad data can be corrected automatically beore reaching the ERP. For example,
missing elds may be looked up in a table, database, or via an application web
services call. The original document is then augmented or enriched with the new
elds and then orwarded or processing. Additional auto-x unctionality can split
documents and then route them to dierent ERP systems. Conversely, outputs rom
multiple ERPs could be merged into a single document. Another unction is data
ltering, in which unnecessary data can be stripped out o incoming or outgoing
documents to simpliy processing at the destination.
ERP FirewallsNecessary Data Protection for theManufacturing Industry
Manuacturers are investing tens o millions o dollars to consolidate, standardize, upgrade
and extend their ERP applications in order to optimize their value. However, these eorts
are undermined when bad data rom business partners corrupts and pollutes the ERP (see
Figure 7). An ERP rewall, which can be implemented at a small raction o the typical
annual sotware maintenance royalty, can reduce bad data by up to 50% with a ew simple
rule setssignicantly improving long-term ROI.
10 Protecting Mission-Critical Manufacturing Data with an ERP FirewalA GXS White Pape
Figure 7
ROI Payback from Investment in ERPReduced by Poor Data Quality
Projected ROI
Source: GXS-Hypothetical Analysis
Year 1
Year 2 Year 3 Year 4 Year 5
Actual ROI
$600k
$500k
$400k
$300k
$200k
$100k
$(200)
$(300)
$(400)
$-
$(100)
7/28/2019 Protecting Mission-Critical Manufacturing Data with an ERP Firewall
11/11
About GXS
GXS is a leading B2B integration services provider and operates the worlds largest integration cloud, GXS Trading Grid. Our software and services help
more than 400,000 businesses, including 72 percent of the Fortune 500 and 22 of the top 25 supply chains, extend their partner networks, automate
receiving processes, manage electronic payments, and improve supply chain visibility. GXS Managed Services, our unique approach to improving B2B
integration operations, combines GXS Trading Grid with our process orchestration services and global team to manage a companys multi-enterprise
processes. Based in Gaithersburg, Maryland, GXS has direct operations in 20 countries, employing more than 2,400 professionals. To learn more, see
http://www.gxs.com, read our blog at http://www.gxsblogs.com, follow us on Twitter at http://twitter.com/gxs and join us on LinkedIn at http://www.
linkedin.com/company/gxs. You can also access our public lings w ith the Securities and Exchange Commission at http://www.sec.gov/edgar.shtml.
Copyright 2012 GXS, Inc. All Rights Reserved. August 2012 A
North AmericA ANd
GlobAl heAdquArters
GXS
9711 Washingtonian Blvd.
Gaithersburg, MD 20878US
+1-800-560-4347 t
+1-301-340-4000 t
+1-301-340-5299 f
www.gxs.com
euroPe, middle eAst ANd
AFricA heAdquArters
uNited KiNGdom
GXS Limited
18 Station Road
Sunbury-on-Thames
Middlesex TW16 6SU
England+44 (0)1932 776047 t
+44 (0)1932 776216 f
www.gxs.eu
AsiA heAdquArters
hoNG KoNG
GXS International
Room 1609-10
16/F China Resources Building
26 Harbour Road
Wanchai, Hong Kong
+852 2884-6088 t
+852 2513-0650 f
www.gxs.asia.com
JAPAN heAdquArters
toKYo
GXS Co., Ltd.
3F Akasaka 1-Chome,
Minato-ku, Tokyo 107-0052
+81-3-5574-7545 t
+81-3-5574-7560 f
www.gxs.co.jp