Corporate Governance

Corporate Governance in the Supply Chain, Part 5

The Information & Communication aspect of the COSO SOX compliance framework deals contains two components - information and the communication of the information. Information can be thought of as accurate data in a usable format. How usable the data is will be dependent upon, among other characteristics, who is going to use it and for what purpose. Data that makes no sense or does not help us make a decision has very little use - it does not accurately inform us to help make a decision. Therefore, good data given to us for the wrong reason serves no purpose. Data that lacks integrity or is otherwise inaccurate cannot really be considered information. Information that is delivered too late or after-the-fact has little use at that time, though the information itself may have been very useful at another time, such as earlier (before a decision had to be made).

Communication characteristics include the medium (paper report, online query, dashboard, spreadsheet, document, word-of-mouth, etc.), and the timeliness of the information. Often the information must be shown to have relevance against a baseline, especially critical when data is presented visually as in dashboards. For example, is $100,000 in open receivables a lot or a little? What if that $100,000 represented 10% of all open receivables? Would it make a difference if 75% of the $100,000 was attributed to one customer? So, even good information in a "single dimension" may not tell the whole story; we need the "second dimension" to understand the relevance of the information.

Information can be communicated to and from the organization from both external and internal sources. Customers can provide sales data and inventory levels, and suppliers can provide a "heads-up" for replenishment orders, electronic bills-of-lading for shipments, barcode labels on cartons and pallets, etc. Similarly, internal departments must communicate information to each other, as raw materials, finished goods, monies, quality assurance results, production numbers, sales order demands, etc. is passed along the supply chain. The notification of suspected fraud is another example of information that must be communicated.

Integrity in the (internal/external) supply chain can only happen when good, relevant information is communicated effectively throughout the organization. However, there are constant impediments to this actually happening: pride and politics, lack of data management tools, lack of information reporting systems, chaos, unreliable computer systems, fraud, etc.

The tone at the top - the Control Environment - is the most effective way to break down the barriers of pride and politics; employees at all levels must not fear telling supervisors problems, asking for training, etc., and there should be a hierarchical process for the employee's voice to be heard. External entities must be instructed how to exchange information with the organization. But for customers and vendors it is not enough to instruct - the organization must enable by providing the means (likely via technology such as Electronic Data Interchange) for various types of information to be communicated. Standards for how different types of data will be structured should be established, in collaboration when possible.

I was the IT Manager at a small, privately-owned apparel company in Miami back in the early 1990's. In the management meetings, the owner was always challenging the department managers to cut costs, especially as they pertained to manufacturing. The managers would always rebuff this, stating that costs were as low as possible; their requests for numbers, i.e. actual costs, were always denied by the owner. I figured out a way to generate a great costing report from the computer system, one of the reports the software company said was not possible to do. At the next management meeting I passed out the cost analysis for everyone to see as the discussion again turned to cost reduction. The owner was so shocked that the reports were almost immediately ripped from the hands of the managers, and I had to promise never to reveal that information again. Employees must be provided with and entrusted with the information needed to do their jobs. What type of tone did this company owner set for his managers? (Not a very trusting one!)

The lack of data management tools - for example, barcode scanning - adds question to the accuracy of manually collected data which also reduces operating efficiency versus automated data collection. Even with good data collected, if it is reported inaccurately it has no real value. The unreliability of a computer system, such as the Enterprise Resource Planning (ERP) system or the accounting system can have serious consequences if the output information is not audited or verified for accuracy. As with barcode scanning, the movement from paper-based transactions to electronic data helps to ensure data is captured faster and more accurately, and can be validated quicker and easier.

The failure to ensure that good information is passed through the supply chain can lead to raw material or finished goods out-of-stocks, creation of delayed or inaccurate financial statements, reduced cash-on-hand due to higher-than-needed inventories or to cover for continual emergencies such as expedited shipping for raw materials or finished goods, other operational inefficiencies, etc. This is the foundation for good supply chain integrity: good information that allows the right people to make good (and even proactive) decisions about the organization's operations.

Frustrated with dysfunctional computer systems, employees may resort to keeping (more reliable) data on paper in unlocked desks or in spreadsheets on unsecured computers. This creates something akin to an underground data reporting system. Now the organization has unsecure (and probably unaudited) data not stored in the main business software application (i.e. the ERP system) upon which the organization relies on for financial reporting. Employees may actually be performing double entries of data, once into a computer system they know is inaccurate, and once onto their notepad or into their spreadsheet. And to add insult to injury, this extra work may be occurring while the employee is collecting overtime pay!

Information and communication can be summarized as "who needs to know what, when, and how". This part of good supply chain governance requires the organization to establish: (1) who are the users of information; (2) what does each user need to know to perform their job functions to the best of their abilities; (3) when (in regards to timeliness) does the user need to know the information; and (4) how (in what format) will the information be delivered.

Our thanks to this article's author, Norman Katz, CFE, President of Katzscan, Inc. ( of Katzscan, Inc. is a consulting firm located just 20 minutes north of Fort Lauderdale, Florida, specializing in supply chain technologies & operations. Norman graduated from the University of Florida in 1985 with a Bachelor of Science degree in Business Administration majoring in Computer Information Sciences. Norman is a Certified Fraud Examiner, a Florida licensed Private Investigator, and holds a Certification in Corporate Governance from Tulane University College of Law. Information on detecting and reducing fraud in the supply chain can be found at Information on supply chain governance can be found at Norman can be e-mailed through his web sites or contacted by telephone at 954-942-4141.

DISCLAIMER: This Corporate Governance article is provided as an informational resource and does not constitute legal advice. The information provided in this article is based on the laws in effect at the time the article was published. Laws related to this article's topics may change over the course of time. Visitors to this website should not rely upon or act upon this information without seeking professional legal counsel.


Follow Maximize on:

Maximize Blog Maximize on Facebook Follow Maximize on Twitter

Corporate Governance
is critical to the health and well being of every company.

Receive our Corporate Governance Series.
There is no cost to you.

We respect your privacy.





Home | About Us | Marketing and Sales | Financial Management | Operations HR | IT | Our Team
Maximize Management Blog | Corporate Governance Articles | Code of Ethics | References | Contact Us | Sitemap

© 2007, MAXIMIZE Management, Inc. All Rights Reserved