Sarbanes-Oxley and manufacturing IT

Primarily focused on accounting and financial controls and reporting, the Sarbanes-Oxley (SOX) Act of 2002 and recent actions by the U.S. Securities and Exchange Commission have imposed new requirements on auditors, corporate boards, and management. Public companies must have procedures and systems in place to disclose, in near real time, any significant events or circumstances that are necessa...

By Dennis Brandl, BR&L Consulting February 1, 2005

Primarily focused on accounting and financial controls and reporting, the Sarbanes-Oxley (SOX) Act of 2002 and recent actions by the U.S. Securities and Exchange Commission have imposed new requirements on auditors, corporate boards, and management. Public companies must have procedures and systems in place to disclose, in near real time, any significant events or circumstances that are necessary to protect investors or the public interest.

Manufacturing operations, though not directly involved with SOX compliance, are involved in detecting and reporting on the events that require accounting and financial attention. Production operations will be required to report on any operation that had a failure (such as product, safety, environmental, or property) that may “significantly impact” the company’s financial soundness.

For example, if a pharmaceutical company’s manufacturing site is taken off-line for eight weeks because of contamination, this could be a significant financial event. In another example, if an automotive parts manufacturer has an equipment failure in a critical assembly machine that will stop just-in-time delivery to customers, this could have a significant impact on the company’s quarter profits.

Ultimately, the SOX requirement for real-time disclosure of financial information requires real-time detection and reporting. Before the rise of lean manufacturing, real-time reporting of manufacturing problems could be handled by weekly or monthly reports. Usually companies kept enough finished goods inventory to handle some disruptions in production. However, in today’s world of lean manufacturing, a buffer of finished goods inventory may not exist. For example, Toyota North America keeps less than 1.5 shifts of inventory at each manufacturing site. If you supply a lean manufacturer, a production disruption may have a major financial impact and must be reported.

Key performance indicators

In manufacturing, SOX requirements can be met through real-time calculation and reporting on key performance indicators (KPIs)—values or rankings that summarize past performance and indicate future performance and potential problems. Manufacturing operations collects data and calculates KPIs. In addition to using this information to meet SOX regulatory compliance, operations also uses these data internally for improvements and optimization.

Calculation of KPIs requires two key manufacturing IT elements: a real-time data historian system and a data-analysis system. Real-time data historians are a mature technology and a mainstay of process manufacturing. They should be a key element of any manufacturing IT system to collect sensor, controller, and operator-entered data into time-tagged historical databases.

However, collecting information about production is not enough, data analysis to determine past performance and predict future performance (or failure) is also needed. Fortunately most data-historian vendors provide integrated data analysis packages or standard interfaces based on SQL (structured query language) and ODBC (open database connection). Data analysis packages allow plant operators to formalize the reporting rules and establish standard reports.

In a perfect world, the KPIs calculated in manufacturing would send XML messages that would trigger events in corporate business process management systems or supply chain execution systems. These systems should contain the predefined business rules to automatically follow in the case of significant events. Until we reach that perfect world, most KPIs will be reported through emails and spreadsheets with manual business processes.

The bottom line manufacturing role for SOX compliance is to reliably detect and report significant events. To do that, manufacturing IT needs to provide and support effective data historian and data analysis systems.

Author Information

Dennis Brandl, dbrandl@brlconsulting.com , is president of BR&L Consulting, a consulting firm focusing on manufacturing IT solutions, based in Cary, N.C.