This is Part 2 of a blog addressing strategies and tactics for excelling at contract compliance, specifically as it relates to a Contractor Purchasing System Review (CPSR). In this blog, specific requirements of a purchasing system are used to illustrate the tactical considerations necessary to design for solution configuration.
Provided in this Part 2 is an overview of a recommended approach for designing integrated compliance into your end-to-end procurement platform.
Understand your IT landscape
If not in existence, document the systems that process all transactions with attention especially paid to the quality (manual or electronic) of integration between systems and business processes. The degree of automation around each integration point is an indicator of potential efficiency and compliance gain through elimination of re-work and other process waste.
Clearly, when multiple ERPs, MRPs, and other systems are covered under a single system approval, practically speaking, significant solution rationalization might not be included under the scope of this endeavor.
Optimize business processes
When possible, all end-to-end procurement activity should become digital and exist in an integrated procurement platform. For example, if all procurement processes have been digitized except for the sourcing process, now is the time to invest resources in completing the digitization of the entire transaction lifecycle through solution adoption.
Summarize CPSR compliance requirements in a control matrix
This is where we roll-up our sleeves and work cross-functionally!
It is incumbent on someone in your organization to develop a control matrix that maps each of the elements identified in the CPSR Guidebook to one or multiple controls within the source-to-pay solution(s). If uncertain how to approach the creation of a control matrix, refer to a related blog on grant recipient compliance for detail regarding the mechanics of this process.
Supplementing the control matrix and following a similar structure is a process design matrix pictured below. To illustrate the process, I have selected three of the 24 criteria of a purchasing system per DFARS 252.244-7001(c). For each example criterion, indicated within a sample process design matrix are considerations that outline configuration design decisions. Your role is to consider your organization’s unique requirements and processes and use a similar approach to optimizing business processes.
For this process design matrix, the specific SAP Ariba solutions applicable to a CPSR element are identified to illustrate the variation of solutions that might be considered when designing controls.
Test each control
Following the design and configuration of your approach to complying with the above referenced DFARS requirements and other such requirements, test transaction scenarios as appropriate for your organization to ensure that all process flows result in the generation of expected internal notifications, proper conditional template/document selection, compliance documentation is developed as expected, etc. Be certain to include in your test scripts awards, revisions, various contract types, various transaction amounts, and domestic/foreign suppliers, as appropriate.
Establish user groups or roles for assignment of specific auditors
In the configuration of the platform, ensure that role-based (minimally) and event-based (ideally) roles are permitted to be assigned at the contract/transaction level should your objective be to provide auditors access to the selected audit sample.
Simulate a CPSR
The final step in preparing for production release of your newly optimized platform is to test the ability of the platform to respond to the data requirements, transaction isolation, and auditor accessibility of the audit sample. This simulation should be conducted within the general time constraints of a CPSR.
About the Author
Don Seward is Director of Value Realization at SAP. He has over 30 years of experience in regulated industries and a variety of related roles including VP of Procurement Transformation, global head of procurement, Federal Purchasing System administrator, Federal Estimating System administrator, and government audit agency liaison.
Provided in this Part 2 is an overview of a recommended approach for designing integrated compliance into your end-to-end procurement platform.
Understand your IT landscape
If not in existence, document the systems that process all transactions with attention especially paid to the quality (manual or electronic) of integration between systems and business processes. The degree of automation around each integration point is an indicator of potential efficiency and compliance gain through elimination of re-work and other process waste.
Clearly, when multiple ERPs, MRPs, and other systems are covered under a single system approval, practically speaking, significant solution rationalization might not be included under the scope of this endeavor.
Optimize business processes
When possible, all end-to-end procurement activity should become digital and exist in an integrated procurement platform. For example, if all procurement processes have been digitized except for the sourcing process, now is the time to invest resources in completing the digitization of the entire transaction lifecycle through solution adoption.
Summarize CPSR compliance requirements in a control matrix
This is where we roll-up our sleeves and work cross-functionally!
It is incumbent on someone in your organization to develop a control matrix that maps each of the elements identified in the CPSR Guidebook to one or multiple controls within the source-to-pay solution(s). If uncertain how to approach the creation of a control matrix, refer to a related blog on grant recipient compliance for detail regarding the mechanics of this process.
Supplementing the control matrix and following a similar structure is a process design matrix pictured below. To illustrate the process, I have selected three of the 24 criteria of a purchasing system per DFARS 252.244-7001(c). For each example criterion, indicated within a sample process design matrix are considerations that outline configuration design decisions. Your role is to consider your organization’s unique requirements and processes and use a similar approach to optimizing business processes.
For this process design matrix, the specific SAP Ariba solutions applicable to a CPSR element are identified to illustrate the variation of solutions that might be considered when designing controls.
Test each control
Following the design and configuration of your approach to complying with the above referenced DFARS requirements and other such requirements, test transaction scenarios as appropriate for your organization to ensure that all process flows result in the generation of expected internal notifications, proper conditional template/document selection, compliance documentation is developed as expected, etc. Be certain to include in your test scripts awards, revisions, various contract types, various transaction amounts, and domestic/foreign suppliers, as appropriate.
Establish user groups or roles for assignment of specific auditors
In the configuration of the platform, ensure that role-based (minimally) and event-based (ideally) roles are permitted to be assigned at the contract/transaction level should your objective be to provide auditors access to the selected audit sample.
Simulate a CPSR
The final step in preparing for production release of your newly optimized platform is to test the ability of the platform to respond to the data requirements, transaction isolation, and auditor accessibility of the audit sample. This simulation should be conducted within the general time constraints of a CPSR.
About the Author
Don Seward is Director of Value Realization at SAP. He has over 30 years of experience in regulated industries and a variety of related roles including VP of Procurement Transformation, global head of procurement, Federal Purchasing System administrator, Federal Estimating System administrator, and government audit agency liaison.
- SAP Managed Tags:
