Key Drivers of ERP System Adoption in the Pharmaceutical Industry



Similar documents
Leverage Your Financial System to Enable Sarbanes-Oxley Compliance: An Evaluator s Guide

Integrating Good Manufacturing Practices During the Transition from Clinical Trials to Commercial Manufacturing

BEST PRACTICES IN DEMAND AND INVENTORY PLANNING

GxP Process Management Software. White Paper: Software Automation Trends in the Medical Device Industry

ROSS ENTERPRISE RESOURCE PLANNING

Impact of Formula-Based ERP Applications on Pharmaceutical Manufacturers

Documenting Distribution Operations: FDA Validation Beyond the Laboratory and Manufacturing Facility

Add the compliance and discovery benefits of records management to your business solutions. IBM Information Management software

Beverage Solutions Delivered by Tectura

Regulatory Asset Management: Harmonizing Calibration, Maintenance & Validation Systems

Product Brief. Intacct Financials & Accounting. Intacct General Ledger

Supply Chain Management Build Connections

Compliance in the Corporate World

NCOE whitepaper Master Data Deployment and Management in a Global ERP Implementation

GET STRONGER. SMARTER. FASTER.

Process Manufacturing Solutions Delivered by Tectura

ComplianceSP TM on SharePoint. Complete Document & Process Management for Life Sciences on SharePoint 2010 & 2013

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

About ERP Software Whitepaper

TIBCO Spotfire and S+ Product Family

ERP Checklist: 6 Critical Questions for Business and IT Leaders. How to Choose a Modern Business Solution to Support Growth and Maximize Efficiency

AssurX Makes Quality & Compliance a Given Not Just a Goal

Bringing Safe and Cost Effective Products to Market

Sage X3. Now you can grow faster, without getting bigger.

Emptoris Contract Management Solution for Healthcare Providers

Provide access control with innovative solutions from IBM.

Building the Business Case for BPM Automation in Process Manufacturing

Making Compliance Work for You

Internal Controls Best Practices

The Business Value of e-invoicing

Sage ERP Solutions I White Paper

INTRODUCTION. This book offers a systematic, ten-step approach, from the decision to validate to

Thought Leadership White Paper

FACTORYTALK PRODUCTIONCENTRE Application Solutions for Manufacturing

Business Management Made Simpler

Microsoft Dynamics Process Manufacturing Telesales Guide

GXS Active. Orders. Optimizing the Procure-to-Pay Process. Order Planning and Execution. Order Lifecycle Management.

A Model for Training/Qualification Record Validation within the Talent Management System

Microsoft Dynamics NAV for Government Contractors

GROW. From Intuit QuickBooks to Microsoft Dynamics GP: A move that makes sense for growing businesses

Understanding Data Governance ROI: A Compliance Perspective

ERP Checklist: 6 Critical Questions for Financial Leaders

FDA Software Validation-Answers to the Top Five Software Validation Questions

7 Capabilities Your Software Vendor Should Offer to Support your Business Operations in China.

Wholesale Distribution Industry Outlook

Microsoft Dynamics Food and Beverage Distribution Telesales Guide

Sparta Systems. Proven Enterprise Quality Management Solutions

IBM asset management solutions White paper. Using IBM Maximo Asset Management to manage all assets for hospitals and healthcare organizations.

Sage X3 for Pharmaceuticals & Nutraceuticals

Compliance with Sarbanes-Oxley and Enterprise Risk Management Creates Best Practices in Remittance Processing for Treasury and Cash Management

Sarbanes-Oxley: Beyond. Using compliance requirements to boost business performance. An RIS White Paper Sponsored by:

Standardizing Best Industry Practices

How SUSE Manager Can Help You Achieve Regulatory Compliance

Security in Fax: Minimizing Breaches and Compliance Risks

White Paper March Consolidation automation Advancing compliance and performance management

Consumer Packaged Goods. Microsoft Dynamics NAV Solutions for Consumer Packaged Goods Companies

5 WAYS STRUCTURED ARCHIVING DELIVERS ENTERPRISE ADVANTAGE

Field Service in the Cloud: Solving the 5 Biggest Challenges of Field Service Delivery

Software Development for Medical Devices

GXS Active. Orders. Optimising the Procure-to-Pay Process. Order Planning and Execution. Order Lifecycle Management.

VendorNet Dropship Manager

The New Data Integration Model. The Next Real B2B Integration Opportunity for System Integrators & VARs

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Globalization Drives Market Need for Supply Chain Segmentation: Research & Key Strategies

The Four Elements of an Effective Food Safety Management System

whitepaper Impact of Formula- on Pharmaceutical Manufacturers

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

An Enterprise Resource Planning Solution (ERP) for Mining Companies Driving Operational Excellence and Sustainable Growth

PANTHER TRANSPORTATION MANAGEMENT SOLUTIONS. Low cost. Quick start. Big improvement.

; ; ; ; MICROSOFT BUSINESS SOLUTIONS NAVISION STANDARD

ORACLE PROCESS MANUFACTURING QUALITY MANAGEMENT

26/10/2015. Enterprise Information Systems. Learning Objectives. System Category Enterprise Systems. ACS-1803 Introduction to Information Systems

Stock Plan Administration in the Age of Sarbanes-Oxley. Compliance Considerations for Administrators

Meeting the Needs of Private Equity in the Finance Organization

ENTERPRISE MANAGEMENT AND SUPPORT IN THE AUTOMOTIVE INDUSTRY

WHITE PAPER Will Your Legacy ERP System Define Your Legacy? Making the Switch Can Help Secure Your Business and Your Reputation

A Blueprint for: Microsoft Dynamics CRM Success

How Food Manufacturers Can Protect Margins in Uncertain Times

A Blueprint for Business Software Implementation Success

Accounts Payable Automation Benefits

How to Survive an FDA Computer Validation Audit

Supplier Relationship Management Analysis PURCHASING FINANCIAL SUPPLIER BUYER PERFORMANCE ANALYSIS PERFORMANCE PERFORMANCE

Impact of Formula-Based ERP Applications on Chemical Manufacturers

TOP 5 CRM SOFTWARE SUPPLIERS GUIDE 2012

Vendor Audit and Cost Recovery: Improving Bottom Line Results WHITE PAPER

Streamlining the drug development lifecycle with Adobe LiveCycle enterprise solutions

TECHNOLOGY BRIEF. Business Benefits from Radio Frequency Identification (RFID)

NetSuite. Goes Natural. We have spoken to dozens of small business executives about their move to adopt technology.

Complete Document & Process Management for Life Sciences on SharePoint 2010

Transcription:

Key Drivers of ERP System Adoption in the Pharmaceutical Industry By Michael Webster, Director of Life Sciences, Ross Systems W H I T E P A P E R Executive Summary In support of its present and future customers, Ross Systems sponsored this white paper to help members of the pharmaceutical industry better understand the linkages between regulatory compliance requirements and ERP systems. The paper uses regulatory requirements such as Sarbanes-Oxley and Rx Pedigree as examples to demonstrate the ways in which life sciences- focused ERP systems can tremendously reduce the regulatory burden currently imposed on pharmaceutical companies. Topics covered include compliance audit processes, audit controls and e-signatures, security, process documentation, advanced pedigree notice, project accounting, and chargebacks. Ross Systems provides cgxp compliant transaction processing and work flow for materials management, manufacturing, financials and the extended life science material supply chain. Our systems facilitate faster, lower cost approvals and reduction of risk through improved compliance.

Introduction Few industries have as many regulatory agencies dictating how to process and control their product as the pharmaceutical industry. Yet compliance responsibilities have been growing even further in the last few years, extending beyond the realm of manufacturing and quality, and into financial and distribution systems. Sarbanes-Oxley and Rx Pedigree are just a few of the more recent regulations heaped on to the backs of pharmaceutical companies by state and federal agencies. Compliance with these new mandates can be costly and time-exhaustive, and penalties for non-compliance are often severe. Huge fines from the Securities and Exchange Commission and the Department of Justice including imprisonment are becoming more prevalent. Fortunately, after over 30 years experience in complying with the requirements of the Food and Drug Administration (FDA), Defense Contract Audit Agency (DCAA), and Drug Enforcement Administration (DEA), pharmaceutical companies are far better prepared than many other organizations to comply with these newer regulations. Many of the practices used to ensure GMP (Good Manufacturing Practices) compliance are transferable to meet the control standards of other regulations, such as SOX (Sarbanes-Oxley). Compounding compliance demands, SOX 404 audits have both heightened concerns over business risk, and prompted many pharmaceutical manufacturers to more closely analyze corporate risk in the area of Medicaid pricing. When considering new distribution compliance requirements such as Advance Pedigree Notices (APN) and long existing regulations for Medicare pricing an analysis of current systems, and even a company-wide comprehensive system remediation or system replacement, is often required to meet new regulations and increased scrutiny from existing regulations. Unfortunately, an organization s ability to leverage its control standards does not automatically ensure a smoother or less costly financial audit. SOX auditors have boards and financial and IT executives scrambling to not only illustrate good control, but to also prove that they have been following good control practices. It is not enough to have system related procedures in place and documentation available to illustrate control processes. Companies that can t go to the next level in providing evidence of good execution are forced into deeper audits of their records. For example, even an emerging public enterprise can expect to pay at least $30,000- $50,000 in additional in audit fees to examine financial records where proof of execution does not exist. Some pharmaceutical companies may be able to remediate their existing legacy systems to meet compliance mandates. However, most have discovered these existing applications, even if upgraded, simply will not support compliance mandates. This has led many pharmaceutical firms to implement new, robust enterprise resource planning (ERP) applications to help them meet the newly imposed control standards. Differences in the Audit Process There are two major differences between a SOX and FDA audit. The auditor s level of system s knowledge, and their business relationship with the audited organization. An FDA auditor s primary goal is to ensure quality control, manufacturing and laboratory operations are in compliance with regulations. Typically, an FDA auditor focuses more on process versus computer systems. Conversely, SOX auditors are typically financial system-savvy, often driving into deep detail on system control, reconciliation, and security. Furthermore, the pharmaceutical company s relationship with a SOX auditor is fundamentally different from their FDA auditor s relationship. The relationship with the SOX auditor is more of a business relationship. For example, if a SOX auditor discovers a deviation, he or she will work with the audited organization to ensure compliance, whereas the FDA auditor is solely focused on evaluating adherence to compliance mandates, not allocating additional resources to help remediate non-compliance findings. Additionally the audit process itself is different. It is not uncommon for FDA audits to be unscheduled. On the other hand, a SOX audit is typically much more collaborative and forgiving, as there is an additional business relationship between the audited and the auditor. What are the key areas of concern for all auditors? What are the factors driving adoption of more robust, industry-specific enterprise systems? There are several key areas a pharmaceutical company should focus on when making a decision regarding a system s ability to enable compliance. These are: Audit controls and e-signatures Record retention - no overwriting of previous data Security Division of duties Change control Process documentation Ross Enterprise White Paper

There are additional financial and supply chain-related requirements that can drive transaction and business process automation. These requirements should also be considered when determining compliance: APNs (Advanced Pedigree Notices) Project accounting and tracking Chargeback management and related Medicare/ Medicaid pricing DEA scheduled drug reporting PDMA (Prescription Drug Marketing Act) The complexities created by pervasive outsourced drug manufacturing Leveraging FDA Compliance Experience Pharmaceutical companies are hearing the same questions from both their financial auditors and FDA auditors when it comes to systems documentation and control. In this regard, practices used for GMP compliance are transferable to meeting the control standards of regulations such as SOX. In fact, requirements for documentation of process and supporting compliance for all regulated computer systems include a traceability matrix that defines the following: Identified regulations to which a company must comply System requirements definition: what does the system do and how does it do it Records showing both the system was installed in accordance with the vendor s documentation and that the system administration knowledge transfer occurred Testing plan and test scripts and evidence of testing execution for transactions and control reports Change control, deviation reporting, and corrective and preventive action A well developed compliance approach must also include security procedures for adding functional roles, users, how the user security is maintained, assurance of division of duties and all the audit controls surrounding transactional, security, and master data changes. Furthermore, a key area of focus and often a primary driver for a system s enhancement or replacement is the system s built-in controls for security, e-signatures, and audit trails. If the system is not capable of these basic requirements, it has to be replaced. And if a capable system was installed without good documentation or if it was modified after being installed without complete change control processes or proper documentation the system is either subject to an intense audit of the data records, or a re-installation of the standard software with properly documented change control. Audit Controls and e-signatures From a business controls standpoint, all lot controlled material inventory transactions should have a complete audit trail indicating: who, when, what lot, from what location, quality status, final movement location, to where even information indicating the facility or screen the user was in when they performed the transaction. In addition, any field or table in the system should have configurable controls that can be turned on to create an audit trail. Because they are critical to furthering controls and security, changes to master records (i.e., payees, products, etc.) should also be monitored and changed only with multi-level approvals, and with electronic signatures applied to the change. Another area of importance, and one which pharmaceutical companies are already familiar with, is the use of single or double electronic signatures on any transaction or mater-data change. This was functionality originally designed for compliance with CFR 21 Part 11 (FDA regulation for electronic records and signatures). In addition to single or double electronic signatures for quality and inventory movements, a system should allow the administrator to enable electronic signatures for sensitive sales, procurement, and financial transactions. These signatures record the same information as the audit trail, along with assignment of reason codes, saving of the data before the change, and recording of failure attempts for further investigation. Security When it comes to security management, the financial system should provide advanced role- based security administration. In other words, it should allow the creation of various roles (such as requisitioner, receiving, payables processing, purchasing manager, controller, etc.) and should allow the assignment of one or different roles to each user. Also, in order to use any of the transactions users should have to pass through a number of security layers to ensure proper data security. The first level of security that should be defined is the company, division, and warehouse level to obtain access to the appropriate work areas. To streamline administration, all user-names and passwords should be inherited from the operating system (Windows Active Directory). If a network policy requires users to change their password (e.g., every 30 days), the policy automatically flows through to the system s security model. Adding to the location security, transaction level security should also be in place to allow administrators to manage what specific areas of the system different users have access to, based on their roles. And finally, the transactional level security should allow administrators to specify Ross Enterprise White Paper

what transaction types users have access to, and what dollar limit, if any, is to be applied to the transaction. Division of Duties A key area of concern to all auditors is the provision for division of duties. The ability to notify one or multiple individuals of critical changes to the system code, metadata, or configuration is critical. Applying dual electronic signatures to a transaction is a appropriate use of technology to enforce division of duties. A system should enable change control security and notification, while ensuring appropriate approvals are in place prior to a change. Changes in the system should create an audit log and an event notification to multiple individuals in order to ensure widespread knowledge and authorization of a system change. Change Control The fundamental principle behind change control is to link all affected systems and processes in order to ensure full knowledge of the impact any change will have before it occurs. Fortunately, change control is commonplace in a GMP environment. As a result, IT departments familiar with GMP change control can leverage these same practices for SOX compliance. A knowledgeable auditor will ask for all change control requests and all pending changes, and will review enacted changes to ensure procedures were followed. Auditors will also review change control documentation, evaluation criteria, approvals, and ensure re-validation or system documentation and testing has been addressed. Systems supporting regulatory compliance should also be provided with complete data entity diagrams that map the data relationships and best practice change-control policies that ensure a controlled system. Every change made needs a complete set of documentation that defines the business reason for the change, system impact risk analysis, documentation of the code change, a test plan, and the results of full regression testing. Process Documentation If the system was not initially delivered with detailed standard procedures and process flows to document system processes, this level of documentation must be created. Standard operating procedure documents are typically created with swim-lane diagrams and test scripts to facilitate user acceptance and system regression testing. Integrated System Another point of concern is that of multiple, disparate systems. Integration points between systems that are the responsibility of the pharmaceutical company are always a focal point for analysis by auditors. Running systems from different vendors for inventory and financials have many critical control points that require analysis. The accounting department entering manual journal entries, and its inability to perform a three-way match in one system, creates many opportunities for systematic or human error. This makes the benefits of an integrated planning, purchasing, payables, receivables, sales, inventory, quality, manufacturing and accounting systems extremely valuable both from a control and from an operational excellence perspective. Auditors like to see journal entries automatically posted to the ledger from the subsidiary modules with no human interaction required, no uncontrolled interfaces, and no manual re-keying of data. This eliminates points of entry to the system that are untested and uncontrolled. Advanced Pedigree Notice TThe drug pedigree laws further illustrate why pharmaceutical companies with inadequate legacy systems and especially manual paper systems are rapidly implementing applications that enable an automated initiation of the Advanced Pedigree Notice (APN), a new distributionrelated compliance standard. The Pedigree laws passed by the State of Florida (effective July 1, 2006), California (effective Jan 1, 2007) and nine other states require drug distribution companies to authenticate, validate, and certify a drug s pedigree. (More states have legislation pending.) The three components of the pedigree - package label, electronic advance ship notice, and pedigree document certification cross several technology and business processes. Pedigree is especially disruptive, in the warehouse as it requires companies to create a container label with specific shipping information. In a make to stock environment it requires un-palletizing, labeling and re-palletizing. The Florida law allows for a manual or automated approach to the closed-loop communication. In the manual mode, the distributor completes a paper pedigree form and submits it to the receiver. Once in receipt of the drug, the receiver must call, email or make a web-based confirmation to affirm the pedigree. Obviously, a manual process is impractical in situations where manufacturers or wholesalers are shipping thousands of shipments every month. In these cases, an automated system is a must. And while the majority of the responsibility for compliance falls on the wholesaler, many are now passing the responsibility of initiating the pedigree to the manufacturers, creating an even greater need to automate this function. Ross Enterprise White Paper 3

Project Accounting Project accounting should be a key component when selecting and implementing systems in the pharmaceutical industry. The reason is simple: Companies engaged in research, clinical trials, and contract manufacturing must keep accurate project financial records in an environment where research and manufacturing locations are dispersed around the world. Additionally, ensuring all costs are budgeted, collected, approved and reported is critical to the CFO, the shareholders and in many cases, the U.S. Government. The DCAA, for example, has very strict criteria for maintaining records for government projects. Additionally, for contract manufacturers and those outsourcing to them, accurate record keeping is critical. For example, in the case of fixed billings for a specific amount of material output, the only way to ensure accurate profitability statements for a customer or production run is to have an automated project capture system. Managing Chargebacks A distribution-related compliance mandate gaining more scrutiny in SOX audits is the management of chargebacks. Pharmaceutical manufacturers distributing products via wholesalers are required to manage Group Purchasing Organization (GPO) contracts and chargebacks from their pharmaceutical wholesaler customers. (Members of GPOs include entities such as public health service organizations, hospitals, and drug stores.) The process begins by establishing contracts for each GPO with a member sales price that is often less than the wholesaler s purchase price from the manufacturer (called Wholesale Average Cost or WAC). The difference between these prices is presented back to the manufacturer in the form of a chargeback, and deducted from cash receipt payments by the wholesaler. chargeback submissions can present an overwhelming challenge for even a small to midsize pharmaceutical manufacturer. While it is possible to perform manual EDI transaction entry (many do), along with calculations in Access or Excel, the risks of lost revenue and more importantly Medicare/Medicaid pricing compliance is significant. Drug companies are being fined regularly for Medicare billing errors. And although chargebacks are a revenue management issue, it ties back to an important regulatory compliance issue, increasing the need for a robust financial system. Outsourced Manufacturing Aggravates the Issue Adding another layer complexity to the growing list of compliance responsibilities is the pervasive use of outsourced manufacturing. Manual paper systems within the four walls of a pharmaceutical plant may still an acceptable method of control. However, the interconnected world of outsourcing requires a far higher degree of control and systems sophistication to support the added transactional overhead. Consider the impact this has on a company with three drugs (commercial or clinical) who outsources production to a third party API (Active Pharmaceutical Ingredient), bulk, pack, and distribution supplier. Then add the complexity of having redundant suppliers for each drug at each stage of production. Beyond the responsibility to lot-trace and recall, the transaction collection at each stage is enormous in terms of good business practices for project accounting, costing, planning, and performance analysis. Below is an example of the supply chain complexity of an outsourced manufacturing supply chain: The chargeback process includes receipt of an electronic file from the wholesaler, validation of chargeback details, exception reporting, chargeback maintenance for editing and corrections, calculation of the chargeback, and finally an update to accounts receivable, customer balances and sales analysis. Needless to say, managing these contracts, its members, and electronic Ross Enterprise White Paper 4

Consider the volume of transactions from a single suppler for a single drug. Then, consider the fact that many companies have multiple drugs and redundant suppliers, making the issue even more severe. Paper, Excel, Access, and manual data collection are simply not viable solutions when a company must maintain accurate records for data analysis and rapid recall. The Importance of Industry Focus Manufacturing in the pharmaceutical industry is undoubtedly getting more complicated. The exponential increase in regulations is driving manufacturers to further analyze their financial and distribution legacy systems, causing many to replace these systems with more robust ERP solutions that enable compliance. More specifically, companies are looking for industry- specific systems that mirror their business processes, making the system easy to configure and implement. Ross Enterprise White Paper 5

About Ross Enterprise Ross Systems, Inc., a software unit of CDC Corporation (NASDAQ: CHINA), delivers innovative software solutions that help manufacturers worldwide fulfill their business growth objectives through increased operational efficiencies, improved profitability, strengthened customer relationships and streamlined regulatory compliance. Focused on the food and beverage, life sciences, chemicals, metals and natural products industries and implemented by more than 1,200 customer companies worldwide, the company s family of Internet-architected solutions is a comprehensive, modular suite that spans the enterprise, from manufacturing, financials and supply chain management to customer relationship management, performance management and regulatory compliance. For more information please visit www.rossinc.com. About CDC Software CDC Software, The Customer-Driven Company, is a provider of enterprise software applications designed to help organizations deliver a superior customer experience while increasing efficiencies and profitability. CDC Software s product suite includes CDC Factory (manufacturing operations management); Ross ERP (enterprise resource planning) and SCM (supply chain management); IMI warehouse management and order management; Pivotal CRM and Saratoga CRM (customer relationship management); Respond (customer complaint and feedback management); c360 CRM add-on products, industry solutions, and development tools for the Microsoft Dynamics CRM platform; Platinum HRM (human resources); and business analytics solutions. These industry-specific solutions are used by more than 6,000 customers worldwide within the manufacturing, financial services, health care, home building, real estate, and wholesale and retail distribution industries. The company completes its offerings with a full continuum of services that span the lifecycle of technology and software applications, including implementation, project consulting, outsourced business services, application management, and offshore development. CDC Software is the enterprise software unit of CDC Corporation and is ranked number 12 on the Manufacturing Business Technology 2007 Global 100 List of Enterprise and Supply Chain Management Application vendors. For more information, please visit www.cdcsoftware.com. USA: Global Headquarters Ross Systems, Inc. Two Concourse Parkway Suite 800 Atlanta, GA 30328 USA t: +1 770.351.9600 f: +1 770.351.0036 United Kingdom Ross Systems UK, Ltd. Pioneer House 7 Rushmills Northampton NN4 7YB United Kingdom t: +44 1 604 630050 f: +44 1 604 630495 Spain Ross Systems Iberica Frederic Mompou 5 Ed Euro 3 08960 Sant Just Barcelona Spain t: +34 93 480 28 50 f: +37 93 480 28 55 Netherlands Ross Systems Sparrenheuvel 32, 3708 JE Zeist Postbus 967, 3700 AZ Zeist Netherlands t: +31 30 288 8454 f: +31 30 288 5238 For more information or a complete list of our worldwide offices, please visit www.rossinc.com. Copyright CDC Software 2008. All rights reserved. The CDC Software logo and Ross Enterprise logo are registered trademarks and/or trademarks of CDC Software.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information