ISO and Epicor ERP

Achieving compliance and optimization

Two of the largest and most complex projects an organization can undertake are implementing ISO 9000 (and/or the more advanced versions such as 9100, 13485, 16949 etc), and implementing an Enterprise Resource Planning product like Epicor ERP.  Most of the time, these two projects are treated as separate and distinct.  Read along to learn why we think that the ideal approach is to do them together.

What is ISO?

The ISO 9000 family of standards are a normalized approach to all business practices that ensure reasonable checks and balances and present a business with a set of practices that ensure that they can meet the needs of their customers. A company that adopts the ISO standard (“the company”) reads each section of the standard and writes their own declaration of how they will comply with the requirements. It’s quite easy to understand the requirements because anytime there is the word “shall” that denotes something that requires a response from the company.

How does Epicor help answer these "shall" requirements?

For instance, there is a requirement called “contract review” that essentially says the company “shall” evaluate their capabilities and resources in a realistic manner before taking on a contract, to be sure they have the right ability to meet the customer’s requirements.  This sounds pretty straightforward, however the way they do this must provide evidence so it can be audited, either internally or externally.  This means that for instance, a qualified engineer may be required to complete a checklist, with calculations and references made to ensure that they can meet the customer’s requirements.  The checklist and specific calculations can be done on paper and kept for future review.  However, in larger organizations, an electronic system that captures this data, and ensures that no contract is taken without fulfilling this requirement may be much more efficient for the company.  This is where Epicor comes in. 

Anytime there is a new quote, Epicor can require compliance and track the actual data that supports the decision to take on a contract.  This can be done in many possible ways, but a few of the more common are:

  • Task sets are connected to quotes, and tasks can be made mandatory, so that the identity of the user, the steps done, and related documentation is permanently attached to the quote.
  • Product configurator is used within quotes when there are complex calculations and logic driven rules to ensure compliance, and the evidentiary data is maintained permanently
  • BPMs (Business Process Manager) are rules that look for a certain condition and trigger an action that can be used to enforce a company’s policy to do things to ensure they meet the customer’s needs.

Effectively implemented, Epicor provides not only a completely auditable environment, but there are many places where Epicor has built-in compliance features, including but not limited to:

  • Reason Codes – whenever a transaction is done that changes the monetary value of a product, a reason code is captured so analysis can be done on the cost of quality.  In a company without a robust ERP system, calculating the cost of quality (or as Juran first determined, the “PONC” or “Price of Non Conformity.”)  These are key leading indicators about a company’s quality system and its ability to meet requirements.
  • Controlled Documents – Epicor’s “Help” feature brings the user to the specific place in the standard documentation about the screen and field they are working with.  In addition, these standard instructions can be amended by a properly credentialed user to add the specific company’s policies as they relate to that area.  This provides controlled documents that are updated real time to all users in the company and prevents the company from manually or using other systems to document their ISO procedures.
  • For instance, let’s say a company has a policy where they require a credit report on any customer that orders something over $10,000 in value.  The policy regarding this $10,000 threshold is recorded in the “Order Entry” help section, so the policy is well communicated.  When the $10,000 order occurs, a BPM can automatically put the order on hold, and send an email request to the credit manager.  When the credit manager gets the credit report and determines credit should be extended, the credit manager replies to the email with the attached report.  Epicor picks up that approval, files the credit report attached to that order, and to the customer’s master record, and takes the order off “hold” so it can be released to the shop floor.

This kind of approach builds compliance into the ERP product and the successful utilization of the system has built in compliance with the ISO standard.

Isn’t it more costly to do it this way?

Actually, no.  When both initiatives are undertaken together, it’s much more efficient than for instance, first manually writing the ISO procedures and building checks and balances that then have to be reviewed and/or changed when the customer decides to implement an ERP product.  It’s much more inefficient for a company to implement either system rather than doing them together.  Anectotally, EpiCenter estimates that if a company spends $100,000 on each project independently, they will save approximately 25% by doing them together.  Instead of spending $200,000 on the two systems independently, the cost would be $150,000 and possibly less because of the economies of doing them together.  That’s real savings of $50,000 “hard” dollars.

How can I know if this approach is correct for my company?

EpiCenter offers a service called a Strategic Process Review which is conducted by a senior ERP consultant with experience with both ISO and Epicor.  The evaluation can take a few days, but allows the consultant to meet with all stakeholders, review current processes and controls, and the anticipated standard, and a written report is generated that outlines how the organization can integrate their business into Epicor, while at the same time installing various controls that comply with the “shalls” and resulting in a system that can be audited readily.

written by Jeffrey W. Glaze, President

Want to learn more? Contact us below!

Like this? Check out some of our other articles!