Towards a Reference Model of an Environmental Management
Information System for Compliance Management
Michael Freundlieb, Frank Teuteberg
University of Osnabrück, Institute of Information Management and Corporate Governance, Katharinenstr. 1, D-49069 Osnabrück
[email protected], [email protected]
Abstract
The constantly growing number of regulations as well as additional voluntary norms and certifications in the realm of environmental sustainability cause an increasing demand for adequate software support in order to avoid compliance violations. Compliance activities such as the monitoring of business processes, data collection as well as compliance reporting can be very time consuming, resource intensive and costly. Thus, there is a need for Compliance Management software that actively verifies compliance with legal requirements and also pro-vides a company’s decision makers with a survey of the current compliance degree as well as target deviation reports on the identified control targets.
1.
Introduction and Motivation
In recent years, Environmental Management Information Systems (EMIS) have enjoyed growing pop-ularity in business practice and research alike: in times of climatic change, rising commodity prices and increasing environmental consumer awareness, companies are facing a growing number of chal-lenges regarding the environmental compatibility and sustainability of their business activities.
Environmental and sustainability regulations for business companies are often based on EU-guidelines which are transposed into German legislation in form of laws or orders. The legislative guidelines may either generally apply to all companies, as e.g. in the case of the Waste Movement Act (German: Abfallverbringungsgesetz), or only to certain commodities, products or business branches (as e.g. the Act on the Disposal of End-of-Life Vehicles (German: Altfahrzeugverordnung) affecting the automotive industry).
The fact that consumers increasingly make their purchase decisions according to ecological criteria like electricity consumption or pollutant content increases the economic attractiveness of additional voluntary certifications, norms or ecological seals for business companies. Like laws and orders, vo-luntary standards entail concrete demands on a company. Part of Compliance Management should therefore be the monitoring of compliance to these standards. Compliance is a generic term that de-scribes compliance to all obligations, directives and regulations relevant to a particular company as well as compliance to company-internal guidelines (Wecker, van Laak 2008, page 30). Companies are obliged by law to fulfill legislative requirements for environmental protection – however, the organi-zation and especially the technical implementation of Compliance Management is each company’s own responsibility. Business companies often monitor their compliance to legislative demands ma-nually and sometimes only after failing to satisfy regulations or reporting obligations. On the one hand, this results in increased expenses and a higher error rate; on the other hand the company faces penalties for non-compliance to requirements. To prevent liabilities it is often more efficient to con-duct (semi-)automated in-process surveillance of business procedures (an approach generally known as monitoring) which allows for corrective measures in due time. For this reason, adequate IT support of compliance measures in the form of Environmental Management Information Systems (EMIS) is beneficial.
In section 2 of this paper we discuss related work (e.g. reference models in the realm of environ-mental management). Section 3 introduces our reference model of an EMIS for Compliance
Manage-EnviroInfo 2009 (Berlin)
Environmental Informatics and Industrial Environmental Protection: Concepts, Methods and Tools
Copyright © Shaker Verlag 2009. ISBN: 978-3-8322-8397-1
2.
Related Work
Several reference models that focus on the field of sustainability and ecology have been developed and published in recent years, primarily by German researchers. Table 1 lists the most popular ones of those models relevant to our work.
Name / Title Reference Focus
OPUS (Bullinger et al.
2000) • Development of an organization and information model as well as an IT architecture for production-integrated environmental protection
• Integration of environmental aspects into the functional areas of construction, work scheduling, production planning and control, ac-counting and controlling
Fachkonzept für ein integriertes Produktions-, Recyclingplanungs- und Steuerungssystem (PRPS-System)
(Rautenstrauch
1997) • Integration of the recycling aspect into IT systems for production planning and control
ECO-Integral (Krcmar et al.
1997) • Comprehensive reference model of an Environmental Management Information System
ECO-Rapid (Enzler et al.
2005) • Follow-up project of ECO-integral that focuses on the integration of material flow controlling into ERP systems Konzeption eines Referenzmodells für
betrieb-liche Umweltinformationssysteme im Bereich der innerbetrieblichen Logistik
(Lang 2007) • Reference business processes for intra-company logistics SCOR 9.0 / GreenSCOR (Supply-Chain
Council 2008) • Reference business processes for supply chain management
Table 1: Popular Reference Models in the Field of Sustainability and Ecology
Table 1 shows that thus far no well-known reference model of EMIS with a focus on compliance management exists. Except for the SCOR reference model, the models listed in Table 1 have not yet been widely accepted and implemented by companies and can therefore be regarded as rather theoreti-cal models. The focus lies mostly on business processes rather than organizational structures whereas the IT-focused reference models mostly describe the functional design of IT-systems rather than their concrete implementation.
In addition to the listed reference models, several research articles dealing with closely related top-ics have been published. These articles differ significantly from our work, yet some aspects have been integrated into this research article: Goeken and Knackstedt (Goeken, Knackstedt, 2008) outline a ref-erence model for a compliance reporting system. Although their emphasis lies on the Markets in Fi-nancial Instruments Directive (MiFID) which is relevant to fiFi-nancial service providers, some aspects of their multidimensional data model can be adapted to the field of environmental compliance and have therefore been incorporated into the database model presented in section 3.4 of this paper.
Sackmann (Sackmann 2008) accentuates the general need for automated compliance management, since companies have to fulfill several regulatory requirements at the same time and manual com-pliance management causes high costs. This argument is especially applicable to the environmental sector which does not only underlie regulatory requirements but also additional voluntary standards. Sackmann lists several requirements for compliance reporting and also suggests converting regulatory demands into company policies that can be more easily monitored and managed by IT systems. These general ideas have also been integrated into this paper.
In a nutshell, several related works exist and some of their ideas have been incorporated into this re-search article. However, no widespread reference model of an EMIS for compliance management ex-ists to date, although the field of environmental sustainability offers many regulations and certifica-tions, compliance to which needs to be monitored. Therefore we believe that the reference model pre-sented in this paper can add a valuable new dimension to the research field of Environmental Man-agement Information Systems and can enhance the acceptance of EMIS by business companies.
3.
Reference Model of an EMIS for Compliance Management
3.1
Methodology
The research presented in this paper can be characterized as design science research (Hevner, March et al. 2004): we started our research work with a systematic literature review (Teuteberg, Straßenburg 2009) and a deductive and iterative construction of the reference model outlined in the subsequent sec-tions of this paper. The construction process was accompanied by expert interviews. For the evaluation of our reference model we developed a prototypical EMIS that is currently being implemented. This software prototype serves two purposes: firstly, it delivers a proof for the implementability of our ref-erence model. Furthermore, it forms the basis for a future in-depth evaluation of the presented ap-proach by means of usability experiments.
3.2
Meta Reference Model
The application area of reference modeling lies in the design of organization and application sys-tems. Reference models are reusable, universally valid models which are designed to reduce modeling errors and modeling expense occurring in a particular company. Furthermore, they have an explanato-ry function and serve as universal representations for comparative purposes and for the derivation of recommended procedures (vom Brocke 2006, pages 47-49). It must be kept in mind that reference models usually require company-specific adjustments to the selected application. A so-called Meta-Reference Model provides an overview of reference models on an abstract level. It describes the mod-eling constructs of reference models as well as their allowed interrelations. Fig. 1 presents a Meta-Reference Model of an EMIS for Compliance Management.
The Strategy Model has a direct impact on the other partial models of the reference model, since it includes the objectives for the overall system. Apart from the objectives, success factors and concrete actions to be taken are also derived and recorded in the Strategy Model. The Organization Model spe-cifies (e.g. in form of an organizational chart) the organizational units that need to be newly created or taken into account for the realization of an EMIS for Compliance Management. In the model, an orga-nizational unit (e.g. the environmental department) consists of several members of staff who fulfill a certain functional role. According to their roles, the staff members receive access to certain resources and gain access rights within the EMIS that may be stored on the database level (data model) or on the application level (report model). The Maturity Model helps to measure the quality of EMIS implemen-tations in individual companies. For example, a company can assess its maturity level by evaluating its business procedures on the basis of specified requirements and criteria. For maturity evaluation both data collection methods and analytical methods are applied. The Database Model describes the under-lying database of an EMIS in form of a logical data model (e.g. Entity Relationship Model), a relation-al data model or a more abstract multidimensionrelation-al model. The logicrelation-al data model consists of the data-base’s tables with their respective columns, data types and relations whereas the multidimensional da-tabase model includes the environmental data warehouse’s facts and corresponding dimensions. The Report Model contains a library of standard reports that are linked to each other in a hierarchical struc-ture. For instance, a management cockpit could deliver an overview of the compliance status at com-pany level. Through Drill-Down-Functionality it could also provide detailed information on critical areas, e.g. particular departments or products, to the decision makers. The staff members receive access to the reports according to their roles. Every report has its own layout and uses symbols like stop lights or trend arrows for illustration purposes. Certain quality criteria are applied to the reports.
Strategy
Objective
Action Strategy Model
ETL Process Model
ETL Process Subprocess Start of Process End of Process Data Source Transformation Step Data Target Parallelism IT Architecture Model IT Architecture Object Data Object System Control Method Data Model Environmental Data Warehouse Fact Dimension Level Organization Model Organizational Unit Employee Role
has position belongs to
fulfills Ressource uses Maturity Model Maturity Degree Requirement Criterion Implementation Time Report Model Key Figure Scale Measure Target Value Fact evaluates Parameter Qualitative Parameter Quantitative Parameter Maturity Degree Evaluation Method Data Collection Method Analysis Method Method measures are represented in affects Access Right owns are represented in applies conducts Report Basedon uses Target Group Layout / Structure Symbol linked to Quality Criterion Actual Value Target Value Dimension linked to Hierarchy Logical Operator Success Factor Access Method Module Interface
Figure 1: Meta-Reference Model of Compliance Management
The included key figures methodically evaluate facts. They have certain scales and measures and describe a quantitative or qualitative parameter. Target values for key figures can also be defined, e.g. the use of at least 50% recycled commodities in production. Thus, a target-performance comparison is made possible.
The Environmental Data Warehouse is filled with data via ETL Processes (ETL = Extract, Trans-form, Load) which are described within the ETL Process Model. The data are extracted from operative systems in the course of ETL processes before being transformed (e.g. summation, calculation of aver-age values, mapping of data from heterogeneous operative systems) and loaded into the target data-base.
The IT Architecture Model describes the IT architecture of an EMIS for compliance management and is explained in detail in section 3.3.
3.3
IT Architecture Model
Fig. 2 shows the IT Architecture Model which is part of the Meta-Reference Model presented in section 3.2. In the illustration the model is divided into four different levels: data source level, data storage level, application level and presentation level.
Figure 2: IT Architecture Model of an integrated EMIS for Compliance Management
Operative systems like PPS or ERP systems and other forms of EMIS – especially EMIS for ma-terial flow analysis and ecological accounting – can be used to supply an EMIS for Compliance Man-agement with the necessary data. Moreover, public environmental portals as the German Environmen-tal Information PorEnvironmen-tal (PorEnvironmen-talU; www.porEnvironmen-talu.de) could also act as data sources (for additional envi-ronmental databases see Page, Voigt 2003). Systems used by partners within the supply chain may al-so provide relevant data for the Active Environmental Data Warehouse, provided a cross-company al- so-lution is desired.
The data delivered by the operative systems are integrated into an Active Environmental Data Warehouse via ETL processes. For the support of Compliance Management an Active Environmental Data Warehouse should not only contain the relevant environmental data, but also regulatory demands and the requirements of additional voluntary certifications and standards. Moreover, a Data Ware-house comprises templates of standard reports including the respective key figures as well as user roles and access rights. Supplying the system with relevant data and storing these data are particularly challenging tasks (Burmann, Gomez, 2007). Apart from the identification and interfacing of the opera-tive systems, the adequacy of data structures, possible data defects or, more generally speaking, the overall data quality must be taken into account. Not all data sources are within the company’s domain, since external data from partners within the supply chain or from external environmental portals and databases need to be integrated as well. Although some approaches to standardize the exchange of en-vironmental data (such as PAS 1025 and EcoSpold) already exist, not all desirable data is available in these formats which makes the implementation of an automated data integration process more diffi-cult. The database representation of requirements to be monitored implies special challenges, since these requirements are usually formulated in natural language. Therefore, a database cannot easily represent or verify them. One possible approach to solve this problem may be to integrate the require-ments indirectly, i.e. in form of policies which are attuned to the individual company (Kharbili et al. 2008; Sackmann 2008). As opposed to the legislative texts/the certifiers’ requirements, the policies contain concrete numeric target values with which compliance can be verified automatically. At the Application Level there are several possible systems for accessing the database. The data can either be made available to the company’s decision makers in the form of standard reports or ad-hoc-reports (OLAP) or a Workflow Management System can support the monitoring of business processes. The Event Engine is of special significance because it represents the active component of the Environmen-tal Data Warehouse: if environmenEnvironmen-tal regulations are violated, the Event Engine automatically induces the generation of reports or messages via e-mail or text messages and initiates corresponding business
from the “conventional” presentation by means of client frontends reports could also be made availa-ble by means of a web frontend via the intranet or internet (Isenmann, Gomez 2008). The technical means and devices that are used to access the application level as well as the accessible systems differ, depending on the group of stakeholders the end-user belongs to (Isenmann, Lenz 2001).
3.4
Data Model
Fig. 3 shows the multidimensional data model of an EMIS for compliance management. Besides “classic” data warehouse dimensions like product, space and time the data model also contains a com-pliance specific dimension.
Figure 3: Multidimensional Data Model of an EMIS for Compliance Management (based on Burmester, Goeken 2005; Goeken, Knackstedt 2008; Seidel et al. 1998)
Along the product dimension, the compliance key figures can be aggregated from single products to product groups. The space dimension allows the end-user to examine data at the level of branches, ci-ties, regions, countries or continents. The time dimension differentiates between days, weeks, months, quarters, half-years and years whereas the latter three may either relate to the legal year or the fiscal year.
The compliance dimension enables the end-user to select the legal or voluntary framework accord-ing to which the data should be evaluated. At the highest abstraction level, the overall compliance sta-tus is presented. The overall stasta-tus can be subdivided into voluntary and legal requirements. Voluntary requirements include – but are not limited to – EMAS-, ISO- and DIN-certifications, whereas legal re-quirements can be subdivided into laws and orders that were issued either by the state, the nation or the European Union. Since voluntary as well as legal requirements are typically expressed in natural language, the requirements need to be transformed into company-specific policies. These include con-crete target values for the compliance key figures and can therefore be used to conduct target deviation reports. Thus, the general legal and voluntary requirements are made manageable by applying them to the individual company. Each policy contains several requirements which constitute the lowest aggre-gation level of the compliance dimension. The key figures included in the multidimensional areas comprise the topics of energy, exhaust air, water/sewage, waste, commodity and transportation.
4.
Prototypical Implementation
A prototype of the EMIS for Compliance Management is currently being implemented at the Chair in Accounting and Information Systems at the University of Osnabrück, using Informatica PowerCenter as ETL-tool, IBM Cognos 8 for reporting and Oracle as database management system.
During the first phase of the project the multidimensional data model shown in Figure 3 was further refined and transformed into a relational data model. The data model was then implemented, filled with random dummy data, and some first management reports were implemented. The second phase of the project will be the implementation of ETL-processes which integrate data from an SAP ERP Sys-tem and an Umberto sysSys-tem into the database. Umberto is an Environmental Management Information System for the modeling, calculation, visualization and evaluation of material and energy flows (Wohlgemuth, Mäusbacher 2008). By integrating these two data sources into the data warehouse, find-ings for the overall environmental impact of production processes can be calculated: Umberto enables companies to simulate the production process of a single product in order to determine the amount of commodities and energy consumed in the production process as well as the output of e.g. waste or CO2. By multiplying the simulation results by the number of produced goods from the ERP system, the overall environmental impact can be calculated (Burmann, Gomez 2007).
Qualitative legal requirements are quantified and thus made manageable by transforming them into a company policy. In the EU, for example, the amount of CO2 that a company may legally emit de-pends on the number of CO2-certificates that the company possesses. In this respect, the law remains very vague because it does not define a numeric maximum amount of CO2 that can be automatically monitored by an EMIS for Compliance Management. In order to determine their individual maximum emission amount the only guideline for companies is the number of certificates they own. The result-ing maximum amount can then be compared against the calculated (or otherwise measured) actual CO2 emission. We propose the utilization of a normalized compliance index that has a value of 100 if the target value stated in the company’s policy is exactly met. Accordingly, the value exceeds 100 if the target value is over-fulfilled (that is, if the actual CO2 emission is lower than stated in the compa-ny’s CO2 policy) and is below 100 if the compacompa-ny’s policy is not met.
Using a uniform compliance index throughout compliance reporting allows for correct aggregation: for example, a company’s policy may be made up of several different requirements, for each of which a compliance index can be determined. The lowest of all indices on the requirement level can then be adopted as the overall compliance index of the policy (i.e. of the next higher level). Also, using a sin-gle compliance index allows the design of management reports which are easy to grasp and contain time comparisons and trends.
Fig. 4 shows a design sample of an Environmental Compliance Report. By means of drill down/roll up functionality, the decision maker can modify the time frame or region regarded in the report. The more detailed reports allow the user to investigate how the environmental key figures have developed with respect to the target values defined in the company’s policies. The management cockpit can thus be regarded as the decision maker’s entry point into environmental standard reporting because it helps to quickly identify those requirements that demand closer attention. The environmental management information system for compliance management also supports this in-depth analysis in the sense that it offers more focused detail reports. During the ongoing course of the project, more data sources such as public environmental portals will be added to the active environmental data warehouse. This approach is consistent with the user-centered design of data warehouses suggested by Burmester and Goeken (Burmester, Goeken 2005), since according to the priorities of the end-user, more data sources can be integrated over time.
Figure 4: Design sample of an Environmental Compliance Report
The design of the management reports will be revised and advanced by taking an experimental ap-proach: the project team is going to implement different variations of reports, each using a different layout, color scheme or set of symbols for visualization. By testing the different report templates in a usability laboratory, the design of the reports will be improved. The resulting reports should ideally satisfy the following quality criteria compiled by the German Institute for Auditors (Marten et al. 2007): relevancy, adequacy, reliability, neutrality, understandability, completeness, correctness and clarity.
5.
Conclusions, Limitations and Future Work
Although the topics of environment and sustainability are gaining increasing political, social and eco-nomic significance, current business practices are still dominated by isolated applications instead of integrated EMIS (El-Gayar, Fritz 2006, page 772). However, especially for the application area of Compliance Management, it is essential to create an integrated EMIS that unites all environmentally relevant information within an enterprise, a corporate group or a supply chain. The limited spread of software using standardized exchange formats for environmental data can be regarded as a major ob-stacle to this process, making the integration of data into an Environmental Data Warehouse more dif-ficult. The number of regulatory demands is growing fast while the attractiveness of additional volun-tary certifications is on the increase, too. This gives reason to believe that in the near future integrated EMIS solutions will become part of managerial practice, and especially so in the field of Compliance Management.
Nevertheless, there is still considerable need for research on this topic area. By designing the pro-posed reference model the fundamental building blocks of an EMIS for Compliance Management have been defined and can be used for further research and the practical implementation of an EMIS. However, there are still some implications and limitations for practice. Practitioners still need in-depth knowledge on environmental regulations, on policy engineering and the development of adequate me-trics for the identification of compliance violations in order to implement the proposed concept. More-over, an adequate tool support for efficient and effective policy engineering is desirable. More ad-vanced analyses (e.g. by conducting usability experiments) of the usability of compliance reports could support the conceptual validation of this research. The economic evaluation of our proposed ap-proach is part of our future research.
Acknowledgement
References
Bullinger, H.-J., Eversheim, W., Haasis, H.-D., Klocke, F. (Eds.) (2000): Auftragsabwicklung opti-mieren nach Umwelt- und Kostenzielen, Berlin.
Burmann, A., Marx Gómez, J. (2007): Data Warehousing with Environmental Data. In: Marx Gómez, J. et al. (Eds.): Information Technologies in Environmental Engineering, pages 153-160. Burmester, L., Goeken, M. (2005): Benutzerorientierter Entwurf von unternehmensweiten
Data-Warehouse-Systemen. In: Ferstl, O. K., Sinz, E. J., Eckert, S., Isselhorst, T. (Eds.): Wirtschafts-informatik 2005, Heidelberg, pages 1421-1440.
El-Gayar, O., Fritz, B. D. (2006): Environmental Management Information System for Sustainable Development – A Conceptual Overview. In: The Communications of the Association for Infor-mation Systems, vol. 17, 34, pages 756-784.
Enzler, S., Krcmar, H., Pfennig, R., Scheide, W., Strobel, M. (2005): Eco-Efficient Controlling of Ma-terial Flows with Flow Cost Accounting – ERP-Based Solutions of the ECO Rapid Project. In: Hilty, L. M., Seifert, E. K., Treibert, R. (Eds.): Information Systems for Sustainable Develop-ment, Hershey.
Goeken, M., Knackstedt, R. (2008): Referenzmodellgestütztes Compliance Reporting am Beispiel der EU-Finanzmarktrichtlinie MiFID. In: HMD Praxis der Wirtschaftsinformatik, vol. 44, 263, pa-ges 47-57.
Hevner, A. R., March, S. T, Park, J., Ram, S. (2004): Design Science in Information Systems Re-search. In: MIS Quarterly, vol. 28, 1, pages 75-105.
Isenmann, R., Lenz, C. (2001): Customised Corporate Environmental Reporting by Internet-based Push- and Pull-Technologies. In: Eco-Management and Auditing, vol. 8, 2, pages 100-110. Isenmann, R., Marx Gómez, J. (2008): Internetbasierte Nachhaltigkeitsberichterstattung, Berlin. Kharbili, M. E., Stein, S. Markovic, I., Pulvermüller, E. (2008): Towards a Framework for Semantic
Business Process Compliance Management. In: Sadiq, S., Indulska, M. zur Muehlen, M. (Eds.): Proc. of GRCIS, Montpellier, pages 1-15.
Krcmar, H., Dold, G., Schneide, W., Oettinger, M., Kreeb, M., Wagner, B., Strobel, M., Hoffmann, A., Enzler, S., Fischer, H., Seifert, E. K. (1997): ECO-Integral - Referenzmodell für DV-gestütztes Umweltmanagement. In: UWF, vol. 5, 4, pages 28-31.
Lang, C. V. (2007): Konzeption eines Referenzmodells für betriebliche Umweltinformationssysteme im Bereich der innerbetrieblichen Logistik, Aachen.
Marten, K.-U., Quick, R., Ruhnke, K. (2007): Wirtschaftsprüfung, Stuttgart.
Page, B., Voigt, K. (2003): Recent History and Development of Environmental Information Systems and Databases in Germany. In: Online Information Review, vol. 27, 1, pages 37-50.
Rautenstrauch, C. (1997): Fachkonzept für ein integriertes Produktionssystem, Recyclingplanungssys-tem und SteuerungssysRecyclingplanungssys-tem (PRPS-SysRecyclingplanungssys-tem), Berlin.
Sackmann, S. (2008): Automatisierung von Compliance. In: HMD, vol. 44, 263, pages 39-46. Seidel, E., Göllinger, T., Weber, F. M. (1998): Umweltkennzahlen in drei Wirtschaftszweigen. In:
Seidel, E., Clausen, J., Seifert, E. K. (Eds.): Umweltkennzahlen – Planungs-, Steuerungs- und Kontrollgrößen für ein umweltorientiertes Management, München, pages 123-139.
Supply-Chain Council (2008): SCOR 9.0 Model Reference; www.supply-chain.org/
Teuteberg, F.; Straßenburg, J. (2009): State of the Art and Future Research in Environmental Man-agement Information Systems - A Systematic Literature Review. To appear in: Athanasiadis, I. N., Mitkas, P. A., Rizzoli, A. E., Marx Gómez, J. (Eds.): Information Technologies in Environ-mental Engineering, Proc. of the 4th Intern. ICSC Symposium. Analyzed articles:
http://www.uwi.uos.de/emisreview.pdf
vom Brocke, J. (2007): Construction Concepts for Reference Models. In: Loos, P., Fettke, P. (Eds.): Reference Modelling for Business Systems Analysis, London, pages 47-75.
V. (Eds.): Konzepte, Anwendungen, Realisierungen und Entwicklungstendenzen betrieblicher Umweltinformationssysteme (BUIS), Aachen, pages 37-56.
