QAD Enterprise Solutions & Global Corporate Governance Maryann Hafner / Solution Engineer March 2004

1. QAD Enterprise Solutions & Global Corporate Governance Maryann Hafner / Solution Engineer March 2004

2. Globalization

3. Corporate Governance

4. Corporate Governance

5. Corporate GovernanceWhat is it? • Operating a business organization in compliance with allgovernment and agency laws and regulations • Focusnow onprinciple-basedvs. historical rules-based for accounting and disclosure • Overarching goal of performance with integrity

6. Corporate Governance Principles:current globalregulations  Context:ERP application relevance  Support:QAD enterprise solutions

7. global Corporate Governance • Sarbanes-OxleyAct of 2002(SOX) • Adopted by USA and associated Global Operations • International Financial Reporting Standards (IFRS)International Accounting Standards (IAS) 2005 • Adopted by European Union (EU), Australia, Hong Kong, Korea, Malaysia, Singapore, Canada, China, Russia-pending, global movement in EEA, Iceland and Norway…mandatory and optional regulatory compliance

8. SOXvs.IFRS IFRS Driving Purpose • Directly remove barriers to cross-bordertrading – single capital market. Uniform reporting standard to provide internationally comparable financial & non-financial information on which to base economic decisions • SOX Driving Purpose • Legislatively demand corporate responsibility and accountability from corporate executivesto all stakeholders in order to restore investor confidence.

9. It’s about…integrityof operationstransparencyof disclosureaccountabilityfor accuracy

10. Sarbanes Oxley Act of 2002 sox

11. Corporate Governance inUS • Sarbanes-OxleyAct of 2002(SOA, SOX, Sarbox…) • Compliance Deadlines: (varying) • 404 - Fiscal Year ending on or after June 15, 2004 > $75M Fiscal Year ending on or after June 15, 2005 < $75M • Primary Initiatives: (Business Systems) • Disclosure of internal business controls & processes • Accelerated Reporting Deadlines • Exec Certification - personal liability for accuracy • Rapid Disclosures of material events

12. Section 302 Mandates CEO and CFO personal certification of financial statements and filings including personal review, does not contain untrue information, responsibility, design and assessmentof effectiveness of disclosure controls and procedures in place – disclosure of weaknesses to auditors and audit committee. Section 906 Mandates CEO and CFO personal certification ensuring 10-K’s, 10-Q’s, annual reports as well as periodic reports containing financial information complies with Sarbanes-Oxley/1934 Act, represents an accurate representation of the firm’s financial condition. Section 404 Requires annual filing of internal controlevaluation report, whereby, companies are required to document existing controls that have bearing on financial reporting, test them for effectiveness, report gaps and deficiencies. Must establish and maintain internal controls that conform to standards for financial reporting (e.g.,COSO Framework). External auditor attestation. Section409 Requires disclosure to public information on a “rapid and current basis”of material changes to the firm’s financial condition or operations.  Sarbanes-Oxley Act

13. Sarbanes-Oxley Timeline Section 404 Internal Control Activity Phasing • Phase I – Discovery & DocumentationNOW • Phase II - Gap AnalysisFY04 Audits • Phase III – RemedialAction2004 - 2006 • Phase IV – Monitor FOREVER

14. SOX Internal Control Timeline

15. Internal Control…What is it? • A process, effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories • Effectiveness and efficiency of operations • Reliability of financial reporting • Compliancewith applicable laws & regulations - as defined by COSO Enterprise Risk Management

16. It meansInternal Control… • …is a process. It is a means to an end, not an end in itself. • …is effected by people. It’s not merely policy manuals and forms, but people at every level of an organization. • …can be expected to provide only reasonable assurance, not absolute assurance, to an entity’s management and board. • …is geared to the achievement of objectives in one or more separate but overlapping categories.

17. Operations • Financial Reporting • Compliance Internal Control:COSO Frameworkfor Enterprise Risk Management • Activities • Business Unit • Divisions • Enterprise

18. Evaluating Internal Control: 3 Dimensions • Consists of 2points of focus • Entity level • Activity (process) level • Consists of 3objectives: • Effectiveness and efficiency of operations (safeguarding of assets) • Reliability of financial reporting • Compliance with applicable laws and regulations • Consists of 5components: • Control environment • Risk assessment • Control activities • Information and Communication • Monitoring

19. Internal Controlis uniqueto an organization • Enterprise risk management is a dynamic process. • No two entities will, or should, apply enterprise risk management in same manner. Capabilities and needs differ dramatically by industry and size, and by culture and management philosophy…one company's application of the enterprise risk management framework – including the tools and techniques employed and the assignment of roles and responsibilities for enterprise risk management – often will look very different from another COSO Framework

20. International Financial Reporting Requirements IFRS

21. Corporate Governance - GLOBAL • International Financial Reporting Standards(IFRS),aka International Accounting Standards(IAS) Compliance Deadlines: • European Union by 2005 • HOWEVER must have comparative financial data for prior years • Various national adoption • Permitted or not permitted as option • Required for some or all domestic listed companies

22. IFRS Initiatives • CONSOLIDATIONS- Consistent & comparable Global Financial Reporting • TRANSPARANCY -Additional detail disclosure of enterprise wide information, analysis and reporting of business by segment • MEASUREMENTfor assets & liabilities - Valuation and Recognition • Harmonized PERFORMANCE measurement • MOVEfrom national GAAP to IFRS

23. Regulated Corporate Governance Rules-basedPrinciple-based Accounting & Disclosure

24. Software Applications Compliance Support

25. Gartner…. Sarbanes-Oxley does not regulate technology; however, using technology effectively can reduce the cost, time and risk of an enterprise’s compliance activities. Although Sarbanes-Oxley doesn’t directly regulate information technology, IT is the backbone of the financial processes that the law regulates

26. AMR Research 2003

27. compliance supportSoftware Tools & Systems • ERP (manufacturing, distribution, accounting…) • Best-of-breed financial (revenue management…) • Business Process Management • Risk and Reporting Management • Business Performance Management - Analytics/BI • Document and Records Management • Compliance Management – documentation & analysis • Auditor Tools • Basic IT system infrastructure/Security Mgmt • Basic IT system infrastructure/Collaboration (e-mail, storage and tracking)

28. compliancesupportandEnterprise Corporate Responsibility An ERP application/system can… • provideautomated process controls and tools that enable an enterprise to be able to support compliance An ERP application/system does not… • make an enterprise compliant An ERP application/system is not… • “compliant” in and of itself

29. technology-enabled accountability • Global internal visibility • Global externaltransparency & comparability • Harmonizeddata andreporting • Consistent “real-time”performance disclosure • Systematized/documented internal control • Systematized/documented event workflow • “Real-Time” alert event notification • Audit Dashboards,“Electronic Audit Committees” • Integrated disparate systems • Centralized shared business processes

30. Operations • Financial Reporting • Compliance Internal Control:COSO Frameworkfor Enterprise Risk Management ERP Support • Activities • Business Unit • Divisions • Enterprise

31. IC ComplianceSupport Operations Internal Control Related • System Security • Process Security • InformationSecurity–validation, completeness, integrity, authorization • Communication Security - documents, consolidation • Process Automation and Maps – enterprise standard/consistent • Process Workflow – authorizations and approvals • Enterprise Operations Visibility –inventory, credit, performance • Process/Controls Monitoring – manufacturing, distribution, admin • Enterprise Scorecard analysis – KPIsstrategic objectives • Close Process - signoff,consolidation, reconciliation, speed, visibility • Event/ Exception Alerts – initiate remedial action/disclosure ERP

32. IC ComplianceSupport Reporting Internal Control Related • Data Harmonization • Disparate systems Integration • Financial Results – consolidations, XBRL, accelerated • Audit - internal and external • Operations process/performance monitoring • Intermediary financial performance real-time monitoring • Integration with non-financial Information • Secure Collaboration ERP

33. IC ComplianceSupport Compliance Internal Control Related • Reducedreconciliation, consolidation, close time • Accelerated period-end results & reports publication • Faster access torepeatable and meaningful information for • Alerts and KPIs for potential “material event” occurrences ERP

34. QAD Enterprise Applications Compliance Support

35. People Quote To Cash Plan & Execute Financial Integrity Financial Transparency Design to Obsolescence ValidationDocument ManagementeSignatures BI Alerts SecurityAudit TrailsTraceability Service & Support Business Processes Plan & Fulfill Requisition To Pay Financial Shared Services Work Flow XBRL Consolidation Financial Reporting Processes Systems Financial Accountability QAD ComplianceSupport Architecture

36. QAD Financial Compliance Support Goals • Financial Business Process Cycles (BPC) • Increase enterprise visibility • Increase data integrity • Increase process integrity • Reduce reconciliation/close time • Raise security • Automate manual processes • Enhance auditibility/traceability • Deliver enterprise key information • Capture required transaction information

37. compliancesupportActivities • QAD product business process Controls/Security Utilization Customer Assessment program (QScan) • QAD product security and controls utilization customer training • QAD current and imminent product launches supporting data and process integrity and security • QAD base-product enhancements regarding business data and process security, internal control, analytics and reporting • QAD new product development regarding enterprise internal control, visibility, data rationalization, shared services, analytics, alerts and reporting • “Co-partner” for complementary compliance support software • QAD Global Services to address organizational unique system requirements

38. compliancesupportNew QAD Product/Feature Releases • eB2 – Financial Enhancements • Logistics Accounting • Control liabilities and variances on logistics charges • Extended Account Structure • Additional reporting and analysis capability • Linked Site Costing • Eliminate costly copy processes • Removes the need for redundant data at distribution sites • Purchase & Work Order Accounting • Associate purchasing and AP variance accounts by product line, site and supplier type • Maintain work order accounts by product line and site • Multi-Entity Accounting • Visibility of inter-company accounts by entity • Use shared services forAccount Payable with a database

39. compliancesupportNew QAD Product/Feature Releases • eB2.1 Shared Services Domain • Provides new infrastructure support for enterprise transparency • One DB with Multiple Base CurrenciesandChart of Accounts • One DB with Centralized IT admin control & standardization • Enhanced business unit & user security • Shared Services foundation for process standardization • Enhanced GL consolidation foundation and features • GL enterprise consolidation within DB - no export needed • Enhanced GL transaction drill-down within database • Enterprise centralization with flexible business unit operation autonomy

40. Plant 1 Plant 2 Plant 3 ERP Database ERP Database ERP Database Plant 1 Logical Partition by Domain Plant 2 Logical Partition by Domain Plant 3 Logical Partition by Domain Single MFG/PRO eB2.1 Shared Services Domain Database MFG/PRO eB2.1 Shared Services Domain Solution

41. eB2.1 Shared Services DomainBusiness Unit Operations & GL Consolidation Enterprise G/L Reporting Plant 1 Logical Partition by Domain Plant 2 Logical Partition by Domain Plant 3 Logical Partition by Domain Plant 4 Logical Partition by Domain ENTERPRISE Logical Partition by Domain GL Consolidation

42. eB2.1 Shared Services DomainGL Entity Consolidation Entity 1000 Domain A EUR Entity 2000 Domain B SFR Entity 3000 Domain C GBP Entity 4000 Domain D MXP Entity 5000 Domain E CND Entity 6000 Domain F USD Consolidation Consolidation Entity 9001 Domain G EUR Entity 9002 Domain H USD Consolidation Entity 9999 Domain I USD

43. eB2.1 Shared Services DomainGL Consolidation Drill-Down • During consolidation cross-reference records are created, linking source transaction to consolidation record • Drill-down functions are available, allowing drill-down from consolidation to detail records in other domains

44. DomainUser Security • In User Maintenance: • Defines the Domains to which a user can have access • Which Domain is the primary Domain (the one to which a user logs in by default.) • The Security Groups to which a user belongs for each domain -determines menu functions to which he/she will have access for a specific domain.

45. compliancesupportNew QAD Product/Feature Releases General Security Enhancements • Enhanced Password Complexity & Aging: • Allows specification of minimum length and amount of numeric/non-numeric signs • Forcing users to periodically change passwords • Prevention of re-use of passwords • Enhanced User Administration: • Introduction of User Groups (replacement of old security groups) • Enhanced Intrusion Detection: • E-mail to administrator group • After number of failed login attempts, deactivation of account • Logon Attempt Report

46. compliancesupportNew QAD Product/Feature Releases • Advanced Inventory Management (AIM) • Enhanced data control and accuracy by use of automated barcoding and radio-frequency techniques • Allows decreased inventory carrying costs • Decreased inventory and space optimization • Inter-warehouse movement traceability and transaction analysis • Obsolescence risk management

47. compliancesupportNew QAD Product/Feature Releases • Audit Trails • Infrastructure on all QADDB tables • Configurable by table • Secure, computer generated, time-stamped • Record date and time of • operator entries • actions that create, modify, or delete e-records • Will not obscure previously recorded information • Retention as long as required for subject electronic records

48. Audit Trails

49. compliancesupportNew QAD Product/Feature Releases • CSS – Customer Self-Service • Customer Self-Service for direct system order capture and visibility • Systematically controlled catalog management • Automated standard order process • Reduction in administration expense

50. QAD CSS