How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

IT Security and the Threats from Within

When the economy makes a downturn, companies, then eventually, employees suffer. Now, I’m sure you’re wary of frustrated laid-off employees stealing valuable data. Who knows? That information might end up in the hands of your competitors. Then as if that threat weren’t enough, there may be jobless IT specialists who turn to rogue activities either to earn a quick buck or simply out of lack of anything productive to do.

That’s not all, as we’ve got more news for you. When we think of IT Security, what instantly comes to mind are hackers and acts laced with mal-intent. However, a recent worldwide survey on IT security showed organisations were more inclined to expect data leakage as a result of accidental exposure by employees (45%) than of anything maliciously performed by an external entity (15%).

If you’re not aware of this, you’ll be focusing your spending on protection against incoming attacks while exposing your innards through accidental leakages. Our solution? While we’ll naturally provide your data with protection from outside threats, we’ll also put special attention in protecting it from the inside.

The defences we’ll put up include:

  • Data Loss Prevention
  • Network Security
  • Firewalls
  • Malware
  • Authentication and Access Control
  • Mobile Security
  • Forensics
Why Predictive Maintenance is More Profitable than Reactive Maintenance

Regular maintenance is needed to keep the equipment in your facility operating normally. All machinery has a design lifespan, and your goal is to extend this as long as possible, while maintaining optimal production levels. How you go about the maintenance matters, from routine checks to repairing the damaged component parts?all before the whole unit needs to be tossed away and a new one purchased and installed. Here, we will break down the different approaches used, and show you why more industries and businesses are turning to proactive maintenance modes as opposed to the traditional reactive approaches for their?field service operations.?

Reactive Maintenance: A wait and see game

Here, you basically wait for a problem to occur, then fix it. It’s also commonly referred to as a “Run-to-Failure” approach, where you operate the machines and systems until they break. Repairs are then carried out, restoring it to operational condition.?

At face value, it appears cost-effective, but the reality on the ground is far much different. Sure, when the equipment is new, you can expect minimal cases of maintenance. During this time, there?ll be money saved. However, as time progresses there?ll be increased wear, making reliance on a reactive maintenance approach a costly endeavour. The breakdowns are more frequent, and inconsistent as well. Unplanned expenses increase operational costs, and there will be lost productivity during the periods in which the affected machinery won’t be in operation.?

While reactive maintenance makes sense when you’re changing a faulty light bulb at home, things are more complicated when it comes to dealing with machinery in industries, or for those managing multiple residential and commercial properties. For the light bulb, it’s easier to replace it, and failure doesn’t have a ripple effect on the rest of the structures in the household. For industries, each time there is equipment failure, you end up with downtime, production can grind to a halt, and there will be increased environmental risks during equipment start-up and shutdown. If spare parts are not readily available, there will be logistical hurdles as you rush the shipping to get the component parts to the facility. Add this to overworked clients in a bit to complete the repair and to make up for lost hours and delayed customer orders.

For field service companies, more time ends up being spent. After all, there?s the need of knowing which parts needed to be attended to, where they are, and when the servicing is required. Even when you have a planned-out schedule, emergency repairs that are required will force you to immediately make changes. These ramps up the cots, affecting your operations and leading to higher bills for your client. These inconveniences have contributed to the increased reliance on?field service management platforms that leverage on data analytics and IoT to reduce the repair costs, optimise maintenance schedules, and?reduce unnecessary downtimes?for the clients.

Waiting for the machinery to break down actually shortens the lifespan of the unit, leading to more replacements being required. Since the machinery is expected to get damaged much sooner, you also need to have a large inventory of spare parts. What’s more, the damages that result will be likely to necessitate more extensive repairs that would have been needed if the machinery had not been run to failure.?

Pros of reactive maintenance

  1. Less staff required.
  2. Less time is spent on preparation.

Cons of reactive maintenance

  1. Increased downtime during machine failure.
  2. More overtime is taken up when conducting repairs.
  3. Increased expenses for purchasing and storing spare parts.?
  4. Frequent equipment replacement, driving up costs.?

This ?If it ain’t broke, don’t fix it? approach leads to hefty repair and replacement bills. A different maintenance strategy is required to minimise costs. Proactive models come into focus. Before we delve into predictive maintenance, let’s look at the preventive approach.?

Preventive Maintenance: Sticking to a timetable

Here, maintenance tasks are carried out on a planned routine?like how you change your vehicle?s engine oil after hitting a specific number of kilometres. These tasks are planned in intervals, based on specific triggers?like a period of time, or when certain thresholds are recorded by the meters. Lubrication, carrying out filter changes, and the like will result in the equipment operating more efficiently for a longer duration of time. While it doesn’t completely stop catastrophic failures from occurring, it does reduce the number of failures that occur. This translates to capital savings.??

The Middle Ground? Merits And Demerits Of Preventive Maintenance

This periodic checking is a step above the reactive maintenance, given that it increases the lifespan of the asset, and makes it more reliable. It also leads to a reduced downtime, thus positively affecting your company?s productivity. Usually, an 80/20 approach is adopted,?drawing from Pareto’s Principle. This means that by spending 80% of time and effort on planned and preventive maintenance, then reactive maintenance for those unexpected failures that pop up will only occur 20% of the time. Sure, it doesn’t always come to an exact 80/20 ratio, but it does help in directing the maintenance efforts of a company, and reducing the expenses that go into it.?

Note that there will need to be a significant investment?especially of time, in order to plan a preventive maintenance strategy, plus the preparation and delegation of tasks. However, the efforts are more cost effective than waiting for your systems and machinery to fail in order to conduct repairs. In fact, according to the US Dept. of Energy, a company can save between 12-18 % when using a preventive maintenance approach compared to reactive maintenance.

While it is better than the purely reactive approach, there are still drawbacks to this process. For instance, asset failure will still be likely to occur, and there will be the aspect of time and resource wastage when performing unneeded maintenance, especially when technicians have to travel to different sites out in the field. There is also the risk of incidental damage to machine components when the unneeded checks and repairs are being carried out, leading to extra costs being incurred.

We can now up the ante with predictive maintenance. Let’s look at what it has to offer:

Predictive Maintenance: See it before it happens

This builds on preventive maintenance, using data analytics to smooth the process, reduce wastage, and make it more cost effective. Here, the maintenance is conducted by relying on trends observed using data collected from the equipment in question, such as through vibration analysis, energy consumption, oil analysis and thermal imaging. This data is then taken through predictive algorithms that show trends and point out when the equipment will need maintenance. You get to see unhealthy trends like excessive vibration of the equipment, decreasing fuel efficiency, lubrication degradation, and their impact on your production capacities. Before the conditions breach the predetermined parameters of the equipment’s normal operating standards, the affected equipment is repaired or the damaged components replaced.??

Basically, maintenance is scheduled before operational or mechanical conditions demand it. Damage to equipment can be prevented by attending to the affected parts after observing a decrease in performance at the onset?instead of waiting for the damage to be extensive?which would have resulted in system failure. Using?data-driven?field service job management software will help you to automate your work and optimise schedules, informing you about possible future failures.

Sensors used record the condition of the equipment in real time. This information is then analysed, showing the current and future operational capabilities of the equipment. System degradation is detected quickly, and steps can be taken to rectify it before further deterioration occurs. This approach optimises operational efficiency. Firstly, it drastically reduces total equipment failure?coming close to eliminating it, extending the lifespan of the machinery and slashing replacement costs. You can have an orderly timetable for your maintenance sessions, and buy the equipment needed for the repairs. Speaking of which, this approach minimises inventory especially with regards to the spare parts, as you will be able to note the specific units needed beforehand and plan for them, instead of casting a wide net and stockpiling spare parts for repairs that may or may not be required. Repair tasks can be more accurately scheduled, minimising time wasted on unneeded maintenance.??

Preventive vs Predictive Maintenance?

How is predictive different from preventive maintenance? For starters, it bases the need for maintenance on the actual condition of the equipment, instead of a predetermined schedule. Take the oil-change on cars for instance. With the preventive model, the oil may be changed after every 5000?7500 km. Here, this change is necessitated because of the runtime. One doesn’t look at the performance capability and actual condition of the oil. It is simply changed because “it is now time to change it“. However, with the predictive maintenance approach, the car owner would ideally analyse the condition of the oil at regular intervals- looking at aspects like its lubrication properties. They would then determine if they can continue using the same oil, and extend the duration required before the next oil change, like by another 3000 kilometres. Perhaps due to the conditions in which the car had been driven, or environmental concerns, the oil may be required to be changed much sooner in order to protect the component parts with fresh new lubricant. In the long run, the car owner will make savings. The US Dept. of Energy report also shows that you get 8-12% more cost savings with the predictive approach compared to relying on preventive maintenance programs. Certainly, it is already far much more effective compared to the reactive model.?

Pros of Predictive Maintenance

  1. Increases the asset lifespan.
  2. Decreases equipment downtime.
  3. Decreases costs on spare parts and labour.
  4. Improves worker safety, which has the welcome benefit of increasing employee morale.
  5. Optimising the operation of the equipment used leads to energy savings.
  6. Increased plant reliability.

Cons of Predictive Maintenance

  1. Initial capital costs included in acquiring and setting up diagnostic equipment.
  2. Investment required in training the employees to effectively use the predictive maintenance technology adopted by the company.

The pros of this approach outweigh the cons.?Independent surveys on industrial average savings?after implementing a predictive maintenance program showed that firms eliminated asset breakdown by 70-75%, boosted production by 20-25%, and reduced maintenance costs by 25-30%. Its ROI was an average of 10 times, making it a worthy investment.

Proactive Preventative Maintenance: How IoT and Field Service Management Software Helps

FieldElite, our mobile workforce management software, has been key to several industries? return on investment. Whether it’s for plumbing, electrical, property management, cleaning, and maintenance, FieldElite has provided data centralisation for efficient management of these business activities. 

Field service management software is important to utilise current workload, and also helps resolve future issues. We’re talking about a proactive approach to preventative maintenance. 

How exactly do field service managements help in preventative maintenance? 

The answer lies in how field service management is interlinked with IoT in predicting future jobs for the mobile service industry.  

What is IoT? 

Simply put, the Internet of Things (IoT) is a network of devices and sensors connected to the internet. These ?things? (e.g. your smartphone or smartwatch) enable data to be sent and be received without human intervention.

Fundamentally, IoT is about devices being connected to the internet to allow remote monitoring

For many years now, remote monitoring for IT infrastructure has been widely used. 

What’s new that we’re experiencing right now is even the smallest devices ? individual light bulbs and sensors ? can have a network and internet connection, allowing entire systems to be monitored in great detail. 

Implementing IoT and accessing data can be challenging for most service organisations. However, when combined with predictive analytics and field management software, it can have a huge potential impact on individual businesses and the service industry as a whole. 

What is Preventative Maintenance? 

Preventive maintenance refers to regular, routine maintenance to help keep equipment up and running, preventing any unplanned downtime and expensive costs from unanticipated equipment failure. 

The goal of preventative maintenance is to decrease the likelihood of a machine or an equipment’s failure by performing regular maintenance. 

Preventative management can be very complex, especially for companies with a fleet of equipment or customers. It requires careful planning and scheduling of maintenance on equipment before there is an actual problem. 

Also, preventive maintenance is evolving. It’s not just about scheduling the same work every month to prevent failure anymore. Today, working smarter with better information about equipment conditions is critical to ensure maintenance is effective.

That’s where IoT and field service management software, like FieldElite, comes in. Together, they organise and carry out preventive maintenance needs for service industries. 

How IoT and FieldElite Helps in Preventative Maintenance

With FieldElite and IoT technology, you get the best in preventive maintenance management.

  • Evaluation of equipment or machines ? the condition of machines or equipment is evaluated in order to predict when maintenance needs to be performed. 
  • Automated work order ? automated time-based work order creation
  • Full condition-based plans allows you to do the following:
    • Right-size your maintenance work
    • Lower costs
    • Extend the life of your or customer?s assets 
  • Quicker reporting ? due to its efficient and automated nature, IoT and field service management software can reduce a field technician?s average report time from two weeks to two days, therefore boosting your cash flow! 

That’s the most important result a mobile service management software can produce (in connection with preventative maintenance). It’s cost-saving! This can be achieved over routine or time-based preventive maintenance, as tasks are only performed when they are needed. 

The Internet of Things (IoT) and field service management software is changing field service as we know it. 

Companies who adapt and utilise these technologies will benefit the most from the resulting competitive advantage of preventative maintenance. 

Start elevating every field service experience now!  

Our field service software, FieldElite helps you: 
  • Accepts jobs in the field
  • Automate appointment scheduling
  • Manage scheduled jobs 
  • Get real-time visibility into all operations
  • Have a clear and easy viewing of job locations 
  • Resolve field service calls faster 
  • Enable mobile workers to get the job done right
  • Keep customers updated at every step 
  • Create quotations and accept payments 
  • Analyse efficient reports from field technicians
  • Helps in proper preventative maintenance management. 

Learn how to schedule jobs to field workers with ease. Check out FieldElite

CONTACT US

  • We seek to understand your technology and business challenges
  • We tailor a demonstration of our platform and solutions to align to your specific needs
  • We answer any questions and make sensible recommendations
  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today