How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

How Accenture Keeps Rolling Out Sustainability

Multinational management-consulting and technology-services company Accenture has a good eye for sniffing out new business, with 305,000 employees advancing its interests in more than 200 cities in 56 countries evidence. Last year, it netted US$30 billion profit that is a tidy sum of money in anybody?s books.

Accenture also practices what it preaches. This is maximum business efficiency within moral standards. It tracks its carbon emissions from its offices around the world. Being a technology services company it is unsurprising that it automated the process. Being management consultants it can drill down to finest detail in its search for continuous improvement.

As a forward-thinking company Accenture is committed to transplanting its business skills into other organizations, in order to drive higher performance and sustain greater profits in the long term. It works with clients across borders and industries to integrate sustainability into their business models, and find effective ways to lighten carbon footprints.

The City of Seattle in Washington is a case in point. Following a proud history of nature and energy conservation, it engaged Accenture in 2013 to help it reduce downtown power consumption by 25%. Other project members were Microsoft supplying software, the local power utility for technical advice, and a non-profit to set up a smart building program. The initiative uses cloud services to process the big data generated by a host of building management services, plus a multitude of sensors, controls and meters.

The project is vital for the City. It wants to continue expanding but needs to avoid another power plant polluting its skyline. At the time of writing, the pilot sites had proved successful and the program was rolling out. Seattle?s next challenge is to acquire 15% of its energy from renewable sources by 2020.

The smart building solutions Seattle trialled in five downtown buildings, had a further welcome spinoff; by reducing operating times, facility managers can look forward to extended equipment life and fewer maintenance downtimes. The green building philosophy is alive and well in the City of Seattle, driven both by necessity and vision.

It is a no longer as question of if – but when – other urban communities follow suit. EcoVaro believes it is time long due for individual companies to start enjoying lower energy costs plus the prospect of profitably trading carbon credits. The process begins with measuring what you have and identifying cost-effective savings.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
5 Numbers showing why the Time to Invest in eCommerce in the UK is Now

A decade or two ago, you might have already had the urge to invest in eCommerce. But astute as you are, you must have decided to wait for the right time and perhaps the right place to do it. That time has come. And the right place to do it? Try the United Kingdom.

Here’s why:

1. ?100 billion worth to the UK economy

A report conducted by US-based BCG (Boston Consulting Group) showed that Internet-based business in the UK reached ?100 billion in 2009. That translated to 7.2% of the country’s GDP that year, making it bigger than industries like construction, education, and health & social work, and even slightly bigger than agriculture, hotels & restaurants, and mining, combined. Click here to see the comparison shown as a graph.

?100 billion?is certainly huge, but?the market potential of the Internet in UK is even made more evident if you also look at the numbers based on amount spent per capita…

2. # 1 in per capita spending

According to IMRG (Interactive Media in Retail Group), “the UK’s per capita spend of ?1333 (?1108) per annum” is number one in the world. This shows that people from the United Kingdom are more willing to buy goods from the Internet than other people on the planet. And this alone should tell you why UK is the best place for e-commerce.

But while you’re still pondering whether now is really the best time to invest, bear in mind that competitors who have gone to the Internet before you are already thinking of expanding …

3. 1.5 million workers in Internet retailing by 2015

Last year (2011), the number of people employed in UK e-businesses was about 730,000. While conducting its second annual e-Jobs index in 2011, IMRG (Interactive Media in Retail Group) found out that it was largely due to a rise in employment in 63% of e-businesses. The study also showed that 60% of e-businesses were also planning to beef up their employees within a year’s time.

While other sectors are shrinking their ?workforce, businesses on the Internet are growing theirs. Were they just speculating? Perhaps not…

4. 50% of parsels during 2016 pre-Christmas peak will come from e-commerce

Last year (2011), parcels coming from e-commerce accounted for 37% of all items sent through UK couriers during the November-December stretch. That volume from e-commerce was 15% higher than the previous year. This remarkable climb, which was reported by Global Freight Solutions (GFS), shows the growing confidence of customers when it comes to buying products online.

If this rate continues, items from e-commerce will easily comprise 50% of parcels by 2016. Chances this rate will continue? Let’s go to number 5 and you be the judge.

5. 66% of all adults made online purchases in 2011

A statistical bulletin published by the ?Office for National Statistics revealed that 32 million people made online purchases in 2011. That actually comprises 66% of all adults in the UK. Significant as that may seem, what is really striking is that that figure used to be 62% in 2010. So again, this proves that the number of people who buy products and services online is steadily growing.

If you really think about it, these statistics should not be surprising. The smartphone is now practically the default mobile device of anyone who owns a mobile phone. And then of course there are laptops and tablets.

With these devices on hand, coupled with the ever growing number of WiFi hotspots and telecommunications bandwidth, gaining access to the Web has never been easier.?It can be done practically anytime, anywhere.

This makes it so easy for people to search for products, compare competing brands, and eventually make a purchase from home, the office, on the terminal, or on the train.

Related post:

Integrated e-commerce ? The right way to do extend your business online

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Large scale corporate transformation

Large scale corporate transformation are the necessary actions required to increase performance in an organisation. It leads to greater performance results and greater organisational growth. It is a lasting change and can range from getting new leaders to combining the functions of different departments. It can also involve the introduction of a new phase in the life of an organisation. Large scale corporate transformation can be measured using three variables. The first variable involves determining how deep the change penetrates to all levels of the organisation. The second variable measures how entrenched it becomes in the organisation while the third measure determines the percentage of the organisation covered in the change.

Corporate transformation is essential for a company that seeks to have a greater impact and a longer life in its business sector. The process requires time and resources. The whole establishment needs to support it for success. Not only does the top management need to back it, but stockholders and staff members also need to buy the idea. This is because when the process of corporate transformation hits a barrier, it will take the entire organisation to keep it on course and complete the process. Without the support of everyone, most organisations will not complete the process.

Business transformation in recent times has begun to combine finance, HR and IT departments into one functioning piece of an organisation. This has resulted in leaner, faster, and more efficient corporate entities that produce high results and has a greater impact in its overall functioning. These three key departments are the backbone of any organisation, and the combination of the three creates an efficient organisation that translates into high performance results.

One crucial aspect of large scale corporate transformation is IT transformation, which entails the entire overhaul of any organisation’s technology systems. It adopts a more efficient platform that enhances its overall operation. IT transformation involves the use of Service Oriented Architecture (SOA) and open systems. This process is the revamping of the existing technology used to support the organisation and is critical for aligning the business functions to the mission of the organization. It touches on the current hardware and software and how they can best be improved upon for greater results. This process is necessary in the entire business transformation.

The question that needs to be addressed is how any organisation can make this process successful. First, it requires the understanding that it is not just a goal to be achieved, but a new way of thinking embraced by the entire organisation. Secondly, the leadership in place needs to be fully involved and dedicated to the process and to realise that it takes time and effort to complete such a mission. There also needs to be flexibility and adaptability in order to learn from mistakes and keep moving forward. Constant communication is also critical to ensure that everyone involved understands the current stage and the next steps to be done. Change is the only constant and is necessary for progress and success.

Ready to work with Denizon?

Contact Us Today