How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

Green Business!

Carbon emissions reduction has evolved beyond simply good citizenship to being a business tool. Implementing ?green? initiatives is now a competitive weapon which defines real business opportunities and bottom line savings that can contribute significant financial value to the organisation while meeting demanding customer requirements for sustainable and low-carbon products.

Energy efficiency is a low cost resource for achieving carbon emissions reduction. Better energy efficiency simply translates to lesser carbon emissions and less energy usage which translates into saved costs.

Reduction of an organisations carbon footprint is each and everyone?s responsibility. Human activities are the key responsibility for the release of greenhouse gas emissions into the atmosphere. These include usage of electricity generated from fossil fuel, heating or driving.

At the corporate level, various measures can be instigated to increase energy efficiency. Some of these can be, having zone lighting with sensors to minimise unnecessary office lighting, timers on large IT equipment, promoting energy efficient behaviour in the office, asking staff to switch off and unplug appliances when not in use and minimising staff travel.
At the individual level; it is the small habits that count; cultivating the habit of switching off unnecessary lights, plugging out appliances that are not in use, using video conferencing or online chatting instead of having to travel to meetings, using public transport instead of taking a taxi/ personal car and using energy efficient cars.

All these initiatives assist organisations in their corporate social responsibility reports and play a role in sustainability rankings which is instrumental to customers who are increasingly considering sustainability rankings in investment decisions, while achieving the goal of cost reduction internally.

Field service and improved visibility

A manager is someone who has control over a company. They are given the responsibility of overseeing what the company does and making important decisions. The manager is the most important person in the empire and needs to be in the know at all times. Not what happened a day ago but in real-time and from any place.

Information is necessary for this to happen. It needs to be concise, brief and straightforward. Ideally, access to job status, location information, customer information, notifications and location information should be on the palms of their hands.

To sum it all up, there should be fluid communication among personnel in the field. Information should be accessed easily from one place as it flows to another to maintain steady two-way communication. This is possible with automation meaning that no amount of data will be left unseen or unused because of paperwork that was never handed over or looked into, reducing the chance of misinformation or missing information to a minimum.

Ways improved visibility will help your business through Field Service

Organisations using field services will agree that improved visibility has more business benefits and the real question is what aspect needs improving rather than discussing the benefits.

Real-time visibility

Managers need to be in the know from anywhere at any time. The manager needs information about the company. The need not to be physically present to have an idea of what’s going on. They should know everything at all times, from what was planned for the day to real-time events.

All this information should be easily accessed from one central point and should contain everything about the company and other relevant information.

Extending the back office into the field

This two-way communication is virtually irreplaceable. At any time, the information should flow among technicians in the field and those in the back office. This will help to have a better idea of how to manage the workload and come up with solutions to some work-related issues.

Everyone in the team should be informed and be up to speed about real-time events. Keeping everyone updated improves visibility because they can make updates and decisions based on the kind of information they get.

No more lost paperwork

Managing paper trail can be quite a hassle for organisations. With tons of workload, there can be many delays meaning that some information might be missed or forgotten. People might also choose not to turn up for work for days on end and can affect how much info is processed. Some work can be left undone, and work not invoiced.

When organisations use field service management services, information is fed only once and everything else is done automatically. Say goodbye to lags or relying on last month?s data. Work will move faster because people will have more time to focus on important things rather than chasing an endless paper trail.

Business intelligence

Field service management technology will let you know what is being done in the field and with such an abundance of data, will make sound decisions for the business.

Every decision is hinged on cold facts. Information needs to be easily accessed and filtered into the right categories so that sound business decisions are made from the collected data.

Growing revenue

The abundance of real-time information and improved visibility can determine whether a business will grow or not. Each piece of information can show trends that are critical for any business to improve. Trends show how each sector is doing and sheds more light into specific areas that need a total overhaul. This may include improving customer service, products on retail or hiring more technicians.

Without information, a company is one step closer to going out of business. Every action should be geared to increase the revenue and this starts by making the right choices.

Visibility when working offline

Working offline is an issue that can affect visibility. Sometimes agents will need to work in areas that have little network coverage or are deep down working in tunnels or are around heavy machines and turbines. Field service solutions are built for the mobile environment and for workers who may find themselves in non-connected areas so that they can still use their device while offline. This makes sure that there is no loss of information while working in-field

Time-saving

Certainly, business is constrained to its environments and if the demand changes it should prove to be flexible enough to adjust to changes as they happen. Field service solutions operations like schedule need to update instantly. Once activities start rolling, nothing should create lags in the schedule so that operations flow seamlessly at all time.

Field workers can then make updates and document changes easily on the job site directly on their device by using responsive site menus, drastically saving time while feeding data and complete orders.

Improved customer service

It is not a clich? to say that the customer is always right. With real-time information, both field service and back-office technicians can improve customer relations and satisfaction. With a unified system of sharing information like the ERPs and CRMs, the field officer can know more about specific clients, their history and other data to know more about what should be done in current and future orders. This means that better decisions will be made for each customer.

How improved visibility benefits different parts of the organisation

Improved visibility in all areas of the business makes information more accessible. Here are some of the benefits that various sects of a business can get from improved visibility.

? The business owner
The manager owns the company and can access all information with just a single tap. A lot of data can be used to analyse the health of the venture. This includes revenue, inventory, customer surveys, employee hours, invoices and customer data.
Profitability is increased by putting more emphasis on customer satisfaction and improving the quality of end products and services.

? The service manager
The service manager can see what is going on in the field in real-time, and look into measures that can improve the productivity of staff members in various departments.
And with workflow automation, time-saving is at the maximum because there is less paperwork consequently improving scheduling and job completion rates.

? Service administrator/ dispatcher
For the team in the office, they can assign tasks faster. Scheduling is automatically done and updated in real-time. It eliminates the need for paperwork and leaves more time to be productive on other errands.

? The field technician
Improved visibility for a field worker means that they can do their best in any task. They can share or get critical information about orders and customers. This drastically improves job completion rates and customer satisfaction.

? HR
Live information can be used to track certain orders, the time it takes to complete orders, and the number of staff required in the organisation. Such data can be used in HR to reduce payroll errors and erroneous overtime costs.

? Finance
Field service management software can also benefit the finance team by automation of invoices. A work order can be tracked from start to the end and invoiced immediately to retain faster payments. Relevant data can be used to track revenue and expenditures, and costs.

Real-time visibility gives a company many solutions to manage the workload. In the end, visibility is also useful in increasing revenue and a smooth transition of information for the company.

Field service and its impact on your bottom line

There are many pointers to successful field service in any business. Generally, labour hours, parts, technician efficiency, performance indicators and other bunch of data are the most important. However, the icing on top is the total revenue. If you are in business, you must be cocksure that it’s making money, and when you don’t rake in enough you need to make some business decisions quick!

For the most part, field service companies will always have a field service management software to handle all the data. But how will this affect your outlook?

Will this cause a direct increase in revenue?

What will still need to be changed so that the ship stays afloat?

Increase your service jobs

As expected, the best field management software will guarantee a positive increase in appointments per week. On average, the field service team should expect at least a 50% increase in work turnover. There is a direct relation between the revenue you should be making and the number of calls in your schedule since the only way of making more cash is to get more work done. It is not recommended to raise costs because it increases the risk of losing customers easy when they can’t meet the extra expense. Field service software will help you bring in more customers and also manage technicians.

If you have much of the hard work done for you then you?d have more time to run the show. This is why premises are trying out software because they answer many problems like:

Automation and improved work order management
Fast dispatch from an array of drag-drop scheduling tools
Easy-to-use field service apps for technicians to receive and submit work orders
Can be integrated into account systems for faster billing time

Manual operations are costly and prone to error, and they don’t come cheap. Do away with them, reduce costs, sit back and watch as new customers steadily stream in. Grow the business by building lasting relations with your workforce and customers.

Increase technician?s abilities with mobile

If you want to get more profit, bank on technicians who complete service calls. Their task is obviously the hardest. They have an unpredictable job; at times they need to come up with quick responses or they may also be required to dig deep as well. The work does not need to be slowed with an endless paper trail while they could be elsewhere giving their all. These technicians require a working mobile field service management app.

As expected, field service leaders who use a mobile field service software report close to 20% increase in service visits per technician. This translates to each technician taking nearly a fifth more calls in a day. And as we had said before, more service calls can double the profits. How can technicians get extra time from a field service mobile app?

No need to drive to work to pick orders
Less time using the phone looking for service or parts information
Reduces the time needed to go through paper-based work
Less time driving to service calls because information is routed to their mobile phones

Increase revenue from technicians

If time is spent seamlessly, dispatchers will find time in a technician?s schedule for an extra service call. With all this being done within normal working hours, the business stands to increase its bottom line. This is what makes the business grow. Not by increasing technicians but by optimum utilisation of the current staff to get maximum profit. The logic is straightforward ? a technician working 8 hours each day taking six calls a day will make more revenue than the one who takes four, because they are paid the same each, but the business benefits from the extra service calls.

The business stands to make more revenue per technician if it uses field service management software. The margins can go as high as 40% because the technician has all tools needed to get the job done faster. You increase revenue from field work too. Let technicians benefit from automated process and have all the tools for work that they need right on their mobile devices.

The target is always your bottom line

When field service leaders inquire about field service software, they need to know how it affect the bottom line: how they will spend less time drafting schedules, how each technician will increase revenue, how the business will grow. Simple as that!
Field service management applications bring a lot to the table.

Don’t waste your time crunching a lot of numbers or sorting out schedules since this is what such an application should do. Automation, optimisation and mobility are all ways of increasing revenue. Let us help you reach your goals using our top shelf field management software. This will not only help your bottom line but will let you have more time to venture into untapped potentials.