How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

4 Reasons Why You Might be Missing Out on Energy Savings…

?well your company actually, although for many small-to-medium businesses it boils down to the same thing. Governments usually lag behind in terms of innovation but are beating us hands-down when it comes to going green. I have heard that private sector energy savings average less than 1% per year and I for one would not be surprised if that were true. So what is causing this rot, when we started out so enthusiastically? Here are four possibilities for you to mull over.

  1. Your Team is Unevenly Yoked ? A pair of mismatched horses cannot pull a wagon in a straight line any more successfully than a business team can achieve its goals, if there is no agreement on priorities. While your sales team may be all for scoring green points against your competition, your accountant has a budget to balance and your operations department just wants to get on with the job.
  1. Energy?s not in Focus ? The above may in part be due to production goals you set your department heads. Energy is not nearly as greedy as raw materials and human capital. If you tell them to cut 5%, where do you think they are going to look first? You need to put energy savings up there, and agree specific targets as you do with other primary goals.
  1. Your Equipment Could be Over-Spec ? It is a very human thing to put more food on our plates and buy faster cars than we need. Only a few generations ago our ancestors lived through feast and famine, and the shadow of this still influences our thinking. Next time you buy equipment sit around the table and agree the decision criteria together. Then stick to them and repel all attempts at up-selling.
  1. You Are Delegating Too Much ? Delegation is part of company culture, or if you prefer the collective way of doing things. If you delegate something completely it is akin to saying I do not care much about this, make it happen. Energy saving is a financial and moral imperative. The fact the oil price is down does not mean there is no place for sustainability on your desk (and the price is likely to be up again soon).

Governments succeed in saving energy (whereas businesses often do not) because governments have a crowd of stakeholders beating down the door and demanding progress. As business owners we are more likely to do the same when the pressure is upon us, and that pressure surely has to come from us.

Still Looking For A Way To Consolidate Excel Spreadsheets?

We use Excel spreadsheets everyday. We use them to prepare budgets and reports. We even use them when drafting plans and forecasts. With this ubiquitous office application, entering data and carrying out on-the-spot computations and analysis is quick and easy. However, when it’s time to consolidate Excel data, I won’t be surprised if you wished there was an easy way.

In fact, you were probably looking for a solution before landing on this page, right?

Because budgeting, reporting, planning, and forecasting are normally done by a group of people and not just by one individual, spreadsheets bearing the necessary data can be scattered in different folders, desktops, offices, and, in the case of really large organisations, geographical locations.

How are these data brought together? Through email attachments or by sharing folders in a local area network. Each member of the working team sends out copies of their own spreadsheets to other members, who then review them, make necessary changes, then send back to the source. The files can go back and forth until everyone is satisfied.

With each sending, sharing, and edit, business critical data gets exposed to all sorts of spreadsheet risks. Copy-paste errors, omission of a negative sign, erroneous inputs, accidental deletions, and even fraudulent manipulations can take place. And because each member can end up with multiple versions of a single spreadsheet, the chance of working on the wrong version exists.

So when all the data gets consolidated and finalised, it is possible for the end product to contain significant errors. It may not happen all the time, but it certainly can happen.

But that’s not the only disadvantage of spreadsheets. The entire process of comparing cells and sheets, copy-pasting data, linking cells, writing formulas, and specifying ranges can be very tedious, not to mention time-consuming. With spreadsheets, beating deadlines is always an almost impossible exercise.

What you need is a solution that will no longer require you to consolidate Excel spreadsheets. One that is faster, more reliable, and significantly less error-prone. Denizon has a server-based solution that has all those capabilities and much more.

With a server-based solution, all your data is stored in one place. Everyone is working on the same data source, so consolidation is fast and easy. Everyone becomes synchronised and no one has to worry about working on the wrong version.

Read more about our server-based solution

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Increase Customer Loyalty with Field Service Management Software

One sure way to turn off customers is to give them a disappointing experience. It cuts across the board- from plumbing jobs, electrical installation and maintenance projects, window cleaning or repair, tenants in the property you’re managing, to package delivery firms. If your customers keep witnessing delays, cancelled appointments, to oversights like double booking which end up messing their individual schedules, they are likely to stop hiring your services and seek out a competitor.?

Field service jobs are particularly prone to such blunders, especially with the traditional manual way of doing things. While smartphones and computers have been infused into the day-to-day running of businesses, it is still common to find companies relying on manual processes to schedule their appointments, track the employees providing the services, monitor the progress of the jobs and ask for status updates, to managing inventory and invoices for completed tasks. This creates a major bottleneck in operations. The Small & Medium Business Trends Report, that took responses from nearly 500 SMB owners and leaders, showed that they spend an average of 23% of each workday manually inputting data. This is time that would have otherwise been spent tending to the customers? needs. It creates a backlog of tasks, forcing the customers to wait for longer to get their issues handled.?

The inefficiencies witnessed in these traditional methods led to the advent of field service business management software. These systems come in to optimise operations and enhance your service delivery. As a business, automating your scheduling, job tracking, routing procedures and handling the invoicing, all through a single platform, greatly reduces your workload. Managing inventory, communicating with your employees out in the field through handy apps on their phone, giving them access to a database of reports and notes on the various jobs they have been tasked with – these all aid in smoothing out the sorting of tasks, and gets rid of the mounds of paperwork that would have been required.?

From Your Customer’s Perspective

When you’re facing a plumbing leak at home, electrical faults that result in power outages in the office building, damaged gas boilers that are hampering operations in the industrial plants- you want them to be addressed. Homeowners, business owners and facility managers in these situations are anxious about getting the issue resolved- yet the firm they are relying on to handle it is caught up in a logistical nightmare, boggled down by paperwork that prevents them from sending their technicians to the location. You really don’t want to hear a series of excuses about why your problem could not be addressed in time. While delays can be a nuisance, cancelled appointments are altogether exasperating. See, the customer is left in a difficult position, since the problem is not resolved, and they have to contend with having to make a subsequent appointment- of which they will not be sure if they can bank on the hired firm to deliver on its mandate. With an FSM, you get to prevent such incidents from occurring.

How Your Customers Benefit From Field Service Job Management Software

Reliable services

Firstly, the customer wants services that they can count on. When an issue arises and an appointment scheduled, they want it to be honoured. With the FSM, you get to accurately schedule the tasks, from the timing involved to assigning it to the appropriate technician, who is skilled in the task. With the automated scheduling and dispatching, the technician downtime that was previously witnessed is reduced- which has the welcome benefit of cutting down your operational costs.?

Speaking of which, the confusion that was previously seen when perusing through documents and simply calling up the first employee whose skill is similar to the job description, is avoided. Here, the field service management platform enables you to determine the most appropriate member of your workforce to handle the task. This makes them more motivated at their job, resulting in higher quality results- whether it’s an installation task, repair and maintenance project, or cleaning service for companies providing them in residential and commercial buildings.?

Get it done right the first time around

The field service scheduling software enables the technician to have all the information pertaining to the job accessible in real-time. This is availed via app– that the technicians will have on their phones. It is through this very app that they will make updates of the tasks being handled, sending in notes, photos and reports to the system. These will, in turn, be monitored at the head office all through the progress of the job, being managed through the interactive FSM dashboard.?

With the customer’s history being accessed by the technician, information that includes the specs and hazards about the particular job being handled, notes from the previous technicians who had been tasked to the building- such as the installation crew and previous repairs that had been done, will enable the personnel on the ground make well-informed decisions throughout the course of the task. Any issues that arise will also be taken note of, equipment and parts ordered through the app as well, ensuring that things proceed seamlessly. That way, the percentage of situations getting fully resolved during the first appointment increases- which translates to fewer cases of complaints being made.?

Instant invoicing

Immediately the job is done, the customer inputs their e-signature through the app, and the technician marks the task as completed, the very same FSM is used to process the invoice and send out an emailed copy to the customer. This will be an accurate invoice, without any data loss, and the customer can then proceed to make the payment through their preferred mode- from credit card payments to cash, without having to wait for hours for paperwork to be processed. All this information is securely stored on the cloud-based platform.

Creating a great first impression

Your image is a core part of your operations. Certainly, you don’t want to come off as disorganised- and your customers will be quick to note this with issues like missing records, outdated reports, lateness, and improper assigning of tasks. On the other hand, having a modern digital solution integrated into your field service operations will enable you to make a great first impression, showing the level of professionalism with which you offer your services.

Customer access

FSM platforms like FieldElite also give the customers themselves access to the system, through their own dashboard. This is particularly handy given that there are cases where the customer will have multiple jobs to be carried out- like property managers who keep on having cases of plumbing accidents, electrical faults, and cleaning service needs in the different buildings that they are in charge of.?

Through the customer portal, they will be able to make appointments, track the history of repair and maintenance jobs carried out on the property, and follow up on queries. What’s more, together with the IoT where FieldElite links to ecoVaro, one can have an interactive energy management system in place to keep accurate tabs on the energy consumption, efficiency, point out areas where repairs are needed, and have technicians come over- with the bookings being made through the FSM.

Enhance Customer Experience And Score New Business Opportunities

Customer service is a key aspect of your operations. When your customers are well tended to, with their needs being met in a timely and proficient manner, it wins you their loyalty, and they’ll be more open to sending referrals your way- growing your market share. Feedback- from testimonials on your site to the reviews on your social media handles, also aids in this- and you want to have satisfied clients who will put out a good word about your brand. By investing in field software for service businesses, you will increase your employees? productivity, monitor trends, improve communication between your head office and the technicians on the ground, all of which come together to increase customer satisfaction.

Ready to work with Denizon?