How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

How FieldElite helps Electricians

The need to hire an electrician arises more often than we expect. It’s quite common to come across problems with structure-wiring, whether at home or in your business premises. It’s, therefore, not surprising to come across a home or a business owner in search of electrical services.

Whether a startup or a fully-fledged business that offers electrical services, there are challenges that come with running the venture. Where you have field service electricians, the challenges are even compounded, more so on matters of assigning tasks, receiving complaints from customers, and receiving field service reports.

As we all know, an electrical business isn’t just limited to the management of field service electricians. You’ll have to manage all the processes, a responsibility that can be quite daunting.

It doesn’t have to be difficult, though. You can take advantage of a field service management software program to make the entire management process effortless.

FieldElite is one such software. With FieldElite, you can assign tasks, communicate, and receive reports from your electricians on the go. Incorporating field service management in your electrical business enables you to run your business operations smoothly. 

Below are some of the benefits of using FieldElite field service management software. 

Increased Efficiency

Improved efficiency is the number one benefit electricians can get from field service management software. With FieldElite, electricians can accept jobs while in the field and add attachments together with client signatures using their smartphones or tablets. From the field management software, they can get information on the optimal route to the site, the tools required for the job, the service history of the customer, and contractual commitments.

Managing and scheduling tasks on FieldElite are just a few clicks away for office-based operators. That means reduced travel times and delays that often cripple workforce management.

Improved Professionalism

FieldElite field management software gives you a professional edge over your competitors. With this field management software, you can store all your business-related information in a central place. Therefore, each of your electricians can access the data from anywhere using their smartphone or tablet installed with the FieldElite mobile application. As such, there?s no breach in communication, and that means the electricians will get the scheduled tasks on time. Building such relationships with your team in the field encourages teamwork and motivates each team member to play their part. Again, since you can monitor what’s going on in the field, you can address the issues raised by your electricians or customers as soon as possible. 

Effective Communication

Timely communication is very essential if you’re working with field technicians. Since you’ll not always be with them in the field, it’s always important to establish a proper communication channel to ensure information reaches them in time. With FieldElite field service management software, electricians receive notifications and details about tasks assigned to them via the FieldElite mobile app.

On the other hand, office-based staff can access the report with the details of the job once the electrician completes the given task. This implies that both the electricians and the office-based operators can get communication instantly, enabling them to see and manage their workloads. Individual electricians can close jobs on-site and proceed to the next task without having to do paperwork reporting. For this reason, electricians can complete multiple tasks within a short time, which improves their overall productivity.

High Accuracy

With FieldElite field service management software, missing data or incomplete information is a thing of the past. Electricians no longer have to deal with paperwork, which can be daunting and time-consuming, yet with a million and one errors. With FieldElite advanced mobile features, all field service processes and operations are automated. The electricians are left with quite little to do, and that minimises data entry errors.

Because the managers get real-time updates from the field techs, they can accurately maintain and track the field processes. With FieldElite mobile features, managers can get information regarding the job status, the actual time of arrival, and the time taken to complete the task. With such updates, the electricians are better placed to do the job well without wasting much time, thus improving their overall productivity. 

Improved Co-ordination With The Team 

Apart from improving the productivity of the electricians, FieldElite improves coordination with the entire management team. For instance, an electrician can be assigned new tasks within the same area where they’re currently assigned instead of sending another to complete a task in that same place. FieldElite makes this possible by always capturing the current location and job status.

Whenever a new request is made in an area, FieldElite first checks the database to confirm if there is an electrician already assigned in that area. If the status of the ongoing assignment is complete or almost complete and the new task request can wait for the remaining time, the electrician in the field would be assigned the new task. By doing so, the business saves on cost and time and minimises movements. 

Improved Customer Satisfaction

As an electrician, you’ll only be satisfied if the service you offer makes the customer happy. Apart from fixing their wiring problems, they?d be happy if you responded quickly to their request. This is only made possible with field service management software. With FieldElite, managers can notify the electricians on the service requests in their respective areas, allowing them to respond to the call within a very short time. Not only does this give you some level of satisfaction as the business owner but it’s also a win for the company. 

Make your field work-flow better with FieldElite, and improve the productivity of your electricians. With FieldElite releasing regular and timely updates, users aren’t left behind whenever there are changes in the field service industry. The updates introduce new features and capture new standards to ensure that you get the best experience with the software at all times.

Web Design and Development

The first few seconds of a first-time website visitor is very crucial. If they don’t like what they see or if they think it takes too long just to load what they’re supposed to see, chances are, that would be the last time you’d ever catch them on your site.

Therefore, striking a balance between your website’s appearance and its loading speed is important for first impressions. Once you’ve captured the visitor’s attention, the next objective is to keep them glued long enough for them to browse through your merchandise. It is at this point that the benefits of a well organised and highly intuitive graphical user interface come into play.

An excellent combination of stylish web design and sharp web development can play a major role in lowering bounce rates and increasing returning visitors. We see to it that our web designers and developers not only excel at what they do individually, but also understand the interplay between their individual creations and how it affects the overall appeal of the website.

This is what you can expect from our brand of web design and development:

  • Conversion-motivated web design. Since we understand that your primary motivation for entering into the eCommerce arena is to turn torrential web traffic into sales, we’ve put conversion as a primary consideration in our web designs.
  • SEO-friendly content. First-time visitors don’t reach your site because they entered your URL somewhere. Rather, they must have stumbled upon your links on search engine results or on other websites.
  • Engaging web content. Because excellent graphics alone can’t sell products but engaging web content can, we invest in excellent copywriters.
  • Visitor-friendly user interface. Before a visitor will ever read content on the current and succeeding pages, they’ll need to interact with your site’s UI first. We’ll make sure your user interface is visually appealing enough to invite visitors to click on your buttons.
  • Superior expertise in web development technologies. Our web developers are certified experts in web related technologies including Javascript, AJAX, SQL, PHP, CSS, Java, Silverlight, CMSes, and Magento, among others. Thus, we can offer extreme flexibility and scalability in our web development services.

See more related services

A Definitive List of the Business Benefits of Cloud Computing

When you run a Google search for the “benefits of cloud computing”, you’ll come across a number of articles with a good list of those. However, most of them don’t go into the details, which nevertheless might still suit some readers. But if you’re looking for compelling business reasons to move your company’s IT to the cloud, a peripheral understanding of what this technology can do for you certainly won’t cut it.

Now, cloud computing is not just one of those “cool” technologies that come along every couple of years and which can only benefit a particular department.?What we’re talking about here really is a paradigm shift in computing that can transform not only entire IT infrastructures but also how we run our respective organisations.

I hate to think that some people are holding back on cloud adoption just because they haven’t fully grasped what they’re missing. That is why I decided to put together this list. I wanted to produce a list that would help top management gain a deeper understanding of the benefits of the cloud.

Cloud computing is one bandwagon you really can’t afford not to jump into. Here are ten good reasons why:

1.?Zero?CAPEX and low TCO for an enterprise-class IT infrastructure

2. Improves cash flow

3. Strengthens business continuity/disaster recovery capabilities

4. Lowers the cost of analytics

5. Drives business agility

6. Ushers in anytime, anywhere collaboration

7. Enhances information, product, and service delivery

8. Keeps entire organisation in-sync

9. ?Breathes life into innovation in IT

10. Cultivates optimal environments for development and testing

Zero CAPEX and low TCO for an enterprise-class IT infrastructure

Most cloud adopters with whom I’ve talked to cite this particular reason for gaining interest in the cloud.

Of course they had to dig deeper and consider all other factors before ultimately deciding to migrate. But the first time they heard cloud services could give them access to enterprise class IT infrastructures without requiring any upfront capital investment, they realised this was something worth exploring.

A good IT infrastructure can greatly improve both your cost-effectiveness and your capability to compete with larger companies. The more reliable, fast, highly-available, and powerful it is, the better.

But then building such an infrastructure would normally require a huge capital investment for networking equipment, servers, data storage, power supply, cooling, physical space, and others, which could run up to tens or even hundreds of thousands of euros. To acquire an asset this costly, you’d have to take in debt and be burdened by the ensuing amortisation.

If you’ve got volumes of cash stashed in your vault, cost might not be a problem. But then if you really have so much savings, wouldn’t it be more prudent to use it for other sales-generating projects? An extensive marketing endeavour perhaps?

A capital expenditure of this magnitude and nature, which normally has to be approved by shareholders, can be regarded as a high financial risk. What if business doesn’t do well and you wouldn’t need all that computing power? What if the benefits expected from the IT investment are not realised??You cannot easily convert your IT infrastructure into cash.

Remember we’re talking about a depreciating asset. So even assuming you can liquidate it, you still can’t hope to sell it at its buying price. These factors are going to play in the minds of your Board of Directors when they’re asked to decide on this CAPEX.

Incidentally, these issues don’t exist in a cloud-based solution.

A cloud solution typically follows a pay-as-you-go utility pricing model where you get billed monthly (sometimes quarterly) just like your electricity. ?In other words, it’s an expense you’ll need to pay for?at the end of a period over which the service’s value would have already been realised. Compare that with a traditional infrastructure wherein you’ll have to spend upfront but the corresponding value will still have to be delivered gradually in the succeeding months or years.

demand expense traditional infrastructure

From the point of view of your CFO, what could have been a CAPEX to acquire an asset that depreciates with time (and consequently reduces your company’s net worth), becomes a flexible operating expense (OPEX).?Truly, it is an operating expense that you can increase, decrease, or even totally discontinue, depending on what the prevailing business conditions demand.

demand expense cloud infrastructure

People who think they have done the math in comparing cloud-based and traditional IT infrastructures claim that, although they see how cloud solutions transform CAPEX into OPEX, they really don’t see any significant difference in overall costs.

However, these people have only gone as far as adding up the expected monthly expenses of a cloud solution over the estimated duration of an equivalent IT infrastructure’s effective lifespan and comparing the sum with that IT infrastructure’s price tag. You won’t get a clear comparison that way.

You need to consider all factors that contribute to the infrastructure’s Total Cost of Ownership (TCO). Once you factor in the costs of electricity, floor space, storage, and IT administrators, the economical advantages of choosing a cloud solution will be more evident. Add to that the costs of downtime such as: interruptions to business operations, technical support fees, and the need to maintain expensive IT staff who spend most of their time “firefighting”, and you’ll realise just how big the savings of cloud adopters can be.

Still not convinced? Well, we’re still getting started.?On our next post, we’ll take a closer look at the additional benefits of paying under an OPEX model instead of a CAPEX model.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today