How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

Measure it to manage it with smart meters

Measure it to manage it. This saying applies perfectly to energy management. Effectively managing energy use is virtually impossible with unreliable measurement devices in place or worse still, no measurements at all. Smart meters are a smart way to measure energy and water usage giving you more control over the amount of energy or water usage.

Smart energy meters:
Smart meters are indeed a smart way to get insight into your energy use which brings more security and a better environment. They can also enable you to get Smart Energy Reports that are a personalised guide to energy efficiency.

Other benefits of smart meters:

? You are able to generate simple graphs and charts showing you where you use your energy and money

? Consumption of gas and electricity is broken down. This implies that one can be able to view their spending at a glance

? Smart meters track consumption on a monthly basis enabling you to compare your own consumption against other similar households

? By tracking energy consumption and spending over time, one can be able to view the history and assess the impact of their energy efficiency measures over a particular period

Smart water meters:
Smart meters are not only used for measuring energy use, they are also used to measure water usage efficiency. Water efficiency is essential for management of sustainable water resources.

Water resources have been diminishing over time posing a challenge for water users and water suppliers to seriously look for ways to manage water efficiency. The need for accurate, adequate and reliable measurement and monitoring practices of water consumption in organisations can therefore not be overlooked.

Timely collection and analysis of water use data, and relaying this data in a timely manner to the water user, can result in significant changes in water use behaviour. Other benefits include instant detection of areas where water wastage is occurring e.g. leakages hence action is taken to save water. Similar to energy data, water data collected by smart metering systems is also vital in designing water efficiency and recycling systems as well as the improvement of demand management policies and programs.

The use of smart meters to monitor water consumption enables users to analyse, and interpret the data collected. This feedback enables users to change their behaviours.

Field service and its impact on your bottom line

There are many pointers to successful field service in any business. Generally, labour hours, parts, technician efficiency, performance indicators and other bunch of data are the most important. However, the icing on top is the total revenue. If you are in business, you must be cocksure that it’s making money, and when you don’t rake in enough you need to make some business decisions quick!

For the most part, field service companies will always have a field service management software to handle all the data. But how will this affect your outlook? 

Will this cause a direct increase in revenue? 

What will still need to be changed so that the ship stays afloat?

Increase your service jobs

As expected, the best field management software will guarantee a positive increase in appointments per week. On average, the field service team should expect at least a 50% increase in work turnover. There is a direct relation between the revenue you should be making and the number of calls in your schedule since the only way of making more cash is to get more work done. It is not recommended to raise costs because it increases the risk of losing customers easy when they can’t meet the extra expense. Field service software will help you bring in more customers and also manage technicians.

If you have much of the hard work done for you then you?d have more time to run the show. This is why premises are trying out software because they answer many problems like:

  • Automation and improved work order management
  • Fast dispatch from an array of drag-drop scheduling tools
  • Easy-to-use field service apps for technicians to receive and submit work orders
  • Can be integrated into account systems for faster billing time

Manual operations are costly and prone to error, and they don’t come cheap. Do away with them, reduce costs, sit back and watch as new customers steadily stream in. Grow the business by building lasting relations with your workforce and customers.

Increase technician?s abilities with mobile

If you want to get more profit, bank on technicians who complete service calls. Their task is obviously the hardest. They have an unpredictable job; at times they need to come up with quick responses or they may also be required to dig deep as well. The work does not need to be slowed with an endless paper trail while they could be elsewhere giving their all. These technicians require a working mobile field service management app.

As expected, field service leaders who use a mobile field service software report close to 20% increase in service visits per technician. This translates to each technician taking nearly a fifth more calls in a day. And as we had said before, more service calls can double the profits. How can technicians get extra time from a field service mobile app?

  • No need to drive to work to pick orders
  • Less time using the phone looking for service or parts information
  • Reduces the time needed to go through paper-based work
  • Less time driving to service calls because information is routed to their mobile phones

Increase revenue from technicians

If time is spent seamlessly, dispatchers will find time in a technician?s schedule for an extra service call. With all this being done within normal working hours, the business stands to increase its bottom line. This is what makes the business grow. Not by increasing technicians but by optimum utilisation of the current staff to get maximum profit. The logic is straightforward ? a technician working 8 hours each day taking six calls a day will make more revenue than the one who takes four, because they are paid the same each, but the business benefits from the extra service calls.


The business stands to make more revenue per technician if it uses field service management software. The margins can go as high as 40% because the technician has all tools needed to get the job done faster. You increase revenue from field work too. Let technicians benefit from automated process and have all the tools for work that they need right on their mobile devices.

The target is always your bottom line

When field service leaders inquire about field service software, they need to know how it affect the bottom line: how they will spend less time drafting schedules, how each technician will increase revenue, how the business will grow. Simple as that!
Field service management applications bring a lot to the table. 

Don’t waste your time crunching a lot of numbers or sorting out schedules since this is what such an application should do. Automation, optimisation and mobility are all ways of increasing revenue. Let us help you reach your goals using our top shelf field management software. This will not only help your bottom line but will let you have more time to venture into untapped potentials.

Saving Energy Step 4 – Breathing Life into the Project

Today we consider the fourth step on the road to energy saving, when we introduce key contributors who will pull it all together. We have been on quite a journey. We started by developing a management system and then followed up with practical improvements, while challenging the assumptions behind the energy bills we may have paid unchallenged in the past.

After we knock off the big-ticket savings, managing energy becomes a process of improvement characterised by smaller increments. Kaizen is the classic model and it includes everybody in the organization from the janitor to the CEO. I inverted the pyramid deliberately, because ideas deserve considering no matter where the originator parks in the company yard.

People ? our people ?are truly central to the process. Energy adds extra leverage to their efforts, keeps them warm in winter, cool in summer and powers up the ovens in the company canteen. They are brimming over with ideas because that is the nature of being human. The best managers are those who release this potential and participate in its flowering,

It is important not to threaten job security. So many savings-driven initiatives have ended in job losses that people on the shop floor automatically suspect another round. Shrinking carbon footprints is about making the world a better place for everyone. We become more effective when we turn ?increasing profit? into making the enterprise sustainable in itself.

Engaging employees is more than office circulars and speeches at the Christmas Party. Organizations are organic places where trust grows slowly but conflict can flare in a moment. Before involving your people in your energy ?kaizan? make sure your words and intentions overlap perfectly. You will be amazed at the power you unlock in your people.

The best way I know of doing this is through your health and safety structure, which then becomes your environment, health and safety structure EHS. As you explore this idea at safety committees you find these things overlap, in the sense of creating people-centric environments at work and home.

That said, there is no magic formula for achieving employee engagement. The fact that people universally want a cleaner planet is the power to tap into. One way to form a team is to create one artificially and give it a task. The other is to work together towards a shared objective. Which one do you prefer?

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today