How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

Why Executives Fail & How to Avoid It

The ?Peter Principle? concerning why managers fail derives from a broader theory that anything that works under progressively more demanding circumstances will eventually reach its breaking point and fail. The Spanish philosopher Jos? Ortega y Gasset, who was decidedly anti-establishment added, “All public employees should be demoted to their immediately lower level, as they have been promoted until turning incompetent”.

The Peter Principle is an observation, not a panacea for avoiding it. In his book The Peter Principle Laurence J. Peter observes, “In a hierarchy every employee tends to rise to his level of incompetence … in time every post tends to be occupied by an employee who is incompetent to carry out its duties … Work is accomplished by those employees who have not yet reached their level of incompetence.”

Let’s find out what the drivers are behind a phenomenon that may be costing the economy grievously, what the warning signs are and how to try to avoid getting into the mess in the first place.

Drivers Supporting the Peter Principle

As early as 2009 Eva Rykrsmith made a valuable contribution in her blog 10 Reasons for Executive Failure when she observed that ?derailed executives? often find themselves facing similar problems following promotion to the next level:

The Two Precursors

  • They fail to establish effective relationships with their new peer group. This could be because the new member, the existing group, or both, are unable to adapt to the new arrangement.
  • They fail to build, and lead their own team. This could again be because they or their subordinates are unable to adapt to the new situation. There may be people in the team who thought the promotion was theirs.

The Two Outcomes

  • They are unable to adapt to the transition. They find themselves isolated from support groups that would otherwise have sustained them in their new role. Stress may cause errors of judgement and ineffective collaboration.
  • They fail to meet business objectives,?but blame their mediocre performance on critical touch points in the organization. They are unable to face reality. Either they resign, or they face constructive dismissal.

The Warning Signs of Failure

Eva Rykrsmith suggests a number of indicators that an individual is not coping with their demanding new role. Early signs may include:

  • Lagging energy and enthusiasm as if something deflated their ego
  • No clear vision to give to subordinates, a hands-off management style
  • Poor decision-making due to isolation from their teams? ideas and knowledge
  • A state akin to depression and acceptance of own mediocre performance

How to Avoid a ?Peter? in Your Organization

  • Use succession planning to identify and nurture people to fill key leadership roles in the future. Allocate them challenging projects, put them in think tanks with senior employees, find mentors for them, and provide management training early on. When their own manager is away, appoint them in an acting role. Ask for feedback from all concerned. If this is not positive, perhaps you are looking at an exceptional specialist, and not a manager, after all.
  • Consider the future, and not the past when interviewing for a senior management position. Ask about their vision for their part of the organization. How would they go about achieving it? What would the roles be of their subordinates in this? Ask yourself one very simple question; do they look like an executive, or are you thinking of rewarding loyalty.
  • How to Avoid Becoming a ?Peter??Perhaps you are considering an offer of promotion, or applying for an executive job. Becoming a ?Peter? at a senior level is an uncomfortable experience. It has cost the careers of many senior executives dearly. We all have our level of competence where we enjoy performing well. It would be pity to let blind ambition rob us of this, without asking thoughtful questions first. Executives fail when they over-reach themselves, it is not a matter of bad luck.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Successful Engineer Communication With FieldElite

Technological innovations have been on the rise in the recent past. Our news media are awash with new technologies that are being released in almost every industry. From smart buildings to sophisticated gadgets, every industry has a technological invention to flaunt. 

One area in which technology has blossomed is the field service. In the field service management, things have moved a notch higher. Right from communication, document management, monitoring and evaluation, to information storage, nothing remains where it was a couple of years ago. You no longer have to carry clipboards around to do your inspections or pile files in the office. You no longer have to wait for your field service employees to return to the office before you can receive reports. By using a field service management software like FieldElite, you have it all done at a click. 

With FieldElite, you’ve got everything under control right from the comfort of your office. Provided you’re doing what you need to do and posting updates using the app, the rest will fall into place. Your employees will receive updates from you and vice versa. If there is a client who needs attention, they can easily issue a request through the app and the next available field service officer who?s within proximity will pick it up and attend to the customer?s needs. 

Everything is just a click away. Sounds great, right?

FieldElite is a robust field service management software that’s packed with a wide array of tools meant to simplify communication between the office and the field service employees. With FieldElite, you can reach all your engineers at one go. 

Below are a few of the communication features that make FieldElite the software of choice when it comes to field service management.

Simplified Communication

It’s very important to stay in touch with your engineers in the field to monitor the ongoing activities. For this reason, you need to choose a platform that doesn’t complicate the process. You don’t want important information to reach your team late. That would drag your activities.

Fast and effective communication is, therefore, very key in field service. FieldElite has consequently been made to simplify communication in the field service. Its simplicity can be compared to the usual consumer messaging apps. On the back-end, however, there are very many complex procedures executed through refined algorithms meant to process information and generate instant reports for engineers, supervisors, and the rest of the company team members.  

With the FieldElite app, communication is as easy as dropping a message in the team members? inbox. Again, the app?s communication system is centralised and, thus, every communication trail is easily retrievable. You don’t need different apps for messaging, audio and video calling, and document sharing. You have it all in FieldElite. Simply put, FieldElite is an all-in-one field service management tool that ropes in all essential digital modes of communication. 

But what’s the benefit of having all work-related communication in one place? 

With an all-in-one communication platform like FieldElite, you’ll cut down on wasted time and field tech frustration. Again, any urgent information will reach your engineers on time, and none of them will be left out. What’s more? With effective communication, expect the performance of your team to shoot up. 

Consistent Communication

Field technicians, in this case engineers, need to be kept on toes to get the job done. You can only achieve this by communicating with them more often. Therefore, you need a field service management platform that can offer you that. Most field service management software facilitates constant communication with team members in the field. Even so, not all are as good as you expect. So, you’ve got to be a bit more critical when choosing a field service management software for your business. 

A good field service management software is one that enables you to regularly check in with field techs to make sure that they have everything they need. With FieldElite, you can achieve more than this. FieldElite app allows you to communicate with your engineers from time to time through messages, calls, or shared documents. Again, the team gets information at the same time. 

So, how important is regular communication with your business? 

Keeping in touch with your team members in the field helps you build strong relationships with them. Additionally, you can easily spot areas that need improvement that otherwise could have been hidden from your viewpoint. What’s more? Employees feel valued when you check on them from time to time. As a result, this will boost their overall productivity, which contributes positively to the well-being of your business.

So, take your business to another level by making use of FieldElite communication tools to reach out to your engineers at any time.

Two-Way Communication

Communication in field service can only be successful if you can get feedback from your field techs. As such, the field management software should make it easier for your engineers to notify you of anything that needs urgent attention. With the FieldElite app?s communication features, your engineers can give you real-time updates from any device. The app is compatible with any android device, and, therefore, the field techs can use their smart handsets to communicate important information. 

The messaging and calling features are easy to manipulate, and with a little training, anyone can use them easily. Again, FieldElite allows you to make group calls or send many messages at the same time. Therefore, in case you?d like to talk to the entire team, you can choose to make a group call or send out bulk messages. 

Real-Time Updates

With FieldElite, you don’t need to wait until you meet your team to communicate any changes. You can notify your team on any work-related changes anytime, and as many times as is necessary. The good thing about FieldElite is that the information reaches all your engineers instantly and at the same time. Provided there?s strong network coverage, you’ll not have to deal with delayed communication. Again, your field techs can always get back to you in case they need clarifications on some matters.

Timely updates are very necessary for field service management. Field techs that get real-time updates tend to be more productive than those who get information late. At least they can make necessary changes on time to avoid wasting time on tasks that aren’t urgent. Therefore, make use of FieldElite communication features to keep your engineers updated.

Would you like to take your business to another level? Well, it’s time to improve communication with your field techs. Get the FieldElite android app for successful communication with your engineers.

How Ventura Bus Lines cleaned up its Act

Melbourne?s Ventura Bus Lines grew from a single bus in 1924 to a mega 308-vehicle fleet by the start of 2014. The family-owned provider has always been community centric; when climate-change became an issue it took quick and urgent action. As a result it now stands head and shoulders above many others. Let’s take a closer look at some of its decisions that made the difference.

The Important Things to Focus On

Ethanol Buses ? Ventura is the only Australian company that uses ethanol power produced from sugar cane for experimental public transport. It compares emissions within its fleet, and knows that these produce significantly less CO2 while also creating jobs for locals.

Electric Buses ? The company has been operating electric buses since 2009. These carry 42 seated among a total 68 passengers. The ride is smooth thanks to twin battery banks kept charged by braking and forward momentum. When required, a two-litre VW engine kicks in automatically.

Ongoing Driver Training ? Ventura provides regular retraining sessions emphasising safe, environmentally-friending operations. Drivers are able to see their fuel consumption and carbon emissions online and experiment with ways to improve these.

Bus U-Turns ? The capacity to measure throughput convinced the company to abandon the principle that buses don’t do U-Turns for safety?s sake. Road re-engineering made this possible in a busy downtown street. This reduced emissions equivalent to 4,000 cars and reduced vehicle downtime for servicing.

Increased Business – These initiatives allowed Ventura Bus Lines to improve its service as customers experience it. This led to an uptake in patronage and a corresponding downturn in the number of passenger car hours. The pleasure of travelling green no doubt contributed to this.

How Measuring Made the Difference

Ventura Bus Lines is big business. Its 308 buses operate out of 5 depots, cover 31% of the metropole, and transport close to 70,000 passengers on average daily which is no minor task. The ability to track, measure and analyse carbon emissions throughout the area has earned it compliance with National Greenhouse Energy Reporting Threshold 1 legislation.

It also uses the data to re-engineer bus routes to further reduce fuel consumption, energy consumption and operating costs. It’s amazing how measuring is affecting its bottom line, and the health of the Melbourne community at large.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today