How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

4 Reasons Why You Might be Missing Out on Energy Savings…

?well your company actually, although for many small-to-medium businesses it boils down to the same thing. Governments usually lag behind in terms of innovation but are beating us hands-down when it comes to going green. I have heard that private sector energy savings average less than 1% per year and I for one would not be surprised if that were true. So what is causing this rot, when we started out so enthusiastically? Here are four possibilities for you to mull over.

  1. Your Team is Unevenly Yoked ? A pair of mismatched horses cannot pull a wagon in a straight line any more successfully than a business team can achieve its goals, if there is no agreement on priorities. While your sales team may be all for scoring green points against your competition, your accountant has a budget to balance and your operations department just wants to get on with the job.
  1. Energy?s not in Focus ? The above may in part be due to production goals you set your department heads. Energy is not nearly as greedy as raw materials and human capital. If you tell them to cut 5%, where do you think they are going to look first? You need to put energy savings up there, and agree specific targets as you do with other primary goals.
  1. Your Equipment Could be Over-Spec ? It is a very human thing to put more food on our plates and buy faster cars than we need. Only a few generations ago our ancestors lived through feast and famine, and the shadow of this still influences our thinking. Next time you buy equipment sit around the table and agree the decision criteria together. Then stick to them and repel all attempts at up-selling.
  1. You Are Delegating Too Much ? Delegation is part of company culture, or if you prefer the collective way of doing things. If you delegate something completely it is akin to saying I do not care much about this, make it happen. Energy saving is a financial and moral imperative. The fact the oil price is down does not mean there is no place for sustainability on your desk (and the price is likely to be up again soon).

Governments succeed in saving energy (whereas businesses often do not) because governments have a crowd of stakeholders beating down the door and demanding progress. As business owners we are more likely to do the same when the pressure is upon us, and that pressure surely has to come from us.

Which KPI?s to Use in CRM

Customer relationship management emerged in the 1980?s in the form of database marketing. In those tranquil pre-social media days, the possibility of ?managing? clients may have been a possibility although Twitter and Facebook took care of that. Modern managers face a more dynamic environment. If you are one, then what are the trends you should be monitoring yourself (as opposed to leaving it to others).

If you want to drip feed plants, you have to keep the flow of liquid regular. The same applies to drip-feed marketing. Customers are fickle dare we say forgetful. Denizon recommends you monitor each department in terms of Relationship Freshness. When were the people on your list last contacted, and what ensued from this?

Next up comes the Quality of Engagements that follow from these efforts. How often do your leads respond at all, and how many interfaces does it take to coax them into a decision? You need to relate this to response blocks and unsubscribes. After a while you will recognise the tipping point where it is pointless to continue.

Response Times relate closely to this. If your marketing people are hot then they should get a fast response to sales calls, email shots and live chats. It is essential to get back to the lead again as soon as possible. You are not the only company your customers are speaking too. Fortune belongs to the fast and fearless.

The purpose of marketing is to achieve Conversions, not generate data for the sake of it. You are paying for these interactions and should be getting more than page views. You need to drill down by department on this one too. If one team is outperforming another consider investing in interactive training.

Finally Funnel Drop-Off Rate. Funnel analysis identifies the points at which fish fall off the hook and seeks to understand why this is happening. If people click your links, make enquiries and then drift away, you have a different set of issues as opposed to if they do not respond at all.

You should be able to pull most of this information off your CRM system if it is half-decent, although you may need to trigger a few options and re orientate reporting by your people in the field. When you have your big data lined up speak to us. We have a range of data analysts brimming over with fresh ideas.

How CRM-eCommerce Integration can help you Win a Price War

There are a number of reasons why more people are buying stuff online. One of the biggest is price. You can afford to sell your goods at cheaper prices on the Internet because you’re free of the usual operating expenses like rent, electricity, and staff salaries. That should translate to some nice savings, right?

No savings in a price war

Sadly, there?s one more thing that can drive your prices even lower: a price war. Just like in the brick-and-mortar world, a good number of online retailers are now trying to undersell each other. So even if they are able to achieve reduced OPEX, they would still find it difficult to make substantial savings.

What you need to understand is that, while price is a big motivator for buying online, it is no longer the only factor experienced online shoppers consider when choosing between two online shops.

Customers who buy purely on the basis of price, are very fickle. They can easily jump ship as soon as they discover another online store offering better discount. If what you’re looking for are repeating, loyal customers, you can’t make low prices your key differentiator.

Winning customer loyalty

Just like in the brick-and-mortar world, buyers will keep coming back to you if they find in your website true value for their money. There certainly are people who don’t just look at price tags when buying products from the Web. These folks are looking for the total package.

But other than affordable prices, what factors can win customer loyalty? You’re probably thinking a fresh user interface, multiple payment options, a good return policy, prompt delivery, reviews and testimonials, product comparisons, and so on.

Well, those are important too and you certainly should have those features and characteristics in place.

Meeting customers? needs through CRM-eCommerce integration

But there?s more you can do to enhance the customer?s experience on your site. Offering exactly the products they’re looking for and providing all relevant information they need when they need it, will give them a sense of belonging.

Since different customers have different desires you obviously would have to know your customers first before you can attempt to fulfil those desires. And, honestly, the only way to do that with accuracy and precision, and the only way to collect a significant amount of relevant customer information and make sense of it all, is by integrating CRM with your e-commerce platform.

Increasing Sales and Savings from integrating CRM into e-Commerce

The main benefit of integrating CRM with e-commerce is that it will help you enhance the customer experience. That’s cool but what does that translate to monetarily? Well, for one, that can significantly increase customer retention. Higher customer retention can only lead to increased sales in the long run.

As with regards to savings, if you are able to deliver exactly what your customers want, you can significantly bring down refunds and charge-backs.

Very few businesses have the financial resources to meet their competitors head on in a price war. Chances are, you’re not one of those few. Still, whether you like it or not you’re already in the thick of it. By building customer relationships, you can win the price war without engaging in it.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today