How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

Top 3 reasons to get into Multi-Channel Retail

Multi-channel retail, which nowadays understandably includes online channels, is something you just have to do this year. Every single day you put off doing it, the competition gobbles up market share that should have been yours. There are a number of reasons why even successful retailers are now going into multi-channel retailing. Here?s three of the most important ones.

1. You’ll get a BIG jump in sales

Not counting this year, which could be getting a big boost from major activities like the Queen?s Diamond Jubilee and the 2012 Olympics, sales of UK retailers have been experiencing tremendous growth particularly from their online channels. Already two years ago (2010), a number of UK retailers boasted significant increases in sales as a result of multi-channel retail initiatives. These retailers included:

  • Argos, which got a whopping ?1.9bn from multichannel sales back then;
  • House of Fraser, which reported a 150% jump in its online sales in just 6 months; and
  • Debenhams, whose profits rose by 20%

There were many others. Now, the reason I?m showing you 2010 figures is because online retail sales increased by 14% in 2011 and those same businesses still added to that growth. So, if only you had enough foresight and started expanding your business to the Web two years ago, you could just imagine what your sales would have been today.

The good news is that, it’s not yet too late if you start now. Here?s why…

2. Those numbers are going to keep on growing

We’re getting all sorts of predictions from leading researchers regarding the possible growth of the Internet economy. All these predictions have one thing in common. They all have a positive outlook. The Boston Consulting Group (BCG), for instance, predicts an average growth of no less than 10% per year in the G-20 nations.

3. Most online retailers aren’t doing it right yet

Although many retailers have already started bringing their business to the Web, most of them are doing it the wrong way. For example, many of them fail to integrate their offline and online channels. This is a serious shortcoming because it leads to customer dissatisfaction.

When a customer goes to your website and sees something he likes, you wouldn’t want him to drive all the way to your store only to find out that the item isn’t available there or, if the item is there, that it isn’t priced as he expected. The lack of multi-channel integration is very common among multi-channel retailers.

These inadequacies are actually good news because it means there are still many areas you can improve on. After improving on them, you can then highlight those areas as your key differentiators.

If you’re still looking for more reasons on why you should go into multi-channel retailing, read this post:

5 Numbers Showing Why the Time to Invest on eCommerce in the UK is Now

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Top 10 Benefits of Using Field Service Automation Software

Just how much wastage is witnessed in your operations? Each morning your technicians report to work, they receive the day?s schedule, go through the inventory for the parts and tools that will be required, collect and fill the paperwork, before finally hitting the road- translating to hours of manual organisation. What of the information they need when they are at the site? Are they carrying around bulky files on each individual customer? Your field technicians are also responsible for lots of the equipment being handled- and you want to keep a tab on it all- knowing what is being worked on, when it is happening, how long it takes, and the materials that have been used. Dealing with all this on your end through loads of Excel sheets, calculating and updating time logs, and ticking off the inventory- it can be a strain. Field Service Automation Software comes in to handle it all- from the scheduling and tracking, to inventory control and invoicing- all on the same platform.

Eliminating the Paperwork and Optimising Your Operations

There has been a surge in demand for all-in-one Field Service Management (FSM) solutions. They leverage the power of mobile technology, cloud computing and social collaboration to boost the efficiency of field services. In fact, the FSM market is growing at rates never seen before, if the recent statistics are anything to go by. According to the latest estimates, it is worth $3.5 billion and is expected to hit $5.9 billion by 2024.

It’s understandable why this is happening. Technology is advancing, and we all know it’s every entrepreneur?s dream to optimise the use of the available resources while guaranteeing customer satisfaction. If technology can deliver this through automation, why not? Every business now wants to automate things, and the focus is to maximise resource output. You should, therefore, not be surprised to see the FSM software industry booming. If you just considered the field service industry, you’ll realise that there are so many software applications to help with service automation, whether full or partial.

A good example is FieldElite, which helps with the management of field workers. From your desktop or the palm of your hands, on a tablet or smartphone, you can take full control of your field workers, manage scheduled jobs, and use maps to manage work assignments for the already dispatched field workers. Not only does FieldElite help you handle tasks in an accountable manner but also provides options for accounting and reports, all managed in an easy to use dashboard.

10 Benefits Field Service Automation Software Brings On Board

Why would organisations need to invest in a Workforce management app? Below are some of the key benefits of using a Field Service Management software:

1. Cut down the down-time and make every minute count

From scheduling your operations, mapping out preferred routes, dispatching the service team, to staying connected with them throughout the tasks, you get to improve worker efficiency with field service software like FieldElite. 

Most FSM software programs allow the administrator to send tasks directly to the field worker?s mobile. More often than not, the FSM software provides vital information, including service history, optimal route to the site, the tools required, and contact numbers, among other details.

This improves efficiency by ensuring that the client’s needs are taken care of promptly. Where it’s about machine maintenance, the downtime would be as short as possible.

2. Enhance professionalism and boost your brand image

FSM software programs are known for ensuring professionalism in the manner in which business activities are conducted. Of course, professionalism is attained through several factors, including working with a team of professionals. Such a team, using FSM software, results in enhanced efficiency and excellence.

A field service software like FieldElite helps you to consolidate all your business information into a single central database. With different access levels, your employees will access only as much information as is relevant to their respective duties.

An FSM software is ideal because the stored information can be accessed from any location, meaning field workers can pick new tasks while in the field, provided they’ve got the requisite tools. Instead of having to come back to the office, the employee would access all the information and execute the necessary task.

3. Resource Optimisation with Real-time Field Service Automation Software

Resource optimisation is one of the key determinants of a company?s profitability. While businesses vary in size and purpose, they all share one thing in common ? the desire to increase productivity while ensuring the optimal usage of resources.

Besides productivity, field service software also allows for efficient utilisation of the available resources to cut down on costs.

4. Stay connected with all your crew- and coordinate them better

FSM software facilitates improved coordination with the workforce. The software streamlines the management of the entire field service life cycle, ranging from labour to work orders, returns, contracts, warranties, and equipment.

The idea is to bring all the company?s field-related operations to a central point. And now, with easy data accessibility from a central platform, improved coordination is easily achievable.

5. Get accurate data and make well-informed decisions every step of the way

Adopting the field service management software is more than just a way to improve efficiency. It goes a long way towards improving a company?s accuracy. When a field service management software is used to trace a company?s activities, all the tasks are tracked on the mobile device, keeping the managers informed of every step.

Besides, the technicians also have a free reign to record the diagnostics, quality information, test results, and the parts consumed. All the information can be captured using text, audio, videos, and still photos. This guarantees minimal to no instances of data manipulation.

6. Improve Customer Satisfaction: Win Their Loyalty

Field service management software improves customer satisfaction. How does that happen? Well, using a field service software like FieldElite allows for quick response to customer queries. If there?s one thing that quickly turns your customers off, it’s delayed response to their requests. With the field service management software, however, you can respond to such requests quickly and effortlessly.

Moreover, your customers can also track the service engineer to ensure they’re well informed of any anticipated delays. With quick response time, customer machines have more reliable up-time, which is the desire of every client.

7. Flexibility ? because no one likes being tied down

If there?s one thing that customers like when dealing with a company, it’s flexibility. Instinctively, customers will always want different options to choose from when using a service without appearing to be confined to one provision. Having limited options would also appear boring.

To this extent, it would be wiser to adopt advanced FSM software. Advanced FSM software is compatible with mobile phones, meaning users can easily manage their tasks from isolated locations. FSM software can either be device-agnostic or device-specific. The device-specific type supports Android, Windows, and Apple iOS. This guarantees mobile-friendly tasks where users can easily manage the assignments via mobile application.

8. Store client history in secure cloud-based FSM software

Software like FieldElite stores client history precisely. All the past data, including order history, are stored separately and accurately. In so doing, the field technician gets easy access to the tools, specifications, and technician instructions that aid them in their operations. The result is increased productivity and on-time service delivery.

9. Asset Management and Inventory Control

Naturally, companies offering different repair services have plenty of assets to store. Accordingly, retrieving a specific part out of the large collection would be daunting.

With a field service application like FieldElite, the staff members can track down all the products effortlessly using the GPS. Furthermore, the FSM software ensures excellent maintenance of assets.

10. Improve oversight of field workers ? and keep them in the loop

The FSM software comes with many useful tools, including a built-in GPS tracker. The GPS tracker oversees the operations of the on-field workers, providing precise details about their geographical location, actual arrival time, and most importantly, the distance from the job site.

While this might not be useful at all times, it comes in handy when you need to assign an urgent task to the nearby technician. Call it a classic example of dynamic scheduling.

Final Thoughts

With so much at stake, it’s increasingly compelling to include the Field Service Management Software in your business. With every industry moving towards automation, your business cannot afford to lag.

Quick and efficient service delivery through FSM software may be the difference between you and your competitors.

The FSM software is no longer the cherry on the cake but a must-have tool for your survival in the highly competitive market.

How Internal Auditors can win The War against Spreadsheet Fraud

To prevent another round of million dollar scandals due to fraudulent manipulations on spreadsheets, regulatory bodies have launched major offensives against these well-loved User Developed Applications (UDAs). Naturally, internal auditors are front and center in carrying out these offensives.

While regulations like the Sarbanes-Oxley Act, Dodd-Frank Act, and Solvency II can only be effective if end users are able to carry out the activities and practices required of them, auditors need to ascertain that they have. Sad to say, when it comes to spreadsheets, that is easier said than done.

Because spreadsheets are loosely distributed by nature, internal auditors always find it hard to: locate them, identify ownership, and trace their relationships with other spreadsheets. Now, we’re still talking about naturally occurring spreadsheets. How much more with files that have been deliberately tampered?

Spreadsheets can be altered in a variety of ways, especially if the purpose is to conceal fraudulent activities. Fraudsters can, for instance:

  • hide columns or rows,
  • perform conditional formatting, which changes the appearance of cells depending on certain values
  • replace cell entries with false values either through direct input or by linking to other spreadsheet sources
  • apply small, incremental changes in multiple cells or even spreadsheets to avoid detection
  • design macros and user defined functions to carry out fraudulent manipulations automatically

Recognising the seemingly insurmountable task ahead, the Institute of Internal Auditors released a guide designed specifically for the task of auditing user-developed applications, which of course includes spreadsheets.

But is this really the weapon internal auditors should be wielding in their quest to bring down spreadsheet fraud? Our answer is no. In fact, we believe no such weapon has to be wielded at all?because the only way to get rid of spreadsheet fraud is to eliminate spreadsheets once and for all.

Imagine how easy it would be for internal auditors to conduct their audits if data were kept in a centralised server instead of being scattered throughout the organisation in end-user hard drives.

And that’s not all. Because a server-based solution can be configured to have its own built-in controls, all your data will be under lock and key; unlike spreadsheet-based systems wherein storing a spreadsheet file inside a password-protected workstation does not guarantee equal security for all the other spreadsheets scattered throughout your company.

Learn more about Denizon’s server application solutions and discover a more efficient way for your internal auditors to carry out their jobs.

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Ready to work with Denizon?

Contact Us Today