How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

Benefits of Energy Savings Opportunity Scheme (ESOS)

More than just building energy, improving skills and undertaking audits, Energy Savings Opportunity Scheme works beyond. ESOS adheres to policy coherence, provides information to raise awareness, facilitates energy efficiency market and encourages adoption of appropriate energy efficiency measures.

Generally, ESOS is great for energy professionals and businesses. And in the current situation of UK?s energy industry, this new scheme is a substantial help. The key is to know the benefits that ESOS provides, understand how it can affect you, learn how to maximise its potential and make a big difference. Here?s to explore the highlights of ESOS.

Who benefits from ESOS?

Energy Savings Opportunity Scheme covers non-SME enterprises which includes UK businesses having more than 250 employees; even those with employees fewer than 250 but have annual turnover of more than ?50m and balance sheet exceeding ?43m; or those professionals that belong to a large enterprise. This is in accordance with what Article 8 of the EU Derivative provides.

What are the benefits of ESOS?

ESOS provides opportunities to enhance an organisation’s energy efficiency strategy, of which the benefits include:

Economic Growth and Competitiveness

The implementation of energy efficient measures increases local employment in the labour markets. Consequently, this taps the labour potential and drives economic growth.? In a lower carbon economy, businesses need to develop green projects to maintain economic competitiveness as well. ESOS is strategic approach initiated by the UK government to push technological innovation and energy investments.

Cost Savings and Emission Reductions

ESOS is flexible in such a way that it combines energy policies and innovations tailored to every organisation’s need. The energy efficiency measures taken, resulting from the scheme, quickly cuts down both carbon emissions and energy bills at cheapest possible ways.

Managing Energy Demand

ESOS provides energy security to UK by reducing the energy consumption of enterprises. With this, the economy would be more efficient and less exposed to international energy market volatility. Also, this will lead to more savings from less future investment in energy infrastructure.

Getting your Management Performance Noticed

If you are an energy professional, you will benefit from ESOS by exploiting it ?to boost your charisma towards the company directors. You can show them how the scheme works and how it can save your company substantial costs. Managing energy with ESOS can help an organisation grow. Nevertheless, you are the key person designated to get the project done and achieve success.

How can ESOS make a difference?

More than anything else, ESOS can make a huge change. True to its name, it provides large enterprises the opportunity to manage energy wisely, reduce overhead costs and promote responsible corporate energy consumption.

The International Energy Agency said that investing in energy efficiency leads to growth, additional jobs, competent budgets on public spending and enhanced industry productivity. If you are an energy and environment professional or a non-SME business entity, you hold the impulse to act. Aside from all those excellent business benefits that you get to enjoy, you will be able to contribute a portion towards achieving UK?s national carbon target of 80% in CO2 by 2050.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How Accenture Keeps Rolling Out Sustainability

Multinational management-consulting and technology-services company Accenture has a good eye for sniffing out new business, with 305,000 employees advancing its interests in more than 200 cities in 56 countries evidence. Last year, it netted US$30 billion profit that is a tidy sum of money in anybody?s books.

Accenture also practices what it preaches. This is maximum business efficiency within moral standards. It tracks its carbon emissions from its offices around the world. Being a technology services company it is unsurprising that it automated the process. Being management consultants it can drill down to finest detail in its search for continuous improvement.

As a forward-thinking company Accenture is committed to transplanting its business skills into other organizations, in order to drive higher performance and sustain greater profits in the long term. It works with clients across borders and industries to integrate sustainability into their business models, and find effective ways to lighten carbon footprints.

The City of Seattle in Washington is a case in point. Following a proud history of nature and energy conservation, it engaged Accenture in 2013 to help it reduce downtown power consumption by 25%. Other project members were Microsoft supplying software, the local power utility for technical advice, and a non-profit to set up a smart building program. The initiative uses cloud services to process the big data generated by a host of building management services, plus a multitude of sensors, controls and meters.

The project is vital for the City. It wants to continue expanding but needs to avoid another power plant polluting its skyline. At the time of writing, the pilot sites had proved successful and the program was rolling out. Seattle?s next challenge is to acquire 15% of its energy from renewable sources by 2020.

The smart building solutions Seattle trialled in five downtown buildings, had a further welcome spinoff; by reducing operating times, facility managers can look forward to extended equipment life and fewer maintenance downtimes. The green building philosophy is alive and well in the City of Seattle, driven both by necessity and vision.

It is a no longer as question of if – but when – other urban communities follow suit. EcoVaro believes it is time long due for individual companies to start enjoying lower energy costs plus the prospect of profitably trading carbon credits. The process begins with measuring what you have and identifying cost-effective savings.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Saving Energy Step 4 – Breathing Life into the Project

Today we consider the fourth step on the road to energy saving, when we introduce key contributors who will pull it all together. We have been on quite a journey. We started by developing a management system and then followed up with practical improvements, while challenging the assumptions behind the energy bills we may have paid unchallenged in the past.

After we knock off the big-ticket savings, managing energy becomes a process of improvement characterised by smaller increments. Kaizen is the classic model and it includes everybody in the organization from the janitor to the CEO. I inverted the pyramid deliberately, because ideas deserve considering no matter where the originator parks in the company yard.

People ? our people ?are truly central to the process. Energy adds extra leverage to their efforts, keeps them warm in winter, cool in summer and powers up the ovens in the company canteen. They are brimming over with ideas because that is the nature of being human. The best managers are those who release this potential and participate in its flowering,

It is important not to threaten job security. So many savings-driven initiatives have ended in job losses that people on the shop floor automatically suspect another round. Shrinking carbon footprints is about making the world a better place for everyone. We become more effective when we turn ?increasing profit? into making the enterprise sustainable in itself.

Engaging employees is more than office circulars and speeches at the Christmas Party. Organizations are organic places where trust grows slowly but conflict can flare in a moment. Before involving your people in your energy ?kaizan? make sure your words and intentions overlap perfectly. You will be amazed at the power you unlock in your people.

The best way I know of doing this is through your health and safety structure, which then becomes your environment, health and safety structure EHS. As you explore this idea at safety committees you find these things overlap, in the sense of creating people-centric environments at work and home.

That said, there is no magic formula for achieving employee engagement. The fact that people universally want a cleaner planet is the power to tap into. One way to form a team is to create one artificially and give it a task. The other is to work together towards a shared objective. Which one do you prefer?

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today