How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

How Sustainable is Suez Environment

French-based Suez Environment works in the water and waste-management environment, with specific reference to water production, treatment, & pollution disposal, and waste treatment, recycling, incineration and site desensitisation. Its more than 65,000 employees distributed worldwide have participated in flagship projects like Renault’s goal of 95% reclamation of vehicle parts, and Lyonnaise des Eaux?s saving of 12 million cubic meters of water in a single year.

Suez Environment claims to have consistently increased the recovery rate of treated waste, decreased direct and indirect greenhouse gas emissions, and made significant inroads into the production of sustainable energy on behalf of its clients. But then surely that’s Suez Environment’s business, and with over 65,000 employees we are entitled to expect this. Given that there have been persistent allegations of privatised water distribution bumping prices up to the detriment of the poor, how effective is Suez Environment at practising what it preaches back home?

GDF Suez is its largest shareholder and includes it under its environmental and societal responsibility umbrella. This makes environmental performance an overarching goal alongside management systems, health and safety, risk and procurement, and ethics. Its environmental ambitions spin out into the following strategies:

  • Understand the interactions between our activities and the environment
  • Open dialogue with stakeholders and foster partnerships with them
  • Set quantitative and qualitative targets at all levels of the organisation
  • Achieve optimum balance between financial and environmental challenges
  • Be proactive; anticipate impacts on the environment and plan for them
  • Increase employee awareness through interactive training and education
  • Be constantly innovative; share successes within the organisation
  • Monitor progress continuously and publish measured results achieved.

These goals direct the Suez Environment management team?s attention towards optimising performance in key areas like greenhouse gases, energy management, renewable energy, biodiversity, responsible water management, pollution prevention and health and safety considerations.

Among numerous other examples, its waste incineration programs convert hazardous and conventional waste into heat used to generate electricity without requiring virgin carbon products. Elsewhere, the same energy warms market-gardening tunnels and work places on winter days.

Suez Environment uses sophisticated energy management software to analyse information that’s transmitted by data logging devices online. ecoVaro provides a similar service in the cloud. ecoVaro adapts to your requirements providing fresh insights to your business.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
The Cloud: Changing the Game for Small Businesses

There is a consensus among cloud experts that the onset of cloud computing will benefit small organisations the most. In fact, many even go as far as saying that the cloud and small businesses are a match made in IT heaven. How much of this is true and how much of this is merely part and parcel of the hype surrounding cloud computing?

The Cloud as the Great?Equaliser

If you closely examine the essential characteristics of cloud computing, particularly public cloud services, you will see why small organisations would be very interested in the cloud, and would eventually flock to it, like moths to a flame. And why not? Cloud computing is turning out to be the weapon that can allow small and medium organisations to compete on a more level playing field against large enterprises.

Here are some cloud computing benefits that may just close the gap between the two.

  • Significantly lower IT spending. With little to no investment at all on hardware infrastructure and practically zero maintenance costs, SMBs that would have required substantial capital for IT are now finding it easy to get a business started from scratch or develop and test out new products by using the cloud as the backbone of their IT set-up. The pay-as-you-go pricing scheme that cloud computing offers allows companies to start small and scale up as needed, or when the revenue starts coming in.
  • Higher employee productivity. Licensing fees for software applications can run high even if you don’t have a large staff. Good thing there are now a host of cloud-based office tools – word processors, spreadsheets, presentations, accounting systems, etc. – that can boost employee productivity without the corresponding costs that small businesses can ill afford. Plus, team members in remote locations can continue to collaborate with the rest through any internet-connected device in real time.
  • Easier, better communication. The easy accessibility of communication apps has also changed the way employees interact with fellow employees and more importantly, with customers. Whether through email, instant messaging, or social networks, cloud services have given individuals and businesses more ways of giving and getting feedback. The best thing about it is that most of these services don’t cost much or are even free, giving SMBs ample tools to create better products and improve service.
  • A Look at the Figures Many small businesses are already seeing the potential in the cloud, with SaaS (Software as a Service) applications most commonly used among the early adopters. These services include email and other communication apps, file sharing, and backup.

In a February 2012 Edge Strategies survey (commissioned by Microsoft) of 3,000 small businesses in the US, the following data came to light:

  • The number of small companies with 2 to 10 employees using paid cloud services will triple in the next three years;
  • Current cloud users report purchasing an average of 4 services in the cloud now and expect to use 6 in the future;
  • Fifty percent agree that cloud computing is going to become more important for businesses such as theirs.

Further, a survey of 323 SMBs recently released by social business site Spiceworks and sponsored by EMC reveals that from 48 percent at the start of 2012 and 28 percent a year ago, 62 percent of the businesses surveyed now use some type of cloud app.

What these numbers show is that cloud adoption among small and medium enterprises is starting to gain ground and for sure, more will do the same as understanding and awareness increase. Yes, these businesses should still perform their due diligence as there is no one-size-fits-all cloud solution. But for those companies who have managed to find the right cloud apps and services for their needs, it’s all sunny skies up ahead.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
The Types of Industries That Can Benefit from Field Service Software

Initially, field service software was designed with field techs and their managers in mind. However, in the recent past, other industries have taken this path to better the performance of their businesses. Any industry that deploys skilled laborers and assets to off-site locations benefits from field service software. It’s all about resource allocation and data centralization for efficient management and running of the business? activities. With field service software, you got all your business? functions logged in one place.

So, who needs field service management software? Professionals like electricians, plumbers, IT technicians, construction workers, and carpenters all find it useful. Moreover, there?s a wide range of application in many different types of industries.

Here are some industries that benefit from field service management software.

  • Fire and Life Safety

In a fire and life safety industry, equipment and safety systems should be kept running at peak efficiency. Therefore, it’s necessary to provide appropriate services that will ensure the smooth running of processes. On top of complying with government codes, fire and security systems installed should offer reliable services. Since service is at the core of this industry?s operation, most people in fire and security industries are turning to field service software to automate operations of their service delivery. With the field service software tools, the industry can easily monitor security technologies, quickly respond to customers, and manage compliance, inspections, and procedures effectively.

  • Medical Device Enterprises

For medical device companies seeking to improve their services, sales, and compliance, field service software becomes very essential for the smooth running and operations of their functions. The medical device enterprises that greatly benefit from this software include those offering installations, repair, and maintenance of medical equipment. With the comprehensive field service tools, service delivery and performance is greatly improved.

Moreover, with the field service software, these industries find better ways of tracking critical records needed for regulatory compliance since the medical industry is one of the most regulated industries in the globe. For the companies doing the manufacturing of medical equipment, they can integrate field service software in their accounting systems to streamline their invoice processes and shorten their billing cycles.

  • IT and Communications Services Companies

With the remarkable technological advancements in the recent past, Internet service providers, cable companies, and communications organizations are looking for better ways of service delivery to keep up with the pace of the growing technology. Connections are becoming more complex day by day propelled by an explosion in new data sources, and the use of the devices. To keep up with the increased demand for instant services by customers, the IT and communication service companies, are turning to field service software to make their service delivery more effective.

A combination of the robust, advanced scheduling system and rich functionality makes this software very useful to the communication service companies. They can use the software to design and install complex internet infrastructure. Moreover, field service software can be used by these companies to set up recurring maintenance plans to maintain the installed internet systems.

  • Oil and Gas Enterprises

Most oil and gas industries are faced by complexities which need special handling for better business performance. Since the running of projects is at the cornerstone of their businesses, they’re always looking for better ways to ensure a smooth running of their project activities. For this reason, most of the oil and gas enterprises that have discovered the benefits of field service software are integrating the main activities of their projects in this software.

With the project-based software tools, there?s an efficient flow of information and transparency throughout the enterprise ensuring excellent project management. With the checklist feature included in most field service software, inspections, compliance, site surveys, and maintenance of procedures is made easier in oil and gas companies.

  • Facilities Management Industry

Given that this is a service industry, high-level of efficiency is paramount. To meet customer expectations and battle against cost, most facility management industries are turning to field service software. With the comprehensive tools included in the field service software, supervisors can assign tasks to their reports, monitor their progress, and receive alerts on critical issues while in a remote place or at the comfort of their office.

Maintenance and emergency repairs in the facility management industry are greatly supported by this software ensuring increased productivity and efficiency. Additionally, with field service software the industries benefit from a streamlined workflow and improved communication that greatly reduces administration time and cost.

  • Industrial Equipment Enterprises

Industrial equipment companies aim at maximizing their overall productivity and preventing equipment downtime. There?s a wide range of activities that take place in industrial equipment companies which require field service software for higher levels of efficiency.

From load testing, installation projects, and load testing to emergency repairs, this software, enables the managers to design work orders, and get them ready for scheduling, and distribute them in a moment. With the equipment and asset tracking software, the supervisors can gain instant visibility into the equipment and assets in the field to ensure their regular maintenance. The scheduling and resourcing tools ensure the supervisors are in full control over the dispatching of their workforce, their schedules, and the route taken by each for maximum work output. Additionally, with the field service software, industrial equipment companies can meet their customer expectations.

  • Construction Industry

Since construction work involve both site work and office work, building industries find field service software very useful in integrating their field and office activities. Field service software is designed to establish effective communication between the office staff and the field operators. With inclusive software tools, the supervisors can easily manage daily inspections and receive feedback from the field workers without leaving the office. Moreover, documentation is simplified, and everything is documented in a central place so that it’s easier to retrieve important information at any time. With field service software, building industries can manage their construction efficiently while minimizing cost, and saving on time.

Filed service software is gaining popularity in the industrial world as most enterprises seek to improve their business? performance, and keep up with the competition. Moreover, more companies are expected to come on board as the field service software companies work extra hard to add more tools to suit a wide range of functions.

Ready to work with Denizon?

Contact Us Today