How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

How Volvo Dublin achieved Zero Landfill Status

The sprawling New River Valley Volvo plant in Dublin, Virginia slashed its electricity bill by 25% in a single year when it set its mind to this in 2009. It went on to become the first carbon-neutral factory in 2012 after replacing fossil energy with renewable power. Further efforts rewarded it with zero-landfill status in 2013. ecoVaro decided to investigate how it achieved this latest success.

Volvo Dublin?s anti-landfill project began when it identified, measured and evaluated all liquid and solid waste sources within the plant (i.e. before these left the works). This quantified data provided its environmental project team with a base from which to explore options for reusing, recycling and composting the discards.

Several decisions followed immediately. Volvo instructed its component suppliers to stop using cardboard boxes and foam rubber / Styrofoam as packaging, in favour of reusable shipping containers. This represented a collaborative saving that benefited both parties although this was just a forerunner of what followed.

Next, Volvo?s New River Valley truck assembly plant turned its attention to the paint shop. It developed methods to trap, reconstitute and reuse solvents that flushed paint lines, and recycle paint sludge to fire a cement kiln. The plant cafeteria did not escape attention either. The environment team made sure that all utensils, cups, containers and food waste generated were compostable at a facility on site.

The results of these simple, and in hindsight obvious decisions were remarkable. Every year since then Volvo has generated energy savings equivalent to 9,348 oil barrels or if you prefer 14,509 megawatts of electricity. Just imagine the benefits if every manufacturing facility did something similar everywhere around the world.

By 2012, the New River Valley Volvo Plant became the first U.S. facility to receive ISO 50001 energy-management status under a government-administered process. Further technology enhancements followed. These included solar hot water boilers and infrared heating throughout the 1.6 million square foot (148,644 square meter) plant, building automation systems that kept energy costs down, and listening to employees who were brim-full with good ideas.

The Volvo experience is by no means unique although it may have been ahead of the curve. General Motors has more than 106 landfill-free installations and Ford plans to reduce waste per vehicle by 40% between 2010 and 2016. These projects all began by measuring energy footprints throughout the process. ecoVaro provides a facility for you to do this too.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How an EMS Can Cut Your Carbon Emissions

Your business carbon footprint is directly tied to the efficiency of its energy consumption. From the equipment used in industries, lighting and air conditioning in offices, shopping malls and other commercial buildings, the load used by everyday machines like the coffee makers in the employee breakroom, to hot water boilers in apartment complexes, how much do your processes affect the environment? Standards like the ISO 14001:2015 are being implemented to enable businesses to reduce their impact on the environment, from optimising their energy usage, minimising waste, turning to renewable power sources, all through to preventing pollution and complying with their specific regulatory requirements. How do you handle the volume of data that needs to be obtained and assessed?

Energy management systems come in to enable you to analyse your consumption, identify factors affecting your total energy use – from temperature and humidity conditions, to equipment that is causing spikes, and observe your usage patterns. That way, you can put in measures to minimise wastage while increasing your operational efficiency, reduce your carbon emissions and track your progress all the way. Here, we’ll break down how this is achieved. 

Going Green With An Energy Management System

This is a holistic approach aimed at minimising wastage and optimising energy usage. It includes:

Auditing your energy consumption

The first step is really quantifying how much energy you use, which systems are causing unnecessary load, all through to where there are inefficiencies in the facility. Which equipment has the largest impact on your bill? An energy management system allows you to view it all from one dashboard, such as with the ecoVaro EMS that takes you down to the sub-meter level.

Here, you get real-time data that is collected by the ecoVaro loggers – from electricity use, gas, water, temperature, solar power, humidity, air pressure – the readings can all be monitored. This is done 24/7, and the consumption feeds are recorded. Moreover, ecoVaro pulse data is collected every 15 minutes – which is particularly important when it comes to analysing trends over a time period, be it daily, weekly or monthly. 

Data is only useful if it can be properly analysed, right? So instead of just bombarding you with spreadsheets of numbers, the EMS displays the records into graphs and charts that are easy to comprehend – all from the same interactive interface. So, whether you’re the energy manager in the facility, or you want reports that can be shared with the CFO, owners of the business, or even staff themselves to enable them to understand the energy saving policies that you will put in place – you will be able to carry this out. 

ecoVaro gives you different ways to analyse the data from the readings that have been recommended. For instance, the heat mapping from the interface allows you to see the building’s energy use during different periods at a glance. The site-by-site analysis in particular enables the building or energy manager to assess each individual premises, from checking which block in the school is causing the energy bills to surge, the facility whose performance is falling behind, all through to the office building with the highest carbon footprint. In fact, the carbon and sustainability reports from ecoVaro EMS enables you to see the impact that your operations have. You even get to compare tariffs from the different energy suppliers, that way you can go with the option that is most suited to your situation.

Setting a baseline for your operations

This is essentially a “before/after checkpoint” that you will use to compare the effectiveness of subsequent measures that you will undertake. After making modifications to the systems in your business, you will want a clear picture of whether the new measures are actually benefiting your operations and optimising your energy efficiency, or whether they are deteriorating the performance further. The energy baseline will be critical in analysing your progress. 

Reports like the CUSUM (cumulative sum) charts on ecoVaro show you the energy performance, be it of a boiler in a factory, office building, or chain of hotels – over a set period of time. You can then compare this to the baseline, which will show you if the changes you will implement will make you savings. The heatmaps also come in handy here, showing you the energy consumption at each meter, whether it is low, medium or high compared to the baseline that has been set. The heatmaps give a quick visual to analyse resource usage.  

Creating energy targets

After understanding your energy consumption and seeing how it impacts your business, next is mapping out short- and long-term goals that you want to attain to optimise your usage and reduce your carbon footprint. 

For instance, short-term targets can include the likes of decreasing the night-time lighting load, and adjusting HVAC uptime depending on the level of activity in your business premises for the different hours of the day. 

For the long-term targets, these include setting a specific percentage average kWh reduction for the different industrial sites or buildings under your management; lowering the demand kW throughout the building by a specific range year-on-year; as well as the percentage with which you want the carbon emissions decreased annually. 

Cost efficiency also factors in. For instance, entering your current tariffs into the conversion factoring dashboard on ecoVaro will show you how your consumption translates to the bills that you receive – and even shows you what you stand to save by negotiating for new energy contracts with your utility firm.

Identifying initiatives and implementing energy saving programs

These are geared towards improving your energy efficiency and reducing your carbon footprint. They vary from one industry to the next. For instance, these can include:

Getting motion/occupancy detectors and automatic dimmers installed in the facility

These are lighting controls that enable you to save money and energy by automatically turning the lights off when they are not required (people have left the room), and reducing the light levels for those cases where full-on brightness is not needed. For instance, the dimmer controls enable variable indoor lighting, reducing the wattage and output when dimming the lightbulbs, saving energy in the process. These can be manual, or operated with sensors or timers. 

Motion sensors on the other hand will automatically turn on the lights after they detect motion, then after a short while turn them off – they are typically used for utility and outdoor security lighting. There are also occupancy sensors used in rooms, which turn on the lights when they detect indoor activity, then turn them off or reduce the light output when the particular space is unoccupied. 

Switching to energy-efficient light fixtures such as CFL or LED bulbs

Lighting costs are a major contributor to the energy bills being footed by the business. What kind of systems do you have set up?

Incandescent bulbs are rapidly being phased out due to their inefficiencies. They work by a wire tungsten filament getting heated until it glows – a process that sees almost 90% of its energy being released as heat, instead of light. In addition, with an average lifespan of just 1,500 hours, there is the need for better alternatives – and they have already been around for over a decade: CFL and LED bulbs, which save on energy and have far less carbon emissions. 

Compact fluorescent light bulbs (CFLs) light up when an electric current going through a tube with argon and trace mercury gases generates ultraviolet light, stimulating the fluorescent coating that’s on the inside of the tube, which in turn produces light. As such, a 15-watt CFL will have about the same light output as a 60-watt incandescent bulb. This makes them approximately 4 times more efficient compared to the incandescent bulbs, with a lifespan of 10,000-15,000 hours. This translates into fewer replacements and greater energy savings. However, there are still concerns about the mercury that is in the CFLs, though it is still in small quantities – basically smaller than the tip of your pencil. In addition, the CFLS aren’t; dimmable. They are usually used as a replacement for incandescent bulbs before completely switching to the more efficient LEDs.

Light-emitting diode bulbs (LEDs) Take things a notch higher. Here, electrons moving through a semiconductor emit the light, and you can get the LEDs for visible light, ultra-violet, and infrared spectrums. Here, the lifespan is 25,000–35,000 hours, which is more than double that of CFLs, and leagues beyond the standard incandescent bulb. Moreover, with a 16.5W LED bulb you’ll be getting the same lighting as a 20W CFL, or a 75W incandescent bulb. 

You will notice that when you touch LEDs, they feel cool, and this is because less energy is getting converted into heat. With the energy efficient bulbs, you won’t have to run your AC harder during those hot months, further adding to your cost savings. You can be able to see such consumption trends over the months through the energy management system, getting to the root cause of the problem. For instance, seeing the changing trends in the AC energy consumption over different weeks will enable you to assess what is causing it to be pushed harder, and address the root cause of the problem. 

Acquiring energy-efficient office equipment

This is broad, with the changes being made here depending on your particular niche. Take printers for instance. Simply going for printers with sleep and automatic shut-off modes will ensure that the units are not consuming energy when they are not in use. The same case applies to copier machines. Energy saving surge protectors on the other hand are beneficial for allowing you to “unplug” multiple devices that use standby power even when switched off – what’s usually called “vampire power” or “phantom energy“. 

The need for energy savings cuts across the board, from the computers and monitors used, to the coffee makers and kettles. For instance, working with an electric kettle to heat water for tea beats using a microwave or stove. Go further by opting for a kettle that allows you to set the particular temperature you want for the water – since you don’t really need the water for tea to be boiling hot for the tea to properly steep. Taking such steps further contributes to your business’ efforts to go green and reduce your carbon footprint. 

Turning to renewable energy sources

Switching to renewable sources to power your operations will simultaneously reduce your energy bills and cut your carbon emissions. From solar panels to wind turbines and the like, they are cleaner sources of energy, and the installations that you go with will depend on your kind of business. Moreover, this will protect you from the fluctuations in energy prices, since the bills are affected by the availability of fuel, electricity demand, costs that go into generating and distributing it – all of which end up hitting your business in the long run. On the other hand, going off the grid with your own supply of power protects you from this. In fact, if you end up producing surplus energy, you can sell it back to the grid, earning your business extra revenue. 

Sure, the upfront costs of setting up the systems will take a sizable chunk out of your budget, but the savings allow you to recoup the costs over time. In addition, there will be savings from the incentives being provided by the government, such as tax rebates and grants. These are the likes of the Solar PV Grant from SEAI (Sustainable Energy Authority of Ireland) which is at €900 per kWp, capped at €2400 for each business. Funding is available for homes, community programs and commercial buildings such as  Collinstown Park School that was able to slash their lighting costs by a whopping 90% after securing 50% of the funding for their energy upgrade project from SEAI. The ecoVaro EMS comes with support for solar power installations in its firmware, that way you can continue assessing the changes that your solar power system will bring to your overall energy usage.

Spread awareness

You should also carry out energy conservation training for your staff. The reports generated by the EMS will make it easy for them to get a picture of their energy consumption trends, and the effects that it has on both the performance of the company, and the carbon footprint as a whole. It also gives them more awareness of the impact that they each have at an individual level. 

Assessing Key Performance Indicators

The energy analytics tools from the EMS will show you whether you are actually meeting your goals. Since it works with the different metered connections, from getting electricity and temperature readings, checking radiation levels, humidity data all through to gas meters, you will be able to assess the progress that your business is making across the board. 

For ecoVaro in particular, the performance of your systems can be seen through reports like Consumption Charts – from the different offices, tenants and equipment energy usage, peak -and off-peak data, as well as Regression Charts that allow you to compare building’s actual energy consumption to its expected performance, and how they are affected by variables such as temperature. 

With the site-by-site data and the monitoring being down to the sub-meter level, you will be able to identify an issue when it crops up and narrow it down to the specific instant and location where it occurred. This enables you to address the problem quicker.   

Conducting a compliance audit

A comprehensive audit can then be undertaken to ensure that your company meets internationally-recognized standards that have been stipulated regarding implementing energy management systems and enhancing the energy efficiency of your operations. The compliance audits are carried out by certified auditors.

Through the EMS, you are able to position your business appropriately to meet the standards for your particular niche, measuring and observing the performance of energy-saving projects that have been implemented. This extends to acquiring and presenting data that will be used to show the business’s compliance to industry regulations and obtain the relevant certification. You are able to report on your carbon footprint, and verify it. This information can also be disseminated amongst your employees and customers, raising awareness about your business green initiatives, boosting your brand in the process.

A Small External Enterprise Development Team is Cheaper than Your Own

Time is money in the application development business. We have to get to market sooner so someone else does not gazump us, and pip us at the post. We increase the likelihood of this with every delay. Moreover, the longer your in-house team takes to get you through the swamp, the higher the project cost to you.

Of course, in theory this should not be the case. Why bring in a team from outside, and pay more to support their corporate structure? Even going for a contract micro team ought not to make financial sense, because we have to fund their mark-up and their profit taking. Our common sense tells us that this is crazy. But, hold that thought for a minute. What would you say if a small external enterprise development team was actually cheaper? To achieve that, they would have to work faster too.

The costs of an Enterprise Internal Development Team

Even if you were able to keep your own team fully occupied ? which is unlikely in the long term ? having your own digital talent pool works out expensive when you factor in the total cost. Your difficulties begin with the hiring process, especially if you do not fully understand the project topic, and have to subcontract the hiring task.

If you decide to attempt this yourself, your learning curve could push out the project completion date. Whichever way you decide to go, you are up for paying advertising, orientation training, technical upskilling, travel expenses, and salaries all of which are going to rob your time. Moreover, a wrong recruitment decision would cost three times the new employee?s annual salary, and there is no sign of that changing.

But that is not all, not all by far. If want your in-house team to keep their work files in the office, then you are going to have to buy them laptops, plus extra screens so they can keep track of what they are doing. Those laptops are going to need desks, and those employees, chairs to sit in. Plus, you are going to need expensive workspace with good security for your team?s base.

If we really wanted to lay it on, we would add software / cloud costs, telephony, internet access, and ongoing technical training to the growing pile. We did a quick scan on PayScale. The median salary of a computer programmer in Ireland is ?38,000 per year and that is just the beginning. If you need a program manager for your computer software, their salary will be almost double that at ?65,000 annually.

Advantages of R&D outsourcing

The case for a small externally sourced enterprise development team revolves around the opportunity cost ? or loss to put in bluntly ? of hiring your own specialist staff for projects. If you own a smaller business with up to 100 people, you are going to have to find work for idle digital fingers, after you roll out your in-house enterprise project. If you do not, you head down the road towards owning a dysfunctional team lacking a core, shared objective to drive them forward.

Compared to this potential extravagance, hiring a small external enterprise development team on an as-needed basis makes far more sense. Using a good service provider as a ?convenience store? drives enterprise development costs down through the floor, relative to having your own permanent team. Moreover, the major savings that arise are in your hands and free to deploy as opportunities arise. A successful business is quick and nimble, with cash flow on tap for R & D.

Ready to work with Denizon?

Contact Us Today