How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

How the Dodd-Frank Act affects Investment Banking

The regulatory reform known as the Dodd-Frank Act has been hailed as the most revolutionary, comprehensive financial policy implemented in the United States since the years of the Great Depression. Created to protect consumers and investors, the Dodd-Frank Act is made up of a set of regulations and restrictions overseen by a number of specific government departments. As a result of this continuous scrutiny, banks and financial institutions are now subject to more-stringent accountability and full-disclosure transparency in all transactions.

The Dodd-Frank Act was also created to keep checks and balances on mega-giant financial firms that were considered too big to crash or default. This was especially deemed crucial after the collapse of the powerhouse financial institution Lehman Brothers in 2008. The intended result is to bring an end to the recent rash of bailouts that have plagued the U.S. financial system.

Additionally, the Dodd-Frank Act was created to protect consumers from unethical, abusive practices in the financial services industry. In recent years, reports of many of these abuses have centered around unethical lending practices and astronomically-high interest rates from mortgage lenders and banks.

Originally created by Representative Barney Frank, Senator Chris Dodd and Senator Dick Durbin, the Dodd-Frank Wall Street Reform and Consumer Protection Act, as it is officially called, originated as a response to the problems and financial abuses that had been exposed during the nation’s economic recession, which began to worsen in 2008. The bill was signed into law and enacted by President Obama on July 21, 2010.

Although it may seem complicated, the Dodd-Frank Act can be more easily comprehended if broken down to its most essential points, especially the points that most affect investment banking. Here are some of the component acts within the Dodd-Frank Act that directly involve regulation for investment banks and lending institutions:

* Financial Stability Oversight Council (FSOC): The FSOC is a committee of nine member departments, including the Securities and Exchange Commission, the Federal Reserve and the Consumer Financial Protection Bureau. With the Treasury Secretary as chairman, the FSOC determines whether or not a bank is getting too big. If it is, the Federal Reserve can request that a bank increase its reserve requirement, which is made up of funds in reserve that aren’t being used for business or lending costs. The FSOC also has contingencies for banks in case they become insolvent in any way.

? The Volcker Rule: The Volcker Rule bans banks from investing, owning or trading any funds for their own profit. This includes sponsoring hedge funds, maintaining private equity funds, and any other sort of similar trading or investing. As an exception, banks will still be allowed to do trading under certain conditions, such as currency trading to circulate and offset their own foreign currency holdings. The primary purpose of the Volcker Rule is to prohibit banks from trading for their own financial gain, rather than trading for the benefit of their clients. The Volcker Rule also serves to prohibit banks from putting their own capital in high-risk investments, particularly since the government is guaranteeing all of their deposits. For the next two years, the government has given banks a grace period to restructure their own funding system so as to comply with this rule.

? Commodity Futures Trading Commission (CFTC): The CFTC regulates derivative trades and requires them to be made in public. Derivative trades, such as credit default swaps, are regularly transacted among financial institutions, but the new regulation insures that all such trades must now be done under full disclosure.

? Consumer Financial Protection Bureau (CFPB): The CFPB was created to protect customers and consumers from unscrupulous, unethical business practices by banks and other financial institutions. One way the CFPB works is by providing a toll-free hotline for consumers with questions about mortgage loans and other credit and lending issues. The 24- hour hotline also allows consumers to report any problems they have with specific financial services and institutions.

? Whistle-Blowing Provision: As part of its plan to eradicate corrupt insider trading practices, the Dodd-Frank Act has a proviso allowing anyone with information about these types of violations to come forward. Consumers can report these irregularities directly to the government, and may be eligible to receive a financial reward for doing so.

Critics of the Dodd-Frank Act feel that these regulations are too harsh, and speculate that the enactment of these restrictions will only serve to send more business to European investment banks. Nevertheless, there is general agreement that the Dodd-Frank Act became necessary because of the unscrupulous behaviour of the financial institutions themselves. Although these irregular and ultimately unethical practices resulted in the downfall of some institutions, others survived or were bailed out at the government’s expense.

Because of these factors, there was more than the usual bi-partisan support for the Dodd-Frank Act. As a means of checks and balances, the hope is that the new regulations will make the world of investment banking a safer place for the consumer.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Benefits of Integrating IoT and Field Service

Owing to the complexity of its definition, many people loosely use the phrase Internet of Things (IoT) without having a solid grasp of its true meaning. A majority in this category take IoT to be nothing more than the automation of home gadgets, where the internet is used to interconnect computing components embedded in everyday devices.

Granted, the whole idea of IoT got its roots from the home setting. Nevertheless, IoT has outgrown that spectrum and has since penetrated into almost every area of business and industry. By employing IoT, you can literally take full control of everything in your business using a single device. From assigning tasks to monitoring security, managing bills to tracking time, IoT has revolutionized the way business is done.

Interestingly, not so long ago, most technology experts limited their forecasts to machine-to-machine (M2M) integration and Augmented Reality (AR), which also, admittedly, hit the technology industry with an admirable suave. Back then, it could have been laughable for anyone to have suggested that IoT would be so commanding in almost every industry, including real estate, medicine, automobile, and more.

It’s not for nothing, therefore, that the field service industry has also embraced IoT, integrating it in the daily running of business activities, including tracking machine diagnostics, detecting breakdowns, and assigning field engineers to attend to customer needs.

How the Field Service Industry is Benefiting from IoT

Machine uptime has remained an ongoing concern for many customers. In the traditional approach, whenever a machine breaks down, the customer alerts the service provider and then the field service manager checks to see if there is any field engineer available for a new task. Once an engineer has been identified, he?s then dispatched to the site. This worked, but it resulted in an extended machine downtime, a terrible experience for customers.

Thanks to IoT, things are now happening differently.

IoT is now integrating machines to a central communications centre, where all alerts and status updates are sent. The notifications are instant. The field service manager, therefore, gets to learn of the status of machines at the exact time of status change. An engineer who?s not engaged would then be immediately assigned to undertake any needed servicing or repair.

By employing IoT, the service provider receives timely reports relating to diagnostics, machine uptime, part failures, and more. The field manager can, as a result, foretell and forestall any possible downtime.

How has this been helpful?

Before giving a definite answer to that question, it’s crucial to note that more than half of all field service organizations now employ IoT in their Asset Management Systems and Field Service Management. And to answer the question, all the organizations that have the two systems integrated using IoT experience twice as much efficiency as those that don’t, states an Aberdeen Group report. As you already know, improved efficiency results in a corresponding upshot in customer satisfaction.

Apps Making a Difference in IoT-Field Service

The integration of IoT into almost every aspect of business prompted the design and development of different applications to link computing devices. Since the advent of IoT, the software development for the technology has come of age. Powerful and lightweight apps that don simple yet beautiful user interfaces are now readily available at affordable price tags.

A good example of such an App is ecoVaro by Denizon.

ecoVaro not only helps businesses to monitor energy and other relevant environmental data such as Electricity, Gas, Water, Oil, Carbon, Temperature, Humidity, Solar Power, and more, but also provides analytics and comprehensive yet easy to understand reports. The data received from devices such as meters is converted into useful information that’s then presented in figures and graphs, thus allowing you to make decisions based on laid down controls.

The focus of the app is to instantly alert service engineers to go on site to fix issues.

With ecoVaro, field service engineers no longer have to return to the office to get new instructions. Also, customers don’t have to manually fire alerts to the service provider whenever something isn’t working correctly. By employing the latest in IoT, ecoVaro sends notifications to field service managers and engineers about respective customers that need support.

How ecoVaro Helps

Best-in-class companies aren’t ready to compromise on customer satisfaction. Therefore, every available avenue is used to address customer concerns with the deserved agility. By using IoT, ecoVaro makes it possible for field service providers to foresee and foreclose any possible breakdowns.

The inter-connectivity among the devices and the central communications centre results in increased revenue and improved interactivity between the system and the field engineers. This results in greater efficiency and lower downtime, which translates into improved productivity, accountability, and customer satisfaction, as well as creating a platform for a possible expansion of your customer base.

ecoVaro isn’t just about failed machines and fixes. It also provides diagnostics about connected systems and devices. With this, the diagnostics centre receives system reports in a timely manner, allowing for ease of planning and despatch of field officers where necessary.

Clearly, but using the right application, IoT can transform your business into an excellently performing field service company.

EU Energy Efficiency Directive & UK?s ESOS

In 2012 the European Union passed its EU Energy Efficiency Directive (EED) into law. This aims to reduce overall energy consumption by 20% by 2020. It placed an obligation on member states to pass back-to-back local legislation by June 2014.

EED Guidelines

The EED provides specific guidelines it expects member nations to address. The list is long and here are a few excerpts from it:

Large companies must use energy audits to identify ways to cut their energy consumption

Small and medium companies must be incentivised to voluntarily take similar steps

Public sector bodies must purchase energy-efficient buildings, products and services

Private energy-consumers must be empowered with information to help manage demand

Energy distributors / resellers must cut their own consumption by 1.5% annually

Legislators are free to substitute green building technology e.g. through better insulation

Every year, European governments must audit 3% of the buildings they own

Definition of Energy Audit

An energy-consumption audit is a question of measuring demand throughout a supply grid, with particular attention to individual modules and high demand equipment. While this could be an exercise repeated every four years to satisfy ESOS, it makes more sense to incorporate it into the monthly energy billing cycle.

Because energy use is not consistent but varies according to production cycle, this can produce reams of printouts designed to frustrate busy managers. ecoVaro offers an inexpensive, cloud-based analytic service that effortlessly accepts client data and returns it in the form of high-level graphic summaries.

Potential ESOS Beneficiaries

As many as 9,000 UK companies are obligated to do energy audits because they employ more than 250 employees, have a balance sheet total over ?36.5m or an annual turnover in excess of ?42m. Any smaller enterprise that finds energy a significant input cost, should also consider enlisting Ecovaro to help it to:

Obtain a better understanding of the energy side of their business

Achieve energy savings and share in a estimated ?3bn bonanza to 2030

Reduce carbon emissions to help meet their CRC commitments

More About ecoVaro

We offer web-based energy management software that helps you measure and manage energy costs. This strips data from your meters and generates personalised reports on a dashboard you control. This information helps you accurately zoom in on worthwhile opportunities. With Ecovaro on your side, ESOS truly becomes an Energy Saving OPPORTUNITY Scheme.