How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

2015 – What’s ahead for UK Business?

According to reports just in, the global environment industry is down. Less money is available for what some CEO?s still see as grudge expenditure, and many U.S. agencies are seeking soft budget cuts. The UK is proving to be an exception following the announcement of ESOS, and EcoVaro does not expect the May elections will have much impact in this regard.

ESOS calls for mandatory energy assessments in companies above a certain size, and requires specific proposals to cut consumption. There is no indication of compulsory follow-through, although it is clear the Environment Agency hopes rising electricity prices and the prospect of monetary savings will do the trick.

It is an open question whether the Tory government would have interfered with commerce to this extent, were it not for the European directive that enforced it. The overall goal is to cut EU energy consumption across the board by 20% by 2020. Energy consultants are rubbing their hands in glee. EcoVaro?s response is to provide cloud-based software.

We will be interested to see how many UK companies make the first deadline of 5 December 2015, in the light of reports that half the 9,000 firms affected appear not to even know that ESOS exists. Some will no doubt pay last-minute lip service. Those with an eye on their own sustainability will grasp the Energy Saving Opportunity Scheme with both hands.

The initial ESOS deadline was always going to be a challenge. Some big corporates have stolen a march albeit egged on by green stakeholders. The next challenge comes in June 2015 with the implementation of the European Union?s ?Waste Catalogue? of hazardous substances, and rules for their disposal. We hope a new ISO 14001 will arrive soon and pull the loose threads together.

The introduction of carbon trading late this year brings further opportunities to increase profits through wise stewardship. Auditable metrics are essential for this.

EcoVaro can assist by processing your raw data. We provide this service on a virtual cloud. In return, you can get advice on optimising the quality of your graphs for presentations.

Spend more to reduce costs?

It is becoming increasingly important to not to analyse energy consumption for all utility types, be it electricity, gas, water, heat, renewables, oil etc. The bottom line is both operational efficiency and utility costs monitoring. In the long run, these are management strategies designed to drive energy costs downwards as a continuous improvement cycle and as a measure of reducing carbon emissions.

It is also getting increasingly easier for organisations reduce energy use and achieve this goal using technology without having to “remember” to do it yourself. Organisations can never go wrong by investing in energy management software. There are varied software options to choose from depending on the organisational objective.
Some of the energy management objectives that organisations may need to meet are:

? Establishing baseline energy use

? Carrying out Energy audits

? Monitoring and measuring energy performance against the energy policies of an organisation and objectives

? Achieving energy certification
Energy management software?s come in handy when an organization wishes to achieve either of the above objectives.

Use of energy management software?s also assists organisations in measurement and verification of energy consumption as well as Monitoring and Targeting. Measurement and verification is where a company quantifies energy consumption beforehand (baseline energy use) and after energy consumption measurements are implemented in order to verify and report on the level of savings actually achieved.

Organisations that wish to verify the energy savings achieved by building retrofits can use energy management software?s. This is an important objective for companies that wish to either satisfy internal financial accounting and reporting requirements, or to meet the terms of third-party contracts for project implementation and management. Monitoring and targeting is also made easier by use of software. This is critical as a management technique, regardless of whether an organisation has specific facility retrofits in order to keep operations efficient and to monitor utility costs.
Overall, an investment in energy management software, is worthwhile in the achievement of management strategies designed to drive energy costs downwards as a continuous improvement cycle.

How Energy Management Software Benefits Your Business

We’re in an era of price volatility in gas and electricity prices, coupled with greater scrutiny on the environmental impact of businesses in their day-to-day operations. According to the Department of Energy & Climate Change, the average SME can slash its energy bill by 18-25% simply by installing energy efficiency solutions in their facility.

Are you looking to improve energy use in your business? Prevent wastage, track consumption, identify opportunities to save on energy and reduce your carbon footprint while at it? It can be a daunting process to do it all manually. Taking those meter readings, preparing spreadsheets and combing through quotes and energy bills to validate them – this is not something you should be enduring in this day and age. Not when there are dedicated systems built for the task. That’s where Energy Management Software (EMS) comes in.

Importance Of Energy Management Software

Wasted energy = Wasted money

Failing to improve energy efficiency is costing SMEs loads of funds, with it coming to between £5,801 and £12,109 of missed annual savings for individual businesses. These are 18% – 24% of their energy costs. Where do you stand?

Take timers and thermostats for instance. When not properly set and controlled, or even simply forgetting to turn them down when not in the room, it can easily lead to unnecessary costs. How often do your staff forget to turn off the air conditioning when they leave the meeting rooms? Do you account for weekends or bank holidays when setting the controls of the AC? Mistakes like turning the temperature high on the thermostat to “quickly warm the room” are common, yet heating costs go up by about 8% with every 1°C rise.

There are installations that you can make to minimize wastage. For example, the Chinese Contemporary Arts Centre in Manchester is able to save £4,363 annually just by having a £100 timer installed to its heating system.

Some energy saving measures won’t even cost you a penny. For instance, did you know that you can save up to 30% of your heating costs simply by preventing cold air from entering the building? This means not keeping the doors just open for convenience. So how can you find points of weakness and areas of improvements in your facility? Install an EMS.

While businesses vary from one industry to the next, energy management basically boils down to:

Metering systems where the consumption is recorded
Determining how much energy can be saved by identifying opportunities for this
Implementing policies and changing existing systems to take advantage of these opportunities
Tracking progress after the improvements have been made

Benefits Of EMS For Your Business

Data Acquisition – Where accuracy and reliability matters

Energy data comes from different angles and formats. From the building automation systems and IoT devices that have been set up, bills sent in by the utility company to the spreadsheets needed to analyse them – what if you had it all from one point of reference? The EMS gives you a “bird’s eye view” of all your energy data from one interface. It collects the data from any system – and being cloud-based, is accessible from anywhere in the world.

The ecoVaro data loggers can be connected with the Wi-Fi network of the facility or function independently, depending on your specific requirements. They monitor readings 24/7, retaining the data even when they have been powered off. The end-to-end encryption assures you of the security of the information that is being obtained.

Integrating the EMS into the existing systems will simplify the data collection process, and even for the cases where there isn’t a direct method transferring the data into the system, the setup wizards that come with the EMS allow you to prepare the required data and import it.

Data Analysis: From consumption, energy leaks to areas of improvement

The first step is accurately collecting the data. The next step is making sense of it. The analysis modules with the EMS allow you to monitor the energy consumption of the facility in real-time.

The energy data is displayed in engaging graphics that are easy to understand at a glance. The dashboard setup, with its customised layout, enables you to monitor the performance of the specific information you want, toggling through usage and savings data, to the meters and sites that are being tracked. With the ecoVaro Energy Management Software, you get Consumption Charts, Regression Charts, Cusum Charts and Heatmaps right to the submeter level. This information can be broken down into 15-minute durations, with the daily, weekly and monthly consumption reports.

Getting everyone on board

Making changes to company-wide energy policies needs to have the different parties on board – from the energy manager in charge of crunching the numbers and presenting the information, the CFO of the business, the staff running day-to-day operations, all through to plant operators for those in industries. An easy mode of communication is needed, that will be understood and availed in reports that can be shared with the relevant parties in the organization. The graphical displays that come with the EMS enable actionable information to be displayed in a simplified manner – that way all members of the business or organization will be able to comprehend it.

Meet your Energy Goals

The baseline that is created in the EMS is used as a standard when assessing the impact of future changes to the energy consumption. Using the information that has been obtained, the management can set up energy saving policies and implement changes, and track KPIs (key performance indicators) along the way. For instance, the market research company DJS Research installed a timer switch that turns off their two water coolers when they aren’t in use. This action saves them £144 annually, and had already paid for itself within 35 days.

You will be in a position to assess the actions that provide your business with the best ROI over time, monitoring the progress and verifying the savings from one central dashboard. Cutting costs here will enable you to divert the funds to other areas of your business, including promotions, marketing, and product development.

For businesses in the energy sector- including electric, oil and gas plants, they specifically need carbon emission reports, to pinpoint areas where the building’s energy efficiency can be improved. ecoVaro EMS allows you to set alarms and KPIs in the facility for issues to be identified and resolved immediately they crop up.

Turn to ecoVaro

EMS systems are used across the board – from optimising energy use in hotel rooms and hospitals, mapping out usage patterns for those in the agriculture and supply chain niches, running facilities for utility providers, all through to increasing the efficiency of equipment operation for business in the food and beverage sector. Want to learn how you can cut down your energy bills and make your business more eco-friendly? EcoVaro’s team is ready to get you started.