How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

Symbion Pharmacy Services? Definition of Responsibility

A ?symbion? is an organism in a symbiotic (i.e. mutually beneficial) relationship with another one. In the case of Australia?s giant Symbion Pharmacy Services, this means supplying and delivering over-counter Chemmart medicines to more than 3,000 hospital and retail pharmacies, while remaining mindful of its carbon footprint.

In 1999, the company with the tagline ?life matters? and a desire to be seen as ?a good corporate citizen? decided it was time to measure exactly what it was pumping out from 12 facilities and over 200 vehicles. This was a voluntary decision as even now there is still no carbon emissions law in Australia (although no doubt being a ?first mover? will put the company in a competitive position when this inevitably comes).

Symbion decided to install emission detection devices and connect these to a central monitoring system with the intention of managing what these measured. There were two stages to this process. First, Symbion determined its reporting requirements based on one of its larger warehouses. Following that, it established a carbon footprint for each of its wholly owned and managed facilities. This put it in a position to:

Analyse total emissions down to a level of detail where it understood the contribution of each source
Use big data management tools to identify carbon hotspots for priority remedial action
Inform the affected workforce, explain the monitoring system and keep them in the loop
Separately manage energy abatement programs such as lighting and delivery routes

The program also had productivity spin-offs in that it focused management attention on the processes behind the emissions that were ripe for material and system improvements. It also provided marketing leverage. Symbion?s customers are in the wellness business, ahead of the curve when it comes to how emissions contribute to chronic illness, and aware of the cost of this in terms of human capital.

EcoVaro could help you manage your throughputs by analysing your data on our cloud-based system. This includes trending your metrics, comparing them to your industry seasonal average, and providing you with a business-like view of how well you are doing.

Our service reduces your reliance on (and the cost of) third party audits, and simplifies the reporting process to your controlling authority. It simply makes more sense to contract your software out this way, and only pay for it when you need it.

Importance of Field Service Management Software for Mobile Working

Technology has been evolving at a fast pace. Changes are also happening simultaneously within different industries. Making a great difference in the business world right now is the trend of mobile working.

Thanks to platforms and tools, working while on the go is now easier and more streamlined. The field service industry also benefits from these technological advances.

Mobile technicians can now give excellent performance and do their job efficiently with no hands-on management needed.

Keep in mind that field service management is no joke. So, to achieve a smooth business and mobile worker management, you’ll need to invest in good mobile service management software.

But First, what is Mobile Working?

Mobile working is a method of working that is not tied to a single physical location.

It isn’t just about checking your emails on your phone or ringing your colleagues via Bluetooth while driving your car to the next appointment. It’s so much more intricate than that.

Effective mobile working means you’re mobilising your workers. Field technicians should have everything they need to complete their day to day work. You’re giving them their entire office in the form of a mobile device.

Mobile working, via a handheld device, allows field technicians to do the following:
● Access and input information about a work order
● Collaborate on projects
● Stay in touch with colleagues, clients and management
● Utilize effectively the different software features

Your field workers should have the support of a dynamic management tool that ensures they are sent to the job that utilises their skills effectively and efficiently.

That’s where a good field service management software shows its importance.

The Role of a Field Service Management Software

Your mobile workforce is scattered across various physical locations. You’ll need to connect with them and simultaneously manage your field service business.

Thanks to the increasing connectivity and improvement of technologies for this purpose, mobile workers can easily input and access any work order details via your chosen field service management software.

What Makes a Good Field Service Management Software?

There are 3 main points to consider when investing in a good mobile workforce management software:

1. It’s simple and familiar to use. Like we mentioned before, be sure to mobilise your field technicians – not the back-office system. Make sure your chosen app or software has a simple user interface so your workers can be on-the-go easily.

2. It works offline. Rural areas and highways can have poor connectivity. Sometimes agents will need to work in areas that have little to no network coverage or are deep down working in tunnels or around heavy machines and turbines. You don’t want your field technicians unable to complete work due to connectivity issues. Make sure to choose software that can function on their device while offline.

3. It’s flexible (and maintainable). Your field service management of choice should have real-time visibility. Flexible and improved visibility for a field worker means that they can do their best in any task. They can share or get critical information about orders and customers. This drastically improves job completion rates and customer satisfaction.

Importance of Field Service Management Software to Mobile Working

Utilize the technology that is available to you. Your mobile workforce should have the right tools so they can make sure to do their fieldwork efficiently without worrying about tedious administrative work. Any back-office task can be done quickly through a field service management software.

And that’s the most important role of a great mobile service management app — effective mobile worker efficiency.

Benefits of a Field Service Management Software to Mobile Working

● Additional revenue: By simplifying the administrative work, your field technician can even double the work order in their daily shift, meaning more profit for the business.

● Cost-cutting: The cloud-based nature of a field service management software means that your business can reduce the cost of on-site IT.
Your mobile workforce can operate from wherever they have an online connection, meaning less reliance on offices and building costs.

● Boosts overall efficiency: A mobile workforce management software allows you as a manager to monitor in real-time where they are and what they are doing. It means that problems can be identified and dealt with immediately.
Your field technician, in turn, becomes more efficient because the technology allows them a quicker response, instead of taking too long finishing administrative tasks.

Invest in a great field service management software. Check out FieldElite and see how they can help you with the following mobile working features:
• Accepts jobs in the field
• Automate appointment scheduling
• Manage scheduled jobs
• Get real-time visibility into all operations
• Have a clear and easy viewing of job locations
• Resolve field service calls faster
• Enable mobile workers to get the job done right
• Keep customers updated at every step
• Create quotations and accept payments
• Analyse efficient reports from field technicians

Why DevOps Matters: Things You Need to Know

DevOps creates an agile relationship between system development and operating departments, so the two collaborate in providing results that are technically effective, and work well for customers and users. This is an improvement over the traditional model where development delivers a complete design ? and then spends weeks and even months afterwards, fixing client side problems that should never have occurred.
Writing for Tech Radar Nigel Wilson explains why it is important to roll out innovation quickly to leverage advantage. This implies the need for a flexible organisation capable of thinking on its feet and forming matrix-based project teams to ensure that development is reliable and cost effective.
Skirmishes in Boardrooms
This cooperative approach runs counter to traditional silo thinking, where Operations does not understand Development, while Development treats the former as problem children. This is a natural outcome of team-centred psychology. It is also the reason why different functions pull up drawbridges at the entrance to their silos. This situation needs managing before it corrodes organization effectiveness. DevOps aims to cut through this spider web of conflict and produce faster results.

The Seeds of Collaboration

Social and personal relationships work best when the strengths of each party compensate the deficiencies of the other. In the case of development and operations, development lacks full understanding of the daily practicalities operating staff face. Conversely, operations lacks ? and should lack knowledge of the nuances of digital automation, for the very reason it is not their business.
DevOps straddles the gap between these silos by building bridges towards a co-operative way of thinking, in which matrix-teams work together to define a problem, translate it into needs and spec the system to resolve these. It is more a culture than a method. Behavioural change naturally leads to contiguous delivery and ongoing deployment. Needless to say only the very best need apply for the roles of client representative, functional tester and developer lead.

Is DevOps Worth the Pain of Change?

Breaking down silos encroaches on individual managers? turf. We should only automate to improve quality and save money. These savings often distil into organisational change. The matrix team may find itself in the middle of a catfight. Despite the pain associated with change resistance, DevOps more than pays its way in terms of benefits gained. We close by considering what these advantages are.

An Agile Matrix Structure ? Technical innovation is happening at a blistering rate. The IT industry can no longer afford to churn out inferior designs that take longer to fix than to create. We cannot afford to allow office politics to stand in the way of progress. Silos and team builds are custodians of routine and that does not sit well with development.

An Integrated Organization ? DevOps not only delivers operational systems faster through contiguous testing. It also creates an environment whereby cross-border teams work together towards achieving a shared objective. When development understands the challenges that operations faces ? and operations understands the technical limiters – a new perspective emerges of ?we are in this together?.

The Final Word ? With understanding of human dynamics pocketed, a DevOps project may be easier to commission than you first think. The traditional way of doing development – and the waterfall delivery at the end is akin to a two-phase production line, in which liaison is the weakest link and loss of quality inevitable.

DevOps avoids this risk by having parties work side-by-side. We need them both to produce the desired results. This is least until robotics takes over and there is no longer a human element in play.