How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

A Definitive List of the Business Benefits of Cloud Computing

When you run a Google search for the “benefits of cloud computing”, you’ll come across a number of articles with a good list of those. However, most of them don’t go into the details, which nevertheless might still suit some readers. But if you’re looking for compelling business reasons to move your company’s IT to the cloud, a peripheral understanding of what this technology can do for you certainly won’t cut it.

Now, cloud computing is not just one of those “cool” technologies that come along every couple of years and which can only benefit a particular department.?What we’re talking about here really is a paradigm shift in computing that can transform not only entire IT infrastructures but also how we run our respective organisations.

I hate to think that some people are holding back on cloud adoption just because they haven’t fully grasped what they’re missing. That is why I decided to put together this list. I wanted to produce a list that would help top management gain a deeper understanding of the benefits of the cloud.

Cloud computing is one bandwagon you really can’t afford not to jump into. Here are ten good reasons why:

1.?Zero?CAPEX and low TCO for an enterprise-class IT infrastructure

2. Improves cash flow

3. Strengthens business continuity/disaster recovery capabilities

4. Lowers the cost of analytics

5. Drives business agility

6. Ushers in anytime, anywhere collaboration

7. Enhances information, product, and service delivery

8. Keeps entire organisation in-sync

9. ?Breathes life into innovation in IT

10. Cultivates optimal environments for development and testing

Zero CAPEX and low TCO for an enterprise-class IT infrastructure

Most cloud adopters with whom I’ve talked to cite this particular reason for gaining interest in the cloud.

Of course they had to dig deeper and consider all other factors before ultimately deciding to migrate. But the first time they heard cloud services could give them access to enterprise class IT infrastructures without requiring any upfront capital investment, they realised this was something worth exploring.

A good IT infrastructure can greatly improve both your cost-effectiveness and your capability to compete with larger companies. The more reliable, fast, highly-available, and powerful it is, the better.

But then building such an infrastructure would normally require a huge capital investment for networking equipment, servers, data storage, power supply, cooling, physical space, and others, which could run up to tens or even hundreds of thousands of euros. To acquire an asset this costly, you’d have to take in debt and be burdened by the ensuing amortisation.

If you’ve got volumes of cash stashed in your vault, cost might not be a problem. But then if you really have so much savings, wouldn’t it be more prudent to use it for other sales-generating projects? An extensive marketing endeavour perhaps?

A capital expenditure of this magnitude and nature, which normally has to be approved by shareholders, can be regarded as a high financial risk. What if business doesn’t do well and you wouldn’t need all that computing power? What if the benefits expected from the IT investment are not realised??You cannot easily convert your IT infrastructure into cash.

Remember we’re talking about a depreciating asset. So even assuming you can liquidate it, you still can’t hope to sell it at its buying price. These factors are going to play in the minds of your Board of Directors when they’re asked to decide on this CAPEX.

Incidentally, these issues don’t exist in a cloud-based solution.

A cloud solution typically follows a pay-as-you-go utility pricing model where you get billed monthly (sometimes quarterly) just like your electricity. ?In other words, it’s an expense you’ll need to pay for?at the end of a period over which the service’s value would have already been realised. Compare that with a traditional infrastructure wherein you’ll have to spend upfront but the corresponding value will still have to be delivered gradually in the succeeding months or years.

From the point of view of your CFO, what could have been a CAPEX to acquire an asset that depreciates with time (and consequently reduces your company’s net worth), becomes a flexible operating expense (OPEX).?Truly, it is an operating expense that you can increase, decrease, or even totally discontinue, depending on what the prevailing business conditions demand.

People who think they have done the math in comparing cloud-based and traditional IT infrastructures claim that, although they see how cloud solutions transform CAPEX into OPEX, they really don’t see any significant difference in overall costs.

However, these people have only gone as far as adding up the expected monthly expenses of a cloud solution over the estimated duration of an equivalent IT infrastructure’s effective lifespan and comparing the sum with that IT infrastructure’s price tag. You won’t get a clear comparison that way.

You need to consider all factors that contribute to the infrastructure’s Total Cost of Ownership (TCO). Once you factor in the costs of electricity, floor space, storage, and IT administrators, the economical advantages of choosing a cloud solution will be more evident. Add to that the costs of downtime such as: interruptions to business operations, technical support fees, and the need to maintain expensive IT staff who spend most of their time “firefighting”, and you’ll realise just how big the savings of cloud adopters can be.

Still not convinced? Well, we’re still getting started.?On our next post, we’ll take a closer look at the additional benefits of paying under an OPEX model instead of a CAPEX model.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Top 10 Benefits of Using Field Service Automation Software

Just how much wastage is witnessed in your operations? Each morning your technicians report to work, they receive the day?s schedule, go through the inventory for the parts and tools that will be required, collect and fill the paperwork, before finally hitting the road- translating to hours of manual organisation. What of the information they need when they are at the site? Are they carrying around bulky files on each individual customer? Your field technicians are also responsible for lots of the equipment being handled- and you want to keep a tab on it all- knowing what is being worked on, when it is happening, how long it takes, and the materials that have been used. Dealing with all this on your end through loads of Excel sheets, calculating and updating time logs, and ticking off the inventory- it can be a strain. Field Service Automation Software comes in to handle it all- from the scheduling and tracking, to inventory control and invoicing- all on the same platform.

Eliminating the Paperwork and Optimising Your Operations

There has been a surge in demand for all-in-one Field Service Management (FSM) solutions. They leverage the power of mobile technology, cloud computing and social collaboration to boost the efficiency of field services. In fact, the FSM market is growing at rates never seen before, if the recent statistics are anything to go by. According to the latest estimates, it is worth $3.5 billion and is expected to hit $5.9 billion by 2024.

It’s understandable why this is happening. Technology is advancing, and we all know it’s every entrepreneur?s dream to optimise the use of the available resources while guaranteeing customer satisfaction. If technology can deliver this through automation, why not? Every business now wants to automate things, and the focus is to maximise resource output. You should, therefore, not be surprised to see the FSM software industry booming. If you just considered the field service industry, you’ll realise that there are so many software applications to help with service automation, whether full or partial.

A good example is FieldElite, which helps with the management of field workers. From your desktop or the palm of your hands, on a tablet or smartphone, you can take full control of your field workers, manage scheduled jobs, and use maps to manage work assignments for the already dispatched field workers. Not only does FieldElite help you handle tasks in an accountable manner but also provides options for accounting and reports, all managed in an easy to use dashboard.

10 Benefits Field Service Automation Software Brings On Board

Why would organisations need to invest in a Workforce management app? Below are some of the key benefits of using a Field Service Management software:

1. Cut down the down-time and make every minute count

From scheduling your operations, mapping out preferred routes, dispatching the service team, to staying connected with them throughout the tasks, you get to improve worker efficiency with field service software like FieldElite.

Most FSM software programs allow the administrator to send tasks directly to the field worker?s mobile. More often than not, the FSM software provides vital information, including service history, optimal route to the site, the tools required, and contact numbers, among other details.

This improves efficiency by ensuring that the client’s needs are taken care of promptly. Where it’s about machine maintenance, the downtime would be as short as possible.

2. Enhance professionalism and boost your brand image

FSM software programs are known for ensuring professionalism in the manner in which business activities are conducted. Of course, professionalism is attained through several factors, including working with a team of professionals. Such a team, using FSM software, results in enhanced efficiency and excellence.

A field service software like FieldElite helps you to consolidate all your business information into a single central database. With different access levels, your employees will access only as much information as is relevant to their respective duties.

An FSM software is ideal because the stored information can be accessed from any location, meaning field workers can pick new tasks while in the field, provided they’ve got the requisite tools. Instead of having to come back to the office, the employee would access all the information and execute the necessary task.

3. Resource Optimisation with Real-time Field Service Automation Software

Resource optimisation is one of the key determinants of a company?s profitability. While businesses vary in size and purpose, they all share one thing in common ? the desire to increase productivity while ensuring the optimal usage of resources.

Besides productivity, field service software also allows for efficient utilisation of the available resources to cut down on costs.

4. Stay connected with all your crew- and coordinate them better

FSM software facilitates improved coordination with the workforce. The software streamlines the management of the entire field service life cycle, ranging from labour to work orders, returns, contracts, warranties, and equipment.

The idea is to bring all the company?s field-related operations to a central point. And now, with easy data accessibility from a central platform, improved coordination is easily achievable.

5. Get accurate data and make well-informed decisions every step of the way

Adopting the field service management software is more than just a way to improve efficiency. It goes a long way towards improving a company?s accuracy. When a field service management software is used to trace a company?s activities, all the tasks are tracked on the mobile device, keeping the managers informed of every step.

Besides, the technicians also have a free reign to record the diagnostics, quality information, test results, and the parts consumed. All the information can be captured using text, audio, videos, and still photos. This guarantees minimal to no instances of data manipulation.

6. Improve Customer Satisfaction: Win Their Loyalty

Field service management software improves customer satisfaction. How does that happen? Well, using a field service software like FieldElite allows for quick response to customer queries. If there?s one thing that quickly turns your customers off, it’s delayed response to their requests. With the field service management software, however, you can respond to such requests quickly and effortlessly.

Moreover, your customers can also track the service engineer to ensure they’re well informed of any anticipated delays. With quick response time, customer machines have more reliable up-time, which is the desire of every client.

7. Flexibility ? because no one likes being tied down

If there?s one thing that customers like when dealing with a company, it’s flexibility. Instinctively, customers will always want different options to choose from when using a service without appearing to be confined to one provision. Having limited options would also appear boring.

To this extent, it would be wiser to adopt advanced FSM software. Advanced FSM software is compatible with mobile phones, meaning users can easily manage their tasks from isolated locations. FSM software can either be device-agnostic or device-specific. The device-specific type supports Android, Windows, and Apple iOS. This guarantees mobile-friendly tasks where users can easily manage the assignments via mobile application.

8. Store client history in secure cloud-based FSM software

Software like FieldElite stores client history precisely. All the past data, including order history, are stored separately and accurately. In so doing, the field technician gets easy access to the tools, specifications, and technician instructions that aid them in their operations. The result is increased productivity and on-time service delivery.

9. Asset Management and Inventory Control

Naturally, companies offering different repair services have plenty of assets to store. Accordingly, retrieving a specific part out of the large collection would be daunting.

With a field service application like FieldElite, the staff members can track down all the products effortlessly using the GPS. Furthermore, the FSM software ensures excellent maintenance of assets.

10. Improve oversight of field workers ? and keep them in the loop

The FSM software comes with many useful tools, including a built-in GPS tracker. The GPS tracker oversees the operations of the on-field workers, providing precise details about their geographical location, actual arrival time, and most importantly, the distance from the job site.

While this might not be useful at all times, it comes in handy when you need to assign an urgent task to the nearby technician. Call it a classic example of dynamic scheduling.

Final Thoughts

With so much at stake, it’s increasingly compelling to include the Field Service Management Software in your business. With every industry moving towards automation, your business cannot afford to lag.

Quick and efficient service delivery through FSM software may be the difference between you and your competitors.

The FSM software is no longer the cherry on the cake but a must-have tool for your survival in the highly competitive market.

9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

simplify those answers;
help you pick the right cloud service provider, and
even make sure cloud security is really upheld once your cloud engagement is ?under way