How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

eCommerce

 

We bet you’ve often read how getting rich through the Internet can be fast and easy. Time for your 5-second reality check: It’s going to entail lots of hard work, dedication, a great deal of information and the ability to use that information to your advantage. Sounds familiar?

Well, it should be. After all, it’s still business. However, while the basic ingredients to achieving success in business are still the basic prerequisites in eCommerce, there are also a lot of technical aspects that have to be factored in. This is where you’ll need us.

Well, actually, we’re going to help you out on those basic ingredients too. That’s because our dedicated specialists will perform most of the hard work until you gain enough know-how to run things on your own.

If you’re starting from scratch, we’ll help you build on your idea and transform it into an actual web-based business.

Then once you’ve got your site online, we’ll redirect traffic to it, attract the right visitors, convert those visitors into buyers and keep them satisfied so that they’ll come back and even spread the word.

Some of our related services include:

How Energy Management Software Benefits Your Business

We’re in an era of price volatility in gas and electricity prices, coupled with greater scrutiny on the environmental impact of businesses in their day-to-day operations. According to the Department of Energy & Climate Change, the average SME can slash its energy bill by 18-25% simply by installing energy efficiency solutions in their facility. 

Are you looking to improve energy use in your business? Prevent wastage, track consumption, identify opportunities to save on energy and reduce your carbon footprint while at it? It can be a daunting process to do it all manually. Taking those meter readings, preparing spreadsheets and combing through quotes and energy bills to validate them – this is not something you should be enduring in this day and age. Not when there are dedicated systems built for the task. That’s where Energy Management Software (EMS) comes in. 

Importance Of Energy Management Software

Wasted energy = Wasted money

Failing to improve energy efficiency is costing SMEs loads of funds, with it coming to between £5,801 and £12,109 of missed annual savings for individual businesses. These are 18% – 24% of their energy costs. Where do you stand?

Take timers and thermostats for instance. When not properly set and controlled, or even simply forgetting to turn them down when not in the room, it can easily lead to unnecessary costs. How often do your staff forget to turn off the air conditioning when they leave the meeting rooms? Do you account for weekends or bank holidays when setting the controls of the AC? Mistakes like turning the temperature high on the thermostat to “quickly warm the room” are common, yet heating costs go up by about 8% with every 1°C rise.

There are installations that you can make to minimize wastage. For example, the Chinese Contemporary Arts Centre in Manchester is able to save £4,363 annually just by having a £100 timer installed to its heating system. 

Some energy saving measures won’t even cost you a penny. For instance, did you know that you can save up to 30% of your heating costs simply by preventing cold air from entering the building? This means not keeping the doors just open for convenience. So how can you find points of weakness and areas of improvements in your facility? Install an EMS. 

While businesses vary from one industry to the next, energy management basically boils down to:

  • Metering systems where the consumption is recorded
  • Determining how much energy can be saved by identifying opportunities for this
  • Implementing policies and changing existing systems to take advantage of these opportunities
  • Tracking progress after the improvements have been made

 

Benefits Of EMS For Your Business

Data Acquisition – Where accuracy and reliability matters

Energy data comes from different angles and formats. From the building automation systems and IoT devices that have been set up, bills sent in by the utility company to the spreadsheets needed to analyse them – what if you had it all from one point of reference? The EMS gives you a “bird’s eye view” of all your energy data from one interface. It collects the data from any system – and being cloud-based, is accessible from anywhere in the world. 

The ecoVaro data loggers can be connected with the Wi-Fi network of the facility or function independently, depending on your specific requirements. They monitor readings 24/7, retaining the data even when they have been powered off. The end-to-end encryption assures you of the security of the information that is being obtained. 

Integrating the EMS into the existing systems will simplify the data collection process, and even for the cases where there isn’t a direct method transferring the data into the system, the setup wizards that come with the EMS allow you to prepare the required data and import it. 

Data Analysis: From consumption, energy leaks to areas of improvement

The first step is accurately collecting the data. The next step is making sense of it. The analysis modules with the EMS allow you to monitor the energy consumption of the facility in real-time. 

The energy data is displayed in engaging graphics that are easy to understand at a glance. The dashboard setup, with its customised layout, enables you to monitor the performance of the specific information you want, toggling through usage and savings data, to the meters and sites that are being tracked. With the ecoVaro Energy Management Software, you get Consumption Charts, Regression Charts, Cusum Charts and Heatmaps right to the submeter level. This information can be broken down into 15-minute durations, with the daily, weekly and monthly consumption reports. 

Getting everyone on board

Making changes to company-wide energy policies needs to have the different parties on board – from the energy manager in charge of crunching the numbers and presenting the information, the CFO of the business, the staff running day-to-day operations, all through to plant operators for those in industries. An easy mode of communication is needed, that will be understood and availed in reports that can be shared with the relevant parties in the organization. The graphical displays that come with the EMS enable actionable information to be displayed in a simplified manner – that way all members of the business or organization will be able to comprehend it. 

Meet your Energy Goals

The baseline that is created in the EMS is used as a standard when assessing the impact of future changes to the energy consumption. Using the information that has been obtained, the management can set up energy saving policies and implement changes, and track KPIs (key performance indicators) along the way. For instance, the market research company DJS Research installed a timer switch that turns off their two water coolers when they aren’t in use. This action saves them £144 annually, and had already paid for itself within 35 days.   

You will be in a position to assess the actions that provide your business with the best ROI over time, monitoring the progress and verifying the savings from one central dashboard. Cutting costs here will enable you to divert the funds to other areas of your business, including promotions, marketing, and product development.

For businesses in the energy sector- including electric, oil and gas plants, they specifically need carbon emission reports, to pinpoint areas where the building’s energy efficiency can be improved. ecoVaro EMS allows you to set alarms and KPIs in the facility for issues to be identified and resolved immediately they crop up. 

Turn to ecoVaro

EMS systems are used across the board – from optimising energy use in hotel rooms and hospitals, mapping out usage patterns for those in the agriculture and supply chain niches, running facilities for utility providers, all through to increasing the efficiency of equipment operation for business in the food and beverage sector. Want to learn how you can cut down your energy bills and make your business more eco-friendly? EcoVaro’s team is ready to get you started.

ISO Certification and Training

Overview

ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.

ISO Certification

For a company, an ISO Certification:

? Is an assurance that the organisation, has met the required management of processes and documentation.

? Provides standards on how businesses and organisations manage information and processes;

? Does not impose any regulations;

? Is not like a license that allows a business or company to operate.

Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.

That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.

ISO 9001

ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.

Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.

Find out more about our Quality Assurance services in the following pages:

Total Quality Management

Failure Mode and Effects Analysis

Six Sigma

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today