How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

Mobile Workforce Management in a nutshell

It is fairly common for businesses to have staff working across many different locations across the country or even the world.  Engaged in various activities like  door-to-door sales, delivery and installations, service maintenance, conducting inspections & investigations or even data collection.

Managing and co-ordinating tasks, scheduling activities, planning and monitoring activities and communicating can often be challenging.

Mobile Workforce Management is the automation of the entire end-to-end workflow management and operations of any field service workers. 

Mobile Workforce Management Synonyms

Mobile Workforce Management is also known as

  • Field Service Management
  • Job Scheduling Software
  • Job Management Software

Advantages of Mobile Workforce Management

It is increasingly clear that there needs to be a certain sense of discipline and streamlining of field operations and important to automate certain tasks within field sales and operations, primarily because it helps you to track your assets remotely and ensuring contact with your workforce when required. Enabling your team to get in touch when required.

Most importantly, engineers, sales representatives and customer care executives can easily send information, scan receipts, Invoice customers and retrieve other crucial information in a standardized and streamlined manner. Assisting in regulating your business and also bringing some order to what is usually a very chaotic mode of working.

Why choose Mobile Workforce Management

Work Force Management tools help you to stay in control. They assist in automating what can and should be automated leaving only the crucial human-human interactivity. Helping you to keep a record of all interactions and important data within a database, without you having to manually go through sales receipts, complaint slips and other such details.

A Field Force Management tool is a time-saver and efficiency tool for companies. Moreover, these tools help to automate several aspects of your day to day operations, leading to an increase in productivity and motivation.

Streamlining operations, will also ensure that important stakeholders are well informed and management visibility is enhanced. Helping your business to make smarter decisions and help serve your customers better.

Field Force Management is similar to an Enterprise Resource Planning (ERP) solution but is vastly different. It is specifically targeted at staff that work on the field and is intended to make their and your work more streamlined, transparent and easy to track.

Cloud based solutions help you automate

 Field Force Management is usually cloud based which means all data is stored and accessible on secure cloud servers. There is no question of losing important data or not being able to retrieve something important. If something goes missing, there will usually be a backup available. Field force management tools include the software, the hardware and also the kind of training that is required for users to use it efficiently.

The software usually helps in saving and processing information while the hardware helps employees to enter important data into devices while they are on the job. Sometimes, field force solutions can also be a mobile app which negates the need for a specific or special device.

This is very important when it comes to field jobs as carrying different devices can prove to be a cumbersome job. At the end of the day, field force solutions are meant to reduce the burden on staff and not actually inadvertently increase it.

Denizon?s FieldElite Mobile Workforce management application provides significant improvements in efficiency and service with a switch to digital working and the elimination of paperwork.

All the information that is stored on the cloud can be run through analytics software so that you get the kind of reports that you are looking for to improve your business.

Field Force Management Process

A field force management tool helps you to remain in contact with your staff while they are at work on the field. This helps you to track your personnel in real time. Field personnel or your staff can log in and enter their attendance using a smartphone. You can assign that particular day?s task remotely using a web console or your own smartphone.

Next, they can carry out whatever duties they need to while you get all the alerts that you set to receive. This helps to increase transparency. You can choose to receive alerts on your phone or on your desktop.

Finally, staff can tag completed tasks with audio and images, instead of they having to type reports. This helps to focus more on the job than on job reporting. Last but not the least, location tags help you to ensure that the job is done at the right place. Your staff will not be able to take your generosity for granted.

All in all, a field force management tool helps you to track and control your staff without you having to be physically present with them and this is the beauty of this tool.

Summary

Field Force Management helps companies to reduce administration expense and improve productivity. This helps to automate data integration which is usually done with the help of cloud servers. Moreover, you can set invoice parameters that help you to also keep track of stocks, inventories and engage in P.O. and task management.

A number of field force management users also use it as a tool to engage in credit management. Banks and insurance companies particularly find this tool helpful as payments can be received on the job, instead of asking customers to pay online or offline. This also helps in building valuable customer relationships and enhance loyalty.

Thirdly, a field force management tool helps to increase planning efficiency. This means, you will be able to allocate tasks and optimize routing. All this helps to increase your ROI at the end of the day and get back the money you invest on field force management.

Finally, you will have more control over productivity and sales thanks to automation of data collection. You will also have more control over the execution of tasks and that will invariably make your company leaner and smarter.

ISO in Energy management

Every industry has its own set levels of quality that are considered acceptable or desirable. Energy performance like any other field is governed by some set standards. These differ across regions but international standards do exist.

ISO 50001 is the international energy standard applicable to both large and small organisations irrespective of geographical, cultural or social conditions. It outlines the best energy management practices that are considered to be the best by specifying that an organisation must integrate an energy management system and institute an energy policy, objectives, targets, and action plans taking into account legal requirements and information related to significant energy use. The energy standard is applicable to organisations.

What’s the importance of attaining energy certification?

ISO certification in any industry is a demonstration of quality or that a service or product meets the expected service standards. In energy management, ISO certification is a demonstration that an organisation or company has implemented sustainable energy management systems, completed a baseline of energy use and, is committed to continuously improve its energy performance. In addition, ISO certification assists organisations in the following ways:

? Organisations are able to optimise the existing energy-consuming assets

? Offers guidance on bench-marking, measuring, documenting, and reporting energy intensity improvements and their projected impact on reducing GHG emissions

? Creates transparency and facilitates communication on the management of energy resources

? Promotes energy management best practices and reinforces good energy management behaviours

? Assists facilities in evaluating and prioritising the implementation of new energy-efficient technologies

? Provides a framework for promoting energy efficiency throughout the supply chain

? Facilitates energy management improvements in the context of GHG emission reduction projects: The reduction of carbon emissions means therefore an organisation is able to meet government carbon reduction targets by demonstrating environmental credentials. The accruing benefits are many, ranging from increased investor confidence to more tender opportunities

Energy management software plays a vital role in helping organisations comply with energy standards through improved performance across the various functions in an organisation.

What are the benefits of digital forms data collection
Field Service Workers are regularly engaged to collect data or carry out inspections and assessments when visiting customer sites or remote area locations. The data collected by Field Service workers, will be used by businesses who will analyse, process and build reports based on the large volumes of data collected. The accuracy and reliability of data collected is vitally important. Traditionally businesses may have deployed mail surveys, telephone interviews, door-to-door surveys and interviews performed by Field Workers to collect data. Digital Transformation is gradually changing many business operations and a great deal of processes which were traditionally executed manually are now accomplished making use of digital methods. Technology is having a major impact not only how businesses research and analyse data, but primarily how data and information is collected. New tools and processes to data collection are improving data collection and analysis, leading to dramatic improvements and maximisation and optimisation of resources and operations. Utilising Digital Data Collection methods enables organisations to not only obtain results quicker but also use the data to make data based decisions faster.

What is a Digital Form?

Digital Forms, also known as Mobile Forms are electronic versions of paper forms that can be completed using:
  • Laptop
  • Tablet
  • Smart Phone
  • Any Mobile Device

Why Use Digital Forms ?

Digital forms can be a simple yet highly effective solution to overcome the challenges presented by paper based forms. Digital forms can be filled out directly using Smart phones and tablets in the field
  • When not connected to the internet or even low speed internet connections
  • When working in remote locations
  • To avoid damage, illegible handwriting or even lost and misplaced forms.
Digital forms can also include data validation logic to ensure field workers complete every form as expected and required, which will enforce and ensure data integrity . Field Service teams appreciate these features and help ensure the validity and accuracy of the data and insights they collect and can be confident regarding making business critical data based decisions. Data and Information collected using mobile forms can be accessible in near real-time, helps enable field teams to sidestep potential obstacles to productivity, and act on opportunities and increasing business agility.

Advantages of Digital Forms

Time and Cost Saving

Using Digital Forms instead of paper-based forms provides a significant impact on improving time and cost savings on printing, storing and distribution costs. Businesses also spend a significant amount of time and money in Administration and double data entry processes incurred by paper based forms. Transferring information from paper based surveys is an error prone process.
Digital Forms can save up to 20 man hours a week in administration costs

Improve data accuracy

Digital Forms can auto-populate fields based on prior data entered and also enable field-level validation. Digital data collection also eliminated data entry errors and data loss. Additional data can also be automatically be gathered such as Username, Geo-location and Time & Date.

Real Time Reporting

The issue with Paper-based data collection is that there will always be a time lag before reports or decision can be made. With a digital platform, such as FieldElite – Mobile Workforce Management , data can be processed and analysed as it is collected. Providing data driven insights to provide proactive rather than reactive reports to improve and optimise operations in real time.

It’s time to go Digital Forms!

Data Collection using Digital Forms will propel your company into the future and transform your data collection, data entry and analysis providing accurate data driven insights in real time. Digital forms are also mobile-optimized, updated in real time, and accessible by multiple parties, eliminating unnecessary meetings and emails. If you have a business and still haven’t used digital forms to gather information, contact Denizon today to organise a Demo of FieldElite – Mobile Workforce Management and discover how we can help you to transform your Field Service Operations

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today