How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

How FieldElite helps Plumbers

While most people think that running a plumbing business is a very easy job, things are a bit different on the ground. The job goes beyond the dropping by a client’s home and fixing a few pipes. In addition to the actual plumbing work, a plumbing business also involves managing quotes, invoicing customers, dispatching field service workers, and accounting, among others. Undertaking all these operations manually is extremely demanding. Besides the tedious work that it is, you’re likely to end up with a ton of errors. 

However, you can overcome these challenges by employing technology. The use of field service management software allows you to automate tasks. Consequently, you no longer have to deal with paperwork, delayed responses to customer requests, or double assignment of tasks.

If you’re wondering which field service management software to use, FieldElite is your best bet. FieldElite is feature-rich, and it gives you way more than the simple automation of the daily operations of your plumbing business.  

Below are some of the top benefits you’ll reap by using FieldElite to run your plumbing venture.  

Convenient Scheduling

Scheduling is an important aspect of the plumbing industry. Just like other field techs, plumbers would require tasks to be dispatched on time, which is only made possible by proper scheduling. With FieldElite, managers can easily schedule single and recurring tasks for the right plumber in a matter of seconds. 

On the other hand, plumbers can also view the available jobs and job information in the FieldElite easy to use App that’s available for Android, and confirm scheduled jobs. They can also accept these jobs using their smartphones and respond to service requests instantly.

Apart from getting the scheduled tasks, the FieldElite scheduling and dispatch feature is integrated with GPS functionality so that plumbers can get information on where to go next, and the optimal route to take from their mobile phones. 

The scheduling and dispatch feature also gives plumbers the information on the specific tools required for the job to allow them to get the tools in between appointments and schedules. 

Central Data Storage

Just like other field service industries, plumbing also involves big data. Handling data manually would mean more errors for your plumbing business, which will only impact negatively on your business. To eliminate such errors, go paperless with FieldElite. 

You can view everything from one place with FieldElite?s dashboard feature, including information about your plumbers and the scheduled tasks. On the other hand, your plumbers can access job details and the pending tasks from a central place. 

Plumbers can also get service requests from customers on the FieldElite mobile app from wherever they are. All the requests are stored in a central place, making the response to customer requests easier. The end result is satisfied customers, opening doors for return orders. 

In case of an update, all plumbers receive notifications at the same time and, where necessary, respond promptly to the requests. They can update the office instantly with job status changes from a central place. 

Convenient Reporting

Reporting is part of the tasks that plumbers have to do after completing the assigned job. As a manager, you expect your plumbers to keep you updated on the status of each assignment. Reporting on paper is time-consuming, and that’s why you need the services of FieldElite. 

With FieldElite reporting feature, sending over completed job reports is only a few clicks away. Plumbers can generate reports on the mobile app and keep the office staff updated on the status of the job. Using FieldElite, you can capture customer signatures and add attachments to the job status and send them instantly using the mobile app available on Android. 

Since they can do instant reporting via the mobile app, the plumbers can proceed to attend to new service requests as soon as they’re done without having to first come back to the office to submit their reports. 

Effective Communication

Timely communication is very essential if you’re working with field technicians. Since you’ll not always be with them in the field, it’s always important to establish a proper communication channel to ensure information reaches your plumbers in time. Here, you can get much more with FieldElite, including communication automation to remind customers of appointments.

With FieldElite field service management software, plumbers receive notifications through the mobile app. The notifications can be for anything from new task requests, requests for alterations, emergencies, and more. On the other hand, office-based staff gets to access the reports once the plumber completes their given task. 

That means the plumbers in the field and the office-based team gets communication instantly, enabling them to see and manage their workloads. For this reason, plumbers can complete multiple tasks within a short time, thus improving their overall productivity.

Scalability

The biggest question for most entrepreneurs when they want to buy management software is scalability. Businesses grow and incorporate new activities that would also require to be managed from a centralised system. Where that’s not possible, the business would have to move all their information from one system to a more robust one. 

With FieldElite, however, you’re safe. It works perfectly well for startups as well as large-sized plumbing businesses. It allows you to focus on the areas that your organisation covers now, but also lets you add new areas as you introduce them into your business. Moreover, FieldElite is also receiving regular updates to that bring it up-to-speed with new technologies and new ways of doing things, meaning that your business will be in a position to take advantage of the latest and more productive features. 

From the benefits mentioned above, it’s quite clear that your plumbing industry greatly needs the services of a field service management software. Your plumbers too need easier time working on their assigned tasks, adding to the reasons why you need to integrate FieldElite in your plumbing business.

Authentication and Access Control

Threats to your data can come from external or internal sources.

  1. There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
  2. There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
  3. Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

  • Work with your key personnel to determine who gets access to what.
  • Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
    • biometric devices
    • Kerberos tickets
    • mobile phones
    • passwords
    • PKI certificates
    • proximity cards
    • smart cards
    • tokens
  • Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

What are the benefits of digital forms data collection
Field Service Workers are regularly engaged to collect data or carry out inspections and assessments when visiting customer sites or remote area locations. The data collected by Field Service workers, will be used by businesses who will analyse, process and build reports based on the large volumes of data collected. The accuracy and reliability of data collected is vitally important. Traditionally businesses may have deployed mail surveys, telephone interviews, door-to-door surveys and interviews performed by Field Workers to collect data. Digital Transformation is gradually changing many business operations and a great deal of processes which were traditionally executed manually are now accomplished making use of digital methods. Technology is having a major impact not only how businesses research and analyse data, but primarily how data and information is collected. New tools and processes to data collection are improving data collection and analysis, leading to dramatic improvements and maximisation and optimisation of resources and operations. Utilising Digital Data Collection methods enables organisations to not only obtain results quicker but also use the data to make data based decisions faster.

What is a Digital Form?

Digital Forms, also known as Mobile Forms are electronic versions of paper forms that can be completed using:
  • Laptop
  • Tablet
  • Smart Phone
  • Any Mobile Device

Why Use Digital Forms ?

Digital forms can be a simple yet highly effective solution to overcome the challenges presented by paper based forms. Digital forms can be filled out directly using Smart phones and tablets in the field
  • When not connected to the internet or even low speed internet connections
  • When working in remote locations
  • To avoid damage, illegible handwriting or even lost and misplaced forms.
Digital forms can also include data validation logic to ensure field workers complete every form as expected and required, which will enforce and ensure data integrity . Field Service teams appreciate these features and help ensure the validity and accuracy of the data and insights they collect and can be confident regarding making business critical data based decisions. Data and Information collected using mobile forms can be accessible in near real-time, helps enable field teams to sidestep potential obstacles to productivity, and act on opportunities and increasing business agility.

Advantages of Digital Forms

Time and Cost Saving

Using Digital Forms instead of paper-based forms provides a significant impact on improving time and cost savings on printing, storing and distribution costs. Businesses also spend a significant amount of time and money in Administration and double data entry processes incurred by paper based forms. Transferring information from paper based surveys is an error prone process.
Digital Forms can save up to 20 man hours a week in administration costs

Improve data accuracy

Digital Forms can auto-populate fields based on prior data entered and also enable field-level validation. Digital data collection also eliminated data entry errors and data loss. Additional data can also be automatically be gathered such as Username, Geo-location and Time & Date.

Real Time Reporting

The issue with Paper-based data collection is that there will always be a time lag before reports or decision can be made. With a digital platform, such as FieldElite – Mobile Workforce Management , data can be processed and analysed as it is collected. Providing data driven insights to provide proactive rather than reactive reports to improve and optimise operations in real time.

It’s time to go Digital Forms!

Data Collection using Digital Forms will propel your company into the future and transform your data collection, data entry and analysis providing accurate data driven insights in real time. Digital forms are also mobile-optimized, updated in real time, and accessible by multiple parties, eliminating unnecessary meetings and emails. If you have a business and still haven’t used digital forms to gather information, contact Denizon today to organise a Demo of FieldElite – Mobile Workforce Management and discover how we can help you to transform your Field Service Operations

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today