How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Check our similar posts

Without Desktop Virtualisation, you can’t attain True Business Continuity

Even if you’ve invested on virtualisation, off-site backup, redundancy, data replication, and other related technologies, I?m willing to bet your BC/DR program still lacks an important ingredient. I bet you’ve forgotten about your end users and their desktops.

Picture this. A major disaster strikes your city and brings your entire main site down. No problem. You’ve got all your data backed up on another site. You just need to connect to it and voila! you’ll be back up and running in no time.

Really?

Do you have PCs ready for your employees to use? Do those machines already have the necessary applications for working on your data? If you still have to install them, then that’s going to take a lot of precious time. When your users get a hold of those machines, will they be facing exactly the same interface that they’ve been used to?

If not, more time will be wasted as they try to familiarise themselves. By the time you’re able to declare ?business as usual?, you’ll have lost customer confidence (or even customers themselves), missed business opportunities, and dropped potential earnings.

That’s not going to happen with desktop virtualisation.

The beauty of?virtualisation

Virtualisation in general is a vital component in modern Business Continuity/Disaster Recovery strategies. For instance, by creating multiple copies of virtualised disks and implementing disk redundancy, your operations can continue even if a disk breaks down. Better yet, if you put copies on separate physical servers, then you can likewise continue even if a physical server breaks down.

You can take an even greater step by placing copies of those disks on an entirely separate geographical location so that if a disaster brings your entire main site down, you can still gain access to your data from the other site.

Because you’re essentially just dealing with files and not physical hardware, virtualisation makes the implementation of redundancy less costly, less tedious, greener, and more effective.

But virtualisation, when used for BC/DR, is mostly focused on the server side. As we’ve pointed out earlier in the article, server side BC/DR efforts are not enough. A significant share of business operations are also dependent on the client side.

Desktop virtualisation (DV) is very similar to server virtualisation. It comes with nearly the same kind of benefits too. That means, a virtualised desktop can be copied just like ordinary files. If you have a copy of a desktop, then you can easily use that if the active copy is destroyed.

In fact, if the PC on which the desktop is running becomes incapacitated, you can simply move to another machine, stream or install a copy of the virtualised desktop there, and get back into the action right away. If all your PCs are incapacitated after a disaster, rapid provisioning of your desktops will keep customers and stakeholders from waiting.

In addition to that, DV will enable your user interface to look like the one you had on your previous PC. This particular feature is actually very important to end users. You see, users normally have their own way of organising things on their desktops. The moment you put them in front of a desktop not their own, even if it has the same OS and the same set of applications, they?ll feel disoriented and won’t be able to perform optimally.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How Energy Management Software Benefits Your Business

We’re in an era of price volatility in gas and electricity prices, coupled with greater scrutiny on the environmental impact of businesses in their day-to-day operations. According to the Department of Energy & Climate Change, the average SME can slash its energy bill by 18-25% simply by installing energy efficiency solutions in their facility. 

Are you looking to improve energy use in your business? Prevent wastage, track consumption, identify opportunities to save on energy and reduce your carbon footprint while at it? It can be a daunting process to do it all manually. Taking those meter readings, preparing spreadsheets and combing through quotes and energy bills to validate them – this is not something you should be enduring in this day and age. Not when there are dedicated systems built for the task. That’s where Energy Management Software (EMS) comes in. 

Importance Of Energy Management Software

Wasted energy = Wasted money

Failing to improve energy efficiency is costing SMEs loads of funds, with it coming to between £5,801 and £12,109 of missed annual savings for individual businesses. These are 18% – 24% of their energy costs. Where do you stand?

Take timers and thermostats for instance. When not properly set and controlled, or even simply forgetting to turn them down when not in the room, it can easily lead to unnecessary costs. How often do your staff forget to turn off the air conditioning when they leave the meeting rooms? Do you account for weekends or bank holidays when setting the controls of the AC? Mistakes like turning the temperature high on the thermostat to “quickly warm the room” are common, yet heating costs go up by about 8% with every 1°C rise.

There are installations that you can make to minimize wastage. For example, the Chinese Contemporary Arts Centre in Manchester is able to save £4,363 annually just by having a £100 timer installed to its heating system. 

Some energy saving measures won’t even cost you a penny. For instance, did you know that you can save up to 30% of your heating costs simply by preventing cold air from entering the building? This means not keeping the doors just open for convenience. So how can you find points of weakness and areas of improvements in your facility? Install an EMS. 

While businesses vary from one industry to the next, energy management basically boils down to:

  • Metering systems where the consumption is recorded
  • Determining how much energy can be saved by identifying opportunities for this
  • Implementing policies and changing existing systems to take advantage of these opportunities
  • Tracking progress after the improvements have been made

 

Benefits Of EMS For Your Business

Data Acquisition – Where accuracy and reliability matters

Energy data comes from different angles and formats. From the building automation systems and IoT devices that have been set up, bills sent in by the utility company to the spreadsheets needed to analyse them – what if you had it all from one point of reference? The EMS gives you a “bird’s eye view” of all your energy data from one interface. It collects the data from any system – and being cloud-based, is accessible from anywhere in the world. 

The ecoVaro data loggers can be connected with the Wi-Fi network of the facility or function independently, depending on your specific requirements. They monitor readings 24/7, retaining the data even when they have been powered off. The end-to-end encryption assures you of the security of the information that is being obtained. 

Integrating the EMS into the existing systems will simplify the data collection process, and even for the cases where there isn’t a direct method transferring the data into the system, the setup wizards that come with the EMS allow you to prepare the required data and import it. 

Data Analysis: From consumption, energy leaks to areas of improvement

The first step is accurately collecting the data. The next step is making sense of it. The analysis modules with the EMS allow you to monitor the energy consumption of the facility in real-time. 

The energy data is displayed in engaging graphics that are easy to understand at a glance. The dashboard setup, with its customised layout, enables you to monitor the performance of the specific information you want, toggling through usage and savings data, to the meters and sites that are being tracked. With the ecoVaro Energy Management Software, you get Consumption Charts, Regression Charts, Cusum Charts and Heatmaps right to the submeter level. This information can be broken down into 15-minute durations, with the daily, weekly and monthly consumption reports. 

Getting everyone on board

Making changes to company-wide energy policies needs to have the different parties on board – from the energy manager in charge of crunching the numbers and presenting the information, the CFO of the business, the staff running day-to-day operations, all through to plant operators for those in industries. An easy mode of communication is needed, that will be understood and availed in reports that can be shared with the relevant parties in the organization. The graphical displays that come with the EMS enable actionable information to be displayed in a simplified manner – that way all members of the business or organization will be able to comprehend it. 

Meet your Energy Goals

The baseline that is created in the EMS is used as a standard when assessing the impact of future changes to the energy consumption. Using the information that has been obtained, the management can set up energy saving policies and implement changes, and track KPIs (key performance indicators) along the way. For instance, the market research company DJS Research installed a timer switch that turns off their two water coolers when they aren’t in use. This action saves them £144 annually, and had already paid for itself within 35 days.   

You will be in a position to assess the actions that provide your business with the best ROI over time, monitoring the progress and verifying the savings from one central dashboard. Cutting costs here will enable you to divert the funds to other areas of your business, including promotions, marketing, and product development.

For businesses in the energy sector- including electric, oil and gas plants, they specifically need carbon emission reports, to pinpoint areas where the building’s energy efficiency can be improved. ecoVaro EMS allows you to set alarms and KPIs in the facility for issues to be identified and resolved immediately they crop up. 

Turn to ecoVaro

EMS systems are used across the board – from optimising energy use in hotel rooms and hospitals, mapping out usage patterns for those in the agriculture and supply chain niches, running facilities for utility providers, all through to increasing the efficiency of equipment operation for business in the food and beverage sector. Want to learn how you can cut down your energy bills and make your business more eco-friendly? EcoVaro’s team is ready to get you started.

Spreadsheet Woes – Ill-Equipped for an Agile Business Environment

These days, crucial business decisions have to be made in a split second. However, the quality of these decisions hinges quite often on timely, insightful information and relevant business reporting.

How effective is your business reporting solution in providing you with the information you need at the time you need it?

Chances are, like 75% of small and medium businesses, your company is using spreadsheets. True, spreadsheets are the most common go-to solutions for on-the-fly forecasting, but they may not be your best option for presenting information that require consolidation and in-depth analysis and involve a lot of number crunching, especially with critical data at stake.

Furthermore, spreadsheet-based reports are rarely produced in a timely manner. In today?s fast evolving business environment where flexibility, mobility, and timeliness are the order of the day, this simply won’t do.

Let’s take a look at the particular areas where spreadsheets fall short when it comes to providing dynamic and sound financial reports:

Collaboration

With rapidly changing market conditions, organisations have to conduct budgeting, forecasting, and planning more often. Hectic schedules and geographical distances aren’t a hindrance though, because technologies like the Internet, advanced telecommunications and mobile devices can put instantaneous collaboration at everyone?s fingertips.

But collaborative activities in a dynamic setting can only succeed if all participating individuals are given secure, real time and simultaneous access to the same relevant information. This way, every change made is automatically consolidated and projected unto the bigger picture for everyone to digest.

Alas, spreadsheets aren’t built for this.

Cost Efficiency

Whether we’re in a recession or not, cost efficiency has to be taken into consideration. Are spreadsheets really the cost-effective solution?

Think ?time is money?. With the length of time needed to prepare data, establish controls, consolidate reports and distribute copies, you’ll realise how expensive spreadsheets actually are.

The ability to innovate in a changing economic environment and limited resources – a valuable derivative of agile practices – can give your company a very significant advantage. But dedicating so much time on spreadsheet management can strip your organisation of room for innovation.

Quality of Reports

Business empires rise and fall on the power of relevant information. At the end of the day, top management should assess their sources of key performance reports, planning tools and budgeting applications using these parameters:

  • Does your financial reporting system give you the right information right when you need it?
  • Do the reports allow you to look beyond the numbers to spot trends or forecast changes in the market?
  • Do they furnish enough significant data for you to make informed decisions in good time?

Spreadsheets weren’t designed to analyse data on the enterprise level. As a result, spreadsheet reports often take far too long to prepare and more importantly, may lack the dimension and depth that are crucial in decision making.

Data Reliability

We’re all familiar with the risks associated with spreadsheets. This error-prone UDA can provide inaccurate information simply because of a broken link, an incomplete range, a deleted number, or an incorrect formula. In an active business scenario where data manipulation has to be done under constant time pressure, the risk probabilities escalate.

As they always say, ?If anything can go wrong, it will?. With spreadsheets, a lot of things could go wrong. Is this the kind of tool you?d like to work with when making fast, crucial decisions? If you’re still using spreadsheets, then you?d best forget about dynamic reports and rolling forecasts.

Inability to adapt to personnel turnover

A key challenge in maintaining the spreadsheet system is picking up where another left off. A user would find it difficult to debug, revise, or analyse a spreadsheet system he developed himself and the process becomes doubly complicated if or when another person takes over.

Starting from scratch is painfully counterproductive, so that a newcomer has to spend hours figuring out the original entries in the spreadsheet and the reports it yields.

While no one is indispensable in any organisation, it’s pretty much accurate to say that if a spreadsheet ?developer? leaves, it could momentarily halt the production of key finance reports. In a fast changing business landscape, such failure to monitor performance at critical times could sound the death knell for your company.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today