How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

What is Business Intelligence?

How well do you know your customers? That is, can you actually pinpoint which among them are you most profitable with and which are making you spend more? Are you content with the accuracy of your forecasts and market predictions? Do you feel you’re spending more on legal costs and regulatory compliance than you should?

Your IT department may be handling these concerns pretty well but perhaps you’d like to know how you can further improve things.

What we’ve got is an IT solution wrapped in a fancy name called ‘Business Intelligence’ or BI. If you think that’s too strong a term, we invite you to read more below, then you be the judge.

Dashboards – Determine the health of your business at a glance

Most drivers rarely make use of their car’s dashboard. After all, you can still reach your destination by just using the steering wheel, pedals, gear stick and so on. But that’s not exactly the most efficient way to drive, right?

If you want to save on fuel, you’ll want to glance on the RPM and speedometer from time to time. You might also want to utilise the trip meter to determine which route is the shortest to a given destination. Other dashboard components like the fuel gauge, tire pressure gauge, engine temperature indicator, and volt meter can likewise provide information about your car’s health.

The same concept applies to business management. If you want to run your business intelligently, you can make use of BI dashboards. These are tools in a typical business intelligence package that will allow you to determine the health of your business via a set of smartly configured gauges and other intuitive graphical representations.

So that, literally, at a mere glance, you’ll already know whether various units in your company are working efficiently. A dashboard will also give you instant feedback of the strategies you’ve recently implemented; to let you know if things are working as planned.

If you want more information than a dashboard can provide, our BI packages also include highly customised reports.

Reports that help you decide faster

Dashboards are great for getting valuable information at a glance but they won’t tell you everything. For more details, you’ll need to view highly customised reports. Our reports are tailor made for each user. We see to it that, by default, each person gets the information he needs the most.

If you belong to the sales department, you normally won’t need a presentation of the data that is appropriate for people in accounting. That way, you don’t spend time filtering. Instead, you and your people can move on to making well-informed decisions.

Our BI systems make use of your vast collection of data to provide reports that will organise your regulatory requirements and call your attention to approaching deadlines. The same system will provide the right information for your people on the field. If your team members are equipped with smart phones and Pocket PCs, they can retrieve whatever it is they need to know to close deals, make sales, and serve clients faster than the competition.

Generating logical information from disparate sources of data scattered over an enterprise-wide organisation is no easy task. But we’ll make it look simple. That’s because we’ve got the expertise to bring it all together into a robust data warehouse and to extract them in the form of reports and dashboards through OLAP.

OLAP and Data Warehousing – Powering the generation of actionable information

Want to know how to generate reports with the highest degree of accuracy and reliability? In theory, what you need is a single repository or a data warehouse. That is, order receipts, sales invoices, as well as customer & supplier data is integrated with regulatory details, personnel data, and others. These are all specially organised for future reporting and analysis.

However, data, no matter how all-embracing, is useless until it is processed into actionable information. Through OLAP or Online Analytical Processing, you can seamlessly collect all relevant data from your vast repository to answer queries like “What is our company’s profitability for the 2nd quarter in all identified key cities for our top-of-the-line products?”.

The strength of OLAP lies in its inherent ability to perform data analysis and very complex calculations, thus enabling it to return complex queries much faster than other database technologies. It is therefore suitable for very large data sources, i.e., data warehouses.

Dashboards and reports will only give your organisation the edge if the information retrieved is reliable, fast, and accurate – exactly the kind OLAP is so good at.

Mobile BI – Step back and see the big picture anytime, anywhere

Spreadsheets are great for displaying detailed information. However, in today’s highly competitive market, retrieving information that matters the most in the shortest possible time is vital in maintaining a sizeable lead over the competition. To step back and see the big picture, you’ll need insightful tools like dashboards and automatically generated reports.

Reports can be beamed to mobile devices such as smart phones and Pocket PCs. They can also be viewed on eBook readers as well. You can also do the same tasks with spreadsheets. But imagine how you’d need to scroll over a large spreadsheet on any of these mobile devices just to know which customer in your current location has performed well over the last month.

If you really want to make quick, well-informed decisions, BI dashboards for mobile devices is the way to go. You can make use of various business objects such as drill-able charts, performance metrics, and metric trend graphs to make crucial decisions even when on you’re in the field.

Big Energy Data Management

Recent times have seen the advent of cloud based services and solutions where energy data is being stored in the cloud and being accessed from anywhere, anytime through remote mobile devices. This has been made possible by web-based systems that can usually bring real-time meter-data into clear view allowing for proactive business and facility management decisions. Some web based systems may even support multi utility metering points and come in handy for businesses operating multiple sites.

Whereas all this has been made possible by increased use of smart devices/ intelligent energy devices that capture data at more regular intervals; the challenge facing businesses is how to transform the large data/big volume of data into insights and action plans that would translate into increased performance in terms of increased energy efficiency or power reliability.

A solution to this dilemma facing businesses that do not know how to process big energy data, may lie in energy management software. Energy management software?s have the capability to analyse energy consumption for, electricity, gas, water, heat, renewables and oil. They enable users to track consumption for different sources so that consumers are able to identify areas of inefficiency and where they can reduce energy consumption, Energy software also helps in analytics and reporting. The analytics and reporting features that come with energy software are usually able to:

? Generate charts and graphs ? some software?s give you an option to select from different graphs

? Do graphical comparisons e.g. generate graphs of the seasonal average for the same season and day type

? Generate reports that are highly customisable

While choosing from the wide range of software available, it is important for businesses to consider software that has the capacity to support their data volume, software that can support the frequency with which their data is captured and support the data accuracy or reliability.

Energy software alone may not make the magic happen. Businesses may need to invest in trained human resources in order to realise the best value from their big energy data. Experts in energy management would then apply human expertise to leverage the data and analyse it with proficiency to make it meaningful to one?s business.

Understanding Carbon Emissions

Carbon emission is one of the hottest issues in the world of energy and environment today. While it is supposedly an essential component of the ecosystem, it has already become a large contributing factor to climate change. Carbon emission might be good but abuse of this natural process has made it harmful to people across the globe.

This series of articles aims to help people understand the intricacies of carbon emission and what society can do to efficiently manage this natural occurrence.

Natural Carbon Cycle

Two important elements in the carbon cycle are carbon, which is present in every living thing all over the world; and oxygen, which is found in the air that people breathe. When these two bond together, they create a colourless and odourless greenhouse gas known as carbon dioxide, which is then crucial to trapping infrared radiation heat in the atmosphere and also for weathering rocks.

Carbon is not only found in the atmosphere of the earth. It is also an element found in oceans, plants, coal deposits, oil and natural gas from deep down the earth?s core. Through the carbon cycle, carbon moves naturally from one portion of the earth to another. Looking at this scenario, one can see that the natural carbon cycle is a healthy way to release carbon dioxide into the air in order to be absorbed again by trees and plants.

Altered Carbon Cycle

The natural circulation of carbon among the atmosphere is vital to humankind. However, studies show that humans misuse this natural cycle and abuse it instead. Whenever people burn fossil fuels such as coal, oil and natural gas, they produce carbon dioxide ? which is an excess addition to the natural flow of carbon in the environment. The problem is that the release of carbon dioxide is much more than what plants and trees can re-absorb. People are not only adding CO2 to the atmosphere, they are also influencing the ability of natural sinks, such as forests, to remove it from the atmosphere. Humans alter the carbon cycle by contributing doubled or tripled greenhouse gas to the atmosphere, faster than nature can ever eliminate. Worst, nature?s balance is destroyed.

The Result

Greenhouse gases include carbon dioxide, methane, nitrous oxide, fluorinated gas and other gases. Although these gasses contribute to climate change, carbon dioxide is the largest greenhouse gas that humans emit. The reason why people talk about carbon emissions most, is because we produce more carbon dioxide than any other greenhouse gas.

The increasing amount of carbon emissions cause global warming to become more evident. All the extra carbon dioxide causes the earth?s overall temperature to rise as well. As the temperature increases, climate also changes unpredictably. Flood, droughts, heat waves and hurricanes are now widely experienced even in places where these phenomenon never used to happen.

To be able to reduce the risk of more severe weather conditions means burning less fossil fuels and shifting more to renewable sources. This is never easy. But, definitely, it’s worth a try.

Ready to work with Denizon?

Contact Us Today