How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

How Energy Conservation saved Fambeau River Paper

Rising energy costs caught this Wisconsin paper mill napping, and it soon shut down because it was unable to innovate. Someone else bought it and turned it around by measuring, modifying, monitoring and listening to people.

The Fambeau River Paper Mill in Prince County, Wisconsin USA employed 13% of the city?s residents until rising energy costs shut it down in 2006. Critics wrote it off as an energy dinosaur unable to adapt. But that was before another company bought it out and resuscitated it as a fleet-footed winner.

Its collapse was a long time coming and almost inevitable. Wisconsin electricity prices had grown a third since 1997, the machinery was antiquated and the dependence on fossil power absolute. So what did the new owners change, and is there anything we can learn from this?

The key to understanding what suddenly went right was the new owners? ability to listen. They requested a government Energy Assessment that suggested a number of small step changes that took them where they needed to go in terms of energy saving. These included enhancements in steam systems and fuel switch modifications. However they needed more than that.

The second game changer was tracking down key members of the old workforce and listening to them too. This combination enabled them to finally hire back 92% of the original labour force under the same terms and conditions – and still make a profit (the other 8% had moved on elsewhere or retired). The combined energy savings produced a payback plan of 5.25 years. Three years into the project their capital investment of $15 million had already clawed back the following electricity savings.

  • Evaporator Temperature Control $2,245,000
  • Hot Water Heat Recovery $2,105,000
  • Paper Machine Devronisers $1,400,000
  • Increased Boiler Output $1,134,000
  • Paper Machine Modifications; $761,000
  • Motive Air Dryer $610,000
  • Accumulator Savings $448,000
  • Densified Fuels Plant $356,000

In terms of carbon dioxide produced, the Fambeau River Paper Mill?s contribution dropped from 1 ton to 600 pounds.

How well do you know where your company?s energy spend is concentrated, and how this compares with your industry average; could you be doing better if you innovated, and by how much? Get these questions answered by asking ecoVaro how easy it could be to get on top of your carbon metrics. This could cost you a phone call and a payback on it so rapid it’s not worth stopping to calculate.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Green Business!

Carbon emissions reduction has evolved beyond simply good citizenship to being a business tool. Implementing ?green? initiatives is now a competitive weapon which defines real business opportunities and bottom line savings that can contribute significant financial value to the organisation while meeting demanding customer requirements for sustainable and low-carbon products.

Energy efficiency is a low cost resource for achieving carbon emissions reduction. Better energy efficiency simply translates to lesser carbon emissions and less energy usage which translates into saved costs.

Reduction of an organisations carbon footprint is each and everyone?s responsibility. Human activities are the key responsibility for the release of greenhouse gas emissions into the atmosphere. These include usage of electricity generated from fossil fuel, heating or driving.

At the corporate level, various measures can be instigated to increase energy efficiency. Some of these can be, having zone lighting with sensors to minimise unnecessary office lighting, timers on large IT equipment, promoting energy efficient behaviour in the office, asking staff to switch off and unplug appliances when not in use and minimising staff travel.
At the individual level; it is the small habits that count; cultivating the habit of switching off unnecessary lights, plugging out appliances that are not in use, using video conferencing or online chatting instead of having to travel to meetings, using public transport instead of taking a taxi/ personal car and using energy efficient cars.

All these initiatives assist organisations in their corporate social responsibility reports and play a role in sustainability rankings which is instrumental to customers who are increasingly considering sustainability rankings in investment decisions, while achieving the goal of cost reduction internally.

Energy Management Tips

Energy management is of interest to various stakeholders; be it heads of facilities, heads of procurement, heads of environment and sustainability, financial officers, renewable energy managers and heads of energy. Some of the energy management tips that can be used to achieve considerable energy savings are:

1) Purchasing energy supplies at the lowest possible price

2) Managing energy use at peak efficiency

3) Utilising the most appropriate technology

1. Purchasing energy supplies at the lowest possible price
Purchasing energy supplies at the lowest possible price could be the starting point to great savings of energy costs. This can be achieved through switching your energy supplier. It is always advisable for companies to always take time to compare the energy tariffs to ensure they are on the best tariff and make great savings.

2. Managing energy use at peak efficiency

(a) Free help

There are some online tools that offer energy-efficiency improvements. These could come in handy in helping someone find out where to make energy-efficiency improvements.

(b) Energy monitors

An energy monitor is a gadget that estimate in real time how much energy you’re using. This can help one see where to cut back on energy consumption.

(c) Turning down thermostats

Turning down radiators especially in rooms that are rarely used/empty rooms or programming the heating to turn off when no one is there can go a long way in saving energy and energy costs.

(d) Use energy saving bulbs

Use of energy-saving light bulbs can cut down on energy usage drastically. Replacing all the light bulbs with energy-saving ones could make significant savings on energy usage and replacement costs since energy saving bulbs also have a longer life.

(e) Switching off unnecessary lights

It is also important to switch off lights that are not in use and to use the best bulb for the size of room.

(f) Sealing all heat escape routes

It is recommended that all gaps should be sealed in order to stop heat from escaping. Some of the heat escape routes are: windows, doors, chimneys and fireplaces, floorboards and skirting and loft hatches. The ways through which this can be achieved are:

? Windows- use of draught-proofing strips around the frame, brush strips work better for sash windows

? Doors – use of draught-proofing strips for gaps around the edges and brush or hinged-flap draught excluders on the bottom of doors

? Chimney and fireplace – inflatable cushions can be used to block the chimney or fit a cap over the chimney pot on fireplaces that are not used often

? Floorboards and skirting – Using a flexible silicon-based filler to fill the gaps

? Loft hatches – the use of draught-proofing strips can help to prevent hot air escaping
It is also important to consider smaller holes of air such as keyholes and letterboxes.

3. Utilising the most appropriate technology
Utilisation of technology as an energy management tool can be by way of choosing more energy efficient gadgets and by way of running technological gadgets in an energy efficient manner.

Ready to work with Denizon?

Contact Us Today