How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

that you have reviewed the report;
that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
that you are responsible for establishing internal controls over financial reporting; and
that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

7 Challenges Facing Mobile Field Service ? And Overcoming them with FSM Solutions

Managing a mobile workforce comes with its set of challenges. There are multiple coordination levels, administrative hurdles when distributing tasks amongst your employees, the need to meet your customers? expectations, whilst still operating profitably. Your goal is to rake in more revenue, while striking a balance between the number of employees and the quality of the service being rendered. Under utilisation of the company resources may be misinterpreted to mean that you need more employees- which will affect your bottom line. Repeat visits with older jobs affect the response time for new client appointments. Clients get frustrated when their needs are not met on time. Remember that, for your client, their priority is getting their issue sorted- be it that pipe leak, electrical fault, damaged gas valve, or window installation completed on time. Administrative challenges on your end will simply come off as excuses, costing your brand dearly. The different fields share similar challenges- from utility firms, pest control, installation and repair services such as with plumbers and electricians, those running residential and commercial window cleaning companies, to property managers in charge of different buildings. Here are some of the obstacles faced:

1. Coordinating your team

Running things from the office can get hectic when your technicians are out on ground, and clients are at different locations. From appointments being delayed because the workers met traffic on their way, those calling in sick and requiring you to find replacements on short notice, clients who cancel appointments without notice- they all present a logistical nightmare. There is also the need to have a skill-based task distribution in place. Here, the focus is on getting the right technician for the job, not someone who has simply “dealt with it before as they helped their colleagues on a similar job“. With your firm having different personnel, you want to ensure that you spend the most appropriate technician to your client. This also aids the employees themselves, by increasing their morale as they will be dealing with tasks that they are particularly adept at, score you a high first-time fix rate, and avoid having to do follow up visits to resolve issues that were not properly addressed the first time round.

Capterra undertook a field service software survey, which showed that 82% of organisations adopting FSM solutions saw an increased rate of first-time fixes, and a 90% rise in actual conversations from quotes.

How field service job management software impacts businesses. Source: Capterra

Follow-ups tend to cost extra with the additional dispatch, and take away your fiend agents from the work that had been scheduled to be handled. Resolving these logistical issues with traditional approaches can be problematic, especially with all the paperwork involved. In fact, let’s delve into that.

2. Mounds of paperwork

Having loads of data streaming in from your field workforce can put one on edge. Organising the documents, creating the spreadsheets and typing away at calculators, sorting the files in cabinets and the stress that comes when a single file appears lost in the heaps of sheets – it creates a bottleneck for your operations. Manually handling the data at the central office also compromises on the accuracy of the process due to human error, from syntax issues when transferring information, incorrect inputs, to duplicate errors- which is expected to occur with increased frequency due to the tiring nature of the process. Actually, 46% of the respondents surveyed by the Service Council said that paperwork and admin work was the worst part of their day.

The field worker is also affected by the paperwork. From having to come to the office each morning to collect the documents needed for the day, walking with the bulky files from one site to another, perusing through lots of sheets whenever they want mire information about a particular customer or the job description- and the frustration that comes when some documents have been forgotten back at the office- it hampers productivity. Running out of copies of paper will also be unavoidable when your staff are away from the office- and more time will be spent coming back to restock. There are also additional issues like the forms getting soiled or torn, and even the wind blowing them away as your technicians are out in the field. Dealing with the contracts, collecting signatures for each job that is handled, jotting down notes concerning the particular tasks that they are taking care of- it increases the workload. In fact, this often results in errors in data entry, and jobs being poorly documented.

Fortunately, this doesn’t have to be the case for your firm. Technological advancements have seen solutions being developed to minimise the paperwork involved. These mobile service management software allow the field worker to access all the details of the job via handy apps on their smartphones and tablets- as is the case with FieldElite. Instead of walking around with the documents and files, the information is stored via cloud, and is accessible in real-time. The job documentation- from photos, notes to the customer?s e-signature are all collected through the app, and the information is securely stored and immediately available to the personnel back at the head office.

Service analytics- where you get to observe product demand, performance of your workforce and analyse your customer base growth through the dashboard reporting modules that come with the FMS software is a key tool for decision makers of the company. You get to optimise your performance without having to resort to adding more work hours, or pushing your employees into overtime. Field service analytics has been shown to increase profitability for leading companies by 18%, going by the ?Get Smart: Business Intelligence and Analytics for Service Organizations? study done by Aberdeen Group.

3. Scheduling conflicts

First, there are multiple jobs that need to be attended to- and disappointing your clients will lead to backlash. Secondly, you have a large team of workers- and you want to optimise on their productivity at an individual level. From an administrative perspective, you are also required to provide proper work structures that incorporate your employees? safety during the jobs being handled- and not to run them like mules, overworking them in a bid to hit your targets. Thirdly, the workers have different individual hours of operations- or they work in shifts. Running all this from a central point, allocating the jobs as needed and managing the different schedules, can be a tall order without the right field service scheduling software.

When your customers book an appointment, they expect that your company will deliver on its mandate, providing the services that they are paying you for as required. On the other hand, as the company, you are relying on your employees to meet those expectations. This means that you should have structures in place to ensure that your field workers stick to their assigned schedules. For this you will need to know their location in real-time, track their performance, and check on their adherence to the set schedules. Working with field service job management software allows you to handle the logistics of every task from one dashboard. By tracking your technicians while they are out in the field, you will be able to allocate orders faster, monitor the incoming customer requests, and manage the task distribution more efficiently. When you have an FSM that allows your workers to coordinate with the head office via mobile app, there will be an increased rate of job completion, and a reduction in overtime. Both your clients and employees get to be happy at the end of the day.

4. Lonely workers

Working in the office has its perks. You are surrounded by your colleagues, and can easily get the attention of anyone in management if needed. However, while out in the field, the workers can feel disconnected from the company structure, left to their devices while still bearing the responsibility of presenting the company in positive light- as they also double up as your brand ambassadors. The loneliness can get to them, with a report by the Service Council showing that isolation was the worst part of the work day for 21% of technicians. The chat feature that comes with the mobile service management software apps is one of the reasons behind their popularity, keeping the employees connected to the rest of the manager at the central office, and even other field employees- which makes them feel as part of one large family.

Safety is also a concern, especially for cases where your field staff will be working in hazardous situations – like conducting repairs on top of radio towers, dealing with gas equipment in concealed spaces. The central office needs to remain in constant communication with the workers, and have the appropriate structures in place to handle emergencies. You don’t want to lose employees because they don’t feel that their safety is a priority to you. A skilled technician is an asset that should be protected- and certainly you wouldn’t want to incur extra funds to hire and train personnel- which will end up being an additional strain to your budget over time. Field service job management software with features that allow your employees to check-in remotely via app will be handy in notifying the head office of their arrival at the job site, and in case of any incident, the field manager can quickly see the employees? last location, and dispatch help to them.

5. Difficulty in assessing performance metrics

When you have a situation where timesheets are only handed in after the workday- and in some cases at the end of the week, it becomes difficult to assess the level of productivity of your field workers. Are you getting value for your money with the wages that are being paid out? Are there lots of lost work hours due to logistical hitches- or cases where the field worker delay the tasks, or take out sections of their day to attend to matters of personal interest- and still bill you for it? All this translates to poor customer service, with issues ranging from cancelled and rescheduled appointments, unmet targets, disagreements based on the scope of work being handled, to client dissatisfaction for not having their issues addressed in a timely manner- which becomes a hit on your brand.

FSM comes in to enable the field service manager to always be in the loop during the entire process- knowing exactly how long the workers are spending on each particular task, the jobs that are pending, cancelled or rescheduled, in order to constantly review and optimise the planning of the firm?s activities. With software like FieldElite, you even get a birds-eye view, as the work areas are mapped out, that way you will be in a position to direct your field workers on aspects like the best routes to take to avoid traffic gridlocks.

6. The break factor

How do you plan for breaks? Jobs are different, and there will be unexpected issues cropping up regularly. However, the field worker is still entitled to breaks during the working day- such as the all-important lunchtime. The problem arises when there is unextended time on some job sites, and cases of unscheduled breaks being taken. These have a ripple effect, as they will cause delays on other projects that are on queue, and you can also expect customer complaints to be coming in hot and hard. From a management point of view, you want to have the ability to respond to the issues as they arise, and reassign the jobs accordingly. Mobile service management software gives you this power.

7. Customer relationship management

Customers want to be part of the process, staying in the loop with the service appointments that have been scheduled- and understandably so. From the booking process, to following up on the progress of the job- it all factors in. In case there are issues that crop up- like service vehicles being delayed, situations where extra parts need to be ordered, or the session cancelled and scheduled on a different day- being fully transparent with your customers will be a great boost to your brand. Gaining new clients and retaining the current ones requires the firm to maintain a quality customer service.

Negative feedback because of your customers? feeling neglected will be a setback for your business. Integrating the customer relationship management into the field service will go a long way in enhancing their experience. Here, software solutions like FieldElite have also got you covered with a customer self-serve portal, accessible online through their browsers. This has the welcome benefit of reducing the number of calls as they conduct follow-ups, since they will be in a position to track the project right from the comfort of their homes and office desks, thus increasing customer satisfaction.

How to be cleaner and greener indoors

The supply of water on planet earth is finite hence the need to conserve this precious resource. Water is a utility that is often used in and outdoors and for that reason, water conservation activities should be undertaken everywhere.

Get greener everywhere
Water saving can be achieved through various ways. Of utmost importance, fixing leaks should be undertaken in all areas. Small household leaks can add up to gallons of water lost every day. It is therefore important to check all water system fixtures and ensure that there are no leakages.

Greener bathroom habits
Turning off taps- this should be practised in the bathroom especially while shaving and brushing teeth. One could also consider using showers instead of baths since showers use less water and get into the habit of taking shorter showers.

Clean and green dishes
The kitchen is one of the areas where a lot of water is used. Some of the ways through which water can be conserved in the kitchen are:

Use of basins when washing dishes by hand
Using a dishwasher – when using the dish washer, it is important to make sure it’s fully loaded. Scraping plates instead of rinsing before loading it into the dishwasher will also go a long way in the conservation of the valuable commodity called water

Green your laundry and earn green bucks
The other area where water saving can be made is the laundry room. Washing only full loads of laundry will ensure that your washing machine is running at full efficiency hence you will be able to maximise your washer for energy efficiency. Always ensure you use the appropriate water level or load size selection on the washing machine. All these will not only save water but energy too and since savings are earnings you can smile all the way to the bank where some green bucks will be credited to your account.

Are Master Data Management and Hadoop a Good Match?

Master Data is the critical electronic information about the company we cannot afford to lose. Accordingly, we should sanitise it, look after it, and store it safely in several separate places that are independent of each other. The advent of Big Data introduced the current era of huge repositories ?in the clouds?. They are not, of course but at least they are remote. This short article includes a discussion about Hadoop, and whether this is a good platform to back up your Master Data.

About Hadoop

Hadoop is an open-source Apache software framework built on the assumption that hardware failure is so common that backups are unavoidable. It comprises a storage area and a management part that distributes the data to smaller nodes where it processes faster and more efficiently. Prominent users include Yahoo! and Facebook. In fact more than half Fortune 50 companies were using Hadoop in 2013.

Hadoop – initially launched in December 2011 ? has survived its baptism of fire and became a respected, reliable option. But is this something the average business owner can tackle on their own? Bear in mind that open source software generally comes with little implementation support from the vendor.

The Hadoop Strong Suite

Free to download, use and contribute to

Everything you need ?in the box? to get started

Distributed across multiple fire-walled computers

Fast processing of data held in efficient cluster nodes

Massive scaleable storage you are unlikely to run out of

Practical Constraints

There is more to Hadoop than writing to WordPress. The most straightforward solutions are uploading using Java commands, obtaining an interface mechanism, or using third party vendor connectors such as ACCESS or SAS. The system does not replace the need for IT support, although it is cheap and exceptionally powerful.

The Not-Free Safer Option

Smaller companies without in-depth in-house support are wise to engage with a technical intermediary. There are companies providing commercial implementations followed by support. Microsoft, Amazon and Google among others all have commercial versions in their catalogues, and support teams at the end of the line.