How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

How AI Helps Improve Field Service

Its seems that with the current rate of technological innovation that these is something new every single day.  Therefore, you’re always looking forward to a new technological innovation that’s going to help you make your business operations more efficient and automated.

One of the most fascinating milestones in the field of technology is the integration of Artificial Intelligence (AI) in business. In one way or the other, AI gives a glimpse of machine supremacy that allows computers to perform tasks that were initially performed by humans. 

Are machines going to completely replace people in the workplace?

Of course, not.  Technologies like AI and Machine Learning are designed and meant to support employees in doing their tasks too boost their productivity.

AI is predominantly used to eliminate jobs and tasks that humans find boring, demotivating or monotonous. In some cases AI is also used to do jobs that are considered dangerous for humans to preform.

Previously the most common implementations for AI were all about gaming, entertainment, and advanced science,  now it’s spreading into a number of industries including the field service industry.

FieldElite – Field Service Software , can help you optimise the day-to-day operations of your business.

AI in field service management will enhance you business capabilities with:

  • Information Sharing
  • Real Time Updates
  • Automated Workflows
  • Digital Form Data Collection
  • Data Analysis

Improved Customer Service

For Service Based companies, customer retention is vital. Primarily because It can be 5-25 times more costly to acquire a new customer than it is to retain an existing ones.

Therefore customer retention should be a primary focus.? The good news is that by making use of AI you can implement services It can be 5-25 times more costly to acquire a new customer than it is to retain an existing one.

Staying on top of and ensuring you satisfactorily address and meet you customer demands and expectations can be a daunting task.? It can also be an expensive one,? especially for small field service based businesses like :

  • Heating & Plumbing Engineers
  • Electrical Contractors
  • Fire Safety Inspectors
  • HVAC Engineers
  • Facility Management
  • Building, Construction & Trade

Implementing Artificial Intelligence and Machine Learning to automate mundane and repetitive customer administration tasks will enable your staff to be free to provide additional value added tasks for your customers. Making your customers happier.

?Think about the active Chatbots. You can always get complaints directly from customers and address them right away.??

If at any point the customer is unhappy with your services, they can always raise the issue via the Chatbots. Since the bots contain necessary customer information, you can always get back to them and fix the issue at hand.?

With AI in field service, you can solve problems before they arise, or what is otherwise known as predictive maintenance,? In that way, you’ll have better customer relations because you’ll be able to address your customer concerns before they even become aware of them.

Improved Productivity

Scheduling tasks and managing the workforce isn’t a walk in the park. It goes beyond assigning tasks to your team members in the field and giving them deadlines to meet. Whether it’s a small firm or a big organisation, it’s quite difficult to organise the workforce.?

However, adopting Artificial Intelligence can iron out the difficulties most field organisations face in scheduling and managing tasks. Some years back, most firms relied on human intelligence to dispatch jobs to the right people based on given conditions. This was quite difficult, especially that it wasn’t always successful. But thanks to AI. With field service apps like FieldElite scheduling tasks and managing workforce is only a few clicks away.?

What’s more? There?s no room for error. Therefore, you’ll always match the right people for the job. Again, your team will always get tasks on time. That means, the job completion rate will go up, and hence the workforce becomes more productive.?

Predictive Maintenance

Usually, most business operations are based on ?solve the problem as it occurs?, which is just OK. However, it’s not always safe to wait until a problem occurs so that you solve it. Prevention is better than cure, and that’s why Artificial Intelligence comes handy in Field Service.

Using FieldElite Workforce Management Software , you don’t have to wait until something breaks.? Utilizing AI in field service enables you to proactively address field service needs and prevent unforeseen failures and interruptions.?

The ability to predict field service needs through field service apps like FieldElite enables you to make more accurate forecasts. In this way, resource planning is made easier, and as such, you’ll have smoothly running workflows. Again, by taking care of unforeseen circumstances in advance, you’re flexible enough to take care of the unexpected. And that means the overall productivity of your business will go up.

Job Management

Most field service jobs involve multiple stages that can take several days to complete. In addition to this, more often than not, you have to coordinate lots of equipment and contractors at the same time. All these can’t be achieved solely by human efforts. For more successful outcomes, it’s important to incorporate Artificial Intelligence in your field service operations.?

FieldElite is the field service solution that can help you manage sophisticated tasks. The app is packed with field service management tools that enable you to assign complicated tasks and keep track of your field techs. For long-cycle jobs, FieldElite app enables you to follow up on the activities going on the field to ensure they’re completed.?

With AI, there?s no room for error even when the jobs become more sophisticated.

Data Analysis

?

Field service industry involves lots of data. Some years back, organisations depended on human intelligence to analyse big data. Well, things still worked out, but as a human is to err, the outcome wasn’t always perfect. However, with Artificial Intelligence data analysis, 100% accuracy in data analysis is achievable. Field service solutions like FieldElite provide sophisticated data analytic tools that enable you to crack massive data and offer accurate solutions.?

FieldElite data analytics capabilities give you an insight into what’s not working and what needs to be improved. In that way, you can always address matters arising and take care of the loopholes.?

It’s time to go paperless with field management software like FieldElite if you?d like to make your business more profitable. Apart from improving the productivity of your workforce, incorporating AI in your business increases profitability. If you’re still doing your usual field rounds with a clipboard, it’s time to simplify your task with FieldElite app.?

Contact Us

Migrating from CRM to Big Data

Big data moved to centre stage from being just another fad, and is being punted as the latest cure-all for information woes. It may well be, although like all transitions there are pitfalls. Denizon decided to highlight the major ones in the hope of fostering better understanding of what is involved.

Accurate data and interpretation of it have become increasingly critical. Ideas Laboratory reports that 84% of managers regard understanding their clients and predicting market trends essential, with accelerating demand for data savvy people the inevitable result. However Inc 5000 thinks many of them may have little idea of where to start. We should apply the lessons learned from when we implemented CRM because the dynamics are similar.

Be More Results Oriented

Denizon believes the key is focusing on the results we expect from Big Data first. Only then is it appropriate to apply our minds to the technology. By working the other way round we may end up with less than optimum solutions. We should understand the differences between options before committing to a choice, because it is expensive to switch software platforms in midstream. data lakes, hadoop, nosql, and graph databases all have their places, provided the solution you buy is scalable.

Clean Up Data First

The golden rule is not to automate anything before you understand it. Know the origin of your data, and if this is not reliable clean it up before you automate it. Big Data projects fail when executives become so enthused by results that they forget to ask themselves, ?Does this make sense in terms of what I expected??

Beware First Impressions

Big Data is just that. Many bits of information aggregated into averages and summaries. It does not make recommendations. It only prompts questions and what-if?s. Overlooking the need for the analytics that must follow can have you blindly relying on algorithms while setting your business sense aside.

Hire the Best Brains

Big Data?s competitive advantage depends on what human minds make with the processed information it spits out. This means tracing and affording creative talent able to make the shift from reactive analytics to proactive interaction with the data, and the customer decisions behind it.

If this provides a d?j? vu moment then you are not alone. Every iteration of the software revolution has seen vendors selling while the fish were running, and buyers clamouring for the opportunity. Decide what you want out first, use clean data, beware first impressions and get your analytics right. Then you are on the way to migrating successfully from CRM to Big Data.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Without Desktop Virtualisation, you can’t attain True Business Continuity

Even if you’ve invested on virtualisation, off-site backup, redundancy, data replication, and other related technologies, I?m willing to bet your BC/DR program still lacks an important ingredient. I bet you’ve forgotten about your end users and their desktops.

Picture this. A major disaster strikes your city and brings your entire main site down. No problem. You’ve got all your data backed up on another site. You just need to connect to it and voila! you’ll be back up and running in no time.

Really?

Do you have PCs ready for your employees to use? Do those machines already have the necessary applications for working on your data? If you still have to install them, then that’s going to take a lot of precious time. When your users get a hold of those machines, will they be facing exactly the same interface that they’ve been used to?

If not, more time will be wasted as they try to familiarise themselves. By the time you’re able to declare ?business as usual?, you’ll have lost customer confidence (or even customers themselves), missed business opportunities, and dropped potential earnings.

That’s not going to happen with desktop virtualisation.

The beauty of?virtualisation

Virtualisation in general is a vital component in modern Business Continuity/Disaster Recovery strategies. For instance, by creating multiple copies of virtualised disks and implementing disk redundancy, your operations can continue even if a disk breaks down. Better yet, if you put copies on separate physical servers, then you can likewise continue even if a physical server breaks down.

You can take an even greater step by placing copies of those disks on an entirely separate geographical location so that if a disaster brings your entire main site down, you can still gain access to your data from the other site.

Because you’re essentially just dealing with files and not physical hardware, virtualisation makes the implementation of redundancy less costly, less tedious, greener, and more effective.

But virtualisation, when used for BC/DR, is mostly focused on the server side. As we’ve pointed out earlier in the article, server side BC/DR efforts are not enough. A significant share of business operations are also dependent on the client side.

Desktop virtualisation (DV) is very similar to server virtualisation. It comes with nearly the same kind of benefits too. That means, a virtualised desktop can be copied just like ordinary files. If you have a copy of a desktop, then you can easily use that if the active copy is destroyed.

In fact, if the PC on which the desktop is running becomes incapacitated, you can simply move to another machine, stream or install a copy of the virtualised desktop there, and get back into the action right away. If all your PCs are incapacitated after a disaster, rapid provisioning of your desktops will keep customers and stakeholders from waiting.

In addition to that, DV will enable your user interface to look like the one you had on your previous PC. This particular feature is actually very important to end users. You see, users normally have their own way of organising things on their desktops. The moment you put them in front of a desktop not their own, even if it has the same OS and the same set of applications, they?ll feel disoriented and won’t be able to perform optimally.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today