How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

When Carrefour Pushed the Right Buttons

Retail giant Carrefour based in Boulogne Billancourt, France is big business in anybody?s numbers. Europe?s #1 retailer opened its first store in 1958 near a crossroads (Carrefour means ?crossroad? in French) and has largely not looked back since then. The slogan for the hypermarket chain with more than 1,500 outlets and close to a half million employees is ?choice and quality for everyone?. Our story begins when Carrefour decided these things belong at home too.

The company implemented a worldwide universal responsibility program firmly anchored on a tripod of goals for environmental, economic and social progress. Its first step was to appoint a five-person project team tasked with liaising with program delegates in all thirty countries in which it operates, and who had responsibility for driving these goals.

The team?s job was to make sure that policies, standards, procedures and key performance areas were common visions throughout Carrefour. By contrast, the local managers? were tasked with aligning these specifics to local conditions in terms of environmental, political and social issues. The project team checked the fit quarterly via video conferences.

The Triple Bottom Line Goals were woven through with Carrefour?s Seven Core Values, namely Freedom, Responsibility, Sharing, Respect, Integrity, Solidarity and Progress. Constant contact was maintained with staff and other stakeholders through ?awareness training? seminars and other dialogues. As the program took hold and flourished, it became evident that the retail giant needed help with managing the constant stream of metrics flowing in.

After reviewing options, Carrefour appointed a software provider to monitor progress against its primary focuses on energy, water, waste, refrigeration, paper, disposable checkout bags, hygiene & quality, management gender parity, disabled people and logistics. This enabled it to track progress online against past performance, and produce meaningful reports.

The Environmental Manager in the Corporate Sustainability Department waxed lyrical when he said, ?We believe that our sustainability strategy and software solution have powerfully improved collaboration, innovation, and overall performance?. He went on to describe how it was helping drive cost down and profitability up, while simultaneously growing brand.

Non-conformance costs can be high and run counter to the imperative to make a profit – while simultaneously ensuring a better world for our children?s children. In Carrefour?s case, having a consultant to measure progress was the key that unblocked the administrative bottleneck. Irish company Ecovaro does this for companies around the world. Click here. Discover what we will do for you.

SEO (Search Engine Optimization)

About a quarter of the world’s population use the Internet. That’s approximately 1.7 billion people. How many will come to your site the moment it launches? Zero.

It will take some time before the search engines are able to index your site and allow the possibility of driving some visitor traffic there. But even when your site does get indexed, that’s no assurance people will even have the chance of finding it.

So unless you apply SEO, your chances of improving those traffic numbers from zilch would nearly be zilch too. Traffic is a fundamental prerequisite in eCommerce. Before any store, virtual or otherwise, can ever hope to make a sale, the first step is to get noticed by the potential customer.

Our SEO specialists can drive your pages to the top of search results so that potential customers can see results leading to your site first.

Depending on the product or service you’re offering, getting to be ranked high on the search engines can be extremely labour-intensive. Basically, it’s the kind of job you’d rather not keep in-house but its the kind of job our team would be happy to take charge on.

Different products and services have different SEO requirements. We won’t recommend an SEO package if we think it will only translate to unnecessary spending.

These are the essentials of our SEO packages:

  • Targeted keywords and keyphrases. We’ll conduct extensive research on your product line and your product competitors to get hold of the best targeted keywords and keyphrases. If your competitors missed any important keyphrases, we’ll find those as well.
  • Strategically planted backlinks. We’ll concentrate our backlinking efforts on relevant backlinks to achieve top search engine rankings. As an added bonus, relevant backlinks drive in traffic that really matter as this is made up of visitors with the highest potential of turning into buyers.
  • On-site SEO. Certain issues arising from the mere makeup of most eCommerce websites are making on-site SEO tweaking more challenging. In fact, not all SEO consultants cater to these specific problems. Our specialists, on the other hand, pay special attention to issues regarding pagination resulting in keyword cannibalisation, product pages, landing page optimisation and the like.
  • Selection of SEO packages. While you’re still starting out, you may want to try our basic packages first. Then once you see traffic pouring in and revenues begin to build up, you can up the ante by upgrading to our premium packages.

Other services you might be interested in:

Benefits of Integrating IoT and Field Service

Owing to the complexity of its definition, many people loosely use the phrase Internet of Things (IoT) without having a solid grasp of its true meaning. A majority in this category take IoT to be nothing more than the automation of home gadgets, where the internet is used to interconnect computing components embedded in everyday devices.

Granted, the whole idea of IoT got its roots from the home setting. Nevertheless, IoT has outgrown that spectrum and has since penetrated into almost every area of business and industry. By employing IoT, you can literally take full control of everything in your business using a single device. From assigning tasks to monitoring security, managing bills to tracking time, IoT has revolutionized the way business is done.

Interestingly, not so long ago, most technology experts limited their forecasts to machine-to-machine (M2M) integration and Augmented Reality (AR), which also, admittedly, hit the technology industry with an admirable suave. Back then, it could have been laughable for anyone to have suggested that IoT would be so commanding in almost every industry, including real estate, medicine, automobile, and more.

It’s not for nothing, therefore, that the field service industry has also embraced IoT, integrating it in the daily running of business activities, including tracking machine diagnostics, detecting breakdowns, and assigning field engineers to attend to customer needs.

How the Field Service Industry is Benefiting from IoT

Machine uptime has remained an ongoing concern for many customers. In the traditional approach, whenever a machine breaks down, the customer alerts the service provider and then the field service manager checks to see if there is any field engineer available for a new task. Once an engineer has been identified, he?s then dispatched to the site. This worked, but it resulted in an extended machine downtime, a terrible experience for customers.

Thanks to IoT, things are now happening differently.

IoT is now integrating machines to a central communications centre, where all alerts and status updates are sent. The notifications are instant. The field service manager, therefore, gets to learn of the status of machines at the exact time of status change. An engineer who?s not engaged would then be immediately assigned to undertake any needed servicing or repair.

By employing IoT, the service provider receives timely reports relating to diagnostics, machine uptime, part failures, and more. The field manager can, as a result, foretell and forestall any possible downtime.

How has this been helpful?

Before giving a definite answer to that question, it’s crucial to note that more than half of all field service organizations now employ IoT in their Asset Management Systems and Field Service Management. And to answer the question, all the organizations that have the two systems integrated using IoT experience twice as much efficiency as those that don’t, states an Aberdeen Group report. As you already know, improved efficiency results in a corresponding upshot in customer satisfaction.

Apps Making a Difference in IoT-Field Service

The integration of IoT into almost every aspect of business prompted the design and development of different applications to link computing devices. Since the advent of IoT, the software development for the technology has come of age. Powerful and lightweight apps that don simple yet beautiful user interfaces are now readily available at affordable price tags.

A good example of such an App is ecoVaro by Denizon.

ecoVaro not only helps businesses to monitor energy and other relevant environmental data such as Electricity, Gas, Water, Oil, Carbon, Temperature, Humidity, Solar Power, and more, but also provides analytics and comprehensive yet easy to understand reports. The data received from devices such as meters is converted into useful information that’s then presented in figures and graphs, thus allowing you to make decisions based on laid down controls.

The focus of the app is to instantly alert service engineers to go on site to fix issues.

With ecoVaro, field service engineers no longer have to return to the office to get new instructions. Also, customers don’t have to manually fire alerts to the service provider whenever something isn’t working correctly. By employing the latest in IoT, ecoVaro sends notifications to field service managers and engineers about respective customers that need support.

How ecoVaro Helps

Best-in-class companies aren’t ready to compromise on customer satisfaction. Therefore, every available avenue is used to address customer concerns with the deserved agility. By using IoT, ecoVaro makes it possible for field service providers to foresee and foreclose any possible breakdowns.

The inter-connectivity among the devices and the central communications centre results in increased revenue and improved interactivity between the system and the field engineers. This results in greater efficiency and lower downtime, which translates into improved productivity, accountability, and customer satisfaction, as well as creating a platform for a possible expansion of your customer base.

ecoVaro isn’t just about failed machines and fixes. It also provides diagnostics about connected systems and devices. With this, the diagnostics centre receives system reports in a timely manner, allowing for ease of planning and despatch of field officers where necessary.

Clearly, but using the right application, IoT can transform your business into an excellently performing field service company.

Ready to work with Denizon?

Contact Us Today