How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

that you have reviewed the report;
that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
that you are responsible for establishing internal controls over financial reporting; and
that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

Check our similar posts

Spreadsheet Reporting – No Room in Your Company in an Age of Business Intelligence

It doesn’t take a genius to understand why spreadsheet reporting still pervades the enterprise despite the rise of a complex but highly effective IT solution known to big shot CIOs as Business Intelligence or BI.

If you’re still in the dark as to what BI is, don’t worry because we?ll enlighten you shortly.

Business decisions from disparate data sources

In the meantime, let’s talk about how you make business decisions. If you’re a top executive, then you make decisions based largely on reports submitted to you by your managers, department heads, and so on. They in turn obtain information from different sources, like the company ERP and CRM as well as other external sources (e.g. market surveys).

Now, before their reports ever reach your desk, a lot of data is extracted, shared, filtered, analysed, consolidated, and summarised so that they become actionable information. In all these activities, one software tool gets to take part in most of the action – the spreadsheet.

The problem with spreadsheet reporting

The problem with spreadsheets is that they have very poor built-in controls. Thus, they are susceptible to human errors and are vulnerable to fraud. What’s more, collecting data and manually consolidating them into spreadsheets can be very laborious and time consuming.

If you don’t get accurate, reliable information, your judgement will be fuzzy and your business decisions compromised. In addition, if you don’t receive the information you need on time, your business will constantly be at risk of breaching critical thresholds, which may even force it to spin out of control.

Business Intelligence – actionable information on time

This is mainly the reason why large companies implement Business Intelligence systems. BI systems are equipped with built-in features like reports, dashboards, and alerts.

Reports consolidate data and present them in a consistent format composed of intuitive text, graphs, and charts. The main purpose of having a consistent format is so that you will know what kind of information to expect and how the information is arranged. That way, you don’t waste time searching or making heads or tails out of the data in front of you.

Dashboards, on the other hand, present information through visual representations composed of graphs and gauges that are aimed at tracking your business metrics and goals. The main function of dashboards is to feed you with actionable information at a glance.

Finally, alerts keep you informed when certain conditions are met or critical thresholds are breached. Because their main purpose is to prompt you at the soonest possible time wherever you are, a typical alert can come in the form of an SMS message or an email.

As you can see, all three features are designed to get you making well-informed decisions as quickly as possible.

The problem with Business Intelligence and the alternative solution

The usual problem with full BI systems is that they can be very costly. Hence, if your organisation does end up implementing one, chances are, not everyone under you will be able to access it. As a result, some departments will be forced to go back to using spreadsheets.

If your company cannot afford a full BI system, then that probably means you don’t need one. What you need is a more affordable alternative. There are actually Software as a Service (SaaS) Business Intelligence solutions that may not be as comprehensive as a full BI system, but which may suffice for small and mid-sized businesses.

The disadvantages of spreadsheets are more damaging than you could have ever expected. Be free of it now.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Saving Energy Step 1 ? Implementing a Management System

There has been much hype down the years regarding whether management is art or science. Thankfully, where people are concerned the pendulum has swung away from standard times in sweatshops in the west. However, when it comes to measuring physical things like harvest per square meter and the amount of energy consumed there is no substitute for scientific measurement, and this implies a system.

Managing energy cost and consumption down is like any other strategy. American engineer / statistician / management consultant W. Edwards Demming may have passed on in 1993. However he was as right as ever when he said:

When people and organizations focus primarily on quality, this tends to increase and costs fall over time.

However, when people and organizations focus primarily on costs, costs tend to rise and quality declines over time.

Demming believed that 90% of organizational problems arise from systems we put in place ourselves. This can be because we are so accustomed to them that we fail to notice when they are no longer relevant. The currently prevailing laissez faire towards energy is a case in point. What is managed improves and what is not, deteriorates. We know this. Let us take a look at how to apply this principle to energy management.

First, you need to get the subject out the closet and talk about it. How often do you do this is your boardroom, and how does energy rank against other priorities? Good governance is about taking up a position and following through on it. Here is a handy checklist you may like to use.

Do we use a consistent language when we talk about energy? Is it electricity, or carbon emitted (or are we merely fretting over cost).

How well engaged are we as a company? Looking up and down and across the organization are there points where responsibility stops.

How well have we defined accountability? Do we agree on key performance areas and how to report on them.

Are we measuring energy use at each point of the business? When did we last challenge the assumption that ?we’re doing okay?.

Have we articulated our belief that quality is endless improvement, or are we simply chasing targets because someone says we should.

A management system is a program of policies, processes and methods to ensure achievement of goals. The next blog focuses on tools and techniques that support this effort.

How AI Helps Improve Field Service

Its seems that with the current rate of technological innovation that these is something new every single day. Therefore, you’re always looking forward to a new technological innovation that’s going to help you make your business operations more efficient and automated.

One of the most fascinating milestones in the field of technology is the integration of Artificial Intelligence (AI) in business. In one way or the other, AI gives a glimpse of machine supremacy that allows computers to perform tasks that were initially performed by humans.

Are machines going to completely replace people in the workplace?

Of course, not. Technologies like AI and Machine Learning are designed and meant to support employees in doing their tasks too boost their productivity.

AI is predominantly used to eliminate jobs and tasks that humans find boring, demotivating or monotonous. In some cases AI is also used to do jobs that are considered dangerous for humans to preform.

Previously the most common implementations for AI were all about gaming, entertainment, and advanced science, now it’s spreading into a number of industries including the field service industry.

FieldElite – Field Service Software , can help you optimise the day-to-day operations of your business.

AI in field service management will enhance you business capabilities with:

Information Sharing
Real Time Updates
Automated Workflows
Digital Form Data Collection
Data Analysis

Improved Customer Service

For Service Based companies, customer retention is vital. Primarily because It can be 5-25 times more costly to acquire a new customer than it is to retain an existing ones.

Therefore customer retention should be a primary focus.? The good news is that by making use of AI you can implement services It can be 5-25 times more costly to acquire a new customer than it is to retain an existing one.

Staying on top of and ensuring you satisfactorily address and meet you customer demands and expectations can be a daunting task.? It can also be an expensive one,? especially for small field service based businesses like :

Heating & Plumbing Engineers
Electrical Contractors
Fire Safety Inspectors

HVAC Engineers
Facility Management
Building, Construction & Trade

Implementing Artificial Intelligence and Machine Learning to automate mundane and repetitive customer administration tasks will enable your staff to be free to provide additional value added tasks for your customers. Making your customers happier.

?Think about the active Chatbots. You can always get complaints directly from customers and address them right away.??

If at any point the customer is unhappy with your services, they can always raise the issue via the Chatbots. Since the bots contain necessary customer information, you can always get back to them and fix the issue at hand.?

With AI in field service, you can solve problems before they arise, or what is otherwise known as predictive maintenance,? In that way, you’ll have better customer relations because you’ll be able to address your customer concerns before they even become aware of them.

Improved Productivity

Scheduling tasks and managing the workforce isn’t a walk in the park. It goes beyond assigning tasks to your team members in the field and giving them deadlines to meet. Whether it’s a small firm or a big organisation, it’s quite difficult to organise the workforce.?

However, adopting Artificial Intelligence can iron out the difficulties most field organisations face in scheduling and managing tasks. Some years back, most firms relied on human intelligence to dispatch jobs to the right people based on given conditions. This was quite difficult, especially that it wasn’t always successful. But thanks to AI. With field service apps like FieldElite scheduling tasks and managing workforce is only a few clicks away.?

What’s more? There?s no room for error. Therefore, you’ll always match the right people for the job. Again, your team will always get tasks on time. That means, the job completion rate will go up, and hence the workforce becomes more productive.?

Predictive Maintenance

Usually, most business operations are based on ?solve the problem as it occurs?, which is just OK. However, it’s not always safe to wait until a problem occurs so that you solve it. Prevention is better than cure, and that’s why Artificial Intelligence comes handy in Field Service.

Using FieldElite Workforce Management Software , you don’t have to wait until something breaks.? Utilizing AI in field service enables you to proactively address field service needs and prevent unforeseen failures and interruptions.?

The ability to predict field service needs through field service apps like FieldElite enables you to make more accurate forecasts. In this way, resource planning is made easier, and as such, you’ll have smoothly running workflows. Again, by taking care of unforeseen circumstances in advance, you’re flexible enough to take care of the unexpected. And that means the overall productivity of your business will go up.

Job Management

Most field service jobs involve multiple stages that can take several days to complete. In addition to this, more often than not, you have to coordinate lots of equipment and contractors at the same time. All these can’t be achieved solely by human efforts. For more successful outcomes, it’s important to incorporate Artificial Intelligence in your field service operations.?

FieldElite is the field service solution that can help you manage sophisticated tasks. The app is packed with field service management tools that enable you to assign complicated tasks and keep track of your field techs. For long-cycle jobs, FieldElite app enables you to follow up on the activities going on the field to ensure they’re completed.?

With AI, there?s no room for error even when the jobs become more sophisticated.

Data Analysis

Field service industry involves lots of data. Some years back, organisations depended on human intelligence to analyse big data. Well, things still worked out, but as a human is to err, the outcome wasn’t always perfect. However, with Artificial Intelligence data analysis, 100% accuracy in data analysis is achievable. Field service solutions like FieldElite provide sophisticated data analytic tools that enable you to crack massive data and offer accurate solutions.?

FieldElite data analytics capabilities give you an insight into what’s not working and what needs to be improved. In that way, you can always address matters arising and take care of the loopholes.?

It’s time to go paperless with field management software like FieldElite if you?d like to make your business more profitable. Apart from improving the productivity of your workforce, incorporating AI in your business increases profitability. If you’re still doing your usual field rounds with a clipboard, it’s time to simplify your task with FieldElite app.?