How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

Do you really need a Cloud Broker?

A cloud broker is someone who can serve as your trusted adviser when it comes to your dealings with a cloud service provider. Sort of an IT consultant who: is familiar with cloud computing, can negotiate a mutually beneficial relationship between you and a provider, and help you manage usage, performance and delivery of cloud services.?But do you need one?

Is it even time for cloud adoption?

Of course, if you haven’t even started considering moving your IT systems to the cloud, what’s the point of reading this article, right? Well, if you’re running a business in Ireland or the UK maybe you should start thinking about it. The benefits (of moving to the cloud) are simply overwhelming. But then that’s for another post.

For now, let’s just briefly talk about the rate of cloud adoption so far. This should give you an idea what other decision makers nearby think about cloud computing and what they’ve done in this regard so far.

According to research conducted by the Cloud Industry Forum (CIF), the number of first-time users of cloud computing in the United Kingdom has risen by about 27% compared to last year.

The study, which was carried out by research company Vanson Bourne and which involved IT decision-makers from both the private and public sector in UK, also showed that 61% of companies are subscribing to cloud-based services. A similar research conducted last year (2011) revealed only 48%.

In Ireland, plans are underway to adopt cloud computing. According to Pricewaterhouse Coopers, 75% of Ireland’s CIOs and IT directors are already adopting a cloud computing strategy.

Definitely, the number of cloud adopters is growing. If that number already includes your hottest competitor, then perhaps there’s no time to waste.

But while a migration to the cloud should be in your pipeline, it shouldn’t be something you should rush into. Generally speaking, there are at least three kinds of services offered by cloud service providers: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service).

Some providers offer variations of these services. You might only need one type of service or a little of everything. There are also technical and regulatory compliance issues that need consideration.

Obviously, if you have no idea where or how to start, you’ll need someone who can help you. But what kind of help do you need?

Let’s proceed by talking about the kinds of services cloud brokers offer as these are obviously indicative of the needs of current cloud customers.

What cloud brokers do?

Cloud brokers offer three main types of services.

Cloud?inter-mediation

Cloud inter-mediation services are designed to add value to existing services and improve capabilities. ?Examples of cloud inter-mediation include managing access to cloud-based services, carrying out performance reporting, and establishing stronger security.

Cloud aggregation

As mentioned earlier, some cloud customers may end up subscribing to multiple cloud services; most likely from different cloud service providers. To get optimal return on their various cloud subscriptions, these customers will need to apply data integration and make these disparate systems work together. They will also have to make sure data flowing from one system to another is kept secure. This is where cloud aggregation comes into play.

Cloud arbitrage

This entails finding the best cloud service provider(s) to solve a particular problem. One example is comparing different providers offering data storage services and identifying the one offering the most competitive rates.

Other cloud arbitrage brokers develop new solutions by combining the services of different cloud service providers and then offer them to cloud customers. While there are similarities between cloud arbitrage and cloud aggregation, the former is more flexible and allows the customer to transfer from one provider to another where conditions are more favourable.

Problems a cloud broker can help you solve

Just like with natural clouds, your experiences in cloud computing won’t be all white and fluffy. You’ll also encounter gray and uncertain (or even stormy) clouds.

One major issue in cloud computing is cloud security. In fact, cloud security (or the apparent lack of it) is the one thing that’s really clouding up the sky of cloud computing. But that doesn’t mean the cloud is totally insecure. Besides, there are certain types of information that really don’t require a high level of security. These types you can easily migrate to the cloud.

For sensitive information, you really need to conduct due diligence to make sure your cloud service providers’ data centres are secure enough.

Where exactly will your data be stored? Are there enough provisions for regulatory compliance? How will your data be segregated? Does the infrastructure readily support ?data forensics? Is there a sound disaster recovery/business continuity plan? These are just some of the questions that need clear answers before you sign a contract with a cloud service provider.

Also, before you sign, you need to study the SLA (Service Level Agreement) very carefully. Look at the guaranteed uptime. Is it enough to meet your own desired service levels?

Bear in mind that the answers to these questions may be too technical. This is one of those instances when a cloud broker can come in handy. As your trusted adviser, your cloud broker can break down the technical jargon and present everything in a language that you can make intelligent decisions from.

A cloud broker will also be able to study the cloud provider’s security architecture and policies and determine whether they’re sufficient to meet your own security requirements. Basically, a cloud broker will not only help you obtain answers to your questions.

He will also know exactly what vital information to extract from providers in order to ensure that you find the best deal possible.

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Web Design and Development

The first few seconds of a first-time website visitor is very crucial. If they don’t like what they see or if they think it takes too long just to load what they’re supposed to see, chances are, that would be the last time you’d ever catch them on your site.

Therefore, striking a balance between your website’s appearance and its loading speed is important for first impressions. Once you’ve captured the visitor’s attention, the next objective is to keep them glued long enough for them to browse through your merchandise. It is at this point that the benefits of a well organised and highly intuitive graphical user interface come into play.

An excellent combination of stylish web design and sharp web development can play a major role in lowering bounce rates and increasing returning visitors. We see to it that our web designers and developers not only excel at what they do individually, but also understand the interplay between their individual creations and how it affects the overall appeal of the website.

This is what you can expect from our brand of web design and development:

Conversion-motivated web design. Since we understand that your primary motivation for entering into the eCommerce arena is to turn torrential web traffic into sales, we’ve put conversion as a primary consideration in our web designs.
SEO-friendly content. First-time visitors don’t reach your site because they entered your URL somewhere. Rather, they must have stumbled upon your links on search engine results or on other websites.
Engaging web content. Because excellent graphics alone can’t sell products but engaging web content can, we invest in excellent copywriters.
Visitor-friendly user interface. Before a visitor will ever read content on the current and succeeding pages, they’ll need to interact with your site’s UI first. We’ll make sure your user interface is visually appealing enough to invite visitors to click on your buttons.
Superior expertise in web development technologies. Our web developers are certified experts in web related technologies including Javascript, AJAX, SQL, PHP, CSS, Java, Silverlight, CMSes, and Magento, among others. Thus, we can offer extreme flexibility and scalability in our web development services.

See more related services

Why integrating your Field Service Management with IoT Applications makes sense

Your customers want a smooth experience when hiring your services. Whether there are pests that have run amok in their homes and you have been called in to exterminate them, there is a leak in the pipes and your plumbing repair business is the go-to for repairs, you’re in charge of a cleaning business with clients spanning across the residential and commercial niches, or even a locksmith making new installations and providing aftercare for their clients ? it is vital to make the process as hassle-free as possible for your customer. The priority is getting the job done in time, and to quality standards. On the other hand, your mobile workers need access to complete and accurate data to approach the task more proactively, get it done right, and increase the rate of first-time fixes.

When you have multiple clients and a huge workforce, things can get messy with all the paperwork involved. Preparing documents and reports, keying in the data, keeping track of your mobile employees, following up on current jobs and scheduling new appointments ? the workload can put a strain on your staff. Field service scheduling software like FieldElite come in to keep your central office staff abreast with all customer details, sending alerts when new issues arise. These are then relayed to the appropriate technician for the situation to be taken care of at the earliest possible time ? directing the right employee to the customer based on the skill-set availability and location. While field service job management software, by itself, is a powerful solution, you can crank things up a notch by having a system that integrates IoT into its operations.

Powering Field Service Scheduling Software Systems With IoT

FSM gives maintenance firms, distributors, manufacturers and other service businesses an interactive platform that optimises the workflow. From the customers booking maintenance work, office staff tracking operations right from their desk, workers interacting with it while on-ground through the mobile app, to the billing and invoicing ? it is all handled through the same system. IoT applications can boost this becoming a critical tool to show the field managers about the precise locations where attention is needed, for accurate worker and job scheduling and improved customer satisfaction. What if you could also have features like auto-scheduling coming on board? Let’s delve deeper into what it means for your FSM system.

Benefits Of Using Service Management Software With IoT Solutions

Its impact of IoT on field management is seen in the transformation of maintenance data into proactive service actions. Research by Gartner shows that in 2020 there will be over 20 billion connected devices, making the reach of IoT really vast. This will fuel the field management industry, unlocking more potential with the mobile workers interacting in real-time with their equipment and headquarters. This speeds up response time to service requests and transforms interoperability across the different devices.

???????? All-round access

The interaction with IoT benefits the technicians, managers, and customers themselves. For instance, while the worker on ground interacts with the FieldElite mobile app, the office staff at headquarters will be engaging them via browser on their smart devices, and even the client gets access to the system through the customer portal.

???????? Linking your different business operations

It doesn’t stop there. Integrating the mobile service management software to the IoT facilitates inventory management, automobile tracking, and even automates accounting, invoicing, and other internal processes of the business, giving you more visibility over your field assets and operations. Here, the sensors that have been enabled in the network will notify you of damaged equipment, and go further to route and dispatch the technician who is most suited to go on-site and repair it.

???????? Nip things in the bud ? A proactive approach

Updates from sensors on the remote equipment are sent over a dedicated network. This is intelligently interpreted by the IoT platform to decide the next course of action, depending on a predefined set of rules. This course of action can be assigning and dispatching the technician through the FieldElite app to fix the equipment before permanent damage occurs. This whole process is automatic, shifting the company from a reactive mode of operations to a proactive and preventative model, resulting in better utilisation of assets.

???????? Minimise time wastage

Less time is spent going checking for flaws in the systems. Take management at a wastewater treatment plant for instance. Simply place IoT sensors on the different pumps, mortars and valves to give you this data. In case of leaks or damage, the appropriate operator is alerted, taking away the need for manual monitoring. Monitoring is done remotely. Hazardous situations such as in the oil and gas industry where workers are faced with issues like flare stacks are handled better, where the IoT sensors minimise downtime and ensure that only necessary visits to the plat equipment are done.

???????? Interactions at the palm of your hand

The field service workers are also equipped with effective communications through aspects like the chat feature on the mobile app, and reporting abilities where they can make notes, take photos and relay this to the headquarters during the course of the job. Information on the system is readily available to the customer and future technicians who will be handling jobs at the facility.

How does the FSM work with other systems? FieldElite’s core role is to manage the mobile workforce. How do you keep track of the sensors of the different equipment, in order to know when maintenance is needed?

Enter ecoVaro: IoT In Energy Management

The 2018-2025 Global Building Energy Management System Analysis and Forecast showed energy consumption in residential buildings accounts for close to 40% of the world’s energy consumption.? Commercial buildings like shopping malls, hospitals, retail stores and hotels take 30%. IoT tools aid in collecting and analysing the real-time data consumption in these falsities, to improve maintenance and reduce down times. It’s a holistic view that is achieved through a network of smart devices monitoring the ventilation, humidity, air-conditioning and lighting systems.

Home automation tools like smart thermostats and bulbs are already becoming popular. Here, they bring savings to the consumers without them having to use up much effort. For broader energy management, these systems will include units like sensors, controls, meters, data analytics tools, and user-friendly applications that the consumers access all this from. It cuts across the board, from households and commercial establishments, to utility firms and government bodies keen on effectively monitoring and managing their energy resources. Industrial and commercial users need data analytics tools to maximise their productivity and reduce costs, while residents in households want to reduce their monthly bills and take a more proactive role in their energy management.

From Smart Devices To Accurate Loggers

The first step in saving energy is cutting down wastage. Smart light, humidity, temperature and air conditioning controls come in to maintain optimal indoor conditions. Lighting units, smart thermostats, sensor-based HVAC control systems are part of the IoT, taking centre stage in automatically maintaining the perfect indoor environment that will keep the building?s energy use at optimum levels. They have been designed with different sensors that check the humidity, light, motion and even CO₂ levels, dynamically adjusting the conditions in the facility. Here, you have situations like smart lights dimming when there is more daylight getting into the room, and then automatically turning off when people leave the room. The smart thermostats can precool the indoor space before the day gets warmer, so that during that scorching midday sun there will be less energy spent by the HVCA to bring down the heat levels.

The whole set up ? from the LED lights adjusting to user preferences and routines, learning thermostats that reduce consumption during peak load times, sensors and data analytics that give the user more control over their consumption, creates a smart energy infrastructure, be it in homes or industrial spaces, from retail stores and factories, to entire cities. This is all geared at cutting down energy costs, with the systems automatically adjusting the building?s lighting, temperature and ventilation, to reduce the energy consumption without compromising the comfort of the building?s occupants. LEED bulbs already record 20% lower maintenance costs than the typical commercial buildings.

Adopting IoT Applications For Your EMS System

How can you take advantage of this? With the EMS loggers, you monitor your facility’s consummation in real-time. Platforms like ecoVaro enable both the utility companies and end-users to access this data. The utility firms will be in a position to tailor the power supply in response to changing demand and also adjust their pricing. The end-users, on the other hand, will be in a position to control their usage at a granular level ? responding to changing environmental conditions, power consumption, and reducing energy waste.

There are also those appliances that come with sensors, from boilers in the household, to heavy production machinery in industries. The EMS systems allow you to continuously monitor the load on the sensor-enabled assets, predict when overheating will occur and pinpoint risks of outages or damage on the line. Maintenance can then be immediately carried out to vent damages to the equipment. That way components like motors are protected from damages that would have ended up costing the firm lots of funds to replace. The data analytics from the EMS platforms enable the energy manager to strike that balance to optimise performance and reduce wear, thus prolonging the life of the equipment.

Even the heavy hitters in the energy sector get to benefit from the IoT. Take power production for instance. When you’re dealing with stations, solar farms and wind fields ? as they provide that much-needed power, they also consume energy and need plenty of maintenance. These are resource-heavy stations and as a manager, you want to keep a close eye on things. This involves a complex approach, from the sensors at the facilities, data analytics, to predictive maintenance. EMS software comes in to continuously monitor the equipment and wiring through the sensors. This enables you to prevent issues like overloads, and ensure that a balanced load is maintained on the line. The EMS goes a step further by enabling you to undertake predictive maintenance, for the timely repair of the equipment on the power grid, minimising accidents, preventing blackouts, and averting the costly down times.

Electricity utilities connecting their power plants and grids to available IoT solution networks get to be more transparent to their consumers, by showing them where the energy they use comes from. This empowers the consumers with the information needed to select the cleanest energy source during that period, which is particularly beneficial for those keen on adopting greener practices. For instance, you can have a system monitoring a network of grids, and dynamically shifting to power sources that have the least amount of emissions at the moment ? what’s gaining popularity as “automated emission reduction”. These lead to utility firms that produce clean energy getting more consumers and growing their revenue base.

Field And Energy Management: How FieldElite and ecoVaro Work Together Through IoT

So, on one hand, you have the energy managers following up on the consumption trends at their facilities, keeping an eye on their equipment.? On the other hand, you have field workers needed to carry out repair and maintenance works at different locations.? How do you join them together to ensure a seamless flow of operations?? The IoT.

This can be seen with ecoVaro and Field Elite interaction. Here, you have two independent systems that are interlinked through the internet and secure cloud systems, bringing more convenience on board for the users.

Picture this: Loggers collecting data from the meters and sensors on-site detect an anomaly, which you will immediately be able to view through the ecoVaro platform. This can be a myriad of issues, from plumbing to electrical systems that need to be worked on, and they are at multiple locations. How do you get them resolved? Dispatch your technicians through FieldElite.

Here’s a snapshot of how this works:

This way, you get to optimise your operations and cut down on coasts ? taking advantage of the data analytics tools brought to you by ecoVaro, and streamlining your workflow through FieldElite. IoT powered workforce and energy management systems thus become key in reducing operational expenses, scheduling repairs and maintenance, and planning for peak hours

Accessing real-time data has the welcome benefit of cutting down on the hours spent on energy management processes. Jobs like meter reading that would have taken lots of time are handled by the system. When it comes to field management, operational efficiency is increased by taking away the manual processes involved with all the paperwork.? The sensors monitored via ecoVaro alert the field service manager about equipment that needs to be checked, and FieldElite shows the field manager issues that are on queue to be resolved. In both cases, you get accurate data that will inform the decisions made ? from the maintenance measures required, to scheduling the jobs for the technicians to handle them. It’s a win-win situation.?

Building Blocks For A Brighter Tomorrow

What’s more, this sets you up for the future. Adopting IoT solutions for your field and energy management operations will score you higher ROIs going forward. The global community is working towards enhancing the efficiency of its operations and putting in place sustainable practices in line with their Social Corporate Responsibility (CSR). This is from service providers like plumbing and electrical repair businesses, to utility firms and power generation plants. Lighting systems, homes, office buildings, factories, communities, transportation and whole cites are getting connected through the internet and more control done via smart devices. This is further accelerated by cloud systems enabling real-time, reliable and secure access to the information. By incorporating these setups into your business structure, you will gain a competitive advantage in your niche. After all, we’re still in the early stages of IoT across the industries.