How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

  • Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
  • Companies with revenues between $1B – $4.9B spent about 0.16%
  • Companies with revenues between $500M – $999M spent about 0.27%
  • Companies with revenues between $100M – $499M spent about 0.53%
  • Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Check our similar posts

Top 10 Benefits of Using Field Service Automation Software

Just how much wastage is witnessed in your operations? Each morning your technicians report to work, they receive the day?s schedule, go through the inventory for the parts and tools that will be required, collect and fill the paperwork, before finally hitting the road- translating to hours of manual organisation. What of the information they need when they are at the site? Are they carrying around bulky files on each individual customer? Your field technicians are also responsible for lots of the equipment being handled- and you want to keep a tab on it all- knowing what is being worked on, when it is happening, how long it takes, and the materials that have been used. Dealing with all this on your end through loads of Excel sheets, calculating and updating time logs, and ticking off the inventory- it can be a strain. Field Service Automation Software comes in to handle it all- from the scheduling and tracking, to inventory control and invoicing- all on the same platform.

Eliminating the Paperwork and Optimising Your Operations

There has been a surge in demand for all-in-one Field Service Management (FSM) solutions. They leverage the power of mobile technology, cloud computing and social collaboration to boost the efficiency of field services. In fact, the FSM market is growing at rates never seen before, if the recent statistics are anything to go by. According to the latest estimates, it is worth $3.5 billion and is expected to hit $5.9 billion by 2024.

It’s understandable why this is happening. Technology is advancing, and we all know it’s every entrepreneur?s dream to optimise the use of the available resources while guaranteeing customer satisfaction. If technology can deliver this through automation, why not? Every business now wants to automate things, and the focus is to maximise resource output. You should, therefore, not be surprised to see the FSM software industry booming. If you just considered the field service industry, you’ll realise that there are so many software applications to help with service automation, whether full or partial.

A good example is FieldElite, which helps with the management of field workers. From your desktop or the palm of your hands, on a tablet or smartphone, you can take full control of your field workers, manage scheduled jobs, and use maps to manage work assignments for the already dispatched field workers. Not only does FieldElite help you handle tasks in an accountable manner but also provides options for accounting and reports, all managed in an easy to use dashboard.

10 Benefits Field Service Automation Software Brings On Board

Why would organisations need to invest in a Workforce management app? Below are some of the key benefits of using a Field Service Management software:

1. Cut down the down-time and make every minute count

From scheduling your operations, mapping out preferred routes, dispatching the service team, to staying connected with them throughout the tasks, you get to improve worker efficiency with field service software like FieldElite. 

Most FSM software programs allow the administrator to send tasks directly to the field worker?s mobile. More often than not, the FSM software provides vital information, including service history, optimal route to the site, the tools required, and contact numbers, among other details.

This improves efficiency by ensuring that the client’s needs are taken care of promptly. Where it’s about machine maintenance, the downtime would be as short as possible.

2. Enhance professionalism and boost your brand image

FSM software programs are known for ensuring professionalism in the manner in which business activities are conducted. Of course, professionalism is attained through several factors, including working with a team of professionals. Such a team, using FSM software, results in enhanced efficiency and excellence.

A field service software like FieldElite helps you to consolidate all your business information into a single central database. With different access levels, your employees will access only as much information as is relevant to their respective duties.

An FSM software is ideal because the stored information can be accessed from any location, meaning field workers can pick new tasks while in the field, provided they’ve got the requisite tools. Instead of having to come back to the office, the employee would access all the information and execute the necessary task.

3. Resource Optimisation with Real-time Field Service Automation Software

Resource optimisation is one of the key determinants of a company?s profitability. While businesses vary in size and purpose, they all share one thing in common ? the desire to increase productivity while ensuring the optimal usage of resources.

Besides productivity, field service software also allows for efficient utilisation of the available resources to cut down on costs.

4. Stay connected with all your crew- and coordinate them better

FSM software facilitates improved coordination with the workforce. The software streamlines the management of the entire field service life cycle, ranging from labour to work orders, returns, contracts, warranties, and equipment.

The idea is to bring all the company?s field-related operations to a central point. And now, with easy data accessibility from a central platform, improved coordination is easily achievable.

5. Get accurate data and make well-informed decisions every step of the way

Adopting the field service management software is more than just a way to improve efficiency. It goes a long way towards improving a company?s accuracy. When a field service management software is used to trace a company?s activities, all the tasks are tracked on the mobile device, keeping the managers informed of every step.

Besides, the technicians also have a free reign to record the diagnostics, quality information, test results, and the parts consumed. All the information can be captured using text, audio, videos, and still photos. This guarantees minimal to no instances of data manipulation.

6. Improve Customer Satisfaction: Win Their Loyalty

Field service management software improves customer satisfaction. How does that happen? Well, using a field service software like FieldElite allows for quick response to customer queries. If there?s one thing that quickly turns your customers off, it’s delayed response to their requests. With the field service management software, however, you can respond to such requests quickly and effortlessly.

Moreover, your customers can also track the service engineer to ensure they’re well informed of any anticipated delays. With quick response time, customer machines have more reliable up-time, which is the desire of every client.

7. Flexibility ? because no one likes being tied down

If there?s one thing that customers like when dealing with a company, it’s flexibility. Instinctively, customers will always want different options to choose from when using a service without appearing to be confined to one provision. Having limited options would also appear boring.

To this extent, it would be wiser to adopt advanced FSM software. Advanced FSM software is compatible with mobile phones, meaning users can easily manage their tasks from isolated locations. FSM software can either be device-agnostic or device-specific. The device-specific type supports Android, Windows, and Apple iOS. This guarantees mobile-friendly tasks where users can easily manage the assignments via mobile application.

8. Store client history in secure cloud-based FSM software

Software like FieldElite stores client history precisely. All the past data, including order history, are stored separately and accurately. In so doing, the field technician gets easy access to the tools, specifications, and technician instructions that aid them in their operations. The result is increased productivity and on-time service delivery.

9. Asset Management and Inventory Control

Naturally, companies offering different repair services have plenty of assets to store. Accordingly, retrieving a specific part out of the large collection would be daunting.

With a field service application like FieldElite, the staff members can track down all the products effortlessly using the GPS. Furthermore, the FSM software ensures excellent maintenance of assets.

10. Improve oversight of field workers ? and keep them in the loop

The FSM software comes with many useful tools, including a built-in GPS tracker. The GPS tracker oversees the operations of the on-field workers, providing precise details about their geographical location, actual arrival time, and most importantly, the distance from the job site.

While this might not be useful at all times, it comes in handy when you need to assign an urgent task to the nearby technician. Call it a classic example of dynamic scheduling.

Final Thoughts

With so much at stake, it’s increasingly compelling to include the Field Service Management Software in your business. With every industry moving towards automation, your business cannot afford to lag.

Quick and efficient service delivery through FSM software may be the difference between you and your competitors.

The FSM software is no longer the cherry on the cake but a must-have tool for your survival in the highly competitive market.

A Definitive List of the Business Benefits of Cloud Computing

When you run a Google search for the “benefits of cloud computing”, you’ll come across a number of articles with a good list of those. However, most of them don’t go into the details, which nevertheless might still suit some readers. But if you’re looking for compelling business reasons to move your company’s IT to the cloud, a peripheral understanding of what this technology can do for you certainly won’t cut it.

Now, cloud computing is not just one of those “cool” technologies that come along every couple of years and which can only benefit a particular department.?What we’re talking about here really is a paradigm shift in computing that can transform not only entire IT infrastructures but also how we run our respective organisations.

I hate to think that some people are holding back on cloud adoption just because they haven’t fully grasped what they’re missing. That is why I decided to put together this list. I wanted to produce a list that would help top management gain a deeper understanding of the benefits of the cloud.

Cloud computing is one bandwagon you really can’t afford not to jump into. Here are ten good reasons why:

1.?Zero?CAPEX and low TCO for an enterprise-class IT infrastructure

2. Improves cash flow

3. Strengthens business continuity/disaster recovery capabilities

4. Lowers the cost of analytics

5. Drives business agility

6. Ushers in anytime, anywhere collaboration

7. Enhances information, product, and service delivery

8. Keeps entire organisation in-sync

9. ?Breathes life into innovation in IT

10. Cultivates optimal environments for development and testing

Zero CAPEX and low TCO for an enterprise-class IT infrastructure

Most cloud adopters with whom I’ve talked to cite this particular reason for gaining interest in the cloud.

Of course they had to dig deeper and consider all other factors before ultimately deciding to migrate. But the first time they heard cloud services could give them access to enterprise class IT infrastructures without requiring any upfront capital investment, they realised this was something worth exploring.

A good IT infrastructure can greatly improve both your cost-effectiveness and your capability to compete with larger companies. The more reliable, fast, highly-available, and powerful it is, the better.

But then building such an infrastructure would normally require a huge capital investment for networking equipment, servers, data storage, power supply, cooling, physical space, and others, which could run up to tens or even hundreds of thousands of euros. To acquire an asset this costly, you’d have to take in debt and be burdened by the ensuing amortisation.

If you’ve got volumes of cash stashed in your vault, cost might not be a problem. But then if you really have so much savings, wouldn’t it be more prudent to use it for other sales-generating projects? An extensive marketing endeavour perhaps?

A capital expenditure of this magnitude and nature, which normally has to be approved by shareholders, can be regarded as a high financial risk. What if business doesn’t do well and you wouldn’t need all that computing power? What if the benefits expected from the IT investment are not realised??You cannot easily convert your IT infrastructure into cash.

Remember we’re talking about a depreciating asset. So even assuming you can liquidate it, you still can’t hope to sell it at its buying price. These factors are going to play in the minds of your Board of Directors when they’re asked to decide on this CAPEX.

Incidentally, these issues don’t exist in a cloud-based solution.

A cloud solution typically follows a pay-as-you-go utility pricing model where you get billed monthly (sometimes quarterly) just like your electricity. ?In other words, it’s an expense you’ll need to pay for?at the end of a period over which the service’s value would have already been realised. Compare that with a traditional infrastructure wherein you’ll have to spend upfront but the corresponding value will still have to be delivered gradually in the succeeding months or years.

demand expense traditional infrastructure

From the point of view of your CFO, what could have been a CAPEX to acquire an asset that depreciates with time (and consequently reduces your company’s net worth), becomes a flexible operating expense (OPEX).?Truly, it is an operating expense that you can increase, decrease, or even totally discontinue, depending on what the prevailing business conditions demand.

demand expense cloud infrastructure

People who think they have done the math in comparing cloud-based and traditional IT infrastructures claim that, although they see how cloud solutions transform CAPEX into OPEX, they really don’t see any significant difference in overall costs.

However, these people have only gone as far as adding up the expected monthly expenses of a cloud solution over the estimated duration of an equivalent IT infrastructure’s effective lifespan and comparing the sum with that IT infrastructure’s price tag. You won’t get a clear comparison that way.

You need to consider all factors that contribute to the infrastructure’s Total Cost of Ownership (TCO). Once you factor in the costs of electricity, floor space, storage, and IT administrators, the economical advantages of choosing a cloud solution will be more evident. Add to that the costs of downtime such as: interruptions to business operations, technical support fees, and the need to maintain expensive IT staff who spend most of their time “firefighting”, and you’ll realise just how big the savings of cloud adopters can be.

Still not convinced? Well, we’re still getting started.?On our next post, we’ll take a closer look at the additional benefits of paying under an OPEX model instead of a CAPEX model.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Spreadsheet Fraud

To any company executive or business owner, the mere possibility of fraud can be enough to send alarm bells ringing – for good reason. In a prolonged recession, the last thing investors would want to discover is a huge, gaping hole where supposedly a neat profit should have been. Also to find out that such loss was brought about by deliberately falsified accounting and poor spreadsheet controls only makes the situation even more regrettable.

Why?

Because these losses would not have occurred had there been a stronger risk management program in place and more stringent quality control on critical data to begin with.

But given the nature of a spreadsheet system i.e. its sheer flexibility and easy accessibility, plus the fact that they were never intended to be enterprise-level tools, there are no hard and fast rules for auditing spreadsheets. Also because of the lack of internal controls for end user computing (EUC) applications, in this case spreadsheets, you can’t expect these systems to yield consistently accurate results.

In fact, most managers assume that major spreadsheet errors should result in figures that are blatantly out of touch with how things stand in the real world, making these errors easily detectable.

Well they assumed wrong. You’ll find cases where the losses ran to millions of dollars without anyone being the wiser.

In instances of fraud, the problem becomes more complicated as these errors are deliberately hidden and cleverly disguised, perhaps one erroneous cell at a time. Even if these cover-ups started out with smaller figures that may have had negligible impact on a company?s operation, the cumulative costs of these ?insignificant? errors multiply exponentially as the spreadsheets are reused and utilised as bases for other related reports.

While there is no generally accepted definition of the term ?spreadsheet fraud?, its quite easy to identify one when a case crops up. Fraud arising from spreadsheets are typically characterised by:

Fallacious inputs – correct figures are deliberately replaced with false values.

Erroneous outputs owing to data alteration – hyperlinks are linking to the wrong spreadsheets or cells; use of macros or special lines of code which are understandable only to the person who developed the code.

Concealment of critical information – can be done with easy ?tweaks? such as hidden rows and columns, using the same colour for both the font and the background, or hard coding additional values into a cell.

There is nothing really highly-sophisticated or technical in any of these methodologies. But without internal spreadsheet controls in place, it would take a discerning eye and a thorough review to catch the inconsistencies contained in a spreadsheet fraught with errors. Also, if these errors are knowingly placed there, the chances of finding them are close to nil.

Learn more about our server application solutions and discover a better way to protect your company from spreadsheet fraud.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Ready to work with Denizon?

Contact Us Today