Making Click-and-Collect click

In my previous post, I introduced you to integrated e-commerce and explained why it is the right way to extend your business online. If you already have a brick-and-mortar retailing business and you’re looking to improve your online presence, you could start offering a click-and-collect service.

With click-and-collect, customers order online and then collect their merchandise from one of the retailer?s local branches. Why would they want to do that?

Apparently, there are buyers who now prefer a click-and-collect service over the delivery service of a purely online retailer. With the latter, they sometimes have to wait forever for the delivery van to arrive or contend with a missed-delivery card.

Basically, customers who want both the convenience of placing orders online and better control of their time find click-and-collect a better option.

Last December 2011, IMRG (Interactive Media in Retail Group) reported a ?significant rise in the percentage of click-and-collect e-retail sales in the 3rd quarter of 2011?. This accounted for 10.4% of all e-retail sales in that quarter. More specifically, the gain was 7.4%, which was also the strongest quarterly gain since IMRG started collecting this data.

Clearly, this particular service is gaining popularity. But how do you meet the rising demand in this area?

A click-and-collect service requires a highly synchronised ecosystem. You don’t want to have a customer order items from your online store, drive a couple of minutes from his house to your nearest outlet, only to find out that one of the items is no longer available.

This can only work if all systems involved are interconnected. Changes in the inventory in your individual outlets should reflect on your database in real time. In turn, these changes have to be reflected instantly on your online store. Conversely, once a buyer has picked items online and is already directed to a local outlet, those items have to be reserved there.

But that’s not all. Your system has to be seamless enough to support fast and reliable service. You don’t want your buyer to have to wait a long time before the items are ready for pick-up. It also has to be capable of tracking the status of ordered products, handling uncollected orders, and monitoring inventory.

By implementing an integrated e-commerce system, these won’t be the only things you?d be able to do. You can even add more value to your service. For example, you can connect to your CRM and learn more about your customers? purchase history, buying habits, and preferences.

That way, it would be easier for you to provide a faster and more convenient buying experience for them in the future.

Click-and-collect is a very promising way to increase your sales and improve customer loyalty.

Check our similar posts

How To Get Started with your IT Compliance Efforts for SOX

There’s no question about it. For many of you top executives in the corporate world, all roads leading to a brighter future have to go through SOX compliance. And because the business processes that contribute to financial reporting (the crux of the Sarbanes-Oxley Act) are now highly reliant on IT systems, it is important to focus a good part of your attention there.

It is a long and arduous path to IT compliance, so if you don’t want your company to fall by the wayside due to inefficient utilisation of resources, it is important to set out with a plan on hand. What we have here are some vital information that will guide you in putting together a sound plan for SOX compliance of your company?s IT systems.

Why focus on IT systems for SOX compliance?

We’ll get to that. But first, let’s take up the specific portions of the Sarbanes-Oxley Act that affect information technology. These portions can be found in Section 302 and Section 404 of the act.

In simplified form, Section 302 grants the SEC (Securities and Exchange Commission) authority to come up with rules requiring you, CEOs and CFOs, to certify in each annual or quarterly financial report the following:

  • that you have reviewed the report;
  • that based on your knowledge, the report does not contain anything or leave out anything that would render it misleading;
  • that based on your knowledge, all financial information in the report fairly represent the financial conditions of the company;
  • that you are responsible for establishing internal controls over financial reporting; and
  • that you have assessed the effectiveness of the internal controls.

Similarly, Section 404, stated in simplified form, allows the SEC to come up with rules requiring you, CEOs and CFOs, to add an internal control report to each annual financial report stating that you are responsible for establishing internal controls over financial reporting.

You are also required to assess the effectiveness of those controls and to have a public accounting firm to attest to your assessment based upon standards adopted by the Public Company Accounting Oversight Board (PCAOB).

While there is no mention of IT systems, IT systems now play a significant role in financial reporting. Practically all of the data you need for your financial reports are stored, retrieved and processed on IT systems, so you really have to include them in your SOX compliance initiatives and establish controls on them.

Now that that’s settled, your next question could very well be: How do you know what controls to install and whether those controls are already sufficient to achieve compliance?

Finding a suitable guide for IT compliance

The two bodies responsible for setting rules and standards dealing with SOX, SEC and PCAOB, point to a well-established control framework for guidance – COSO. This framework was drafted by the Committee of Sponsoring Organisations of the Treadway Commission (COSO) and is the most widely accepted control framework in the business world.

However, while COSO is a tested and proven framework, it is more suitable for general controls. What we recommend is a widely-used control framework that aligns well with COSO but also caters to the more technical features and issues that come with IT systems.

Taking into consideration those qualifiers, we recommend COBIT. COBIT features a well thought out collection of IT-related control objectives grouped into four domains: Plan and Organise (PO), Acquire and Implement (AI), Deliver and Support (DS), and Monitor and Evaluate (ME). The document also includes maturity models, performance goals and metrics, and activity goals.

A few examples of COBIt’s detailed control objectives are:

DS4.2 – IT Continuity Plans
DS4.9 – Offsite Backup Storage
DS5.4 – User Account Management
DS5.8 – Cryptographic Key Management
DS5.10 – Network Security
DS5.11 – Exchange of Sensitive Data

By those titles alone, you can see that the framework is specifically designed for IT. But the document is quite extensive and, chances are, you won’t need all of the items detailed there. Furthermore, don’t expect COBIT to specify a control solution controls for every control objective. For example, throughout the control objective DS4 (Ensure Continuous Service), you won’t find any mention of virtualisation, which is common in any modern business continuity solution.

Basically, COBIT will tell you what you need to attain in order to achieve effective governance, management and control, but you’ll have to pick the solution best suited to reach that level of attainment.

Articles highly relevant to the one you just read:

Month End Accounting The Way It Should Be Today
Spreadsheet Woes ? Burden in SOX Compliance and Other Regulations
Spreadsheet Woes ? Limited Features For Easy Adoption of a Control Framework
How Internal Auditors Can Win The War Against Spreadsheet Fraud

How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

  • Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
  • Companies with revenues between $1B – $4.9B spent about 0.16%
  • Companies with revenues between $500M – $999M spent about 0.27%
  • Companies with revenues between $100M – $499M spent about 0.53%
  • Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

2015 ESOS Guidelines Chapter 3 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  3. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  4. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  5. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  6. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  7. Notify the Environment Agency of Compliance within the deadline using the online notification system at snapsurveys.com as soon as the enterprise believes is fully compliant.
  8. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact Ecovaro if we can assist in any way.

Ready to work with Denizon?

Contact Us Today