But what happens when you’re a small business being asked by a much larger customer whether your internal systems are SOX compliant?
From the writer’s perspective, SOX sets out to make it clear to the individuals running large public corporations that their financial reporting must be accurate, and requires them to ensure that systems are in place to guarantee that. From that noble (though obvious and not really new) objective an entire industry has spawned of advisors and consultants with check-lists and methodologies reaching into every crevice of the organisation and its suppliers.
From the technology supplier’s perspective these boil down to being able to demonstrate traceable and auditable controls in the following areas:
- Financial: contracts must be modelled correctly, agreed, audit-trailed, documented and maintained under strict process-driven change management. Ideally, the invoices related to these contracts must be generated without manual over-rides, from process workflows that are audit-trailed and free from the opportunity for fraud
- Process: internal processes for the development, support and management of IT systems and equipment must be controlled via workflows and stages that are relevant to the action required, correctly permissioned, secure and of course, once again fully audit-trailed so who, when and why on any change can be found immediately and reported on
- Engagement: complete documentation of engagement with the customer, agreement to requirements, testing, acceptance etc., again answering the who, when and why of any project agreement or progress step
- Responsibility: control of who can do what, when and where is key. This role control goes deep into all processes highlighting changes, recording temporary delegation and documenting actions making fraud had to disguise and easy to discover
The good news is that the way Harmony is designed, it fully supports these SOX objectives.
Harmony’s billing engine uses product objects that are fully described on orders and drive their own invoicing behaviours. This was designed to remove manual intervention in the invoicing process.
Further, any changes prior to invoice release are strictly controlled, audited and tightly permissioned.
Invoices are locked on posting and may not be edited or changed. Contract lifecycle management provides full traceability from order to invoice, nothing can be done without leaving a clear data trail.
Harmony’s service desk provides for custom workflows and ticket relationships that support any development or maintenance visibility and check-point controls. You design them the way you need them to operate, Harmony will keep the score and its seamless mail integration ensures your customers are informed and involved throughout.
Harmony’s customisable role designer and delegation controls allow you to set every individual up with the right actions and data access without compromise.
If you are faced with demonstrating ISO or SOX compliance, get in touch and we will explain how Harmony can help keep your business under control and in compliance.
About the Author: CloudBlue PSA is the most complete cloud professional services automation (PSA) software on the market. Purpose-built with functionality to simplify every need of MSPs and Professional Services Organisations, CloudBlue PSA introduces a state-of-the-art PSA system built for today’s modern service provider. The platform empowers services organizations to scale recurring channel revenue and diminish operational complexity via its advanced product suite, which includes automated billing and reconciliation, an industry-leading customer support center and network operations center (NOC), real-time profitability analysis, and much more. CloudBlue PSA is available globally. Follow CloudBlue PSA on Twitter, LinkedIn or Website