WestJet’s finance department is fastening its seat belts as it prepares to get a compliance project covering both IT and financial controls off the ground.
The airline said on Wednesday it is only weeks away from installing the
latest version of IBM‘s Workplace for Business Controls and Reporting, collabaration and workflow software that will help the organization ensure it meets myriad regulatory requirements such as Control Objectives for Information and related Technology (COBIT), which ensures adherence to security standards laid out by the IT Governance Institute.
WestJet is also hoping the software will prepare it to comply with potential changes to financial reporting requirements being proposed by the Canadian Securities Administrators. Those changes would bring Canadian laws more in line with section 404 of the U.S. Sarbanes-Oxley Act, which requires extensive documentation of all controls around financial reporting.
Corey Wells, WesJet’s director of audit and advisory services, said that while some controls may involve manual processes, they are often linked to systems that require increased governance, aided by enterprise software.
Every financial report, for example, likely has an IT system involved behind it. Companies are being required to not only test the controls around the data but controls within a system. What the requirements are indicating, Wells added, is that it’s not only efficient to test within application, but the overall IT infrastructure.
“The argument is if your IT infrastructure isn’t designed effectively, that the applications residing in that infrastructure could be susceptible to control weaknesses as well,” he said. “A lot of the tools out there are specifically focused on financial controls, and are just now starting to realize they need to start incorporating some more flexibility for the likes of the COBIT framework, which really evaluates your IT corporate governance.”
While some customers are purchasing and deploying its software internally, others, including WestJet, have chosen to let IBM host Workplace Business and Reporting, which allows them to get up and running more quickly, said IBM Workplace marketing manager Jeremy Dies. WestJet has been testing an earlier version of the product and will be up and running on Workplace Business and Reporting 2.5 shortly, Wells said.
Dies said IBM has tried to create a framework for developing its tool that will keep pace with requirements that may cover either finance or IT.
“Almost everywhere we enter into a new market, we find all sorts of new control statutes,” he said.
WestJet’s CFO was the executive sponsor for the compliance project, while Wells is responsible for project management. The airline looks at IT as a resource it tries to employ whenever it purchases a system, he said, whether it’s specific to IT or something to resolve a business-related issue. IT was involved in the RFP process to make sure the tool purchased met the right security and support requirements, but Wells’ department was the primary customer.
Dies said compliance-related purchases of Workplace almost always comes directly through the line-of-business department, but that doesn’t mean IT departments are shut out of the project.
“I think what you’re going to see is an increased reliance on the CIO in terms of compliance over matters that don’t necessarily pertain to IT,” he said. “The amount of work and overhead that is being forced upon controllers and internal audit teams – those teams are going to their CIOs and IT departments to look for help.”
WestJet has spoken with a number of U.S. organizations, including Dallas-based Southwest Airlines, that were thrown into compliance projects last year, Wells said, and at the time many of the software tools hadn’t developed significantly. “A lot of them, quite frankly, did all of their work on paper,” he said. “They pulled out binder after binder of documentation. The clear message we received is it’s going to be very difficult for those organizations to sustain the changes that occur in that documentation.”