888.870.4250

The Threat of Out-of-Control Mobility Costs to Sarbanes Oxley Compliance

Confounding Causes

Mobility assets and their associated service costs are inherently challenging to control. At its core is a common problem of not having clear oversight of your company’s hundreds, thousands or even tens of thousands of mobile assets.

1) Both the average cost and penetration of company-provided smartphones and tablets has grown significantly. At over $500 per device, the cost to replace a lost or stolen device is financially painful. For instance, choosing to purchase an upgrade before it is eligible for an upgrade is costly when it means paying list price. When you couple this with employees clamoring for the latest models and generally seeking upgrades every one to two years, it makes for a colossal management challenge.

2) Companies deal with a dynamically changing employee base and limited means to accurately know who is in possession of a particular mobile asset at any given time. Assets may change hands as job assignments change; assets may be placed in a drawer and forgotten when an employee is terminated or worse, go out the door with an employee without management knowing. Often companies are purchasing new assets in one part of the company for new hires while perfectly serviceable assets are being retired in another part of the company. Without vigilant methods of tracking asset ownership maximizing reuse can easily be overlooked. Furthermore, it is common for companies to needlessly pay ongoing monthly service fees on devices whose whereabouts are unknown and not currently in active use.

3) Another challenge of asset tracking is the issue that mobile devices are effectively being metered 24×7 and incurring costs not only while an employee is ‘on the clock’ but when they are ‘off the clock.’ In the carrier billing models, particularly with today’s data centric billing plans, there is no price reduction for off-hours activity like we used to see with free night and weekend voice plans. With corporate liable billing plans, rarely do employees or their immediate management have visibility over the usage and charge amounts on a monthly basis. Even if an employee has the best intentions of using their device judiciously, they may be completely unaware that their usage patterns are generating unplanned company expenses.

4) Finally, add to all these issues, a complicated and ever-changing set of carrier rate plans and options as well as confusion in terms of best available market prices, discounts and carrier cost-cutting concessions. Without constant wireless contract expertise, monitoring and optimization know-how, you are virtually guaranteed to be overpaying. To their financial detriment companies often take solace in steady carrier billing amounts month-to-month without the slightest inkling that for months or years they have been paying more than they should.

The Sarbanes Oxley Connection – Mobility Fraud, Abuse and Waste

Sarbanes Oxley (SOX) regulations passed by U.S. Congress in 2002 are designed to protect investors from fraudulent accounting activities by corporations. The intent of SOX is to detect and deter fraudulent or improper financial reporting by concentrating on issues related to the preparation of financial statements, issuer reporting/disclosure, and audit failures. SEC Chairman, Mary Jo White introduced a policy to police technical, non-fraud violations. In explaining the policy, Chairman White stated, “minor deficiency violations that are overlooked or ignored and can feed bigger significant deficiencies, and, perhaps more importantly, can foster a culture where laws are increasingly treated as toothless guidelines”. The concept stems from the idea that even leaving small unaddressed discrepancies conveys a lack of importance and diligence to the maintenance of accurate reporting and accounting.

Out-of-control spending on mobility embodies an innate possibility of internal control deficiencies revealing instances that may rise to the level of material weakness requiring SEC filings and potential restatement of earnings.

Fraud

The rising trend of company theft is one of the fastest growing crimes in the United States, per the FBI. Why?  Because it’s difficult to uncover.  Companies tend to approach theft in two ways, proactive; meaning they put systems and policies in place to dissuade their employees from stealing, and reactive; meaning they haven’t invested the time to develop checks and balances but choose to respond only as problems surface. Unfortunately, most companies are reactive in investigating compromises from suspicious incidents.  This greatly increases a company’s exposure to fraud.  When you think of employees stealing from a company, it often centers on taking the obvious like merchandise, time, information, equipment or supplies, or if it’s money; embezzlement. With the expanded availability of high-priced wireless devices, gone are the days when post-it-notes and pens are the prime target of sticky fingers. Now when employees are tempted, the target tends to be much costlier electronic devices resulting in a far greater financial impact to the bottom line.

One Real Case of Mobility Theft

In a recent MobilSense deployment to assist one division of a nationwide company in managing mobile expenses, a sizable number of unused billing devices were identified. The quantity of these devices was surprisingly large and surfaced an obvious and significant opportunity for wireless expense reduction.

One of the key recommendations for this customer was to first terminate the older technology devices showing lengthy periods of inactivity on the invoice. The company provided a point of contact to assist in the wireless management tasks who was helpful initially in securing appropriate passcodes for carrier site access. However, once it became clear to this contact there was a proposal to terminate a large number of unused devices, he became non-responsive to additional requests. Under company management’s prior approval, a large batch of devices were terminated despite his lack of assistance. Surprisingly, hefty early termination fees (ETFs) appeared on the next month’s bill indicating possible criminal activity. Since the devices had not been used for months, many with no usage for longer than a year, it became obvious the ETFs were a result of new smartphone upgrades being ordered against the inventory of zero use devices.  The zero use devices continued to appear without use on the monthly bill, but it turns out this telecom administrator was profiting by selling brand new handset upgrades acquired on unnoticed zero use lines of service. Because of the trust placed in this telecom administrator, this fraudulent practice would have continued to go unnoticed had it not been for the scrutiny that accompanied the deployment of a mobile expense management automation and service solution.

Abuse

Instances of fraud, such as the case outlined above, are both embarrassing and costly to a company’s bottom line but it is probably not the most significant broken window and broken gate issues for Sarbanes Oxley compliance when it comes to mobility expenses. The most material instances come from abuse and waste which unfortunately can sit under the radar of company management priorities. Because these companies have overburdened telecom management teams, they typically lack the means or tools to identify or investigate the magnitude of a problem. Ignorance to the (“Broken Gate”) problem unfortunately is not a defense under Sarbanes Oxley. The absence of a corporate usage policy (“Broken Window”) on mobility devices signals and immediate problem related to abuse and waste. A policy alone is not sufficient – too many companies take unjustified comfort in knowing that they have a published mobility policy.

Even with a policy, in the absence of automation, there is a monumental effort to identify non-compliant users leaving a company exposed to widespread abuse. Although categories of abuse may be specifically outlined in a company’s mobile policy, employees will often test the bounds of company usage policies and expand those boundaries when it appears no one in management cares or when they recognize companies are ill-equipped to easily identify indiscretions. Abuse examples include excessive voice or data use for non-business purposes. It may include downloading applications at the company’s expense or using a company smartphone as a hotspot for personal activities from home. Asking employees to read and comply with a company usage policy is not enough – companies need automation to monitor employees’ ongoing usage to fully ascertain compliance to policies instead of fostering a culture where policies are increasingly treated as ineffective guidelines.

Waste

Waste is the most predominant and potentially costly of the three Sarbanes Oxley category exposures, as it can be spread over a significant number of well-intentioned employees.

1) There are various ways in which data use can result in unexpected monetary charges. These may include usage behavior not outlined in company policy or may simply occur because an employee is unaware that their device usage is costing the company needlessly due to the absence of feedback to identify the problem. One example is using a domestic plan when traveling internationally and another might be streaming audio or video for lengthy periods of time. Unless an employee sees the consequences of their usage on a monthly bill, they may not have an accurate assessment of the cost of their actions. When you add up the misappropriation of company resources that occur using company liable mobile devices, it will have a significant effect on a company overhead expenses especially when left unattended.

2) A second waste issue comes from the lack of effective mechanisms to optimize carrier invoices on a frequent basis. With ever-changing plans and the dynamics of fluctuating mobility usage patterns it is certain that without sophisticated algorithms and automation, a company will consistently over pay their carrier. A poorly negotiated contract and carrier sales incentives aimed at maximizing revenue will also contribute to needless carrier over-payment.

Data Pooling – A Contributing Problem

A downside of the positive economics of the new carrier data pooling plans is that excessive usage is often misinterpreted as merely a rising tide of natural data usage growth, thus remaining hidden from the employee, mobile administrators and managers. While pooling devices is the right strategy for businesses to choose, if pools are left unattended a company will consistently over pay month after month. Why?  Companies often choose over-inflated plans to avoid overages, however, when the usage habits of its employees do not warrant it they end up paying more than they should. The key to effective mobile cost management is having keen insight into the usage behavior of your users.  While assigning key personnel to oversee and manage your mobile expense is certainly a step in the right direction, without an automated mobile expense management solution your team is subject to lengthy time investments of analyzing the cost on their own which leaves room for misinterpretation and error.

Is Mobility Overspending a Material Risk?

Based on our history of dealing with over 400 clients and thousands of audits, on a typical monthly invoice, the range of overspending can be from 12% to 25%. By remediating wireless expense waste, abuse and other issues a quarterly profit and loss report with 7,500 devices could improve by $274,000.   When factoring the aforementioned number of devices over three years, the profit improvement can approach $3.28 Million.

Now What?

What can be done to mitigate these types of Sarbanes Oxley risks?

First, if one does not currently exist, develop and publish a corporate mobile policy. Without a published guideline, employees will be left to decide their own usage policies.  Second, once your policy is in place you need a mechanism to enforce policy compliance. This will necessitate the addition of automaton and tracking capability like those provided within MobilSentryTM.  Third, get an assessment from an expert as to whether your company is overpaying for your carrier services based on up-to-date optimization algorithms. MobilSense provides these assessments at no charge.   Fourth, have an expert do an assessment to find out whether your company has market available pricing, discounts, cost-cutting concessions and other terms/conditions on your carrier agreements.  Note, you can renegotiate your contract with carriers at any time. The opportunity to inadvertently misappropriate company funds presents itself daily and often goes unnoticed and that is why smart companies use automation and experts as a safeguard to protect their mobile assets.  To learn more about how your company can avoid mobile device waste and abuse, and gain insight into market available contract provisions, visit us at www.mobilsense.com or call us at (888) 870-4250.