-
1 800 667 6389 (1-800-NO-SOFTWARE)
Charter Communications Uses the Force.com Sandbox Testing Environment to Ensure Sarbanes-Oxley Compliance
Challenge
- Charter Communications, a leading broadband communications company, needed to ensure Salesforce CRM customer and sales information was consistent with its financial system in order to be Sarbanes-Oxley compliant
- Customer records were represented differently in each system; Charter needed to establish a common account number for each customer to be used across systems
- With a complex plan to reconcile accounts, the company needed to validate procedures in a full test environment
Solution
- To reconcile Salesforce CRM with the billing system, Charter developed data-integration procedures to ensure consistency with any new customers and deals
- The company developed procedures to update historical data in Salesforce CRM, requiring sophisticated matching algorithms and impeccable attention to detail
- Charter used the Force.com sandbox to create a complete copy of its production environment on isolated hardware
Results
- Customer and sales information is now consistent with its financial system and meets Sarbanes-Oxley compliance requirements
- The Force.com sandbox gives Charter the ability to instantly create an exact, cloned cloud-computing environment with one click, without any downtime
- Charter uses the Force.com sandbox for all of its development, testing, training, and promoting changes to its production environment
- With the sandbox, Charter can easily integrate Salesforce CRM into its processes to meet all Sarbanes-Oxley compliance requirements going forward
With Microsoft co-founder Paul Allen as its chairman and largest shareholder, you would expect Charter Communications, a leader in entertainment and information services and broadband educational content, to approach its challenges with innovation in mind. No surprise then that when it came time to ensure Sarbanes-Oxley compliance, Charter thought outside the box-and adopted the Force.com sandbox, salesforce.com's innovative environment for developing and testing applications.
Like every public company in the United States, Charter, with approximately 15,500 employees operating in more than 4,200 locations across the country, has been busy meeting the requirements of the Sarbanes-Oxley Act of 2002. The Act, which went into effect in 2005, requires company executives to certify their financial results and report on the internal controls employed to ensure accuracy of those results.
The company's business services subsidiary has been a salesforce.com customer since 2003. Adoption of Salesforce CRM expanded incrementally over time. Salesforce CRM's ease of use and cloud-computing model meant that adoption sometimes occurred under the radar of the corporate IT department.
"As we began investigating our business processes and operational systems in the context of Sarbanes-Oxley compliance, it became obvious that Salesforce CRM was at the heart of some of our key processes," says Chad Rycenga, director of IT with Charter Communications. "Employees were constantly referring to Salesforce CRM as a system they relied upon daily."
Reconciling Discrepancies Between Systems
Because Salesforce CRM contained both customer and sales information, the company needed to ensure that the information was consistent with its financial systems. "How much we commissioned sales representatives through payroll, for example, was driven by the data in Salesforce CRM. However, our legacy billing application was the system of record for accounts and revenue recognition," explains Rycenga. "We had to make sure that the systems matched."
In preparation for Sarbanes-Oxley audits, Charter ran some tests to determine consistency between Salesforce CRM and its billing system. It came as no surprise that Salesforce CRM contained no data for customers or opportunities prior to its 2003 deployment. Furthermore, the company also found that the same customer was sometimes represented differently in each system because there was not a consistently used common account number across systems.
"When longstanding customers bought services from Charter, the monthly recurring revenue for the customer might be calculated differently between the two systems," notes Rycenga. "To implement a key control from a Sarbanes-Oxley perspective, we needed to get the systems consistent. That would also help auditors perform a review of the commission's expense line item."
To reconcile Salesforce CRM and the billing system, Charter developed data integration procedures to ensure consistency for new customers and deals in the future. The company developed separate procedures to update historical data in Salesforce CRM, including the creation of pre-2003 accounts and deals that didn't exist in Salesforce CRM.
These procedures required sophisticated matching algorithms to link accounts, verify monthly recurring revenue, and update and lock down account details with values from the system of record. "The changes were complex, touched a lot of data, and affected users throughout the company," says Rycenga. "We couldn't afford to be wrong or make any mistakes."
Production Challenges
Because the changes made during reconciliation could have an impact on financial reporting and therefore had Sarbanes-Oxley implications-and because it is good IT change-management procedure-Charter did not want to update the production environment without thorough validation. Proper change-management procedures, one of the general IT controls advocated as part of Sarbanes-Oxley compliance, suggest the separation of development and testing from the production environment.
Charter needed a full copy of production data to validate the procedures, adding complexity to the testing requirements. "We needed a means to test our changes in a duplicated production environment," explains Rycenga. "We wanted to verify all the data changes. The scope of the changes meant that we didn't want to take chances with our rollback procedures."
Force.com's Sandbox Provides Peace of Mind
Just as Charter was confronting these challenges, salesforce.com released the Force.com sandbox. It provides customers with a complete copy of their organization's production environment, including all data, configurations, and customizations. The sandbox is an exact replica of the production environment that customers can use for development, testing, and training.
Although Salesforce CRM provides numerous means for safely isolating and testing changes in the production environment, the sandbox environment is an identical clone of the entire Salesforce CRM stack, right down to the APIs. The sandbox runs on isolated hardware and offers customers more comprehensive development and testing capabilities, such as the ability to modify data and test integrations.
Charter decided to use the Force.sandbox for the project. "We really couldn't have done this project without the Force.com sandbox," says Rycenga. "We needed every bit of our data, and we needed a process that was reversible if we found a problem.
"Compared to the test environments of some of our on-premise software, the Force.com sandbox offers a lot of benefits," adds Rycenga. "Normally we would have to buy separate hardware, maintain multiple environments, and implement complex migration routines. With the Force.com sandbox, it really is a one-click step to create an exact cloned environment that's completely on-demand. The ROI was pretty easy to see."
Now Charter uses the sandbox for all of its development, testing, and training. "Once we verify that everything works, we can promote the changes to our production environment," explains Rycenga. "The sandbox is now a key part of our software-development and change-management lifecycles, as well as the IT controls we use for Sarbanes-Oxley compliance. It helps large enterprise IT shops like ours more easily integrate Salesforce CRM into our processes and meet our compliance requirements."