With reference to the Companies Act, Department for Trade and Industry minister Jacqui Smith has said: “We want the UK to have the best system of corporate governance in the world. There is no denying that financial markets around the world have been badly shaken by the corporate failures of the last few years.

“This Bill completes a comprehensive package of measures aimed at restoring investor confidence in corporate governance, company accounting and auditing practices here in Britain. Its aim is to raise corporate performance across the board and beyond.

“The Bill tightens the independent regulation of the audit profession and strengthens the enforcement of company accounting, both concerns highlighted by the Enron and Worldcom scandals. It gives auditors greater powers to get the information they need to do a proper job, and increases company investigators’ powers to uncover misconduct.”

Security

Basel II, the Sarbanes-Oxley Act and the Companies Bill all highlight the fact that board directors and executive management have a duty to protect the information resources of their organisations. As such, network security – preventing unauthorised access to information and data – is of the utmost importance, and the most effective way of achieving this is by deploying an effective provisioning solution that allows the enterprise to determine who has access to which applications and when.


However, implementing an identity and access management programme that ensures the correct level of security and internal controls over key information and data can be a difficult task for many large organisations.

Often, systems and access policies in use today were developed many years ago when security was not necessarily the highest priority. Not only are these legacy systems now unsuitable for use, but, since being implemented, many of the policies associated with them have not been reviewed, and access is granted either manually or by way of ‘home grown’ development.

Furthermore, many of the systems were not developed to cater for temporary changes such as the provisioning and de-provisioning of contract workers or account for a member of staff on leave. Adding to the problem is the fact that, often, companies have myriad systems and access policies, which have merged with another organisation’s policies, systems and architectures.

These issues are now major problems that need to be addressed urgently. As well as the need to comply with corporate governance regulations, the situation has also given rise to an increased security threat; a fact highlighted by the Financial Services Authority’s Financial Crime Sector Report: ‘Countering Financial Crime Risks in Information Security’.