Share this content

Corporate governance - the IT challenge

14th Jan 2005
Share this content

Dealing with Sarbanes-Oxley, the Combined Code, international accounting standards, data protection law and even the Basel II banking accords requires more than just a tweak to existing accounting packages, as has been the case in the past.

The new standards affect technology systems, people and processes right across the enterprise. Business applications as diverse as customer databases, content management applications, collaboration tools and HR may have to be knitted together and processes documented to show where authority and accountability lie.

Compliance Demands in 2005
Sarbanes-Oxley Act set in motion the drive towards greater information transparency, accuracy, and accelerated reporting. It affects everything from financial records to email communications, notably in relation to the management, maintenance and archiving of data. To comply, companies must invest in enterprise-wide network capabilities that make available all data relevant to their business activities, including proof that the processes that led to the creation of the data conform to the rules. The reach of Sarbanes-Oxley extends to European subsidiaries and partners of US companies - and their auditors.

Data Protection
The data commissioner, Richard Thomas, sought extra funds from government in 2004 to bring test cases against those who persistently flout rules. The Data Protection Act is unlikely to be revised in the near future, but amendments occur regularly and companies need to be aware of them

Combined Code
The revised Combined Code of corporate governance came into force in November 2003 introducing requirements relating to auditing best practices, fraud avoidance and good accounting. Companies that do not comply may find their openness and transparency is called into question

Companies Bill
The new UK Companies Act will come into force at the beginning of 2005. In essence, it allows auditors greater powers of inspection and recommendation, including wider circles of people within the organisation and information relevant to their enquiries, regardless of its form.

International Accounting Standards
Also known as the International Financial Reporting Standards, these rules are mandatory for listed companies from 1 January 2005. Those making the transition may need to endure a year of dual reporting - in effect having to run two accounting systems to reconcile existing and new GAAP.

Basel II
Even more than IFRS, Basel II tops the compliance agenda in financial services. This European initiative focuses on risk management and has an implementation deadline of 2006. To ensure they comply, financial services companies are gathering data now from across their networks and addressing their current risk management capabilities.

While network storage may not be a traditional corporate governance concern, the new regulatory regimes demand systems that can retain specific types of data. Storage systems must be capable of managing information over its complete lifecycle, typically for a minimum of six years.

Directors who do not regard data control and assurance as their concern may not understand the full implications of failure. Organisations need to move beyond the basics of up-to-date anti-virus software and firewalls and deploy active systems that scan networks for suspect traffic to minimise risks from downtime, productivity losses and unwanted legal liabilities.

Top tips for IT governance
  • Have an 'acceptable use policy' in writing and ensure it is communicated to all employees
  • The IT department must thoroughly understand policy to ensure accurate and appropriate execution
  • Ensure that employee Web activity is business-related
  • Establish rules to manage employees' email communications and the company's data
  • Manage Instant Messaging (IM) on the network; it is a part of governance
  • Extend the 'acceptable use policy' to cover the company's mobile workforce and mobile devices
  • Stop unwanted content to ensure the network is available for business use
  • A strategic approach to governance and technology
    Governance is penetrating more deeply into the organisation and security threats are becoming more sophisticated and affecting both internal and external communications. Businesses need to develop strategic approaches to address the issues.

    The new Combined Code rightly emphasises the importance of training for directors. SurfControl's own belief is that corporate governance is at once a policy, a set of practices, a guide to corporate structure, and a technological infrastructure that underpins all activity. We hope our whitepaper shows why.

    Visit's Reseller Channel page on AccountingWEB to request a PDF copy of the full, 11-page report,


    Replies (0)

    Please login or register to join the discussion.

    There are currently no replies, be the first to post a reply.