The key to compliance.In the wake of the Enron and Worldcom accounting scandals Accounting scandals, or corporate accounting scandals are political and business scandals which arise with the disclosure of misdeeds by trusted executives of large public corporations. , the regulations an enterprise implements to ensure its integrity are open to increasing scrutiny. This has given rise to a growing number of initiatives such as Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. The purpose of Basel II is to create an international standard that banking regulators can use when creating regulations , the Sarbanes-Oxley Act See SOX. and the new Companies Act, all designed to ensure that high-standards of corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. become part of day-to-day business culture. Basel II Basel II, the forthcoming protocol for the financial sector, is designed to replace the 1988 Capital Accord. It recognises that managing and controlling financial risk and operational risk, such as IT, is an integral part of corporate governance and, as such, obligates companies to assess their vulnerability and make it public. Basel II is based on three main areas that allow banks to effectively evaluate the risks financial institutions face: minimum capital requirements Capital requirements Financing required for the operation of a business, composed of long-term and working capital plus fixed assets. , supervisory review of an institution's capital adequacy, and internal assessment process and market discipline through effective disclosure to encourage safe and sound banking practices. Financial organisations Noun 1. financial organisation - an institution (public or private) that collects funds (from the public or other institutions) and invests them in financial assets financial institution, financial organization that do not provide appropriate details must set a side 20 per cent of their revenue in order to cover loses or risk being prevented from trading. The first phase of Basel II will come into effect at the end of 2006, with the more advanced elements planned for implementation at the end of 2007. Sarbanes-Oxley Act The furthest reaching of these regulations is the Sarbanes-Oxley Act, which requires companies to comply with challenging new standards for the accuracy, completeness and timeliness of financial reporting, while increasing penalties for misleading investors. The Act, which applies to all companies (and their subsidiaries) on the US public markets, protects the interests of investors and serves the wider public interest by outlawing practices that have proved damaging, such as overly close relationships between auditors and managers. The law includes stiff penalties for executives of companies that are non-compliant including fines of $5m dollars, and up to 20 years in prison per violation. Companies Act The forthcoming Companies (Audit, Investigations and Community Enterprise) Act is designed to help UK firms avoid the much-publicised accounting and auditing problems experienced by companies such as Enron, Worldcom and Parmalat. The Bill- which made mention in this year's Queen's speech Queen's speech n (Brit) → discours m de la reine and will be debated in this session of Parliament in order to come into force early next year, will impose new measures to ensure that data relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc trades, transactions and accounting throughout an organisation is fully auditable. With reference to the Companies Act, Department for Trade and Industry minister Jacqui Smith has said: "We want the UK to have the best system of corporate governance in the world. There is no denying that financial markets around the world have been badly shaken
Shaken (車剣, also known as kurumaken) are a type of Shuriken by the corporate failures of the last few years. "This Bill completes a comprehensive package of measures aimed at restoring investor confidence in corporate governance, company accounting and auditing practices here in Britain. Its aim is to raise corporate performance across the board and beyond. "The Bill tightens the independent regulation of the audit profession and strengthens the enforcement of company accounting, both concerns highlighted by the Enron and Worldcom scandals. It gives auditors greater powers to get the information they need to do a proper job, and increases company investigators' powers to uncover misconduct MISCONDUCT. Unlawful behaviour by a person entrusted in any degree: with the administration of justice, by which the rights of the parties and the justice of the, case may have been affected. 2. ." Security Basel II. the Sarbanes-Oxley Act and the Companies Bill all highlight the fact that board directors and executive management have a duty to protect the information resources (1) The data and information assets of an organization, department or unit. See data administration. (2) Another name for the Information Systems (IS) or Information Technology (IT) department. See IT. of their organisations. As such, network security--preventing unauthorised access to information and data--is of the utmost importance, and the most effective way of achieving this is by deploying an effective provisioning solution that allows the enterprise to determine who has access to which applications and when. However, implementing an identity and access management programme that ensures the correct level of security and internal controls over key information and data can be a difficult task for many large organisations. Often, systems and access policies in use today were developed many years ago when security was not necessarily the highest priority. Not only are these legacy systems now unsuitable for use, but, since being implemented, many of the policies associated with them have not been reviewed, and access is granted either manually or by way of 'home grown' development. Furthermore, many of the systems were not developed to cater for temporary changes such as the provisioning and de-provisioning of contract workers or account for a member of staff on leave. Adding to the problem is the fact that, often, companies have myriad systems and access policies, which have merged with another organisation's policies, systems and architectures. These issues are now major problems that need to be addressed urgently. As well as the need to comply with corporate governance regulations, the situation has also given rise to an increased security threat; a fact highlighted by the Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. Authority's Financial Crime Sector Report: 'Countering Financial Crime Risks in Information Security'. Secure Enterprise Provisioning The latest enterprise provisioning technology allows organisations to alleviate Alleviate To make something easier to be endured. Mentioned in: Kinesiology, Applied these problems through centralised Adj. 1. centralised - drawn toward a center or brought under the control of a central authority; "centralized control of emergency relief efforts"; "centralized government" centralized management of IT systems and applications, and the users who access them. Enterprise provisioning solutions, which automate To turn a set of manual steps into an operation that goes by itself. See automation. the granting, managing and revoking of user-access rights and privileges, solve the problems created by complex user bases and IT infrastructures by enforcing policies that govern what users are allowed to access and then creating access for those users on the appropriate systems and applications. The solution can execute provisioning transactions dynamically, based on the nature of the request and then initiate the appropriate approval workflows as defined by the appropriate policy. It will also provide robust reporting that enables the IT department to better manage user access rights from a global view. For example, systems administrators can view who has access to particular systems or the status of any individual access request (add, move, change, delete To remove an item of data from a file or to remove a file from the disk. See file wipe, trash and undelete. 1. (operating system) delete - (Or "erase") To make a file inaccessible. ) in real time. The best of the new breed of provisioning systems enforce organisational policies designed to ensure that financial enterprises comply with regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. by governing gov·ern v. gov·erned, gov·ern·ing, gov·erns v.tr. 1. To make and administer the public policy and affairs of; exercise sovereign authority in. 2. who can access particular systems and the information they contain. Reporting and auditing capabilities enable the organisation to demonstrate compliance by listing who has access to protected systems and reporting on how the access was granted and that appropriate approvals were obtained, thus demonstrating that proper policies designed to comply with regulations are being followed. The software can also demonstrate that users who have left the organisation have had access revoked from all the systems to which they were previously authorised Adj. 1. authorised - endowed with authority authorized lawful - conformable to or allowed by law; "lawful methods of dissent" legitimate - of marriages and offspring; recognized as lawful . These capabilities not only make regulatory compliance straightforward easy to manage, but ensure increased productivity. Users can be connected to the resources they need to be productive in a fraction of the time, cost and effort previously required. Enterprises can compress the user set-up process from weeks to minutes and application integration from months to just days. In addition, the IT department's own productivity will increase dramatically as resources are freed up from the time-consuming tasks of managing user access and building integrations to managed systems and applications. By ensuring regulatory compliance and at the same time reducing IT costs, secure enterprise provisioning solutions are sure to evolve from the great opportunity they currently present to a critical element of the IT infrastructure of successful businesses. www.thortech.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion