Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.


Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

Who Are You? ID Management Under SOX

Todd Neff | September 6, 2006

Once upon a time, managing identities was a snap. Corporate IT infrastructure consisted of a single, hulking IBM mainframe with a relatively specialized group of back-office users who were either logged on or not. If line employees or managers had computers at all, they were used for word processing and spreadsheets, and people “networked” machines by handing floppy disks to one another.

Today even the janitor might carry a Blackberry—bringing a boon to productivity, yes, but also turning identity management into a terrific challenge for corporate executives who must assure regulators that only those who are properly authorized to access financial systems actually do.

The legitimacy of system users is inherent in Section 302 and Section 404 of Sarbanes-Oxley, which demand effective internal control over financial reporting. But you can’t have effective controls if a disgruntled former employee can log into the payroll department. Guarding... To get the full story, subscribe now.