Thor Technologies, a New York-based identity management solutions provider, has sponsored a study by Boston-based research firm, Aberdeen Group, that identifies user-provisioning solutions as one of the key controls recommended by auditors for cost-effectively complying with Sarbanes-Oxley (SOX).
Seventy-five percent of the sample believed user provisioning is important to their company's compliance efforts, with separation of duties and attesting to specific internal controls most often cited as its key contribution. Numerous firms also believe that user provisioning addresses from one-quarter to fifty percent of the controls that are required to comply with Section 404 of Sarbanes-Oxley. The auditors interviewed for the survey stated user provisioning is the key control needed for evidentiary purposes. The findings come from a survey and interviews among more than 40 leading enterprises worldwide, sponsored by Thor and conducted by the Aberdeen Group.
"Among the large and midsized enterprises we surveyed, user provisioning is widely regarded as a critical component of SOX auditing and compliance," said Jim Hurley, Aberdeen vice president of research and the principal author of the report in the press release. "In their own words, companies involved in compliance initiatives reported that user provisioning is 'a big deal for us.'"
The findings are summarized in a study, "The Value of User Provisioning for SOX Compliance," which is available for download.
--Tideway's IT Configuration Management Solutions Target U.S. Investment Banks
London-based Tideway Systems has announced the availability of its IT Service Configuration Management solutions in the United States. Tideway's products, including its flagship solution, Foundation, provide organizations with transparency of their IT environments, enabling organizations to model business applications and supporting infrastructure and serve as a cornerstone to implementing IT best practices.
Tideway has established U.S. headquarters in New York and currently is working with U.S. financial institutions and U.S. operations of global investment banks, such as Dresdner Kleinwort Wasserstein (DrKW). "Regulatory compliance projects such as Sarbanes-Oxley are typically seen as a necessary and costly evil. Working with Tideway, we are able to turn compliance on its head and gain sustainable business value from the entire process," said Stephen Ashton, Director of Global IT Business Management for Dresdner Kleinwort Wasserstein, in the press release.
Recently, Tideway also launched its customer advisory board to deliver strategic counsel and perspective on product and solution development. Current members include: John O'Hara, distinguished engineer, JPMorgan Chase Investment Bank; Simon Post, outgoing group IT director of BSkyB and incoming CTO at Carphone Warehouse; Kevin Poulter, application technology manager at British American Tobacco; and Stephen Ashton, director of global IT Business Management at Dresdner Kleinwort Wasserstein.
--RSM McGladrey Says IT Security Biggest Risk for Financial Institutions
With all the potential threats to businesses today, IT security is the top issue keeping financial services executives up at night, according to a new risk-management survey conducted by Bloomington, Minn.-based business services firm RSM McGladrey. A resounding 99 percent of the financial institution executives responding to the survey ranked regular virus protection software updates as their number one technology concern. "Pressures from regulatory agencies have forced financial service companies to put a high priority on safeguarding their clients' and system data; still there are some holes in the dam," said Dan Trigg, RSM McGladrey executive vice president of financial services, in a press release. "Our research discovered that 15 percent of all financial service companies responding don't have any form of intrusion detection software to monitor who accesses their company's firewall."
The concerns for IT security come through in how financial service companies have budgeted for risk management in 2005. IT security tops the list, with 80 percent of survey respondents saying they plan expenditures in that area this year. Banks will spend considerably less on corporate governance, projects related to Sarbanes-Oxley and global risk prevention.
RSM McGladrey conducted the survey in November 2004 of 700 business executives -- more than half of them from the financial services sector. To see how financial institutions' executives responded visit www.rsmmcgladrey.com/fsrisksurvey.
--Euroclear Selects Norkom's AML Solution
Euroclear, a European provider of domestic and cross-border settlement and related services for bond, equity and fund transactions, has selected Norkom Technologies' Anti-Money Laundering (AML) technology for account and customer monitoring, behavior analysis and watch-list matching. This system will allow Euroclear to screen all transactions against industry-standard watch lists and monitor all transactions for suspicious behavior. The total value of securities transactions settled by Euroclear is in excess of $390 trillion per annum, while assets held for clients are valued at more than $17 trillion.
According to recent research from the TowerGroup, financial crime is costing the industry billions of dollars globally per year in operational losses, with untold costs in terms of lost reputation and consumer confidence. "Whereas we saw an early uptake of AML technology in the (retail) banking payments space, we now see that the convergence of the increase in crime rates and the growing demands of compliance regulations is driving the securities processing industry as well to seek out and implement technology solutions, such as AML, that can help them stop the hemorrhaging of losses and meet the challenges of industry regulations," said TowerGroup senior analyst Virginia Garcia, in the press release.