NRI Papers
No.116 April 1 , 2007
  The Issues of Internal Controls from the Perspective of Information Security  
Keiichi HIMENO
   In 2006, internal controls within a company attracted a great deal of attention, with the IT industry proposing a wide range of solutions (problem-solving systems) to deal with the New Company Law and the Financial Instruments and Exchange Act (also known as the Japanese version of the SOX Act). In November 2006, the "Proposed Evaluation and Auditing Standard on Internal Controls over Financial Reporting (Exposure Draft)" was announced. This standard serves as the guidelines for developing an internal control system as provided for in the Japanese version of the SOX Act. Pursuant to these guidelines, every company will be expected to put all their efforts into complying with the Japanese version of the SOX Act.
   To identify the issues that must be resolved relative to internal controls from the perspective of information security, NRI Secure Technologies conducted surveys and research activities. These surveys revealed that, regarding information security measures, many companies have perfect technical measures in place, but their employees have not been fully educated in the fundamentals of information security. We also found that some employees fail to observe the company rules that have been established.
   In order to develop an overall IT control system efficiently, it is important to pay attention to information security. I believe that it will be even more vital for management executives to be fully involved in order to achieve the reforms in attitudes needed to attain compliance (observance of rules).
I The Roles of Information Security and Associated Loopholes
II Overall IT Control as Seen in the Exposure Draft
III Questionnaire Surveys Reveal Current Information Security Measures and Issue
IV Toward Establishing Efficient Internal Controls through the Use of Information Security


Copyright(c) Nomura Research Institute, Ltd. All rights reserved.