The new UK regime, set out in the Companies (Audit,
Investigations and Community Enterprise) Act of 2004, has obvious
knock-on effects for records management. This may require companies
to adopt more stringent information security measures to ensure the
accuracy and integrity of their records.
Included in the sections of the Act brought into force today
is a requirement that directors issue a statement in the auditor's
report, confirming that they provided the auditors with all of the
relevant information needed to properly prepare the report.
Directors who fraudulently or negligently make this statement – or
other directors who fraudulently or negligently allow the statement
to go into the report – commit an offence under the Act punishable
by fine or imprisonment.
Another big change is a widening of powers for government to
investigate company records – giving the Secretary of State, or an
investigator authorised by her, the right to require the production
of any records which she or the investigator specifies.
As well as changes to company law reporting procedures,
today's changes mean an increasing burden on companies to ensure
that their information security practices are up to scratch.
Companies already have a number of legal obligations to make
sure that they manage and control information securely, including
rules relating to the security of personal data under the Data
Protection Act. These obligations include a duty to ensure that the
information retains its accuracy and integrity.
The provisions under the new Act augment these existing legal
duties. Moreover they will require directors to create an audit
trail, to prove that they have carried out due diligence on the
required information. It is not enough just to put in place
information security measures – directors now need to be able to
demonstrate that they have done so.
