A recent trend is the legislative imposition of good corporate governance practices. The Sarbanes-Oxley Act (SOX) has come into effect in the US since June 2004. Similar regulations will soon become effective in India as well (the SEBI clause 49, Amendments to Companies Act, and Naresh Chandra Committee recommendations etc point to the new environment that is waiting to unveil itself). CII has played a pioneering role in corporate governance in India, having drafted India's first code on corporate governance in April 1998. In keeping with this initiative, CII offers corporate governance consultancy services too.

An important aspect of the current trend in corporate governance initiatives is the strengthening of internal controls and disclosure norms of companies. Sections 302 and 404 of SOX in US cover these aspects. In India, the SEBI clause 49 had sections on CEO/CFO certifications pertaining to the effectiveness of internal controls (though these sections are currently held in abeyance).

Good corporate governance requires internal controls to ensure that:

Today, information assets are crucial to a company, and therefore must be safeguarded diligently under the corporate governance norms. Also, almost all companies use information systems to process their financial data. To maintain the integrity of financial reporting it has to be ensured that the data processed in the information systems is not tampered with. This entails putting in place information security processes.

So we see that to ensure the objectives of robust internal controls under corporate governance legislations, information security is a crucial component. CII's consultancy services will include: