Bosses: You could go to jail and your staff wouldn't care

Company directors are increasingly leaving themselves at risk from prosecution by failing to comply with tightening regulation.

From the use of illegal software to the presence of copyrighted materials on the network and the failure to meet requirements under legislation such as Sarbanes-Oxley, directors are putting their necks on the line and their own staff aren't helping.

It seems end users will always be the weakest link in the chain – with illegal software a particular favourite among staff seemingly intent on landing their bosses in legal hot water.

John Lovelock, director general of the Federation Against Software Theft said: "We would like employees to think carefully about downloading copies of software without paying for it. However, the responsibility for their actions can rest with the directors and officers of their organisation. Theft is theft and will be treated accordingly."

Lovelock added: "Corporate liability is something that management cannot afford to gloss over. It will come back to bite them."

Similarly employees can undermine compliance at the press of a button. As such IT managers need to ensure they regularly and effective audit their IT assets and control what they have and how it is used.

Kevin Fitzpatrick, CTO at Manpower, told silicon.com: "As IT leaders we have a special duty to ensure our organisations are secure from malicious or inadvertent damage – but there will always be some that get through."

Mark Outhwaite, director of technology at the NHS modernisation agency, said: "Fundamentally this is about creating a culture of compliance and corporate responsibility which is self-regulating.

However in light of former WorldCom chief Bernard Ebbers' recent fraud conviction, Outhwaite believes the issue of compliance is as much about HR and top level buy-in as it is about IT.

"No amount of clever IT is going to correct a flawed business culture. However, the risk of ending up in jail for 20 years will concentrate minds wonderfully but will only generate results if the boards of organisations recognise that this is about the way people in leadership positions behave first and foremost and do not reach for the first IT solution that crosses their horizon."

John Odell, group IT director at BBA, said: "Organisations need a culture of good governance. But sadly even with one in place deceivers will always find a way to side-step legislation."