Sarbanes-Oxley Act. It was enacted following Enron and Worldcom to prevent corporate malfeasance. Sadly it gave a lot of auditors a lot of power which translated to 'controls' placed on the work environment. Some make sense (e.g. no read/write access to production for development). Others make no sense (e.g. no access to log files from production for developers troubleshooting issues). It really depends on the company and the audit process.