The Chinese Basic Standard for Internal Control of Enterprises ("C-SOX") will come into force soon, and many companies are therefore starting to implement this regulation. While the prospect of adopting a new standard in corporate governance and risk management may seem daunting, there are a few simple steps that companies can take to get ahead of the project. Companies that start implementing C-SOX early will gain a competitive advantage and save a lot of money and resources in the long run. The keys to a successful implementation are gaining the support of the entire organization and setting a reasonable strategy and timeline for the project.
To get the most out of a C-SOX project, it is essential to understand that compliance is an ongoing process and not a one-time initiative. This article will show you how you can get started with the C-SOX process to ensure its success.
The Basic Standard for Internal Control of Enterprises was announced in 2008 and is sponsored by the Ministry of Finance, the China Securities Regulatory Commission, the National Audit Office, the China Banking Regulatory Commission, and the China Insurance Regulatory Commission. The aim of the new regulations is to increase the effectiveness of internal controls in Chinese listed companies, thereby reducing risks for companies and their stakeholders.
The new rule requires companies listed on the Shanghai or Shenzhen stock exchanges to conduct self-assessments of their internal controls, publish an assessment report on an annual basis, and hire qualified agencies to audit the company. the effectiveness of their internal controls. The basic standard will apply to more than 900 companies listed on the Shanghai Stock Exchange and around 800 companies listed on the Shenzhen Stock Exchange.
The backbone of the basic standard for corporate internal control is the COSO Risk Framework, which establishes a broad definition of internal control spanning all parts of an organization. . It lists five key control elements:
1. Internal environment – the basis of all the other components of internal control
2. The risk assessment – identification and analysis of risks for the achievement of company objectives
3. Control activities – policies and procedures to ensure the execution of directives
4. Information and communication tools – systems to store and exchange information in support of business objectives
5. Internal monitoring – process for evaluating the quality of internal controls
The objective of assessing internal controls and corporate governance is to acquire sufficient knowledge of the control environment to understand the attitudes, awareness and actions of management regarding control environment factors.
The basic standard for corporate internal control requires listed companies:
o Include the five elements of control when establishing and implementing effective internal control
o Establish and implement internal control policies
o Set up a suitable business management IT system with integrated controls
o Define clear policies on rewards and disciplines related to the successful implementation of internal control. The effectiveness of the implementation of internal control should be seen as a key element in the evaluation of performance at departmental and staff level.
o Carry out a regular self-assessment of the effectiveness of its internal control and issue control self-assessment reports
The implementation of C-SOX is a change management initiative that can have a significant positive impact on the business. However, in order to do this, companies need to take certain steps and make sure they have a clear strategy.
Starting the C-SOX compliance process doesn't have to be difficult. A high level of visibility and support from the leadership team will provide the urgency needed to quickly launch training programs and bring internal resources together. Putting these foundations in place early removes the time constraints from the compliance project and will give the company a solid foundation in risk management and internal controls going forward. In particular, making the effort to develop a culture of risk awareness will pay off through better existing processes, reduced errors, and increased employee engagement. Companies that start now will see their margins improve, their efficiency and their respect for the growing market.
The basic standard for corporate internal control is still evolving and final implementation guidelines are not yet available. However, companies should take advantage of this period to seek the benefits of better risk management and internal control systems.