| There is considerable attention in the Chinese | | | | company is taking internal control: |
| business community to the newly announced Basic | | | | 1) Internal controls are owned by senior management |
| Standard for Enterprise Internal Control (C-SOX), | | | | 2) Executives clearly assign responsibilities for training |
| which goes into effect in July 2009. Compliance with | | | | and for monitoring of internal controls |
| this regulation will be a considerable effort for many | | | | 3) Evaluations of control systems are done |
| firms. | | | | periodically and are thoroughly documented and are |
| The Basic Standard for Enterprise Internal Control | | | | conducted by trained staff |
| was announced in the summer of 2008 by the | | | | 4) Comprehensive and business-appropriate criteria |
| Ministry of Finance, China Securities Regulatory | | | | are used to evaluate controls |
| Commission (CSRC), China Banking Regulatory | | | | 5) Control deficiencies are reported to management |
| Commission (CBRC), the National Audit Office, and | | | | and corrected on a timely basis |
| China Insurance Regulatory Commission (CIRC). The | | | | 6) Controls built in as new processes and procedures |
| new regulation intends to increase the effectiveness | | | | are implemented |
| of internal controls in listed Chinese companies, thus | | | | This checklist was designed to encourage your |
| reducing risks for companies and their stakeholders. | | | | organization to make a culture shift toward risk |
| Companies listed on either of the two major Chinese | | | | awareness and responsibility. Your performance |
| stock exchanges (Shanghai and Shenzhen) must | | | | against this checklist will give you a good picture of |
| conduct self-evaluations of their internal controls, | | | | how seriously your company is able to deal with the |
| report on an annual basis and hire qualified auditors to | | | | challenges of C-SOX. |
| review the effectiveness of their internal controls. | | | | The most important criterion for success in a C-SOX |
| C-SOX will apply to over 2000 companies in China. | | | | implementation is to ensure the support of the entire |
| Many companies have hired consultants and advisers | | | | organization. Although responsibility for risk |
| to document, test and upgrade internal controls to | | | | management and compliance ultimately sits with the |
| prepare their C-SOX compliance. However, without a | | | | CEO and Board of Directors, forward-thinking |
| cultural change and appropriate investments in | | | | companies will move to push responsibility to various |
| technology that automates the documentation, | | | | parts of the organization. C-SOX projects require |
| assessment and remediation of internal controls, you | | | | participation from many levels of an organization, and |
| would need to allocate the same amount of | | | | for compliance projects to succeed, companies must |
| resources year after year to be compliant with | | | | make their staff an active participant on the |
| C-SOX. In order to reduce their cost of long term | | | | integrated project team. People need to prepare for |
| compliance, companies have to make the focus on | | | | compliance consultants or auditors, and companies |
| internal controls a part of their company culture. | | | | must commit staff and resources to make efficient |
| Below are 6 checkpoints for how seriously your | | | | use of outside consultants. |