China's Basic Standard for Enterprise Internal Control (C-SOX) is coming into effect soon, and while some of the implementation guidelines are not yet clear, the core of the regulation is in place.
The purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with. Many Chinese companies have poor risk management systems, inadequate business data and patchy IT infrastructures. However, these are not the biggest challenges facing companies that will be required to comply with C-SOX.
The biggest challenge (and hence, the top criteria for success) is company culture. No amount of money, software or consultants can compare with the beneficial effects of enlightened and committed management. For C-SOX to really succeed, companies have to embrace risk management as a concept, adopt internal control frameworks and change their corporate culture.
What does that mean? For organizations to get the most benefits of C-SOX compliance, they must:
- Foster openness and transparency in the company
- Be open to self-evaluation and self-criticism (of the management team and all employees)
- Report on perceived risks in a timely fashion
- Provide training on the benefits of risk management and internal controls
- Have executives visibly "own" the C-SOX implementation
- Establish a "whistleblower" mechanism and fraud reporting hotline to alter the company to potential problems
Management will need to be visible in its support for C-SOX and ensure that a sense of urgency is felt across all offices and regions. This means creating a project team with adequate representation from the entire business, and one with the political clout required to overcome institutional resistance to change.
Although responsibility for risk management and compliance ultimately sits with the CEO and Board of Directors, forward-thinking companies will move to push responsibility to various parts of the organization.
C-SOX projects require participation from many levels of an organization, and for compliance projects to succeed, companies must make their staff an active participant on the integrated project team.
Industry leaders involve much of the organization in their C-SOX implementation process and go beyond the minimum requirements imposed by the Basic Standard for Enterprise Internal Control to improve operating results while introducing business improvements throughout the organization.
Many companies in China do not currently have this kind of culture, and that is going to mean extra time and effort and required for proper implementation of the Basic Standard for Enterprise Internal Control. Companies that see this as an opportunity to refresh and improve their corporate culture will be rewarded with a quicker process and more tangible business benefits.
About the author:
Alex Raymond is the Founder and CEO of Vast Talent, a specialized provider of compliance and performance management systems in China.
Vast Talent combines world-class products and international best practice with the local support and services that companies in China require. Vast Talent's solutions include software tools for compliance and performance management, a large library of online compliance, finance, safety and IT courses and tools for testing and assessment.
Vast Talent was founded in 2008 and has offices in Hong Kong and Beijing.
More C-SOX resources available at: http://www.vast-talent.com/en/compliance_solution_for_china_basic_standard_for_enterprise_internal_control_csox.html
Article Source: http://EzineArticles.com/?expert=Alex_Raymond