China’s Basic Standard Enterprise Internal Control (C-SOX) is to be implemented soon, and while some of the implementation of the guidelines have not been specified, the essence of the regulation is present.
main purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate internal controls, publish an evaluation report on the annual audit and the effectiveness of internal controls them. These are new concepts for many organizations in China, and as a result is some resistance and confusion to deal with. Below is a list of ten questions to address before C-SOX implementation process.
1) Do we have the creation of maps? This document is the backbone C-SOX implementation because it shows the role and responsibilities of the departments and employees. It will be used to assign responsibilities and internal control approval levels. If your organization does not have a card recently, working with employees in your field to put one together.
2) Who “of the” C-Sox? The answer should be the CEO and the Board. If management does not have a C-SOX process, it means that the company is not putting in the right amount of resources needed to make the implementation work. Companies representing C-SOX implementation of a specific department risk failure due to lack of support.
3) What is our current framework? Available The framework is a great starting point for C-SOX. It could be based on coso, ERM or ISO 31000 – the point of departure is less important to the discipline that comes with the risk management process. If you do not have a current Risk Management Framework, you should hire an outside consultant or expert to help you.
4) How will it help us? IT will play a key role in the C-SOX process, so it helps to get the IT team involved early. Part of the implementation will have to buy new software (in fact, the Basic Standard Enterprise internal control mandates the use of computer systems with in-built control) and IT department can help to draw up a strategy and implement it.
5) What is the plan our training? Go initiative will not succeed if you do not train staff. The training plan should include at least the following points: why internal control is important, the main internal control policies and procedures of the business and who to go to with questions. Use E-Learning to be trained quickly and with maximum density.
6) Where is the expertise? If you do not have experts on internal control and risk management within the company, you should hire an outsider to jump start a project. There are many specialist consultants who can help you develop and implement policies and which will train staff (this will reduce costs in the long term).
7) What constitutes success? Make sure the CEO and senior management have a shared vision of what C-SOX success looks like. This is a long process and there will be many steps along the way. Implementation of the plan should be aware milestones and metrics for your business.
8) How do you evaluate staff performance? Several factors C-SOX related to human resources. Managers need to perform self-assessments against internal control statistics, which means that the head must disclose information about their goals and objectives, and give up on their performance. Furthermore Basic Standard Enterprise internal control requires that compensation managers to be linked to internal controls. These are new concepts for many companies, and set up a performance management process is the best way to implement these requirements.
9) What’s in it for me? Unless managers understand the benefits of C-SOX compliance, they are not likely to want to invest time and money in the process. Make sure that you have an education campaign so employees understand where they fit in the process and the benefits to them.
10) What’s next? C-SOX compliance is an ongoing process, not a one-time event. There are always next steps and future plans and strategies need to be implemented. You need a team that is able to perform the applicable requirements and plan ahead for what comes next.
The Basic Standard Enterprise internal control is a broad rule that will affect all areas of the company’s business. You have to see to address these fundamental questions before the implementation process.