China Basic Standard for Business Internal Control: Your Path to Compliance

The China Basic Business Internal Control Standard (“C-SOX”) will come into effect soon, and therefore many companies are starting to implement this regulation. While the prospect of adopting a new corporate governance and risk management standard may seem daunting, there are some simple steps companies can take to get started on the project. Companies that start implementing C-SOX early will gain a competitive advantage and save a significant amount of money and resources in the long run. The keys to a successful implementation are to enlist the support of the entire organization and establish a reasonable strategy and timeline for the project.

To get the most out of a C-SOX project, it’s critical to understand that compliance is an ongoing process, not a one-time initiative. This article will show you how you can get started with the C-SOX process to ensure success.

The Basic Standard for Internal Control of Companies was announced in 2008 and is sponsored by the Ministry of Finance, the China Securities Regulatory Commission, the National Audit Office, the China Banking Regulatory Commission and the China Insurance Regulatory Commission. . The purpose of the new regulation is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders.

The new rule requires companies listed on the Shanghai or Shenzhen stock exchanges to conduct self-assessments of their internal controls, publish an evaluation report annually, and hire qualified agencies to audit the effectiveness of their internal controls. The Basic Standard will apply to more than 900 companies listed on the Shanghai Stock Exchange and about 800 companies listed on the Shenzhen Stock Exchange.

The backbone of the Basic Standard for Business Internal Control is the COSO risk framework, which establishes a broad definition of internal control that extends to all parts of an organization. List five key control elements:

one. Internal environment – the basis for all other components of internal control

two. Risks evaluation – identification and analysis of risks to achieve the objectives of the company

3. Control activities – the policies and procedures that help ensure that directives are carried out

Four. Information and communication tools – systems for storing and exchanging information in support of business objectives

5. Internal monitoring – process for evaluating the quality of internal controls

The objective of the assessment of internal controls and corporate governance is to obtain sufficient knowledge of the control environment to understand the attitudes, awareness and actions of the management regarding the factors of the control environment.

The Basic Standard of Business Internal Control requires that publicly traded companies:

o Include the five elements of control when establishing and implementing effective internal control

o Establish and implement internal control policies

o Establish an adequate business management information technology system with integrated controls

o Establish clear policies on rewards and disciplines related to the correct implementation of internal control. The effectiveness of internal control implementation should be treated as a key element of performance evaluations for department and staff levels.

o Perform a self-evaluation of the effectiveness of its internal control periodically and issue control self-evaluation reports

The implementation of C-SOX is a change management initiative that can have a significant positive impact on the business. However, to do so, companies must take certain steps and make sure they have a clear strategy.

Starting the C-SOX compliance process doesn’t have to be difficult. A high level of visibility and support from the executive team will provide the urgency needed to quickly begin implementing training programs and gathering internal resources. Putting these foundations in place early takes the time pressure off the compliance project and will give the company a solid foundation in risk management and internal controls in the future. In particular, striving to develop a culture of risk awareness will pay off through better existing processes, reduced errors, and increased employee engagement. Businesses that start now will see improvements in margins, increases in efficiency, and a growing respect for the market.

The Basic Business Internal Control Standard is still evolving and final implementation guidelines are not yet available. However, companies should take advantage of this time to seek the benefits of improving risk management and internal control systems.