China's Basic Standard for Enterprise Internal Control (C-SOX) will soon come into force, and while some of the guidelines for implementation has not been specified, the core of the regulation is in force.
The main objective of C-SOX is to increase the effectiveness of internal controls in publicly traded Chinese companies, thus reducing risks for businesses and their stakeholders. Companies must assess their internal controls, publish a progress report on an annual basis and audit theEffectiveness of their internal controls. These are new concepts for many companies in China, and as a consequence, there is some resistance and confusion to deal with. Below is a list of ten questions before your C-SOX implementation address.
1) Do we have an organization map? This document is the backbone of your C-SOX implementation, because it shows the roles and responsibilities for the departments and employees. It is used to assign the responsibilities andinternal control approval levels. If your organization does not have a current card, compiled the work with your HR department into one.
2) Who "owns" C-SOX? The answer should be the CEO and board of directors. If the top management does not own the C-SOX process, it means that the company did not put in the right amount of resources needed to implement the works. Businesses to fail, the delegates to C-SOX implementation to a specific department at risk because of the lacksupport.
3) What is our current risk management framework? An existing framework for risk management is an ideal starting point for C-SOX. He can be based on COSO, ERM and ISO 31000 - the starting point is less important that the discipline comes with a risk management process, the. If you do not represent an existing risk management framework, you should set an outside consultant or expert to help you.
4) How will it help us? It will play an important role in your C-SOX process, so that ithelps to keep the IT team early action. Part of the implementation is the purchase of new software (in fact, the Basic Standard for Enterprise Internal Control mandates the use of IT systems with integrated controls) and the IT staff can help design a strategy and execute.
5) What is our training schedule? Such compliance initiative will not succeed if you do not your employees. The training should include at least the following elements: Why did the internal control is important, keyinternal controls and corporate policies and procedures, and who go with questions. Use e-learning for the training quickly and with maximum consistency.
6) Where is the know-how? If you are not experts in internal control and risk management in your company, you should hire externally to jump start your project. There are many specialist advisers who can help you develop and execute your strategy, and who is your staff (this will be your costs in the longterm).
7) What is success? Make sure the CEO and top management have a shared vision of what success looks like C-SOX. This is a long process and there will be many steps along the path. Your implementation plan should detail key milestones and metrics for your business.
8) How do we assess the performance of the staff? Some elements of the C-SOX are for human resources. Managers have to perform self-evaluations against internal control metrics, which means that departmenthave information about their goals and objectives, and evaluate themselves on their achievements to be disclosed. In addition, the Basic Standard for Enterprise Internal Control will require to be connected to the compensation of executives on the internal control. These are new concepts for many companies, and establishing a performance management process is the best way to implement these requirements.
9) What's in it for me? If managers take advantage of C-SOX Compliance understand, they are not likelywant to invest time and money in the process. Make sure you understand a campaign staff as to where they are involved in the process and the benefits to them.
10) What's next? C-SOX compliance is an ongoing process and not an event. It's always the next steps and future plans and strategies that must be implemented. You need to implement a team that is capable of existing requirements and plan ahead for what comes next.
The Basic Standard for Enterprise Internal Control is acomprehensive scheme which will affect all areas of operations of a company. You must take itself to these basic questions before starting your implementation process.
