Thursday, August 13, 2009
New Online Finance course - Treasury Management
Working with our partner KESDEE, Vast Talent can now offer their thorough (and timely) course on Treasury Management. Its 30 modules give you everything you need to know about how to do this right.
Topics include:
- Interest Rate Risk Management
- Foreign Exchange Management
- Funding and Investments
- How to implement Treasury Management
- Treasury Analytics
...and lots of case studies and interesting background.
How to Manage a Retail Bank
The online courses have everything you need to know about how to run a retail bank, including sales, marketing, operations, risk management, security, human resources and more. This really is an excellent course for anyone who manages a bank or any banks with large retail presence. The course has 36 detailed modules in twelve topic areas.
Given the pace of expansion at many of China's large banks, the skills required to properly manage retails banks will be very valuable in the coming years.
FRM Exam - only 100 days to go
So if you haven't started yet, today is the perfect day to start preparing for the FRM exam. Sign up for the test on GARP's website and make a realistic study plan for yourself. The FRM takes many hundreds of hours of study to successfully pass, so pace yourself and make sure you have all the right tools.
As part of your FRM study plan, considering using an online certification course. The diagnostic exams and other interactive features can give your confidence and boost and guide you to success on November 21st.
Good luck with the FRM!
Thursday, August 6, 2009
New China SOX whitepaper posted on Vast Talent's website
The report focuses on the human elements require to ensure compliance with C-SOX, not just the financial side. It takes readers through a generic process and details how to:
- set corporate internal control objectives
- manage process and control documents
- conduct effective and low-cost staff training
- be ready for the C-SOX audit
- refine and improver internal controls over time.
This is the third whitepaper published so far by Vast Talent on the Basic Standard for Enterprise Internal Control. More to come...happy reading!
Monday, August 3, 2009
China SOX Presentation from APRIA 2009 - video
The main site with all the photos and presentation from APRIA 2009 is at http://insurance.hexun.com/2009/ytnh/
Enjoy!
Thursday, July 30, 2009
Islamic Finance Training - Why It's Needed in Hong Kong
Hong Kong has made a point of being an attractive destination for investors and marketing participants of Islamic Finance. With a global market size of US$400 billion and no clear leader in the market for Islamic Finance, Hong Kong stands to gain considerably from boosting its market presence, infrastructure and capabilities in this area. Although Dubai, KL and London all have big markets for Shariah products, no city can yet claim global leadership in Islamic Finance. So why not Hong Kong?
We've just launched Fundamentals of Islamic Finance which gives a great introduction to the subject and should be mandatory learning for anyone interested in Islamic Finance.
Check it out!
IT Certifications
These offerings are important because China (the area we are most focused on) has a tremendous need for software and hardware engineers of all kind. Engineers who graduate from college need to stand out from the crowd and differentiate themselves, so they go for professional qualifications like CCNA (from Cisco) or MCTS and MCITP (by Microsoft). Cisco estimates that China will need 400,000 new telecoms engineers in the next five years to support growth in the market.
The traditional way of studying for these certifications is to sign up at an IT school and use their classroom and facilities. But this can be expensive and your success in the exam is due in large part to how good your teacher is.
Our approach is to provide top-notch online courses that we designed by industry experts in conjunction with the big technology companies (like Microsoft, Sun and Cisco). That way we get the best information and the newest trends and technology. We also offer “virtual labs” where students can manipulate real, live IT environments remotely. This is great because it can be scheduled whenever you want, and you have access to lots of different kinds of software and hardware. Even better is that it’s cheap and you don’t have to invest in this infrastructure yourself.
You can currently sign up for a free trial of our Sun, Cisco, CompTIA, Microsoft, or ITIL certification courses. Soon we’ll offer the ability to buy on our site and get started on the next stage of your career.
Wednesday, July 29, 2009
Anti-Money Laundering Training
A big challenge has been the cost of training staff in AML and CTF. Since all staff usually have to undergo anti-money laundering training (the intensity of the training depends on their role in the company), costs can quickly escalate. But with e-learning, companies can save money and make sure that the training is consistent throughout the organization.
Every country has its own twist to the law, so it’s great that our partner Knowledge Platform has built specific modules on how to comply with AML regulations in Australia, Japan, Hong Kong, Malaysia, Cayman Islands and Singapore.
Note: this AML course is available in English, Chinese and Japanese – so you’ll get total coverage in Asia.
Six Sigma Training Now Available Online
What I like about these e-learning courses is that they’re really interactive. While you can imagine that quality management, process control and Six Sigma makes for a rather dry learning experience, we’re getting a fresh look at these topics here. The courses are really well designed and have nice graphics and are very interactive.
You should use e-learning in the context of Six Sigma to free up classroom time. Giving students online courses helps to create a common foundation of knowledge so that other training can be more efficient and effective. Don’t consider these courses a replacement for your traditional training – consider them a complement.
The four new courses are:
- Introduction to Lean Methodology. This is a survey course of only 30 minutes which gives an overview of what Lean is all about. Good for general use across an entire company.
- Introduction to Lean Six Sigma. This course is made up of four modules plus an assessment and takes about two hours to complete. It’s a good introductory course for people who work in manufacturing environments or project managers who are going to be involved in Lean Six Sigma.
- Six Sigma Yellow Belt. The Yellow Belt is the first step on the road of Six Sigma, and this course’s five modules will take you about 3 hours to complete.
- Six Sigma Green Belt. As you can imagine, this is a more advanced course with six longer modules of 90 to 120 minutes each.
CFA Level 1 June 2009 Results Published
As before, no geographic information is provided, so we don't know how candidates from particular countries or regions did. We can assume that the Europeans did best (they always do) and that the US was about average. If I can find more data or analysis on this, I'll post it up here.
For the 54 percent who didn't pass the CFA Level 1 in June, we are offering a special deal to improve your chances next time around. Just send us proof of your score and your registration certificate for the December 2009 exam, and you'll get a big discount on our CFA exam course. Click here to see how you can do better in December's CFA exam, and get a good deal, too.
Good luck!
Tuesday, July 21, 2009
APRIA 2009 Follow up
Had a great questions from the audience - in fact, it's a question that I get almost anytime I talk about China SOX (or Sarbanes Oxley or any similar risk management regulation). The question goes something like this: "If we have all these great risk management systems and regulation in place, why didn't they prevent or foresee the financial crisis?"
I think that's a really great question. When I answer, I usually point out that the problem is not so much with the laws/regulations themselves as what people do with them. The main point is that it's not what these regulations say that's important, it's how they are implemented. You can have the best regulation in the world written by really smart people, but unless they are put in place as intended and adhered to constantly, you are going to have problems.
That's why it's important to think of risk management as a culture change for the company. Risk management awareness has to be instilled throughout the entire company. It's not enough to pay lip service to risk management and not implement it properly.
Obviously, there were also lapses in government oversight (around the world) that caused these problems too. But my main focus is on how companies can get real business benefit from implementing China SOX.
Friday, July 17, 2009
Presentation on China SOX at APRIA 2009 Conference
I will be presenting in the plenary session titled “The Financial Crisis and the Future of Risk Management” on Tuesday, July 21st. My talk is called “A Preview of New Corporate Governance Regulations in China in Response to the Financial Crisis” and will focus on the operational impact to insurance companies of the Basic Standard for Enterprise Internal Control (C-SOX).
Here are the details:
Who: Alex Raymond, Vast Talent;
What: 2009 APIRA Beijing Annual Conference: “The Financial Crisis and the Future of Risk Management” plenary session;
When: Tuesday, 21 July 20009, from 10:30am to 12:00 pm;
Where: Beijing Friendship Hotel, Beijing, China.
More about the Asia-Pacific Risk and Insurance Association:
Founded in Singapore in 1997, the Asia-Pacific Risk and Insurance Association (APRIA) is a global learned society for all academics, executives, researchers and government leaders with an interest in risk management, insurance, actuarial science and related areas.
After the talk, I will post my slides and pictures (if any) up here.
Click for our press release about the talk at APRIA.
Monday, July 13, 2009
Only 5.88% of Companies in China Train on Internal Controls!
Consider other interesting statistics from the Deloitte survey:
- “88.24% of listed companies have raised their awareness of internal control and risk management”
- “58.82% of the enterprises have established designated departments to implement risk management and internal control”
- “23.53% of them have their focus of internal control progressed from written procedures to practical implementation”
- “Only 17.65% have carried out quality review of their internal control initiatives”
- “58.82% of the enterprises consider that the execution of internal control measures cannot achieve their expected results”
- “52.94% of the enterprises believe that a lack of information system relevant to internal control is one of the major problems to internal control implementation”
My read of this? Lots of companies are trying to take China SOX and internal controls and risk management seriously because they expect it to benefit their business. But they are not yet clear on how to achieve their objectives and what steps to take first.
My suggestion is to start with staff training to raise awareness and create a common language about risk management. Also make sure to prepare an organizational map showing areas of responsibility and who will need more advanced training. Once those are in place, companies can start finding IT systems that meet their internal control needs.
We published a whitepaper last month on how to get started with your C-SOX implementation. Click for more details – it’s free and you don’t have to register.
Thursday, July 9, 2009
146 Days until CFA Level 1
At this point you should be reviewing the Candidate Body of Knowledge (CBOK), established your key learning outcome statements and have a detailed study plan set up.
Since most people need more than 250 hours of study time to review everything and build their confidence, you need on average 1 hour and 42 minutes of study a day to stay on track (if you are starting from scratch).
I know it’s hard to stay motivated when you have hundreds of hours of intense work ahead of you, so try to break it up into manageable chunks and spend time on the areas that you find most challenging.
Do you have all the resources you need? If you are serious about passing the CFA Level 1 (only 35 percent of candidates pass) you will have bought an online CFA training course to give you an extra boost.
Why study online? It’s more efficient, more targeted and cheaper than most of the alternatives.
Wednesday, July 8, 2009
Risk Management Certifications help with China SOX
Click here for the PDF version of their press release: http://www.prmia.org/PRMIA-News/PECC-PRMIA%20Press%20Release.pdf
Of course, the FRM and CFA certifications are also useful tools for anyone tackling the C-SOX challenge. But kudos to PRMIA for claiming the ground first.
Tuesday, June 30, 2009
C-SOX: 4 tools you need to know about
Lots of IT systems that support an enterprise, from email to ERP to financial systems. This post will quickly look at a category of high-impact technologies that are not currently widely used in corporate China.
These include:
1) Document and knowledge management. Hundreds of internal control documents are created during a C-SOX implementation project. These documents cover the processes, procedures and policies of all areas of the company and become the foundation for the internal control system. Therefore, it is critical to have a document management system in place that allows for the centralized creation and management of this information. The document management system includes authoring, review, approval, publishing, editing, version control and retiring documents.
2) Employee performance management. Company management has to set internal control objectives and manage them throughout the year. A performance management system should be used to record, manage and report on the goals and objectives that are set by the company. There are three main parts to a performance management system: defining, managing and reporting on the goals.
3) Testing and Assessment tools. C-SOX compliance involves aligning operations to be predictable, consistent and validated. By implementing and maintaining a testing and assessment management tool, an organization can accurately track and report the state of compliance and respond promptly to requests for C-SOX compliance audits.
4) Online learning. E-learning is a great opportunity for companies to save time and money in their C-SOX implementations. Online courses are high-quality, interactive tools that can provide multiple business benefits to companies who are use these tools.
These technologies are “high impact” because they are generally deployed widely across the organization and are used frequently by employees. They are not as complicated or as costly to implement as other enterprise systems. Finally, they can be used together as a suite to accelerate China SOX compliance.
We just published a detailed white paper on these technologies, which is available on our website. Click to learn more about China SOX compliance tools.
Wednesday, June 24, 2009
China SOX: Top 10 Business Benefits of Compliance
1) Reduce risk. When employees are more aware of how to manage and prevent risks, the overall risk profile goes down - this includes financial and operational risk categories.
2) More predictable business. Companies that have steady, predictable business are valued more highly by investors, customers and partners. China SOX compliance makes you more predictable by imposing discipline.
3) Trust. Investing in the process of C-SOX compliance means that the market will perceive your company as more trustworthy because you are willing to make your operations more transparent.
4) Higher stock price. The stock market values companies that are well-disciplined and transparent higher than companies that are difficult to understand. Companies that are C-SOX compliant will have higher valuations than those which are not. This data has been validated in the US and Japan, which have similar compliance rules.
5) Motivated employees. Employees care that the companies they work for are ethical, well-run and stable. Therefore, investing in China SOX compliance means that your workforce will be more motivated to help achieve your goals.
6) Lower employee turnover. The average cost of replacing an employee is 150 percent of the employees annual salary. Therefore, there is a big incentive to reduce turnover and lower your costs. Companies that are C-SOX compliant have better processes and more engaged employees, which will reduce the voluntary departure rate.
7)Improved supplier relationships. Suppliers are a critical part of your supply chain, and they will appreciate your investments in processes and systems that give them a clearer view and more access into your business. This means more just-in-time delivery, lower inventory costs, and more bargaining power with your vendors.
8) Faster decisions. C-SOX mandates the definition and documentation of internal controls and company policies. This means that information will be easier to find and use, and that the company will be able to make decisions more quickly.
9) New customers. China SOX compliance is a competitive advantage and customers will want to do business with a company that is open, ethical and well-run company. Expect to see higher win rates and more profitable customer relationships once you have started your implementation.
10) Improved corporate governance. This is the sum of the benefits of compliance. Better corporate governance lowers risks for all stakeholders, improves the image of the company, allows for better decision-making and more efficiency in the company. This will be reflected not just in the board of directors, but in all employees.
Evidence from companies that went through the Sarbanes-Oxley (SOX) implementation process in the US (including several Chinese companies) tells us that there are more operational, financial and strategic benefits from adhering to good risk management and disclosure practices. Since the Basic Standard for Enterprise Internal Control is bringing valuable concepts to China, the rate of improvement for many firms will be dramatic.
Wednesday, June 17, 2009
How to Improve Corporate Governance in China with Online Training
The biggest challenge for companies adopting China SOX is to improve their corporate governance. For China SOX to really succeed, companies have to embrace sound corporate governance as a concept and adopt it as a business strategy.
Training programs are needed to help drive the corporate governance principles mandated by the Basic Standard for Enterprise Internal Control. But given the complexity of corporate governance and its many aspects, where should companies start?
Online training (e-learning) is a powerful tool to improve corporate governance. Here are 5 ways that e-learning can help improve corporate governance and lead to China SOX compliance:
1) Good content. Start with relevant content developed by corporate governance experts. The courseware should be relevant to Chinese companies and provide an overview of the main benefits and implementation strategies of good corporate governance. Users should be able to take the e-learning course at their own time and at a reasonable length (a best practice is to break up the courses into 10 – 15 minute modules).
2) Segment your user base. With e-learning, you can provide targeted information to specific users. The benefit of this is that you can provide exactly what the learner needs, no more and no less. Considering the complexity of corporate governance, many employees just need to know the basics. However, top managers will need much more detail on how to implement corporate governance principles.
3) Delivery system. Use a learning management system (LMS) or similar tool to deliver the content to your users. That way, it is easy to track and manage and the training can be centrally administered, no matter how large and dispersed the organization. In addition, the LMS can be used as a communication tool and document repository.
4) Reporting. Unlike traditional classroom training, powerful reports can quickly be generated from e-learning. This helps for analysis and evaluation of your training results, ROI and reach. Detailed analytics are possible once you have done the training several times and can match it up against business results (in this case, compliance with China SOX).
5) Cycle as needed. Training is only effective if it is reinforced over time. Online learning means that you can provide reinforcement in small amounts to your audience to make sure they are keeping up. The marginal cost of additional training is basically zero, which makes it much more cost effective than traditional instructor-led training.
More corporate governance e-learning courses.
Monday, June 8, 2009
The Most Important Criteria for China SOX Success
The purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with. Many Chinese companies have poor risk management systems, inadequate business data and patchy IT infrastructures. However, these are not the biggest challenges facing companies that will be required to comply with C-SOX.
The biggest challenge (and hence, the top criteria for success) is company culture. No amount of money, software or consultants can compare with the beneficial effects of enlightened and committed management. For C-SOX to really succeed, companies have to embrace risk management as a concept, adopt internal control frameworks and change their corporate culture.
What does that mean? For organizations to get the most benefits of C-SOX compliance, they must:
- Foster openness and transparency in the company
- Be open to self-evaluation and self-criticism (of the management team and all employees)
- Report on perceived risks in a timely fashion
- Provide training on the benefits of risk management and internal controls
- Have executives visibly “own” the C-SOX implementation
- Establish a “whistleblower” mechanism and fraud reporting hotline to alter the company to potential problems
Management will need to be visible in its support for C-SOX and ensure that a sense of urgency is felt across all offices and regions. This means creating a project team with adequate representation from the entire business, and one with the political clout required to overcome institutional resistance to change.
Although responsibility for risk management and compliance ultimately sits with the CEO and Board of Directors, forward-thinking companies will move to push responsibility to various parts of the organization. C-SOX projects require participation from many levels of an organization, and for compliance projects to succeed, companies must make their staff an active participant on the integrated project team.
Industry leaders involve much of the organization in their C-SOX implementation process and go beyond the minimum requirements imposed by the Basic Standard for Enterprise Internal Control to improve operating results while introducing business improvements throughout the organization.
Many companies in China do not currently have this kind of culture, and that is going to mean extra time and effort and required for proper implementation of the Basic Standard for Enterprise Internal Control. Companies that see this as an opportunity to refresh and improve their corporate culture will be rewarded with a quicker process and more tangible business benefits.
Friday, June 5, 2009
10 Questions to ask Before Starting Your China SOX Compliance Project
The main purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with.
Below is a list of ten questions to address before starting your C-SOX implementation process.
1) Do we have an organization map? This document is the backbone of your C-SOX implementation because it shows the roles and responsibilities for the departments and employees. It will be used to assign areas of responsibility and internal control approval levels. If your organization does not have a recent map, work with your human resources department to put one together.
2) Who “owns” C-SOX? The answer should be the CEO and Board of Directors. If top management doesn’t own the C-SOX process, it means that the company is not putting in the right amount of resources needed to make the implementation work. Companies that delegate C-SOX implementation to a specific department risk failure due to lack of support.
3) What is our current risk management framework? An existing risk management framework is a great starting point for C-SOX. It could be based on COSO, ERM or ISO 31000 – the point of departure is less important that the discipline that comes with a risk management process. If you do not have an existing risk management framework, you should hire an outside consultant or expert to help you.
4) How will IT help us? IT will play a key role in your C-SOX process, so it helps to get the IT team involved early. Part of the implementation will be buying new software (in fact, the Basic Standard for Enterprise Internal Control mandates the use of IT systems with in-built controls) and the IT department can help to draft a strategy and execute it.
5) What is our training plan? Your compliance initiative will not succeed if you don’t train your staff. The training plan should include at least the following elements: why internal control is important, key internal controls, company policies and procedures, and who to go to with questions. Use e-learning to get the training out quickly and with maximum consistency.
6) Where is the expertise? If you don’t have experts on internal control and risk management within your company, you should hire externally to jump start your project. There are many specialist consultants who can help you develop and execute your strategy and who will train your staff (this will reduce your costs in the long term).
7) What constitutes success? Make sure the CEO and top management have a shared vision of what C-SOX success looks like. This is a long process and there will be many steps along the way. Your implementation plan should detail key milestones and metrics for your business.
8) How do we evaluate staff performance? Several elements of C-SOX are related to human resources. Managers have to perform self-evaluations against internal control metrics, meaning that department managers will have to disclose information about their goals and objectives, and rate themselves on their performance. Furthermore, the Basic Standard for Enterprise Internal Control requires that compensation of executives be linked to internal control. These are new concepts for many companies, and setting up a performance management process is the best way to implement these requirements.
9) What’s in it for me? Unless managers understand the benefits of C-SOX compliance, they are not likely to want to invest time and money in the process. Make sure you have an education campaign so staff understand where they fit in the process and the benefits to them.
10) What’s next? C-SOX compliance is an on-going process, not a one-time event. There are always next steps and future plans and strategies that need to be implemented. You need a team that is able to implement existing requirements and plan ahead for what comes next.
The Basic Standard for Enterprise Internal Control is a wide-ranging rule which will impact every area of a company’s business. You need to take care to address these fundamental questions before starting your implementation process.
Click for more C-SOX. Chinese version of our China SOX solution.
Thursday, June 4, 2009
7 Tips for CFA Success
1)Pace yourself. Study at your own pace and don’t be rushed. One of the big drawbacks of CFA preparation classes is that you have to proceed at the pace of the group and this may be too fast or too slow for you. Far better is to be able to use reference materials and online learning and study at your own pace, free from distractions.
2) Use available free tools. There are lots of free test questions, background guides and other resources available that can help you prepare. Many providers of online courses (such as Vast Talent and KESDEE) will give you a free preview so you can try their products before you buy.
3) Take practice exams. The best way to get familiar with the test (and the pressures of test day) are to practice, practice, practice. That means doing exam questions all the time (before bed, on the bus, during a break at work) so you become familiar with the wording and style of the questions and you are able to work more efficiently on test day. Even better is to take one or two full length, timed tests in the month before the exam to give you a feel for the pacing and time pressure on the exam.
4) Keep up-to-date. Read the newspaper and financial journals (like the Financial Times, Economist, Business Week, Wall Street Journal, CFO Magazine, etc) to stay abreast of trends in the marketplace. Not only will you learn a lot about what’s going on in the world of finance, you will also come across handy references pieces to help you with the exam.
5) Get a good night’s sleep. Far better than cramming on your last night is to make sure you are well-rested. Your brain will function better on a good night’s sleep and you will appreciate it during the (long) day. You are going to need lots of stamina to finish both sections of the test, so get your beauty sleep.
6) Arrive early. There is nothing worse than being stressed during the test, to make sure to arrive at the exam site early (most open several hours before the exam begins and will let you in up to an hour before start time), scope out the room and get comfortable. There are restrictions on what you can bring into the test site with you, but arriving early will allow you to mentally prepare yourself.
7) Skip questions. Don’t get caught up on a question you know you can’t answer or that will take you too much time. Since you have to answer lots of questions in a specified period of time, you are better off skipping questions you struggle with and going back to them at the end (time permitting).
Good luck! Read more about our CFA Prep course.
Tuesday, June 2, 2009
Internal Control Conference in Beijing
For an overview of the conference, see the CCH website and the event brochure can be found here
The speakers are partners from PricewaterhouseCoopers and it isn't clear from the brochure if any representatives from the Chinese government will be addressing the session.
Latest Changes to China SOX
I mentioned previously that we are looking at a six month implementation delay (moved from July 2009 to January 2010). It now appears that some of the regulations may be relaxed and that the first wave of impacted companies will be Chinese firms listed overseas and state-owned enterprises.
See this article (in Chinese) for more detail: http://www.cnstock.com/paper_new/html/2009-05/06/content_69600302.htm
None of this is yet official, so I am keeping an eye on the developments. The potential impact is that listed companies will now have time to learn from the experiences of the SOEs (who will presumably receive some guidance from the Ministry of Finance on how to implement C-SOX).
Get the latest China SOX resources from Vast Talent, including our new whitepapers.
New White Paper Available
Tuesday, May 12, 2009
FRM vs. PRM?
From my experience in China and Hong Kong, the FRM certification is better known because GARP is a larger organization than PRMIA and has been established in Asia for a longer time. You find lots of professionals with the FRM certification in banks, insurance companies and with the regulators. FRM has a scheduled exam (ever November) which is good because it gives you a date to aim for while you are studying. The FRM Examination is a 5-hour, approximately 140 question multiple-choice examination. The examination is split into two sections of 2.5 hours. The exam is given in booklet form.
PRMIA is making a big push in China at the moment and just set up their office in Beijing. Furthermore, they recently appointed a Chinese partner to run the PRM exams and will translate the exams into Chinese. So they are obviously looking to grow in this market and get access to a whole new generation of risk professionals. The PRM exam can be taken any business day of the year at centers around the world. This is good because it’s convenient but it also means that you can procrastinate if you aren’t disciplined. The complete PRM exam consists of 120 multiple choice questions. Exam questions are randomly drawn, according to the syllabus order and weightings, from the exam database.
PRMIA also offers the Associate PRM (APRM) which is a useful certification if you day-job isn’t in risk management. According to PRMIA, the Associate PRM is designed for staff entering the risk management profession, for those with two or three years risk management experience but need to demonstrate the breadth of their skills, and those who interface with risk management such as auditors, compliance officers, accounting, legal, and risk IT departments. The Associate PRM Exam is computer-based with 90 multiple choice questions.
Lecture Friday at Beida University CCISSR
The main emphasis of the talk is to show that companies can have real business benefits from properly implementing internal control structures and other forms of corporate governance. Examples from the US (from Sarbanes-Oxley experience) show that companies who do this well gain competitive advantages in the marketplace through improved efficiency and that they value of their stock goes up because they are perceived to have better management. These are great lessons to learn for the Chinese companies that are going to be implementing C-SOX later this year and in 2010.
Furthermore, I will outline the key operational challenges related to implementation and show the areas of highest impact for getting started.
p.s. - here's a press release from Beida about the event: http://econ.pku.edu.cn/index_mod2.php?mesid=4378
Thursday, April 30, 2009
Islamic Finance Course
Hong Kong has made a big push to establish itself as a center for Islamic Finance, and in so doing has to compete with Singapore, KL and Dubai for business in Asia. While many banks proclaim their desire to be in the Islamic Finance space, few have put together the training needed to build serious competency.
Fundamentals of Islamic Finance is made up of two courses - one for beginners and one that is more advanced. The course provides a comprehensive foundational learning experience on basic definitions, concepts, rules, transaction structures, cases and issues relating to the subject so it's perfect for companies that want to roll out some broad education. Knowledge Platform build it to be consistent with the standards as published by the Accounting and Auditing Organization for Islamic Financial Institutions (AAOIFI).
If you want to see a demo of the course, send me an email and I will arrange that for you.
Wednesday, April 29, 2009
Chinese Authorities Announce Delay to Implementation of Basic Standard for Enterprise Internal Control
The reasons for the change are that many companies seemed very far behind in their preparations and that the government's resources are currently being used to tackle the financial crisis.
This is good news for listed companies because it gives them more breathing room and allows them to build their strategy over the rest of 2009. This will also give the government more time to prepare the implementation guidelines and make sure that industry has clear direction about this new rule.
For a Chinese news story on the delay, see cenn.cn.
Wednesday, April 15, 2009
Reducing the Cost of China SOX Implementation
Use hosted IT solutions if possible. If your IT vendors or systems integrators can offer software-as-a-service (SaaS) tools, this can reduce your internal hosting and IT support costs by up to 30 percent. SaaS means that the vendor takes care of hosting and maintaining your systems, and provides them as a “service” to you over the Internet. The benefit to you is that you don’t have to invest in hardware (servers) or software (databases, operating systems) to roll out the project – your vendor already has that taken care of. Furthermore, you need less internal IT support because the vendor looks after the hosting environment (usually 24 hours a day, 7 days a week) and manages the system for you. An added benefit of SaaS systems is that you always get the most up-to-date version of the software because the vendor is frequently upgrading the system.
While external hosting may sound risky, in fact it is very secure and the hardware and software used are constantly improving. Look for vendors that have had their hosting centers and processes certified (in SAS 70 or similar) to know you are in good hands. Many people initially think that only small companies opt for externally hosted systems, but research shows that an increasing number of large companies are moving in this direction. This is true in China and elsewhere.
Another way to reduce the cost of your C-SOX implementation is to adopt a phased approach to your project. This means starting small and building on your experience over time. This will help to keep personnel and resource costs down, and will also make it easier for your company to absorb the learning from the project as you go along. Since one of the key challenges of adhering to the Basic Standard for Enterprise Internal Control is creating a culture of risk awareness and responsibility you will want to take a measured pace to ensure that the fundamentals are being adopted across the enterprise.
Operationally, this means starting with “low hanging fruit” like employee training, organizational mapping and reviewing the current policies, processes and procedures that you have. These tasks can create a baseline that you can build on (i.e. implement new procedures, introduce IT controls) at a later stage.
Finally, a good way to get value while implementing C-SOX is to turn to experts who have done this sort of thing before. Of course, the Basic Standard for Enterprise Internal Control is a new regulation so there is no direct experience in the market. However, many companies have experience in implementing other controls and regulations such as Sarbanes Oxley, J-SOX (Japan’s version), ISO and others. Consulting and advisory companies can be useful guides for setting your strategy, plan and key metrics associated with your C-SOX project. Many of them have rich international experience that can benefit listed Chinese companies.
Hiring an outside consulting firm or advisor may seem expensive, but it is likely to save you considerable trouble and money in the long term. Look for a professional organization with proven international experience to help you get started and the result will be that you are able to accelerate you project. As with the Sarbanes Oxley regulation, the Basic Standard for Enterprise Internal Control says that consulting and advisory companies cannot do internal control audits for those same clients.
Wednesday, April 8, 2009
Certifications for China SOX
Examples include the following:
• SAS 70 - auditing standard for service organizations.
• ISO 14000 – environmental management standards to help organizations minimize the environmental impact of their operations
• ISO 9000 – quality system standards and systems
• ISO/IEC 27000 - information security management, risks and controls
• CMM/CMMI - Capability Maturity Model for software development
• Six Sigma implementation – for manufacturing and business process defect reduction
• TQM - Total Quality Management process
• Sarbanes Oxley – reporting regulation for US-listed companies
Like China SOX, most of these standards require external audit and certification by authorized bodies. In addition, the level of resource required for proper implementation means that these standards and business practices have received high priority and visibility in the organization.
Thursday, April 2, 2009
Compensation Policies for China SOX
The implication is that compensation and rewards should be set according to achievement of company goals and effective business control. Therefore, companies in China need to be very clear in setting goals and metrics for measurement. If management’s bonus is going to depend on how well they enforce internal controls, they are going to want to have a lot of say in how they are measured, and make sure that they don’t pay for someone else’s mistakes.
One of the biggest challenges will be determining areas of responsibility and documenting who is in charge of what. Defining the organizational structure should be a centralized task, managed by top executives with the assistance of the HR department.
Furthermore, companies need to have the proper mechanisms to analyze and enforce enterprise control. This includes IT solutions and software tools, which have been widely deployed. However, more often than not, these tools are not integrated together and it is difficult for management to get a clear overall picture of the business. This represents a challenge because without hard data it will be difficult to measure performance (and therefore set variable compensation).
When implementing the compensation part of C-SOX, companies should look for performance appraisal and goal management tools allow for clear communication and implementation of reward policies. Goals should be set consistently across the enterprise, which improves transparency and highlights areas of risk or exposure. Also, because it is such a sensitive topic, companies should consider hiring external consultants and experts for this step.
Keep reading for more detail on how to start your China SOX implementation.
Tuesday, March 31, 2009
Self-Assessment
The key elements of self-assessment are:
1) That the business and personal goals be clearly defined. SMART (specific, measurable, attainable, realistic and timely) is the most widely-used method for setting and managing objectives today. The idea is that the goals should be based on business needs and be measured and analyzed.
2) The goals should be transparent to others, especially managers. Setting goals in a vacuum does not count. An integral part of self-assessment is sharing your objectives (as well as key metrics, potential challenges, and expected outcomes) with you manager and (if appropriate) others on your team.
3) Collect and analyze business data. This is the hardest part because companies generate so much information that it can be difficult to collect and analyze it (let along make meaningful business decisions!). The data will allow you to make an honest and independent assessment based on the facts.
4) Conduct the self-assessment. This should be based on the original goals and objectives and include as much data as possible.
5) Most companies will follow the self-assessment with a manager assessment, where the manager rates the employee on achievement against the same objectives. The outcome of this process is then a discussion where both sides can review their assessments and discuss the employee’s performance.
6) Some companies also do 360 degree assessments where the employee’s performance is reviewed not just by their manager but also by their peers and other stakeholders. This can yield a more complete picture of actual performance against goals.
While this all seems like a time- and labor-intensive process, there are many ways to automate these steps. Using a system to manage the performance appraisal and self-assessment processes can reduce administrative burdens, give access to more complete performance data, and provide a repository for information throughout the entire year.
Consistency of Communication and its impact on China SOX Compliance
When implementing an enterprise risk management strategy, managers will want to look at the role that internal and external communications play. In a risk-aware company, management is much more sensitive to the messages that are broadcast to employees and strive to make sure that all employees get the same message. This is very important in large or geographically-dispersed organizations where there are risks to messages being “lost in the mail.”
When conducting training across a large company with many offices, it is critical that all employees receive the same level of quality instruction. Otherwise, the company will expose itself to undue risks (in product quality, customer satisfaction and potentially legal and financial risks if there is a problem).
The best way to ensure consistent communication is to train staff on the importance of this topic and to use tools (such as email, corporate intranet and other “push” or broadcast technologies) in company communications. For training, many companies now invest in online education or e-learning programs to ensure consistency and quality of message.
Creating a Culture of Risk Awareness
The Basic Standard for Enterprise Internal Control will require a mindset change for many companies in China because they do not currently take a systematic view of operational risk and they may not have the human resources needed to properly implement desired controls. Companies can therefore invest in training and education to increase the level of risk awareness.
This training has several components:
1) Broad training covering topics such as risk management, risk identification, corporate governance, etc.
2) Industry-specific training such as anti-money laundering or fraud awareness, health and safety, or data privacy.
3) Training of specific company policies, processes and procedures related to lines of business.
To effectively create a corporate culture where risks are identified and properly managed, all three types of training have to take place, and management has to be willing to sponsor and fund the training. This means not only holding training classes, but also assessing knowledge and skills of the participants, reinforcing key messages and behaviors and keeping risk as a top priority for the business.
Proper implementation of internal controls is a multi-year process that will require efforts throughout the company. Management teams need to make sure they have all the resources needed to finish the process.
Wednesday, March 18, 2009
Safety training after CCTV fire
The courses that we have been proving most popular with customers these days are Fire extinguisher safety, Fire Prevention and Safety and Egress and Emergency Actions Plans.
China SOX intro
China Securities Regulatory Commission, the National Audit Office, China Banking Regulatory Commission and China Insurance Regulatory Commission have jointly announced the Basic Standard for Enterprise Internal Control, which requires listed Chinese companies to comply from 1 July, 2009 onward.
The new rule requires listed companies to conduct self-evaluation of their internal controls, disclose an annual evaluation report and employ qualified agencies to audit the effectiveness of the controls. The Basic Standard is intended to bring stronger corporate governance to China's listed companies, and is often compared to the Sarbanes-Oxley law in the US. Hence the nickname "China SOX" or simply C-SOX.
The Basic Standard will have a direct impact on over 900 companies listed on the Shanghai Stock Exchange and about 800 companies listed on the Shenzhen Stock Exchange, so it will be broadly felt in the Chinese corporate environment. Also, unlisted large and medium–sized Chinese companies are encouraged to adopt the standard. My estimate is that over 2,000 listed and state-owned companies will need to comply with the Basic Standard in 2009.
There's lots of work going on right now by product and service providers to launch C-SOX solutions before the compliance deadline. Stay tuned…
Vast Talent's C-SOX resources can be found here: http://www.vast-talent.com/en/compliance_solution_for_china_basic_standard_for_enterprise_internal_control_csox.html