breaking

Monday, June 8, 2009

The Most Important Criteria for China SOX Success

China’s Basic Standard for Enterprise Internal Control (C-SOX) is coming into effect soon, and while some of the implementation guidelines are not yet clear, the core of the regulation is in place.

The purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with. Many Chinese companies have poor risk management systems, inadequate business data and patchy IT infrastructures. However, these are not the biggest challenges facing companies that will be required to comply with C-SOX.

The biggest challenge (and hence, the top criteria for success) is company culture. No amount of money, software or consultants can compare with the beneficial effects of enlightened and committed management. For C-SOX to really succeed, companies have to embrace risk management as a concept, adopt internal control frameworks and change their corporate culture.

What does that mean? For organizations to get the most benefits of C-SOX compliance, they must:

- Foster openness and transparency in the company
- Be open to self-evaluation and self-criticism (of the management team and all employees)
- Report on perceived risks in a timely fashion
- Provide training on the benefits of risk management and internal controls
- Have executives visibly “own” the C-SOX implementation
- Establish a “whistleblower” mechanism and fraud reporting hotline to alter the company to potential problems

Management will need to be visible in its support for C-SOX and ensure that a sense of urgency is felt across all offices and regions. This means creating a project team with adequate representation from the entire business, and one with the political clout required to overcome institutional resistance to change.

Although responsibility for risk management and compliance ultimately sits with the CEO and Board of Directors, forward-thinking companies will move to push responsibility to various parts of the organization. C-SOX projects require participation from many levels of an organization, and for compliance projects to succeed, companies must make their staff an active participant on the integrated project team.

Industry leaders involve much of the organization in their C-SOX implementation process and go beyond the minimum requirements imposed by the Basic Standard for Enterprise Internal Control to improve operating results while introducing business improvements throughout the organization.

Many companies in China do not currently have this kind of culture, and that is going to mean extra time and effort and required for proper implementation of the Basic Standard for Enterprise Internal Control. Companies that see this as an opportunity to refresh and improve their corporate culture will be rewarded with a quicker process and more tangible business benefits.