China finance regulations

Email Newsletter icon Sign up for our Newsletter and Special Reports on China SOX


COMPLIANCE SOLUTION FOR CHINA'S BASIC STANDARD FOR ENTERPRISE INTERNAL CONTROL (C-SOX)


C-SOX whitepaper Comply with Basic Standard More information on China SOX

China SOX Resources:

Whitepapers:


New! Internal Control Training course

COSO and COBiT online training course now available. This e-learning course provides a foundation of key internal control frameworks and how they support corporate governance and compliance. This one-hour course will help you understand the frameworks behing C-SOX and how to start improving internal control. Click here to get a 30 days of access to this course - at no cost to you. This e-learning course is one of our offerings in risk management and corporate governance courses in our C-SOX library.


"China SOX" Compliance Solution

Need a complete solution for C-SOX compliance?

Vast Talent’s online solution for C-SOX Compliance allows you to accelerate your implementation of China’s Basic Standard for Enterprise Internal Control. The objective of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. It is a risk management program broadly based on the US's Sarbanes-Oxley regulation.

Many companies in China are looking for a simple, low-cost way to start their C-SOX project, and that is exactly what we have put together.

Our C-SOX solution allows companies to:


  • Manage documents on company policies, procedures and processes
  • Deploy high quality training on risk management, compliance and corporate governance
  • Conduct management assessments of internal controls
  • Create reports for internal and external auditors
  • Ensure consistent communication and training throughout the enterprise
  • Test and certify staff in knowledge of internal controls


The Vast Talent C-SOX solution is informed by large international expertise in regulatory compliance and training. Our solution is based on dozens of years experience in working with some of the world’s most successful companies to implement systems for regulatory compliance.

Key Features of Vast Talent’s C-SOX Compliance Solution

Performance Management
    • Goal definition and alignment
    • Cascade goals to other departments and managers
    • Manage compensation guidelines in accordance with C-SOX


Manage Documents
    • Publish and manage documents on company policies, procedures and processes
    • Sophisticated version control for complex and time-sensitive documents
    • Assign documents to specific audiences and set completion dates


Employee Training
    • Consistent, high-quality online courses written by international experts
    • Choose the courses you want from a library that includes Risk Management, Compliance, Corporate Governance, Anti Money Laundering and more


Management Self-Assessment
    • Self-assessment against pre-determined goals
    • Conduct detailed performance appraisals


Testing and Evaluation
    • Measure knowledge and skills
    • Manage internal and external certifications


Reporting
    • Generate specific reports for internal or external auditors
    • System audit reports


Benefits from implementing our compliance solution include:

    • Accelerate C-SOX compliance – create a culture of risk awareness
    • Improve effectiveness and monitoring of internal controls
    • Increase transparency and consistency by setting clear goals for the company
    • Improve business decisions thanks to detailed reporting
    • Reduce administrative burden of audits by creating detailed reports and records
    • Software-as-a-Service (SaaS) lowers cost of IT infrastructure and support


Deployment Packages



We offer three packages depending on your objectives. All of our packages include high-quality training and the ability to create reports and manage audiences. The Professional package includes the ability to manage documents and conducts tests of skills and knowledge. The Enterprise package allows you to manage goals and run management assessments. These packages are designed so that you can phase in your solution and upgrade to a different package as needed.

Pictures Here

Background on China's Basic Standard for Enterprise Internal Control


The five control elements, as defined by COSO, are:
1. Internal environment
2. Risk assessment
3. Control activities
4. Information and communication
5. Internal monitoring

The Basic Standard mandates the following items for compliance:


  • Consideration of the five control elements when establishing and implementing effective internal control
  • Documentation and implementation of internal control policies
  • Establishment of a business management information technology (IT) system with embedded controls
  • Clear policies on the rewards and disciplines related to the proper implementation of internal control. Effectiveness of internal control implementation should be treated as a key element of performance appraisals for department and staff levels
  • Self-assessment of the effectiveness of its internal control on a periodic basis and issue control self-assessment reports


The company is required to file an internal control report with its annual report, stating the following information:

1. Management’s responsibilities to establish and maintain adequate internal controls and procedures for financial reporting.
2. Management support to any required certification by the company officers in support of the company requirements.
3. Management’s conclusion on the effectiveness of these internal controls at year end.

Listed enterprises may appoint accounting firms to audit their internal control processes; however, as with similar rules around the world, accounting firms are not allowed to provide consulting services if they are auditing the same enterprise.

When reviewing compliance, the auditor will be checking that:

1. The internal controls are documented and in place.
2. The stated controls are operating as intended.
3. The controls have been operating during the audit period.

It's never to early to start planning your C-SOX implementation. Vast Talent can help in all stages of the product, and our solution can be up-and-running in as little as one week. Please contact us for more information or to have a representative get in touch with you.

C-SOX newsletter click here

10 Questions to ask Before Starting Your C-SOX Compliance Project



by Alex Raymond, Vast Talent Founder and CEO

China’s Basic Standard for Enterprise Internal Control (C-SOX) is coming into effect soon, and while some of the implementation guidelines have not been specified, the core of the regulation is in place.

The main purpose of C-SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with. Below is a list of ten questions to address before starting your C-SOX implementation process.

1) Do we have an organization map? This document is the backbone of your C-SOX implementation because it shows the roles and responsibilities for the departments and employees. It will be used to assign areas of responsibility and internal control approval levels. If your organization does not have a recent map, work with your human resources department to put one together.

2) Who “owns” C-SOX? The answer should be the CEO and Board of Directors. If top management doesn’t own the C-SOX process, it means that the company is not putting in the right amount of resources needed to make the implementation work. Companies that delegate C-SOX implementation to a specific department risk failure due to lack of support.

3) What is our current risk management framework? An existing risk management framework is a great starting point for C-SOX. It could be based on COSO, ERM or ISO 31000 – the point of departure is less important that the discipline that comes with a risk management process. If you do not have an existing risk management framework, you should hire an outside consultant or expert to help you.

4) How will IT help us? IT will play a key role in your C-SOX process, so it helps to get the IT team involved early. Part of the implementation will be buying new software (in fact, the Basic Standard for Enterprise Internal Control mandates the use of IT systems with in-built controls) and the IT department can help to draft a strategy and execute it.

5) What is our training plan? Your compliance initiative will not succeed if you don’t train your staff. The training plan should include at least the following elements: why internal control is important, key internal controls, company policies and procedures, and who to go to with questions. Use e-learning to get the training out quickly and with maximum consistency.

6) Where is the expertise? If you don’t have experts on internal control and risk management within your company, you should hire externally to jump start your project. There are many specialist consultants who can help you develop and execute your strategy and who will train your staff (this will reduce your costs in the long term).

7) What constitutes success? Make sure the CEO and top management have a shared vision of what C-SOX success looks like. This is a long process and there will be many steps along the way. Your implementation plan should detail key milestones and metrics for your business.

8) How do we evaluate staff performance? Several elements of C-SOX are related to human resources. Managers have to perform self-evaluations against internal control metrics, meaning that department managers will have to disclose information about their goals and objectives, and rate themselves on their performance. Furthermore, the Basic Standard for Enterprise Internal Control requires that compensation of executives be linked to internal control. These are new concepts for many companies, and setting up a performance management process is the best way to implement these requirements.

9) What’s in it for me? Unless managers understand the benefits of C-SOX compliance, they are not likely to want to invest time and money in the process. Make sure you have an education campaign so staff understand where they fit in the process and the benefits to them.

10) What’s next? C-SOX compliance is an on-going process, not a one-time event. There are always next steps and future plans and strategies that need to be implemented. You need a team that is able to implement existing requirements and plan ahead for what comes next.

The Basic Standard for Enterprise Internal Control is a wide-ranging rule which will impact every area of a company’s business. You need to take care to address these fundamental questions before starting your implementation process.
Vast Talent has compliance solutions for C-SOX. Learn more about us We can help you comply with China SOX - contact Vast Talent