With the China Basic Standard for Corporate Internal Control (C-SOX or “China SOX”) coming into effect, many companies in China are scrambling to develop a proper training plan on how to educate their workforce on this new rule. .
The goal of China SOX is to increase the effectiveness of internal controls in Chinese listed companies, thereby reducing risks to companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report annually, and audit the effectiveness of their internal controls. These are new concepts for many organizations in China, and as a result, there is some resistance and confusion to deal with. Many Chinese companies have poor risk management systems, inadequate business data, and patchy IT infrastructures.
The biggest challenge (and therefore the main criteria for success) is the culture of the company. No amount of money, IT systems or consulting can compare to the beneficial effects of smart and committed management. For China SOX to truly succeed, companies need to embrace risk management as a concept, adopt internal control frameworks, and change their corporate culture.
Training programs are an important ingredient for a successful implementation. But given the complexity of China SOX and the many areas it covers, where should companies start?
Below is a list of the top 5 priorities for China SOX compliance:
1) Corporate governance. Achieving good corporate governance is the guiding principle of the Basic Standard of Internal Business Control. This means separating the roles and responsibilities of a company’s management, owners and supervisors and providing a framework to run the business effectively. Most Chinese companies do not have well-documented corporate governance procedures, so educating all employees on this topic will provide a “quick win.”
2) Code of conduct. Companies in China as a whole have no published codes of conduct or ethical guidelines. This type of training draws attention to specific values and behaviors that the company supports and provides guidelines on how to act in difficult situations. A well-implemented code of conduct is the backbone of good corporate governance.
3) Risk management. This category includes operational risk, credit risk, market risk, project risk, and IT risk. Companies need to make their staff aware of the types of risks the business faces and how their specific job functions can help reduce or manage them. While many companies only focus on the financial aspects of risk management, China SOX also requires that business risks be assessed and reported as well.
4) Prevention of Money Laundering. Governments and financial regulators around the world (including China) require anti-money laundering training and compliance, particularly for financial institutions. To be most effective, AML training should be a recurring activity, not a one-time event. AML regulations differ by geography, so businesses may need to comply (and train) in multiple jurisdictions.
5) Treasury Management. One of the main requirements of China SOX is the preservation of assets, that is, the prevention of massive losses. Treasury management is at the heart of a company’s asset and liability management strategy and companies in all sectors (financial or otherwise) should invest in proper training in this area.
Employee training can speed compliance with regulations like C-SOX by quickly raising awareness and creating a “common language” for the company. For all the types of training listed above, I recommend using online training (e-learning). E-learning can promote consistency and quality, can be quickly implemented across the organization, and provides excellent reporting to ensure training has achieved its goals.