With China’s Basic Standard for Enterprise Internal Control (C-SOX or “China SOX”) coming into effect soon, many companies in China are struggling to develop an appropriate training plan for how to educate their workforce about this new rule.
The purpose of China SOX is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders. Companies must evaluate their internal controls, publish an evaluation report on an annual basis and audit the effectiveness of their internal controls. These are new concepts to many organizations in China, and as a result there is some resistance and confusion to deal with. Many Chinese companies have poor risk management systems, inadequate business data and patchy IT infrastructures.
The biggest challenge (and hence, the top criteria for success) is company culture. No amount of money, IT systems or consulting can compare with the beneficial effects of enlightened and committed management. For China SOX to really succeed, companies have to embrace risk management as a concept, adopt internal control frameworks and change their corporate culture.
Training programs are an important ingredient for a successful implementation. But given the complexity of China SOX and the many areas it covers, where should companies start?
Below is a list of the top 5 priorities for China SOX compliance:
1) Corporate governance. Achieving sound corporate governance is the driving principle of the Basic Standard for Enterprise Internal Control. This means separating the roles and responsibilities of management, owners and supervisors of a company and providing a framework for running the business effectively. Most Chinese companies do not have well-documented corporate governance procedures, so educating all employees on this topic will provide a “quick win.”
2) Code of conduct. Companies in China on the whole do not have published codes of conduct or ethics guidelines. These types of training draw attention to specific values and behaviors that the company endorses, and provide guidelines for how to act in tricky situations. A well-implemented code of conduct is the backbone of good corporate governance.
3) Risk management. This category includes operational risk, credit risk, market risk, project risk and IT risk. Companies should make their staff aware of the types of risks faced by the business and how their specific job roles can help to reduce or manage them. While many companies just focus on the financial aspects of risk management, China SOX also requires that business risks be evaluated and reported on as well.
4) Anti Money Laundering. Governments and financial regulators around the world (China included) require anti-money laundering training and compliance, particularly for financial institutions. To be most effective, AML training should be a recurring activity, not a one-off event. AML regulations differ by geography, so companies may need to abide by (and train for) multiple jurisdictions.
5) Treasury Management. One of the main requirements of China SOX is asset preservation – i.e. preventing massive losses. Treasury management is at the heart of a company’s asset liability management strategy and companies in all industries (financial or otherwise) should invest in proper training in this area.
Employee training can accelerate compliance with regulations like C-SOX by quickly raising awareness and creating a “common language” for the company. For all the types of training listed above, I recommend using online training (e-learning). E-learning can promote consistency and quality, can be rolled out quickly across the entire organization, and provides excellent reporting to make sure that the training achieved its objectives.