By Alex Raymond

Getting started: executive sponsorship

The most important criterion for success of the C-SOX compliance project is to ensure the attention and support of the entire organization.  Although responsibility for risk management and compliance ultimately sits with the CEO and Board of Directors, forward-thinking companies will push responsibility to various parts of the organization.  C-SOX projects require participation from many levels of an organization, and for compliance projects to succeed, companies in China must make their staff an active participant on the integrated project team.  People need to prepare materials for compliance consultants or auditors, and companies must commit staff and resources to make efficient use of outside consultants.

Chinese Companies operating as industry leaders are aware of the benefits of C-SOX compliance in improving their business results.   Firms limiting C-SOX projects to a small group of senior management, auditors, and the board of directors will fail to reap the intended benefits and will have higher costs in their implementation project.

Industry leaders involve much of the organization in their C-SOX implementation process and go beyond the minimum requirements imposed by the Basic Standard for Enterprise Internal Control to improve operating results while introducing business improvements throughout the organization.

Management will need to be visible in its support for C-SOX and ensure that a sense of urgency is felt across all offices and regions.  This means creating a project team with adequate representation from the entire business, and one with the political clout required to overcome institutional resistance to change.

Mapping the Organization – focus on Roles and Responsibilities

To start the C-SOX implementation, a clear picture of the organization is required.  This means understanding employees’ roles and responsibilities in detail and creating the organizational structure (if one doesn’t already exist).  This organizational map should show job roles, authority levels, decision-making capability, reporting structures and other relevant attributes.  This will be the foundation for the internal control framework, which relies on employees executing their responsibilities throughout the organization.

The organizational map will drive the definition of policies, processes and procedures and the analysis of control points.  Furthermore, this map will assist management in determining compensation, rewards and disciplines related to internal control, as mandated by the regulation.   The organization map is an evolving document which will need to be revisited frequently to stay current.  Creating and managing the organizational map is usually the remit of the Human Resources department.

Develop Awareness through Training

One of the biggest challenges in effectively C-SOX implementation is making sure that risk management and internal controls are taken seriously by the entire organization, not just top management or the finance department. 
The Basic Standard for Enterprise Internal Control will require a mindset change for many companies in China because they do not currently take a systematic view of operational risk and they may not have the human resources needed to properly implement desired controls.  Companies should therefore invest in training and education to increase the level of risk awareness.

To effectively create a corporate culture where risks are identified and properly managed, all three types of training have to take place, and management has to be willing to sponsor and fund the training.  This means not only holding training classes, but also assessing knowledge and skills of the participants, reinforcing key messages and behaviors and keeping risk as a top priority for the business.

Broad-based employee training is a low-cost, high-impact way to get started with C-SOX.  By providing training to all employees, companies will create awareness of risk management and internal controls and facilitate later programs and actions.

Alex Raymond is based in Beijing and is the Founder and CEO of Vast Talent, a company that specializes in compliance and performance management tools.  Vast Talent was the first company to launch a compliance system specifically designed to meet the needs of C-SOX.

This is the second part of “Getting a Head Start on Your C-SOX Compliance Project in China”, next week we will publish the third part.