(hereafter CICPA) issued the Opinion ... - Internal control Audit Guidelines (hereafter Opinion).

advertisement

Regulations Construction and Implementation Difficulties of China's Internal

Control over Financial Reporting

Jing Wang, Mei-yun Wang, Zhi-ping Xiang, Si-yu Chen

Department of Economic and Management, North China Electric Power University, Beijing, China

(smilewlm@sina.com)

Abstract - Facing the substantial losses to investors and the capital market caused by fraudulent accounting information disclosed by listed companies, China’s regulators also pay more and more attention to the construction of regulations on enterprise internal control, thus constantly improving the legal system of internal control. The authors present the legal system’s establishment of internal control and its improvement in

China, then analyze the potential problems of internal control over financial reporting during the process of execution, and further put forward improving comments and suggestions.

Keywords internal control, internal control over financial reporting, Supporting Guidance for Basic Code of

Enterprise Internal Control, the Opinion on Implementation of Internal Control’s Audit Guideline

I. INTRODUCTION

Faced with the sequential accounting scandals Enron,

WorldCom, Sanyo, and Kane boo, the United States and

Japan took similar measures to cut down the complaints on the government supervision from the investors. One responded quickly and issued the Sarbanes-Oxley Act [1] , the other also introduced the Financial Commodity

Exchange Act [2] which called a Sarbanes-Oxley of

Japanese version. In order to avoid the appearance of such scandals, strengthen the supervision to the capital market and protect the interests of investors [3] , China’s regulators also pay more and more attention to the internal control, and constantly improve the legal system of the internal control.

In 2008, the Ministry of Finance, Securities and

Futures Commission, the National Audit Office the

Banking Regulation Commission jointly issued the

Enterprise Internal Control Basic Code (hereafter Basic

Code). On April 26,2010, the ministry of finance ,etc. issued the Supporting Guidance for Basic Code of

Enterprise Internal Control (hereafter Supporting

Guidance), which is required to put into practice from

2011 on listed companies which appear simultaneously in domestic and foreign market. It will come to reality in

Shanghai Stock Exchange and Shenzhen Stock

Exchange’s main board listed companies in 2012, and the large and medium-sized enterprises are encouraged to practice in advance. On October 11, 2011, in order to match the Basic Code and Supporting Guidance, the

Chinese Institute of Certified Public Accountants

(hereafter CICPA) issued the Opinion on Implement of

Internal control Audit Guidelines (hereafter Opinion).

The authors present the legal system’s establishment of internal control and its improvement in China, then analyze the potential problems of internal control over financial reporting during the process of execution, and further put forward improving comments and suggestions.

II . ESTABLISHMENT OF STANDARD SYSTEM

In 2006, Shanghai Stock Exchange and Shenzhen

Stock Exchange respectively released Listed Company’s

Internal Control Guidelines of Shanghai Stock Exchange

(hereafter Shanghai Guidelines) and Listed company’s

Internal Control Guidelines of Shenzhen Stock Exchange

( hereafter Shenzhen Guidelines), which require two main board listed companies to establish internal control according to these two kinds of guidelines. When disclosing the annual report, the board of directors should disclose the report of management’s assessment of the effectiveness of internal control, and disclose accounting firm’s opinions on the management’s assessment report.

These two early files, having no legal effectiveness, just acting as the standard of guiding document, and its implementation is limited to the two main board listed company.

In 2008, the Ministry of Finance, and other four ministries, together released Basic Code, which have to be carried out from July1, 2009 within the listed companies.

Large and medium-sized enterprises are encouraged to practice. The listed companies’ implementation of the

Basic Code ought to evaluate the internal control’s effectiveness by themselves, and disclose annual selfassessment report; they can also employ the accounting firm having qualification for securities, and future business to audit the validity of internal control [4] .

On April 26, 2010, the ministry of finance, etc. issued the Supporting Guidance, which is put into practice starting from 2011 in listed companies that appear on both at home and aboard market at the same time. Since 2012, it will come to reality in Shanghai Stock Exchange and

Shenzhen Stock Exchange’s main board listed company, then the small and medium-sized and pioneering plate at right time. Large and medium-sized enterprises are encouraged to practice in advance [5] .

On October 11, 2011 the CICPA issued Opinion, which provided a concrete standard for registered accountant to audit internal control, in which the internal

control specific refer to internal control over financial reporting.

III. CONSUMMATION OF STANDARD SYSTEM

The Basic Code established the framework of internal control, made the internal control target and essential elements clear as well. According to Basic Code the goal of internal control is to provide reasonable assurance of achieving objectives relating to the enterprise management as legal compliance, assets safety, the reliability of reporting and efficiency and effect, finally to promote the enterprise to realize development strategy. At the same time, Basic Code requires enterprises to establish the internal control, which shall include the following factors: internal environment, risk assessment, control activities, information and communication, internal monitoring [6] .

On April 26, 2011, in order to coordinate the execution of Basic Code, the ministry of finance, released the Supporting Guidelines for internal control, including three supporting guidance---Enterprise Internal Control

Application Guidelines (18 items), Enterprise Internal

Control Evaluation Guideline (1item), Enterprise Internal

Control Audit Guideline (1 item).

A. The Internal Control Application Guidelines

The Enterprise Internal Control Application

Guidelines play a key role in guiding and regulating internal control construction and operation.

Of it the main executive body is listed companies and non-listed large and medium-sized enterprises. The enterprises are asked to establish an internal control framework in accordance with the principle of internal control. The 18 major application guidelines released in

2008 (a total of 21, three guidelines involving the banking, securities and insurance business have not released) [7] , can be divided into three parts, namely

“internal control environment guidelines”, “internal control active guidelines”, and “means of internal control guidelines”, basically covering enterprise cash flow, material flow, human flow and information flow, and other business and matters.

“Internal Control Environment Guidelines”, is a well-designed guideline for building and running the control environment. It comprises five sections, including organizational structure, development strategy, human resources, enterprise culture and social responsibility.

They are pyramid base for establishing and maintaining the internal control, if we regard the internal control as pyramid.

“Internal Control Active Guidelines” is corresponding control activity for the specific business, including capital activities, purchasing business, assets management, sales business, research and development, engineering project, guarantee business, business outsourcing, and financial report. These nine guidelines are the main body of internal control, and the middle of the pyramid of internal control.

“Means of Internal Control Guideline” is control guidelines for implementation of the overall business and management, including overall budget, contract management, and internal information transfer and information system. These four parts are tools for implementing internal control, and they are upper part in pyramid for the internal control.

B. Enterprise Internal Control Evaluation Guidelines

The Internal Control Evaluation is essential to the

Enterprise Internal Control [8] . It regulates the enterprise internal control evaluation procedures and report, which provides a commonly-followed standard to launch the internal control self-assessment, and to improve the confidence of investors.

As the enterprise internal control evaluation guidelines state, the board of directors or the similar decision institutions are responsible for assessment. They are asked to evaluate the effectiveness of internal control overall, form evaluation conclusion, and disclose evaluation report. Accordingly, the procedures of internal control evaluation for the managers shall generally include: make evaluation work plan, composite assessment working group, implement site test, affirm control flaw, summarize evaluation result, and draw up evaluation report and so on. Enterprise may authorize the internal auditing department or special agencies to be responsible for internal control evaluation of the specific organization and implementation work. It also demands management eventually to disclose an internal control evaluation report, which shall reveal the design and the implementation status of internal environment, risk assessment, control activities, information and communication, internal supervision and other elements; and disclose the process of internal control evaluation, determination and rectification, internal control flaw, internal control effectiveness conclusion and other related content.

C. Internal Control Audit Guidelines

The Enterprise Internal Control Audit Guideline is used for regulating the internal control audit business

[9] .As it says, the principal body of responsibility of internal control audit is the public accounting firm which are entrusted to undertake the internal control audit. They audit the design and operation of the availability of internal control on the due date, usually at the end of year.

Further, it is the responsibility for the registered accountant to air their opinion on the design and operation of the effectiveness of internal control, based on the implementation of audit work.

When the certified public accountants audit the internal control, the general process is: properly plan internal control audit work, identify risk preliminary with the method of top-down implement audit [10] ; evaluate the

defects of enterprise internal control in its design and running; finally offer full audit evidence on the basis of the audit work completed, and issue the enterprise internal control audit report. When certified accountants plan the internal control audit work, they should evaluate the influence of risk issues on internal control, financial statements and audit work. Basked on risk assessment, they make a choice whether control procedures should be tested, determining the evidence required to collect; and based on the evaluation, the auditors shall judge whether to use the others’ work or not.

When implementing audit work, the certified public accountants should adopt the top-down method. First, test the control risk on entity-level and grasp the important risk areas, and work down to significant business, mainly testing important business matters and control activities.

Certified public accountants shall pay particular attention to major defects, and they ought to communicate all identified defects of internal control with management.

Finally certified public accountants shall evaluate evidence already obtained, and form opinion on the validity of the internal control. For the internal control over financial reporting, the certified public accountant shall voice their audit opinion, but major defects of noninternal control over financial reporting found during auditing process should be disclosed in the internal control audit report as an increased section, which is called “description program about non-internal control over financial reporting”.

D. The Opinion on Implementation of Internal Control

Audit Guideline

In order to regulate audit business of internal control over financial reporting and improve service quality,

CICPA issued the Opinion.

In many ways, the Opinion provides detailed operating methods for internal control over financial reporting audit [11] . For example, as for the scope of the test for control, it clearly presents the minimum testing ample size for the artificial control, automatic control and deviation. Specially, it gives the main points of final financial reporting audit process. Opinion further clarifies some of the controversial issues of the internal control over financial reporting audit. For example, as for the effectiveness of internal control over financial reporting auditing, some personages inbounds are disputing whether it is a period or a point auditing. Opinion claims, if just auditing internal control over financial reporting, certified public accountants shall obtain evidence about the effectiveness of internal control over financial reporting within a long enough period before the due date; if the internal control over financial reporting is integrated with an audit of financial statements, control testing shall cover the period as far as possible remain consistent with financial statement audit during which is to trust.

At the same time, the Opinion gives judgment for some special matters of the audit of internal control over financial reporting. Like investment, whether purchase entities should be included in the evaluation or not, when the entity emerge modification about internal control, how accountants change audit correctively, how to use the topdown method and other special item of audit, Opinion also gives explanations.

IV. PROBLEM ANANLYSIS OF IT' S EXECUTION

Relevant regulations of internal control over financial reporting produced from scratch, and gradually establish and perfect, but in the practical implementation process, it inevitably meets with some difficulties [12] .

These difficulties mainly come from two aspects, on the one hand, enterprise management level; on the other hand, system level.

A.

Enterprise Management Level

In the implementation of the internal control over financial reporting, enterprise management encounter two problems. One is the weak consciousness of internal control; the other is the lack of certain means. However, typical representation is that the enterprise can not make good use of the information management.

To some domestic management, their understanding of the internal control is intuitive. They regards the internal control as the regulations deemed to formulate and implement, neglecting the construction of the internal control environment, which results in an phenomenon that management overrides internal control. To change this situation, and improve the management’s consciousness of internal control, the author maintains that it needs to pay close attention to the following respects.

First of all, setting up a business values that management ought to maximize shareholders’ benefits. At the same time, the management should improve the following fields: organization structure, social responsibility orientation, enterprise culture construction, and so on. And a sound internal control environment is eagerly needed in the enterprise. Internal control environment is the foundation of the effective implementation of internal control. Without good control environment, the other company’s control elements will become the castles in the air.

Next, helping managers develop a profound understanding for the concept of internal control on account that some managers negatively think of internal control as red tape, which increases the management cost, worse reduces the management efficiency. Widely knowing the internal control is the escort which helps enterprise to realize their development goals. The core of internal control is pining to each other, and its realization way is not the “people over a man’’ [13] . What’s more, it depends on its control system of institutionalization, streamline, process, and finally consciously implement internal mutual contain, and ensure the safety of the assets and financial reporting reliability.

Finally, pay attention to the effective system of risk monitoring and evaluation. Many domestic enterprises lack risk management mechanism [14] , and deficiency in recognizing and dealing with the risk matters. As the internal control is designed for risk, enterprises need to have a correct grasp risk factors and its importance degree which they face, to establish and consummate the risk management mechanism, so can make the recognition and evaluation to all sorts of risk after effectively monitoring.

The information has brought great convenience for the execution of the internal control over financial reporting, and provided a broad platform for the information exchange and effective transfer of internal control, thus making some means of internal control realizable which couldn’t complete before.

Some domestic enterprise managers’ understanding of internal control remains on the artificial control level; some enterprises have a phenomenon that internal control information system does exist, but a set of perfect information system has not been established to reduce the risks when using the key information. To make full use of the convenience which well information system bring for internal control, enterprises do need some changes as the following two aspects.

First of all, the domestic enterprise should strength the effective information communication between technology sectors and the information technology sector and the business departments. Establish clear channel of communication, making the information internal control means fitted in the management of enterprise, ensuring that information technology department can completely meet the needs of the internal control.

And to establish an effective internal audit system for information technology which is to supervise the operation of information technology department.

Correspondingly, it need build safety control measures for the development, operation and change of information system, then reducing risks of information system's design and operation.

B. The System Level

The Internal Control Audit Guideline puts forward the concept of internal control over financial reporting and the non internal control over financial reporting, this is considered to be an innovation of china's internal control [15] . But regulators didn't explain and define, there was a little explain about internal control over financial reporting and non internal control over financial reporting in the file called Interpretation of Enterprise Internal

Control Supporting Guidelines by Ministry of Finance and CICPA, however, for the practice of certified public accountants it is not enough and lack of clear guidance.

The "internal control audit guide" and "opinions" lack of cohesion. The Internal Control Audit Guidelines report that the internal control over financial reporting and non internal control over financial reporting should be treated differently by certified public accountants. But the

Opinion was only for the internal control over financial reporting, and did not explain how to found the defects of the non internal control over financial reporting during auditing, and how to reflect of both in the audit report.

The Internal Control Audit Guidelines proposes two concepts of internal control over financial reporting and non internal control over financial reporting, it deems that in the audit report the certified public accountants should shown them separately, for the former issue audit opinion, for the latter's major defects need to disclose, the idea originally is to reduce the certified public accountants' audit risk through this system arrangement, remind the management responsible for internal control .But without clearing the difference between them, diminishing the responsibility of the registered accountant is impossibility in practice. When faced with the financial report litigation arising from the internal control, shareholders and creditors will not discriminate them because of the nature of audit opinions are different.

V. LOOK INTO THE FUTURE

As a starting point ,the Shanghai Guidelines and

Shenzhen Guidelines released , after the Basic Code and

Supporting Guidance, and recently Opinions released,

China's the framework of legal system on internal control over financial reporting has become increasingly perfect, especially the Opinion just issued by the CICPA , it is workable on level of concrete internal control over financial reporting audit operation.

There are many difficulties in the implementation of those regulations, as above mentioned difficulties on the execution of the internal control over financial reporting.

The author thinks that it can be improved and perfected from the following several aspects. First, construct legislation. A detailed and complete implementation plan is needed, to coordinate the relevant supporting documents of internal control over financial reporting, establish a unified and coherent legal system and a standard system. Second, for regulators it would be best to strengthen the supervision of the capital market, strict supervision the execution of the Basic Code and

Supporting Guidance [16] . Third, for the managers, it is necessary to establish training mechanism on internal control, to help them to comprehend the concept that the internal control should be institutionalization and streamline, abandon the idea of “rule by man”, pay more attention to the construction of enterprise culture environment. Finally in practice certified public accountants should pay attention to the accumulation of experience, continuously explore better way for the establishment, operation, evaluation and audit of the internal control over financial reporting.

ACKNOWLEDGMENT

First and foremost, I would like to show my deepest gratitude to my mentor, Dr. Wang, a responsible and resourceful scholar, who has provided me with valuable

guidance in every stage of the writing of this thesis. Her keen and vigorous academic observation enlightens me not only in this thesis but also in my future study.

I shall extend my thanks to my senior fellow apprentice for all his kindness and help. My sincere appreciation also goes to my lovely friends and classmates.

Last but not least, I'd like to thank all my parents and my sister for their encouragement and support.

References

[1] Sentity Ecurites and Exchange Commission, Final Rule:

Management's Report on Internal Control Over Financial

Reporting and Certification of Disclosure in Exchange Act

Periodic Reports.2002

[2] FenLing Gu. “Japan’s enterprise internal control evaluation and auditing standards and its enlightenment” (in Chinese).

China's registered accountant. 2009.01, pp. 82-85.

[3] Yu Ting Liu, Hong Wang. “Improve the effectiveness of the enterprise internal control system, and internal control over financial reporting on implementing relevant problems of certified public accountants audit”(in Chinese and Thesis or

Dissertation style). Accounting Research. 2010. no. 7, pp. 3

- 7

[4] The Ministry of Finance, Securities and Futures

Commission, the National Audit Office, the Banking

Regulation Commission, Enterprise Internal Control Basic

Code of 2008(in Chinese and regulation style).

[5] The Ministry of Finance, etc issued the Supporting Guidance for Basic Code of Enterprise Internal Control (in Chinese and regulation style) 2008.

[6] Long Ping Zhang, Zou Xi Chen. “The internal control over financial reporting of the auditing theory analysis” (in

Chinese). Audit Monthly. 2008, no. 12. pp.11 - 13

[7] Min Yuan. “Internal control over financial reporting: the

American experience and reference”(in Chinese and Journal style). Shanghai Li Xin accountant college journal

(bimonthly.) 2009, no.35, pp 44-51

[8] Stephen Bryan.

“ Characteristics of Firms with Material

Weaknesses in Internal Control: An Assessment of Section

404 of Sarbanes Oxley (Available at SSRN: http://ssrn.com/abstract=682363) ” , March ,2005.

[9] MingHui Li, Yan zhang. The listed company's internal control audit paper-and some problems on our country's internal control verification for guidance. Audit and

Economic Research. 2010, no.2 pp 39-44

[10] Gopal V. Krishnan and Gnanakumar Visvanathan.

“Reporting internal control deficiencies in the post-

Sarbanes Oxley ear: the role of auditor and corporate governance (Presented Conference Paper style)” .Annual

Meeting of the American Accounting Association in 2005.

[11] Chinese Institute of Certified Public Accountants issued

Opinion on Implementation of Internal control Audit

Guidelines (in Chinese) 2011.

[12] YouHong Yang. Try to talk about the financial report of the internal control a few questions (in Chinese and Journal style)”. Financial Supervision. 2009. no.01,pp.20-22

[13] Er Si Xiao. “Implementing internal control over financial reporting auditing of the basic ideas (Thesis or Dissertation style)” (in Chinese). Accounting Study. April 2010. pp 42-

43

[14] Ji Zhang. “ The internal control principle and application research

Book style

)”

(in Chinese).in Beijing Chemical

Industry Press, 2009,pp. 3-21

[15] You Hong Yang, Hong Wang, “ Long Ping Zhang , Guang

Zhong Liu. Enterprise internal control self evaluation and audit-operation guidelines and typical case studies(Journal style) ” (in Chinese).in Dalian Press. 2010, pp. 81-84

[16] Long Ping Zhang, Zuo Xi Chen. “Our country's internal control over financial reporting construction research

(Thesis or Dissertation style)” (in Chinese).Audit Monthly, no. 7, 2009, pp. 18-20

Download