• Font Size:
  • S
  • M
  • L

Relevant Laws

Title:Regulations Governing Establishment of Internal Control Systems by Public Companies (2022.12.15)
Article 4     A public company shall set out its internal control systems, including internal audit implementation rules, in writing, and have them passed by the board of directors. If any director expresses dissent, where stated in minutes or in a written statement, the public company shall submit the dissenting opinions to each supervisor together with the internal control systems approved by the board of directors; the same shall apply to any amendment thereto.
    If a public company has established the position of independent director, when it submits its internal control systems for discussion by the board of directors pursuant to the preceding paragraph, the board of directors shall take into full consideration each independent director's opinions; the independent directors' specific opinions of assent or dissent and the reasons for dissent shall be included in the minutes of the board of directors' meeting.
    If a public company has established an audit committee, the adoption of or any amendment to the internal control system shall require the approval of the audit committee, and shall be submitted to the board of directors for a resolution.
     If the adoption or amendment under the preceding paragraph is not approved by the audit committee, it may be done with the approval of at least two-thirds of the entire board of directors, and the resolution of the audit committee shall be recorded in the minutes of the directors meeting.
Article 6     A public company's internal control systems shall comprise the following constituent elements:
  1. Control environment: Control environment is the basis of the design and implementation of internal control system across the company. Control environment encompasses the integrity and values of the company, governance oversight responsibility of the board of directors and supervisors, organizational structure, assignment of authority and responsibility, human resources policy, and performance measures and reward and discipline. The board of directors and management shall prescribe internal standards of conduct, including the adoption of a code of conduct for directors and a code of conduct for employees.
  2. Risk assessment: A precondition to risk assessment is the establishment of objectives, linked at different levels of the company, and with the suitability of the objects for the company taken into consideration. Management shall consider the impact of possible changes in the external environment and within its own business model that may render internal control ineffective.. The risk assessment results can assist the company in designing, correcting, and operating necessary control activities in a timely manner.
  3. Control activities: Control activities are the actions of carrying out policies and procedures taken by the company on the basis of risk assessment results to limit relevant risks to a sustainable level. Control activities shall be performed at all levels of the company, at various stages within business processes, and over the technology environment, and shall include supervision and management of subsidiaries.
  4. Information and communications: Information and communication means the relevant and quality information that the company obtains, generates, or uses from both internal and external sources to support the functioning of other components of internal control, and the capability of effective communication between the company and external parties. Internal control systems must have mechanisms for generating information necessary for planning, implementation, and monitoring and providing timely information to those who need it.
  5. Monitoring activities: Monitoring activities means ongoing evaluations, separate evaluations, or some combination of the two used by the company to ascertain whether each of the components of internal control is present and functioning. Ongoing evaluations means routine evaluations built into the course of operations at different levels of the company. Separate evaluations are evaluations conducted by different personnel such as internal auditors, supervisors, or the board of directors. Findings of deficiencies of the internal control system shall be communicated to the management at appropriate levels, the board of directors, and the supervisors, and improvements shall be made in a timely manner.
    A public company designing and operating its internal control systems or carrying out self-assessment, or a certified public accountant (CPA) retained to conduct a special audit of the company's internal control systems, shall fully consider the constituent elements enumerated in the preceding paragraph, and, in addition to the criteria prescribed by the Financial Supervisory Commission (FSC), shall add additional items as dictated by actual needs.
Article 15     After having presented the audit and follow-up reports, a public company shall submit the same for review by the supervisors by the end of the month next following the completion of the audit items.
    A public company's internal auditors discovering any material violation or any likelihood of material damage to the company shall promptly prepare and present a report and notify the supervisors.
    If a public company has independent directors, when complying with the preceding two paragraphs, it shall simultaneously submit the materials or notification to the independent directors.
Article 16     The internal auditors of a public company shall be detached, independent, objective, and impartial, in faithfully performing their duties, and shall exercise due professional care, and in addition to reporting their audit operations to each supervisor on a regular basis, the internal audit officer shall also attend and deliver a report to a board of directors meeting.
    The internal auditors shall perform their duties in good faith and shall not do any of the following:
  1. Conceal or make false or inappropriate disclosure of any the company's business activities, reporting, or compliance with applicable laws, regulations, and bylaws, knowing that they have caused direct damage to an interested party;
  2. Damage any right or interest of the company or any interested party through neglect of duty;
  3. Act beyond the scope of audit functions or engage in other improper activity, with the intent to gain illegal benefit for him/herself or a third party, violate the auditor’s duties or embezzle company assets.
  4. Conduct an audit on a department where he/she worked within the past 1 year.
  5. Fail to recuse him/herself from auditing of cases in which he or she has a personal interest or has a conflict of interest.
  6. Fail to audit any matter as instructed by the FSC or provide relevant information; or
  7. Provide, promise, request, or accept, directly or indirectly, unreasonable gifts, entertainment, or any other improper benefits in whatever form.
  8. Any other activity in violation of any act or regulation or prohibited by any rule of the FSC.
Article 39     A public company shall execute at least the following control activities when supervising and managing its subsidiaries' business management:
  1. Establish an adequate organizational control structure between it and each subsidiary, including the election of, the assignment of authority and responsibility to, and the remuneration policy and system for the subsidiary's directors, supervisors, and high-level managers.
  2. Set out overall business strategies, risk management policies, and guidelines applicable to it and its subsidiaries, as a basis for each subsidiary to map out business plan and risk management policies and procedures for relevant business operations.
  3. Set forth policies and procedures applicable to it and each subsidiary in relation to business segmentation, liaison regarding order placement, materials preparation methods, inventory allocation, conditions for accounts receivable and accounts payable, and account processing.
  4. Set forth policies and procedures for supervising each subsidiary's material financial and business matters such as business plan and budget, material investment and reinvestment in equipment, borrowings and debt, lending of funds to others, endorsement/guarantees, obligations and commitments, investment in securities and derivatives, important contracts, major changes in assets, and management of the adoption of the International Financial Reporting Standards (IFRSs), the accounting professional judgment process, and the process for changes in accounting policies and accounting estimates.