• Font Size:
  • S
  • M
  • L

Amendments

Title:

Regulations Governing Establishment of Internal Control Systems by Public Companies  CH

Amended Date: 2024.04.22 

Title: Regulations Governing Establishment of Internal Control Systems by Public Companies(2022.12.15)
Date:
Article 24     A company conducting initial public issuance of its stock, or a public company, shall conduct annual self-assessment of the design and operating effectiveness of its internal control systems, and, except as otherwise provided by the FSC, shall publicly announce and report the Internal Control System Statement on the websites designated by the FSC within 3 months from the end of each fiscal year in the prescribed format.
    Where a public company has established an audit committee, the design and operating effectiveness of the internal control system as referred to in the preceding paragraph shall be subject to the approval of the audit committee, and the provisions of Article 4, paragraph 4 shall apply mutatis mutandis.
    The Internal Control System Statement referred to in paragraph 1 shall be passed by the board of directors. The same shall apply to any amendments thereto, and the company furthermore shall publicly announce the reasons for and content of the amendments on the websites designated by the FSC within 2 days counting inclusively from the date of passage by the board of directors.
    The Internal Control System Statement referred to in paragraph 1 shall be published in the company's annual report, public offering and issuance prospectus, and other prospectuses in compliance with relevant regulations.
Article 25     The engagement of a CPA by a public company, or the appointment thereof by the FSC pursuant to Article 38-1 of the Act, to conduct a special audit of the company's internal control systems shall be governed by these Regulations and other applicable laws and regulations; matters not provided for therein shall be handled in accordance with the Standards on Assurance Engagements issued by the Accounting Research and Development Foundation (the "Standards on Assurance Engagements").
Article 30     When auditing the internal control design and operation of a public company and the matters represented in the Internal Control System Statement produced by the audited company, the CPAs shall provide reasonable assurance, and collect sufficient and appropriate evidence to reduce their attestation risks to an acceptable degree, and shall comply with the following matters:
  1. Special audits shall be conducted by professionally trained and competent CPAs.
  2. CPAs shall possess adequate knowledge of the matters represented in the Internal Control System Statement produced by the audited company.
  3. CPAs shall have the ability to assess statements or internal control systems of the audited company consistently by using reasonable assessment items as standards before accepting audit engagements. The above-stated standards shall be prescribed by the FSC or by an authoritative institution.
  4. In affairs relating to special audits, CPAs shall maintain an attitude of rigor and impartiality and a detached and independent viewpoint.
  5. CPAs shall exercise all due professional diligence when conducting special audits.
  6. Special audits shall be carefully planned and assistants, if any, shall be properly supervised.
  7. CPAs shall obtain sufficient and appropriate evidence regarding the effectiveness of each constituent element of the internal control systems, to provide a reasonable basis on which to form a conclusion on the audited company's internal control systems.
  8. The preparation and retention of the working papers of special audits shall be handled in compliance with Standard on Assurance Engagements 3000.
  9. The issuance of the internal control system audit report shall be handled in compliance with Standard on Assurance Engagements 3000.
Article 31     CPAs retained to conduct special audits of internal control systems of a public company shall conduct such procedures in four stages:
  1. Planning:
    1. Obtain written records of the audited company's board of directors' and managers' control objectives and internal control system policies and procedures, and other necessary information.
    2. Formulate an audit plan. The following factors at least shall be taken into consideration: the characteristics of the industry to which the enterprise belongs, information obtained when undertaking work under other engagements with the audited company, the condition of the audited company and recent changes in it, evidence available to the CPAs, the nature of specific internal control system procedures and the importance of such procedures to the overall internal control systems, preliminary assessment of the effectiveness of the overall internal control systems, differences among various operating locations, degree of centralization, transactions executed and the control environment, and the materiality/significance level and control risk in connection with the internal control system that are acceptable to the CPAs.
  2. Gaining an understanding of the internal control system:
    CPAs may use means such as inquiry, inspection, and observation to gain an understanding of the internal control system of the audited company, by which to assess the effectiveness of the internal control system.
  3. Assessing the effectiveness of the design of the internal control system:
    1. When assessing the effectiveness of the design of the audited company's internal control system, CPAs shall collect evidence regarding the effectiveness of the design. Methods for collecting such evidence include inquiry, inspection, and observation.
    2. When assessing the effectiveness of the design of the internal control system, CPAs shall focus on whether the overall internal control system achieves a given goal rather than whether any given specific operation of the internal control system is inappropriate.
    3. When engaged only to evaluate the effectiveness of the design of the internal control system, CPAs shall conduct necessary control tests based on actual needs.
  4. Testing and assessing the operating effectiveness of the internal control system:
    1. CPAs shall conduct control tests to collect evidence regarding the operation of the internal control system to provide a basis for assessing the operating effectiveness of the internal control system.
    2. Methods for conducting control tests by CPAs include inquiry, inspection, observation, and re-testing. Control tests shall be conducted until sufficient and appropriate evidence has been collected. Evidence collected by the audited company during self-assessment of the internal control system shall not be substituted directly for evidence to be collected by the CPAs.
    3. Whether the evidence collected by CPAs is sufficient and appropriate is affected by the following factors: the nature of the audited company's internal control procedures, the importance of the internal control procedures to attainment of the control objectives, the probability of violation of control procedures by the audited company, the nature and extent of control tests already conducted by the audited company, and the CPAs' preliminary assessment of the effectiveness of the control procedures. CPAs shall also execute necessary procedures and collect necessary evidence regarding subsequent events during the post audit period.
Article 32     (Deleted)
Article 33     (Deleted)
Article 34     Where appointed by the FSC pursuant to Article 38-1 of the Act, CPAs failing to acquire the audited company's Statement about the internal control system at issue shall provide reasonable assurance with respect to the audited company's internal control design and operating effectiveness, and issue an audit report in compliance with Standard on Assurance Engagements 3000.
Article 35     (Deleted)
Article 47     These Regulations shall come into force from 1 January 2015. The amendments to these Regulations shall be enforced from the date of issuance, with the exception of the articles amended on 15 December 2022, which shall come into force from 1 January 2023.