||Regulations Governing the Establishment of Internal Control Systems by Service Enterprises in Securities and Futures Markets(2007.12.18)
In addition to setting out control activities for different transaction cycles based on the nature of its business, a service enterprise shall also consider its actual needs and include controls over the following activities in its internal control system:
1. Seal use management.
2. Management of the receipt and use of negotiable instruments.
3. Budget management.
4. Property management.
5. Management of endorsements/guarantees.
6. Management of liability commitments and contingencies.
7. Delegation of duties and implementation of deputy system.
8. Management of financial and non-financial information.
9. Management of related party transactions.
10. Management of preparation process of financial statements.
11. Supervision and management over subsidiaries.
12. Compliance system.
In addition to controls over the activities under the preceding paragraph, a service enterprise that is a public company shall also include in its internal control system the management of procedure for board of directors meetings.
A service enterprise's internal audit unit shall, based on the results of the risk assessment, prepare an annual audit plan which, except as otherwise required by the competent authority, shall include matters to be audited monthly; the internal audit unit shall scrupulously implement the annual audit plan, so as to inspect its internal control system, and prepare audit reports annexed with working papers and relevant materials.
A service enterprise shall include as audit items in its annual audit plan for each year the control activities for major financial or business activities, such as for acquiring or disposing of assets, engaging in derivatives transactions, management over making endorsements/guarantees for others, and management over related party transactions, as well as supervision and management over subsidiaries and inspection of information and communications security.
In addition to the audit items under the preceding paragraph, a service enterprise that is a public company shall also include in its annual audit plan for each year the management of procedure for board of directors meetings.
A service enterprise shall have its annual audit plan, and any amendments thereto, passed by the board of directors.
Where a service enterprise has established the position of independent director, when it submits its annual audit plan for deliberation by the board of directors pursuant to the preceding paragraph, the board of directors shall take into full consideration each independent director's opinion; when an independent director has an objection or reservation, the objection or reservation shall be recorded in the minutes of the meeting of the board of directors.
The audit reports, working papers, and relevant materials under paragraph 1 shall be retained for no less than five years.
When conducting self-inspections of its internal control system, a service enterprise shall, except as otherwise required by the competent authority, first arrange for self-inspections by all internal departments and subsidiaries on an at least annual basis, have its internal audit unit review each unit's self-inspection report, and submit the self-inspection reports, together with the reports on the correction of deficiencies and irregularities of the internal control system identified by the audit unit, as a primary basis for the board of directors and general manager to evaluate the overall effectiveness of the enterprise's internal control system and to produce a Statement on Internal Control.
The self-inspections under the preceding paragraph shall be recorded in working papers that shall be retained, together with the self-inspection reports and relevant materials, for no less than five years.
A unit responsible for legal and regulatory compliance shall carry out the following activities:
1. Establish clear and adequate systems of advocacy of laws and regulations, consultation, coordination, and communication.
2. Ensure that procedural and managerial bylaws are updated in a timely manner in response to applicable laws and regulations, so that operations are in compliance with all laws and regulations.
3. Formulate the content of and procedures for assessing compliance with laws and regulations and monitor the periodic self-assessment of the implementation thereof by each unit.
4. Administer adequate and proper legal training on laws and regulations to personnel of each unit.
5. Monitor the compliance by overseas branch units with the laws and regulations of the host country in which they are located.
6. Carry out such other activities as may be required by the competent authority.
Self-assessment of compliance with laws and regulations shall be performed no less frequently than annually, with the results delivered to the compliance unit for future reference. The head of a unit shall designate a person responsible for performing self-assessment within that unit.
Working papers and materials in connection with the self-assessment under the preceding paragraph shall be retained for no less than five years.