In addition to setting out control activities for different operating cycles based on the nature of its business, a service enterprise shall also consider its actual needs and include controls over the following activities in its internal control system:
In addition to controls over the activities under the preceding paragraph, a service enterprise that is a public company, or that is designated by the competent authority, shall also include in its internal control system the management of procedure for board of directors meetings and the management of shareholder services.
- Seal use management.
- Management of the receipt and use of negotiable instruments.
- Budget management.
- Property management.
- Management of endorsements/guarantees.
- Management of liability commitments and contingencies.
- Delegation of duties and implementation of deputy system.
- Management of financial and non-financial information.
- Management of related party transactions.
- Management of the preparation process of financial statements, including management of the application of International Financial Reporting Standards, procedures for professional accounting judgments, and processes for making changes in accounting policies and estimates.
- Supervision and management over subsidiaries.
- Compliance system.
- Management of financial examination reports.
- Management of protection of financial consumers, provided this does not apply to the enterprises that are excluded under Article 3, paragraph 2 of the Financial Consumer Protection Act.
- Management of personal information protection.
- Handling of material events (e.g. a material violation, or a likelihood of suffering material loss).
- Whistleblower system.
The internal control system of a service enterprise that has established an audit committee pursuant to the provisions of the Securities and Exchange Act shall include the management of audit committee meeting operations.
The internal control system of an enterprise whose stocks are already listed or traded over-the-counter at securities firms shall include controls over the following operations:
If a service enterprise is a financial institution as defined in the Money Laundering Control Act, its internal control system shall include mechanisms for preventing money laundering and countering terrorism financing, and shall include management of compliance with applicable laws and regulations, including mechanisms for managing the identification and measurement of, and monitoring for, money laundering and terrorism financing.
- Management of the operations of the remuneration committee.
- Management of the prevention of insider trading.
A service enterprise under the preceding paragraph which has established a domestic or foreign branch office (or subsidiary) shall formulate an overall group plan for preventing money laundering and countering terrorism financing, including policies and procedures for information sharing within the group for the purpose of preventing money laundering and countering terrorism financing that are in accordance with the laws and regulations of the place where the branch office (or subsidiary) is located.