Strengthen Internal Control Management to Ensure Smooth Operation of Listed Companies

Jiang Chunqian (Independent Director of Xingfa Group)

Since China's enterprises have fully implemented internal controls since 2006, listed companies' internal control management has gradually improved. The CSRC, local securities regulatory bodies, the Shanghai Stock Exchange, and listed company associations have all raised their requirements for internal control management. Various training sessions, inspections, and penalties for non-compliance have been conducted. It is clear that China's listed companies' internal control management quality is gradually improving. However, some listed companies still face problems with internal control, and the problems are repeatedly discovered during audits.

Internal audit is an important process in internal control management, which should be valued by a listed company's board of directors and audit committee. Internal audit serves as a guardian that detects potential problems without any related personnel reporting them.

Many listed companies' internal audits are merely perfunctory, with management not taking internal audit seriously, and the internal audit department fearing to offend anyone and thus avoiding issues. This has led to lax internal control management.

Examples of internal audit deficiencies include:

For instance, ST Longyu (Longyu's withdrawal) occupied 9.18 billion yuan in non-operating funds, with 8.68 billion yuan still outstanding. Longyu has received a notice to withdraw from the market.

Through Longyu's disclosure, it can be seen that the company's funds were misappropriated through related transactions and multiple rounds of transfers. Not only did the internal control personnel and financial department fail to reflect this, but also the internal audit department was silent on the issue, and the annual internal control evaluation report did not reveal any problems.

Longyu's internal control deficiencies are reflected in several aspects:

One is that related-party transactions have lost control. There have been large-scale transactions without review or disclosure, and there are significant defects in the internal control over fund flows.

Two is that financial reports have become false. Due to related-party transactions and irregularities in documentation, the company has had to correct accounting errors for its 2018-2023 financial statements, with a large-scale related-party transaction not disclosed, and there are doubts about business independence.

Three is that the supervisory mechanism has failed. The audit committee and independent directors have been unable to timely detect or prevent fund misappropriation, while the internal audit department has failed to monitor fund flows effectively, and the internal audit department has not discovered related-party transactions, violations of procedures, or failures to disclose.

Internal audit upholds principles, playing a role in maintaining internal control and exposing problems: for example, WorldCom (USA), a company that was once America's fourth-largest enterprise and the leader in the telecommunications industry. However, it secretly cooked its books because of internal audit's persistence in uncovering the truth. The main problem finder was internal auditor Cynthia Cooper.

Her discovery process was as follows:

1.? Key finders:? Cynthia Cooper, an internal auditor at WorldCom, initially discovered financial fraud through an unusual check.

2.? Reporting process:? She reported to the CEO and then persisted in reporting to the audit committee, ultimately exposing 38.5 billion dollars of accounting fraud (30.6 billion dollars in fiscal year 2001 and 7.9 billion dollars in the first quarter of 2002).

3.? Event impact:? Her report directly led to the SEC's investigation, which ultimately resulted in WorldCom filing for bankruptcy protection on July 21, 2002.

The new CEO, who took over in June 2002, confirmed the accounting violations through an internal audit (June 2002).

The SEC launched an investigation into the company's merger event in March 2002 and found facts.

WorldCom's internal audit played a real role in discovering and supervising, ultimately exposing the fraud committed by related parties. The original CEO and finance director were both punished. WorldCom's internal audit also protected the interests of small investors and maintained the integrity of the capital market.

How can internal audit personnel do a good job in internal audits? Internal audit personnel should conduct thorough investigations on internal control systems, survey environmental controls, and investigate sales, logistics, procurement, and warehousing. They should also test, verify, and investigate accounts payable, accounts receivable, investment, and asset purchase and sale transactions. In related-party transactions, they should carefully review approval procedures and necessity.

Internal audit personnel should also be straightforward and clever: being straightforward means being brave enough to take responsibility, uncover problems, and not bow to pressure or fear; being clever means being able to avoid one's own limitations, making it difficult for knowledgeable people to bypass you, allowing you to gain insights and relevant information and materials.

After discovering a problem, it is necessary to report it promptly to management and the audit committee. If faced with obstruction, even direct reporting to regulatory authorities may be required.

In terms of internal control construction for listed companies, we cannot be careless or abandon principles, blocking all illegal activities and risks, in order to ensure that listed companies operate smoothly and maintain solid internal controls.

This column is a personal view of the author.