Listed companies on the mainland appear to be demonstrating a better grasp of internal control and risk management, especially since the economic downturn, while their counterparts in Hong Kong are lagging, according to a Deloitte enterprise risk services practice survey this year.
Much of the emphasis on internal control is tied to the United States introduction of the Sarbanes-Oxley Act, which triggered a tightening of corporate governance rules around the world.
Local versions of the legislation have since been implemented in South Korea and Japan, and the mainland's first enterprise risk management standard, for example, came into effect from July 1 and applies to all listed companies.
In Hong Kong, a greater focus on internal controls has been driven by regulatory requirements. For example, the sponsor of a company preparing to list must now perform internal control due diligence work in accordance with Practice Note 21, which typically covers the company's internal controls in financial, operational and compliance risks.
Hong Kong's Code on Corporate Governance, which came into effect in 2005, also contains a provision that requires boards of listed companies to perform a risk assessment on an annual basis, declare their completion of this assessment and confirm the effectiveness of the company's internal control systems in its annual report.
While there is general awareness of internal control among listed companies in Hong Kong, its effectiveness in practical terms is dependant on management's attitudes towards risk management, according to Patty Wu, partner in internal audit, risk and compliance services at KPMG China.
