Internal Control Research Based On Third-party Compliance Management

In 2002,the year after the Enron Event,the United States passed the “Sarbanes-Oxley Act”(SOX Act)to strengthen regulation of enterprises globally.At the same time,in order to solve the problem of global anti-corruption,the United States gradually started global anti-corruption governance through the “Foreign Corrupt Practices Act”(FCPA).China's regulation in this field has also been strengthened these years.Under the guidance of the Ministry of Finance,China has also promulgated a series of laws and regulations to enhance enterprise internal control,including “Law of the People's Republic of China Against Competition by Inappropriate Means” and “Basic Specification of Enterprise Internal Control”.With the promotion of global anti-corruption and anti-unfair competition regulation,regulators in various countries have gradually extended their supervision to company's related third party partners.As an industrial product manufacturer,Dealer and Subcontractor models are key for Company C's operation.The number of third-party agencies that have long-term cooperative relationship with it in China is comparatively large,quite some non-compliant issues have already incurred these years.Therefore,it is urgent to take the initiative to strengthen supervision of Company C's third parties,prevent the potential risk and loss due to their misconduct.This research of internal control of Company C mainly focuses on the aspect of compliance management,especially on governance over its third parties,which is a relatively new field.Through this study,a series of possible measures and solutions in this field have been put forward for Company C.It can also be utilized as a valuable reference for all enterprises facing the similar issue.Organizational structure wise,it is necessary for Company C to establish an independent function to centralize the relevant work with third-party governance.This function needs sufficient independence and authority to supervise all business processes related to third-party monitoring.Comprehensive supervision starts from the third party background inspection,evaluation,on-boarding certification,to determination of cooperative mode and signing of relevant documents.Also it includes docking of business processes,settlement of cost,and feedback of third-party related services.In order to improve its third-party supervision,company C shall design and formulate business processes,internal control policies and governance mechanism according to the motivation of compliance violations.Although,on the whole,most of the violations occurred are related with the transmission of interests.While,motivation and subjects could be still different.First category is about enterprise or department.That is,company or third-party agency or its department could be the subject of violations.Such violations often target to the performance.Its purpose is generally to pursue the achievement of business performance target.Second category is about person.In this case,purpose of violation is to illegally encroach on the company interests.Company C shall take into consideration of both as the starting point to re-engineering the business and internal control process.We hope to set the necessary checks and balances management throughout the company,so as to ensure the appropriate company level third-party governance.From company policy and process perspective,relative improvement,especially those related with third parties,could minimize the risk of non-compliance.Compared with the formulation and re-development of the policy and process,implementation is more important.When establishing a cooperative relationship with third parties,necessary policy promotion and migration is also a means that can be considered.Finally,from technical perspective,here introduces Robotic Process Automation(RPA).It can support to circumvent the restrictions and interference of some human factors in internal control and compliance management.Meanwhile,it can also improve the efficiency and balance the cost and benefit to reach the expected result.In short,all the internal control and compliance improvement proposals of Company C are targeted to minimize the risk of third party non-compliance.With the consideration of balancing of cost and benefit,it can help to drive a more efficient and effective internal control environment.Proposals in this research can also provide a valuable reference for other companies with similar situations,especially for multinational companies in China as well as Chinese companies that are going to expand to over-sea market.