Last year, companies listed on the Hong Kong stock exchange were required to adopt an updated code of corporate governance practices intended to bring them into line with international standards. The regulations have now gone a step further by implementing new code provision C.2.1, which became effective from 2006, under which company directors must perform an annual review of the effectiveness of their internal control systems.
These tighter regulations may cause some extra work, but they have also created a golden opportunity for companies to re-evaluate their objectives and risks as a means of improving overall business performance. "At first glance, implementation of the Hong Kong code is a compliance issue," says Stephen Lee, partner in charge of risk advisory services at accountancy firm KPMG. "However, we look beyond that mindset to assist clients to enhance their business performance by formalising the way they manage their risks. We help our clients adopt the code in a way that supports sustainable value across all areas of the business."
We have many different approaches for guiding clients through the issues
Code provision C.2.1 requires a review of internal controls used in operations, finance, risk management and general compliance functions. When checking their own practices, companies can identify any existing deficiencies and pinpoint areas where they are exposed to unnecessary risks. In some areas, the controls to mitigate risks may exist, but not be cost effective. "The client can really gain value from the whole compliance journey by picking up on critical risks, deciding how to manage them, and potentially generating greater efficiencies as a result," explains Derek Jackson, KPMG's senior manager for internal audit and risk management services. "If a company can demonstrate that it has lowered its risk profile and understands critical internal controls then it may become a more attractive target for investors."
For the Hong Kong code to be fully effective, companies must implement it properly, not simply pay lip service. The code stipulates that a clear corporate governance framework must be in place, but does not specify exactly how a company must apply it. "The main problem may be that not all listed businesses will take the issue as seriously as they should," says Mr Lee. "People can just treat the code as a box ticking exercise if they want, but if they take that approach it will only be a cost to their business and they will see little or no benefit."
To get the most out of the compliance process, the whole organisation should share the same mindset and want to improve the business by creating greater accuracy and transparency in management procedures. "We have many different approaches for guiding clients through the issues," Mr Lee explains. KPMG has even been approached by many trade associations and similar organisations to deliver training in risk management and corporate governance.
"The clients we work with embrace our methodology and often tell us they enjoy the lateral thinking needed to identify all their potential significant risks," says Mr Jackson.
Falling into line Provision C.2.1 of the Hong Kong code of corporate governance practices means listed companies must perform an annual review of internal controls
Tougher compliance requirements are intended to help Hong Kong companies match international standards
When reviewing their internal procedures, companies should take the opportunity to introduce internal control improvements
Advice from experienced compliance, internal audit and risk management professionals helps to increase transparency and promote investor confidence