On April 22, 2024, a notification on revisions to the “Regulations Governing Establishment of Internal Control Systems by Public Companies” was published on the Law Source Retrieving System of Taiwan, the official journal of Taiwan.
The regulations – which set out requirements of public companies regarding the establishment of internal control systems – cover a number of relevant issues in that regard, including
the establishment and documentation of corresponding policies and procedures which also includes the assignment of duties & responsibilities,
the criteria to name an independent internal auditor to perform a monitoring function in that regard, and
the performance of and requirements pertaining to the self-assessments of firms and their internal control systems.
The latest revised version contains modifications to Articles 8, 13, 39, and 47 relating to the following: Article 8 sets out a list of matters and activities for which a public firm shall have control systems in place such as the management of related party transactions, the supervision of subsidiaries, or the public disclosure of information.
Article 13 relates to the obligations of the internal audit or compliance unit of a publicly listed firm. Specifically, it requires compliance units to formulate an annual audit plan based on its own risk assessment of the company’s operation. This audit plan must cover matters such as compliance with laws and regulations or the handling of major financial activities or remuneration of key personnel. The plan must subsequently be approved by the board of directors, and if independent directors are present, their opinions should be considered and recorded. Article 13 also requires that audit reports and related materials be retained for at least five years.
Article 39 deals with the controls that should be specifically in place as regards the supervision of subsidiaries. In detail, the Article requires the parent company to establish a clear organizational structure, including director selection and responsibility assignment, develop a unified business strategy and risk management policies, establish policies and procedures for business operations, accounting, and financial management, and set rules for supervising and managing significant financial and business decisions of each subsidiary, including investments, borrowing, and major contracts.
Article 47 only stipulates the effective date.