China’s Basic Standard For Enterprise Internal Control – Your Path to Compliance – Regulatory Compliance

China’s Basic Standard for Enterprise Internal Control (“C-SOX”) comes into effect soon and many companies are therefore starting to implement this regulation. While the prospect of adopting new corporate governance and risk management standard may seem daunting, there are some simple steps that companies can take to get a head start on the project. Companies that start implementing C-SOX early will gain competitive advantage and save significant money and resources over the long run. The keys to a successful implementation are to enlist the support of the entire organization, and to set out a reasonable strategy and timeframe for the project.To get the most from a C-SOX project, it is critical to understand that compliance is a continual process, not a one-time initiative. This article will show how you can get started with the C-SOX process to ensure success.The Basic Standard for Enterprise Internal Control was announced in 2008 and is sponsored by the Ministry of Finance, China Securities Regulatory Commission, the National Audit Office, China Banking Regulatory Commission and China Insurance Regulatory Commission. The purpose of the new regulation is to increase the effectiveness of internal controls in listed Chinese companies, thus reducing risks for companies and their stakeholders.The new rule requires companies listed on the Shanghai or Shenzhen exchanges to conduct self-evaluations of their internal controls, publish an evaluation report on an annual basis and hire qualified agencies to audit the effectiveness of their internal controls. The Basic Standard will apply to over 900 companies listed on the Shanghai Stock Exchange and about 800 companies listed on the Shenzhen Stock Exchange.The backbone of Basic Standard for Enterprise Internal Control is the COSO risk framework, which establishes a broad definition of internal control extending to all parts of an organization. It lists five key control elements:1. Internal environment – the foundation for all other components of internal control
2. Risk assessment – identification and analysis of risks to the achievement of company objectives
3. Control activities – the policies and procedures that help ensure that directives are executed
4. Information and communication tools – systems to store and exchange information in support of business objectives
5. Internal monitoring – process of assessing the quality of internal controlsThe purpose of assessing the internal controls and corporate governance is to obtain sufficient knowledge of the control environment to understand the management’s attitudes, awareness and actions concerning the factors of the control environment.The Basic Standard for Enterprise Internal Control requires that listed companies:o Include the five control elements when establishing and implementing effective internal control
o Establish and implement internal control policies
o Establish a suitable business management information technology system with embedded controls
o Set clear policies on the rewards and disciplines related to the proper implementation of internal control. Effectiveness of internal control implementation should be treated as a key element of performance appraisals for department and staff levels
o Perform self-assessment of the effectiveness of its internal control on a periodic basis and issue control self-assessment reportsImplementing C-SOX is a change management initiative that can have a significant positive impact on the company. However, in order to do so, companies must take certain steps and make sure they have a clear strategy.Starting the C-SOX compliance process does not have to be difficult. A high level of visibility and support from the executive team will provide the urgency needed to quick start rolling out training programs and gathering internal resources. Putting these foundations in place early removes time pressure from the compliance project and will give the company a strong basis in risk management and internal controls going forward. In particular, making the effort to develop a culture of risk awareness will pay off through better existing processes, reduction of errors, and increased employee engagement. Companies that begin now will see improving margins, increases in efficiency and growing market respect.The Basic Standard for Enterprise Internal Control is still evolving and final implementation guidelines are not yet available. However, companies should take advantage of this time to seek the benefits to improved risk management and internal control systems.

Outsourcing Regulatory Affairs Services – Regulatory Compliance

Outsourcing Regulatory Services:For companies exploring the prospects of the global marketplace, understanding each country’s regulatory requirements can be a difficult and time consuming task. With the changing regulatory scenarios of many developed and less developed nations, companies are finding it difficult to maintain the required in-house regulatory staff to ensure compliance across borders.These significant changes in government regulations, market conditions and technology is forcing pharmaceutical and biotechnology companies of all sizes to embrace new business models that focus on outsourcing of various regulatory activities to reduce the pressure on their in-house team.Drivers for Outsourcing: Many factors contribute to the growth of outsourcing opportunities, with the most obvious and frequently cited being cost savings. Outsourcing to India, China and other countries with cheap labor can commonly help companies realize cost savings of 30-60%. Other considered drivers for outsourcing regulatory activities include: flexibility, risk and security, regulatory impact, timely market approvals, increased process speed, reducing time constraints in-house resources, and gaining access to broad global expertise and experience.Among all the above listed factors, it has been estimated that cost savings is the driving factor for around 80% of companies that decide to outsource regulatory affairs services to an external partner. Companies themselves are finding that by outsourcing routine functions, their in-house resources are able to focus on more strategic and value-added activities, such as regulatory planning for new drug developments and more technical medical writing tasks.Factors to Consider when Outsourcing:Regulatory affairs activities can range from simple tasks to very complex projects involving detailed consultation with relevant regulatory bodies and/or concerned health agencies. Successful outsourcing lies in finding a partner that is able to understand and adapt to an organization’s needs and goals, while performing the functions efficiently and in a timely manner. The following factors play important roles in selecting a partner for outsourcing: experience, flexibility, effective communication, confidentiality, infrastructure, technology, resources, quality of services delivered, cost benefit, accountability and geographic location/competencies.Emerging Models for Outsourcing Regulatory Affairs Activities:Functional outsourcing of regulatory affairs is currently performed by many companies and is a growing industry trend. For small or growing companies it serves as a method to bring extensive regulatory expertise into an organization in a cost effective manner. Since all companies are facing tough times in the current economic climate, various outsourcing models are being utilized for regulatory affair activities.A few common models for outsourcing regulatory affairs services are:

Staff Augmentation: To expand current capacity to meet short term business needs. This model helps the company by allowing its core resources to concentrate more on new developments and regulatory strategies across the development pipeline.
Project Based Outsourcing: This is a task oriented activity where outsourcing is limited to specific tasks.
Full Service Submission Outsourcing: This is suitable for post-marketing activities such as variations, PSURs, annual reports and renewals.
Functional Submissions: Applicable for pre-marketing submissions for CTA, MAA, NDA, ANDA and different MA procedures such as MRP, DCP and Centralized.
ConclusionWith the changing scenario in the pharmaceutical, medical devices and bio pharmaceutical industry, outsourcing in today’s world is no longer limited to basic, mechanical functions. With more stringent regulatory requirements and tighter budgets, companies are eager to outsource more complex activities to external partners. The outsourcing industry is constantly evolving to meet the needs of all life sciences organizations and ultimately allow internal resources to concentrate on their core competencies all while drastically reducing overall cost.