The outbreak of the US financial crisis has brought about a new round of economic recession in the world. The reason is the absence of government control caused by the free economy, the innovation of financial firms is a bit like Wall Street's reflection: Selling Souls to the devil; from the domestic perspective, Sanlu Group of the rush, but once collapse under the melamine, the chairman of the Enterprise was sued; all of this, can let people feel the business in the impetuous , self-interest and quick success, seriously ignoring the business risks, the result of the society to their own serious consequences. The external environment of enterprise production and operation is undergoing a great change, the external supervision is strengthening, the market's game rule is guiding in the sustainable development, the requirement of the government macroscopic management impels the enterprise's internal control mechanism to be perfected and strengthened as soon as possible.
The promulgation of the basic standard of Enterprise internal Control (hereinafter referred to as standard) provides the basis for enterprises to establish and improve internal control mechanism. As a rigid standard requirement for listed companies, the "norms" put forward the construction framework, including the internal environment, risk assessment, control activities, information and communication and internal supervision of the five elements. According to the requirements, listed enterprises not only need to establish the internal control mechanism, but also must periodically to the effectiveness of internal controls audit self-assessment, and external disclosure of the annual self-assessment report, can also hire qualified third party to the effectiveness of internal controls audit and report.
Although from the surface, the "norms" is bound by the financial management behavior of enterprises, but behind is reflects to the enterprise Human Resources management request, the enterprise must improve consummates the internal human resources management system, the financial Management Index reflects the enterprise management result, but the human resources management condition reflects the process which achieves this result, is a leading management indicator, and the resulting risk arises from the process. From the internal control requirements of the human resources management improvement, I think the following areas are to be focused on:
Business philosophy Risk
Human risk is the biggest risk of enterprise management. Management based on culture, action controlled by the concept, the "norms" clearly put forward the need to strengthen enterprise culture construction requirements. Social responsibility, honesty and trustworthiness, risk awareness and so on to become the requirements of the enterprise culture is an important component.
Whether the enterprise has relevant mission, vision and core business philosophy and values of the exposition and commitment, as well as the relevant training and communication activities and role models to establish value-oriented, it is necessary to pay attention to internal control audit.
The reason for enterprise survival is its function, that is, to provide the community with the use of expectations and requirements of products, through the provision of products to meet the requirements of their own financial benefits, this is the result of double win, if it is in the business ethos within the enterprise only to emphasize their own interests, only to emphasize access, and not to pay, there will be fraud, Leading to a short-lived business operation, which is the biggest risk.
Staffing risk
"Norms" in the organization of enterprises and positions set up a clear request, organizational security is to achieve the basis of internal risk control. Not only require enterprises to do business operation of the responsibility is clear and clear, but also for the internal audit of the distribution of responsibilities have put forward corresponding provisions.
Section 22nd of the Code stipulates that the risk of the professional conduct of directors, supervisors, managers and other senior managers is clearly defined in the identification of internal risks as well as the professional competence of the employees, which requires the enterprise to strengthen the management and control of the qualifications and the ability of the job.
The code proposes mandatory leave systems for key positions and requirements for the implementation of periodic job rotation systems, this indicates that in the enterprise personnel appointment, need to clear the key Job directory establishment and maintenance, and need to have mandatory leave record, at the same time, for key position personnel need to periodically carry on the record of job rotation.
In the company's confidentiality requirements, the "norms" to grasp the state secrets and important business secrets of employees need to have a restrictive requirements, in order to require enterprises to identify the secret-related posts, it is necessary to have the concept of the time off, and a process is needed to confirm the risk control measures for the business secret protection.
Regulatory execution Risk
In the identification of external risks of enterprises, the regulation clearly puts forward the control of legal risks such as regulations and regulatory requirements. In the field of human resource management, enterprises need to follow a series of labor regulations, for example, the "labor Contract law", "Employment Promotion Act", "Labor Dispute Mediation Arbitration Act", "regulations on paid annual leave for employees", "Regulations on the implementation of the labor contract law", and the provisions of the labor law which are still in force in the current part of the provisions are in force.
The Labor contract law expressly stipulates that a written labor contract shall be signed within 1 months from the date of employment. There is no risk of a twice-fold wage penalty; the labor dispute Mediation Arbitration law requires the enterprise to bear the burden of proof in the employment dispute, for example, the absence of the record of overtime leave will cause the enterprise to bear the risk of adverse consequences; Employment Promotion Act requires enterprises to not have employment discrimination, such as gender discrimination, religious discrimination, ethnic discrimination and so on; The former Ministry of Labor and Social Security "prohibition of the use of child labor" requires enterprises shall not use child labor under 16 years of age and so on.
The Government's policy and regulations embody the rules of the game and macro-management requirements, the consequences of non-compliance with the rules of the game is serious, an enterprise to achieve financial profits, if it is illegal as a support, is at the expense of employee rights and interests, the business risks can be imagined.
Enterprise system Risk
In the current emphasis on the construction of enterprise culture, its highest level is the concept of the enterprise layer, embodied as a conscious subconscious component, is through long-term cultivation and accumulation of enterprises, under the system layer, which is the key to the formation of general awareness, the enterprise's human resources management policy measures, are for this purpose and service, Are telling employees what behavior is encouraged and what behavior is prohibited, and that under the system is the behavioral layer, which behaves as a behavioral skill.
The internal control mechanism of an enterprise needs to realize the controlling of the risk in the employee's behavior. Its direct support is the enterprise's HR management system, the "norms" clearly put forward to the enterprise human resources policy requirements, such as staff recruitment, training, dismissal and resignation, staff remuneration, assessment, promotion and rewards and punishments. These policies are necessary to achieve the effectiveness of internal control of enterprises.
These provisions require enterprises to establish and implement a standardized human resources management process, first of all, must have a clear relevant system requirements, and then the system must be effectively implemented, and again the implementation of the system needs to achieve the expected personnel capacity control and value-oriented goals. The value of a process specification is the risk of controlling the process.
"Norms" in particular stressed that the internal control system itself must be included in the performance appraisal system, such as the establishment of the anti-fraud mechanism requirements, the reporting of complaints system and the establishment of whistleblower protection system requirements, etc. Can really make the effectiveness of control.
Information Communication risk
The key point of the enterprise's risk control is decision-making, and the decision is controlled by information, so the timely access of information and the comprehensiveness of information become one of the critical factors that affect the effectiveness of internal control of enterprises.
Enterprise's internal control needs to achieve full participation to achieve effective, at this point, "the specification" clearly requires enterprises to make all staff master internal organization settings, job responsibilities, business processes and so on. Organizational personnel information and personnel policy is the premise of the implementation of risk control, the enterprise's HR departments need to timely change of human resources policy and organizational personnel related changes in the timely internal communication, all staff should be convenient means and measures to timely access to this information.
From the collaboration of various business functions, the implementation of human resources policies, such as attendance and leave results, performance evaluation results and other information also need to communicate between the relevant departments in order to avoid potential risks in work coordination, as well as to ensure that the internal human resources policy implementation of the impartiality of The formation of a good internal atmosphere and corporate cohesion.
Process Execution Risk
The norms of the enterprise internal control mechanism of the establishment and implementation of a large number of operational requirements, especially in the communication of information recording and information transmission, in addition to the normal enterprise operation, will attach a large implementation cost, increase the management burden of enterprises; not only that, because the implementation of the Code requires risk identification, assessment, Analysis, response, and so on, the large amount of data information processing, if only relying on manual, will make the implementation process itself face enormous risks, resulting in risk control mechanism itself there is the risk of effectiveness.
To solve this problem, it depends on the auxiliary process optimization of information system to provide help and support. For example, personnel organization information Communication, human resources policy implementation results of communication, can be through the HR software self-service and manager self-service to achieve; for example, related to the labor contract signing related risk response, through the HR system in the automatic warning prompts to help control , such as the large number of records needed for labor disputes, through electronic workflow to form electronic records, or through information systems automatically call the data information of the batch play function to assist in the implementation of prevention; For example, the complete record of performance appraisal and tracking, through the Information-based HR performance appraisal process to automatically form related records For example, monitoring and tracking of many indicators that reflect human resource management, such as turnover rates, effective employment rate, staff attendance rate, average workload time, average recruitment to post time, etc., can also through the automatic statistics of HR information system, through the monitoring of indicators to timely identify possible human resources management risk, Record and evaluate risks in a timely manner and develop appropriate risk control and response measures.
This human resource risk also needs to be closely integrated with the production plan of the enterprise in order to effectively control the risk, so that risk control must be systematic and complete, not to look at the problem in isolation. For example, the production expansion of enterprises, while bringing the expansion of the scale of production, but also brought about changes in the allocation of human resources, need to take appropriate early recruitment measures, otherwise will be due to insufficient human resources to affect the normal development of production and management; This resource risk control, It is also necessary for enterprises to keep an eye on the supply and supply level of the external human resources market, and to adjust the human resources policy in time according to the corresponding situation in order to effectively resolve the operational risks of the potential resource shortage and resource wastage and resource wastage. All these decisions depend on providing a complete, systematic and comprehensive information management platform to assist in the implementation. It is taking into account the enterprise's implementation costs and internal control effectiveness, the "norms" also specifically put forward with the enterprise information related to the provisions and requirements:
◇ for the construction of internal control information system, the seventh article puts forward that enterprises should use information technology to strengthen internal control, to establish an information system which is suitable for management, to promote the organic combination of internal controlling process and information system, to realize automatic control of business and matters, to reduce or eliminate human manipulation factors.
◇ for the effective communication of internal control information, the 38th article of the code puts forward that the enterprise should establish the information and communication system, make clear the collection, processing and transfer procedures of the related information of internal controls, ensure the timely communication of the information and promote the effective operation of internal control.
◇ to the risk management of the information system itself, the 41st article of the Code enterprise should use information technology to promote the integration and sharing of information, and give full play to the role of information technology in information and communication. Enterprises should strengthen the control of information system development and maintenance, access and change, data input and output, file storage and storage, network security and so on to ensure the safe and stable operation of information system. This shows that the enterprise construction conforms to the requirements of the internal control mechanism, it is necessary in a fully realized information sharing and integration of the environment to achieve effectiveness. And it is an important part of enterprise HR management risk management and control which adopt information technology to realize.