Case Study: Regaining Control Over a China Subsidiary 

• Short Summary

A fast-growing German industrial group progressively lost operational and IT visibility over its Guangzhou subsidiary, creating serious governance gaps, compliance exposure, and internal risk. Through a structured IT audit, careful legal coordination, and a phased recovery strategy, we helped headquarters regain full control, secure digital evidence, and redesign a long-term IT governance framework adapted to China realities. 

1. Initial State — How a China Subsidiary Becomes an IT Blind Spot 

• Growth Outpaced Governance 

Like many foreign companies entering China, the group initially designed its China IT environment to be fast, flexible, and autonomous. This approach worked during the early years, when the subsidiary was small and decisions were closely monitored. 

As the business grew: 

• Headcount increased 
• Local procurement became more complex 
• Decision-making shifted almost entirely to China 

However, IT governance remained unchanged. 

There was no formal review of: 

• Who controlled systems 
• Who owned data 
• How HQ could intervene if needed 

Over time, operational independence quietly turned into structural opacity. 

• What HQ Thought vs. What Actually Existed

This gap between perception and reality is one of the most common governance failures observed in China subsidiaries. 

• Concrete IT Situation Before the Audit 

A detailed review revealed that: 

• Microsoft 365 tenant was administered exclusively by the local General Manager 
• HQ had no admin, no audit, and no read-only access 
• Email approvals and internal communications were fully controlled locally 
• No centralized network logging existed 
• External IT vendors had undocumented access rights 
• Backups and retention policies were unclear 

This created: 

• A single point of failure 
• Zero auditability 
• No factual basis for internal reviews 

• Why This Risk Is Amplified in China 

In China, IT is not just support it is leverage: 

• Email access defines approval chains 
• System logs define accountability 
• Vendor access influences procurement and payments 

Without shared IT governance, HQ does not merely lose visibility, it loses strategic control. 

2. Trigger Event — When Governance Weakness Becomes a Business Risk

• Early Warning Signs 

The situation escalated when HQ noticed: 

• Abnormal increases in procurement costs
• Strong dependency on a limited group of local suppliers 
• Missing or inconsistent documentation during internal checks 

Individually, these signals were not conclusive. Combined, they pointed to a loss of internal control. 

• Legal Advice: Secure Evidence First 

HQ consulted with external advisors experienced in China internal investigations, including a China-based security company (PSU) and legal counsel. JET IT Services was engaged to restore technical visibility and coordinate the IT aspects alongside these stakeholders.

In most cases, JET IT Services acts as the technical entry point, helping HQ structure the situation and engage the appropriate legal or security partners when needed.

The advice was clear: “Do not start HR or legal action without first securing IT visibility and digital evidence.” This was critical. We were engaged to act quickly and discreetly. 

3. Phase 1 — IT State Assessment: Restoring Visibility

• Core Objective 

Restore factual visibility over systems, users, and data before changing authority or access rights. 

This approach minimizes: 

• Operational disruption 
• Internal resistance 
• Data tampering risks 

• Audit Methodology 

JET IT Services handled all technical preparation and system visibility work, while certified partners such as TEKID performed formal forensic analysis.

Identity & Access 

• Microsoft 365 tenant ownership 
• Admin roles and privilege escalation paths 
• Shared, dormant, or undocumented accounts 

Communication Systems 

• Email access history 
• Forwarding and deletion rules 
• Audit log availability and gaps 

Infrastructure & Network 

• Firewall and routing rules 
• VPN access and remote connections 
• Third-party vendor entry points 

Data & Evidence 

• File server permissions 
• Access logs and modification history 
• Backup ownership and retention logic 

Diagnostic Conclusion 

The findings revealed no major technical failure. 

Instead, the root cause was structural: 

• IT governance was never formalized 
• Local autonomy was not balanced by oversight 
• No “audit-by-design” principles were implemented 

Systems were operational but only transparent to those who controlled them. 

4. Phase 2 — Evidence Preservation with Legal Coordination

Working alongside legal advisors, JET IT Services ensured that: 

• Logs were extracted in an admissible format 
• Email and file records were preserved 
• Access patterns were documented objectively 
• Chain-of-custody requirements were respected 

Critical point: JET IT Services did not interpret intent or legal responsibility only secured and documented technical facts. 

This separation protects both credibility and legal integrity. 

5. Phase 3 — Regaining Control Without Breaking Operations

Choosing Between Gradual and Immediate Control

Immediately revoking access or confronting local management would have: 

• Disrupted daily operations 
• Alerted internal stakeholders 
• Increased data deletion risks 
• Damaged internal trust 

In China environments, timing matters as much as authority. 

Phased Governance Recovery Plan 

The transition was: 

• Silent
• Controlled
• Fully operational 

In most situations, a gradual recovery of IT governance minimizes operational risk and internal disruption. However, when there is a high risk of data loss, evidence destruction, or immediate business exposure, a controlled but rapid takeover may be required.

In such cases, JET IT Services works alongside certified partners to stabilize critical systems quickly while preserving business continuity.

6. Structural Fix — Designing Governance for the Long Term

Once control was restored, the focus shifted to prevention. 

Governance Measures Implemented 

• Dual IT ownership (HQ + China) 
• Centralized Microsoft 365 administration
• Mandatory logging and retention policies
• Documented vendor access procedures
• Clear separation between IT, finance, and procurement 

This transformed IT from a person-based system into a process-based governance layer. 

Before vs After — Long-Term Impact 

• Conclusion 

What we recommand:

• Audit Before There Is a Problem: Do not wait for financial, legal, or HR red flags.
  A preventive IT governance audit is significantly cheaper and less disruptive than a crisis response. 
• Enforce Dual Ownership by Design: Critical systems (Microsoft 365, networks, logs) should never be controlled by a single local individual.
  HQ visibility must be structural, not optional. 
• Separate Authority From Visibility: Local autonomy can coexist with HQ oversight but only if systems are designed accordingly.
  Visibility should always precede authority. 
• Document Everything That Matters: Vendor access, admin rights, logging policies, and escalation paths must be written, enforced, and auditable.
• Treat China as a Specific Governance Environment: What works in Europe or the US does not automatically work in China.
  Local constraints require adapted governance models, not exceptions. 

• FAQ 

• Why do HQs lose IT control in China? Because IT is often delegated locally for speed, without shared ownership, logging, or escalation mechanisms. 
• Is a full IT takeover always required? No. Gradual visibility restoration often delivers better results with less disruption.
• Should legal advisors be involved? Yes, when governance, compliance, or investigations are involved. Evidence must be preserved correctly. 
• Can this happen even if operations run smoothly? Yes. Many governance failures remain invisible until an incident occurs. 
• When should a governance audit be conducted? Before rapid growth, leadership changes, or compliance reviews not after a crisis.