Shanxi Coal International Energy Group Co.Ltd(600546)
Internal control evaluation method
Adopted at the 32nd session of the 7th board of directors in February 2022
Shanxi Coal International Energy Group Co.Ltd(600546)
Internal control evaluation method
catalogue
Chapter I General Provisions Chapter II Organization and responsibilities of internal control evaluation Chapter III contents of internal control evaluation Chapter IV methods and procedures of internal control evaluation Chapter V identification of internal control defects 6 Chapter VI internal control evaluation report 8 Chapter VII Supplementary Provisions nine
Chapter I General Provisions
Article 1 in order to reasonably ensure the establishment and improvement of Shanxi Coal International Energy Group Co.Ltd(600546) (hereinafter referred to as “the company”) internal control system and its continuous and effective implementation, promote the realization of the company’s internal control objectives, standardize the internal control evaluation procedures and evaluation reports, reveal and prevent risks, in accordance with relevant laws and regulations, the basic norms of enterprise internal control and supporting guidelines, These measures are hereby formulated.
Article 2 the term “internal control evaluation” as mentioned in these Measures refers to the process in which the board of directors of the company comprehensively evaluates the effectiveness of internal control, forms evaluation conclusions and issues evaluation reports.
Article 3 the internal control evaluation of these Measures shall follow the following principles:
(I) principle of comprehensiveness. The evaluation includes the design and operation of internal control, covering various businesses and matters of the company and its subordinate units.
(II) principle of importance. On the basis of comprehensive evaluation, the evaluation shall pay attention to important business units, major business matters and high-risk areas.
(III) the principle of objectivity. The evaluation shall accurately reveal the risk status of operation and management and truthfully reflect the effectiveness of the design and operation of internal control.
Article 4 the company shall carry out internal control evaluation in an orderly manner in accordance with the requirements of internal control evaluation principles, contents, procedures and report forms stipulated in these measures.
Article 5 these measures are applicable to the company and its subsidiaries.
Chapter II Organization and responsibilities of internal control evaluation
Article 6 the board of directors of the company is responsible for the final identification of major defects, approving the internal control evaluation report and the rectification plan for major defects, and is responsible for the authenticity of the internal control evaluation report.
Article 7 the board of supervisors of the company shall review the internal control evaluation report and supervise the establishment and implementation of internal control by the board of directors.
Article 8 the audit committee of the company is responsible for reviewing the self-evaluation report on internal control of the enterprise, evaluating the results of internal control evaluation and audit, and urging the rectification of internal control defects.
Article 9 the board of directors authorizes the Audit Department of the company to be responsible for the specific organization and construction of internal control evaluation
(I) formulate the internal control evaluation method of the company;
(II) draw up the internal control evaluation work plan of the company;
(III) organize the establishment of internal control evaluation working group;
(IV) organize and implement the evaluation and testing of the company’s internal control;
(V) timely communicate with relevant management organizations for major defects found in the evaluation process;
(VI) identify internal control defects, review internal control rectification plans, and prepare internal control evaluation reports;
(VII) be responsible for the archiving of internal control related records and data.
Article 10 each affiliated company is the main unit for the establishment and implementation of internal control, and shall implement the main responsibility of internal control level by level. It can arrange the Department competent for internal control evaluation to carry out self inspection or special supervision, and establish a daily monitoring mechanism. Its main responsibilities include:
(I) cooperate with the audit department in internal control evaluation, complete relevant test drafts and submit them to the audit department within the specified time limit;
(II) carry out internal control self inspection, test, inspection and evaluation;
(III) find problems and identify internal control defects, and formulate rectification plans and plans;
(IV) supervise and implement the implementation and rectification of internal control.
Chapter III contents of internal control evaluation
Article 11 the company shall determine the specific contents of internal control evaluation and comprehensively evaluate the design and operation of internal control according to the basic norms of enterprise internal control, application guidelines and the internal control system of the enterprise, focusing on the internal environment, risk assessment, control activities, information and communication, internal supervision and other elements.
Article 12 the company shall identify and evaluate the design and actual operation of the internal environment based on the application guidelines such as organizational structure, development strategy, human resources, corporate culture and social responsibility and in combination with the company’s internal control system.
Article 13 the evaluation of risk assessment mechanism organized by the company shall identify and evaluate the risk identification, risk analysis and coping strategies in the process of daily operation and management based on the requirements of risk assessment in the basic norms of enterprise internal control and the main risks listed in various application guidelines, in combination with the company’s internal control system.
Article 14 the company shall identify and evaluate the design and operation of relevant control measures based on the basic norms of enterprise internal control and the control measures in various application guidelines and in combination with the company’s internal control system.
Article 15 the evaluation of information and communication organized by the company shall be based on the relevant application guidelines such as internal information transmission, financial report and information system, and in combination with the company’s internal control system, to the timeliness of information collection, processing and transmission, the soundness of anti fraud mechanism, the authenticity of financial report and the security of information system, And the effectiveness of using information system to implement internal control.
Article 16 the company shall identify and evaluate the effectiveness of the internal supervision mechanism based on the requirements of internal supervision in the basic norms of enterprise internal control and the provisions of daily control in various application guidelines, combined with the company’s internal control system, and focus on the board of supervisors, audit committee Whether the audit department plays an effective supervisory role in the design and operation of internal control.
Article 17 a working paper shall be formed for the evaluation of internal control, which shall record in detail the contents of the evaluation carried out by the company, including evaluation elements, main risk points, control measures taken, relevant evidence and identification results, etc. The evaluation working paper shall be reasonably designed, with sufficient evidence, simple and easy to operate.
Chapter IV methods and procedures of internal control evaluation
Article 18 the evaluation methods of the company’s internal control include:
(I) individual interview method. According to the needs of inspection and evaluation, conduct separate interviews with the employees of the evaluated unit to obtain relevant information.
(II) questionnaire method. Design a questionnaire, conduct a questionnaire survey on employees at different levels, and evaluate relevant projects according to the survey results.
(III) thematic discussion method. By convening managers related to business processes to discuss and evaluate specific projects or specific issues of business processes.
(IV) traversal test method. By extracting a document of the whole process, we can understand the implementation of the whole business process.
(V) field inspection method. Carry out inventory and inventory of property, as well as on-site inspection of inventory in and out, warehousing and other control links.
(VI) re enforcement of the law. Evaluate the control implementation by re executing the whole process of a control activity.
(VII) sampling method. For the specific internal control business process, according to the business occurrence frequency and inherent risk, a certain proportion of business samples are selected from the determined sampling population to judge the compliance of business samples, and then evaluate the effectiveness of business process control operation.
(VIII) comparative analysis. Obtain evaluation evidence by analyzing and comparing the relationship, trend or ratio between data.
Article 19 the internal control evaluation procedure of the company includes: formulating evaluation work plan, forming evaluation working group, implementing on-site test, identifying control defects, summarizing evaluation results, compiling evaluation report and other links.
Article 20 the audit department shall take the lead in formulating the internal control evaluation work plan, clarify the evaluation scope, work tasks, personnel organization, schedule and other relevant contents, and implement it after being submitted to the chairman for approval.
Article 21 the audit department shall, according to the approved evaluation plan, form an internal control evaluation working group to implement the internal control evaluation. The evaluation working group shall include business backbones familiar with the relevant institutions within the enterprise. Members of the evaluation working group shall implement the avoidance system for the evaluation of the internal control of their own department.
The company may entrust an intermediary to carry out internal control evaluation. An accounting firm that provides internal control audit services for the company shall not provide internal control evaluation services for the company at the same time.
Article 22 when carrying out internal control inspection and evaluation, internal control evaluators shall conduct on-site tests on the evaluated unit, comprehensively use the internal control evaluation methods, fully collect the evidence of whether the internal control design and operation of the evaluated unit are effective, truthfully fill in the evaluation working paper according to the specific contents of the evaluation, and study and analyze the defects of internal control.
Chapter V identification of internal control defects
Article 23 internal control defects include design defects and operation defects. The company’s identification of internal control defects shall be based on daily supervision and special supervision, combined with the annual internal control self-evaluation. The internal control evaluation department shall put forward identification opinions after comprehensive analysis, and make final identification after review according to the specified authority and procedures.
Article 24 the company shall give full play to the role of the internal control evaluation working group in daily supervision, special supervision and annual evaluation. The internal control evaluation working group shall preliminarily identify the internal control defects according to the evidence obtained from the on-site test, and divide them into major defects, important defects and general defects according to the degree of impact. Major defect refers to the combination of one or more control defects that may cause the company to seriously deviate from the control objectives. Important defect refers to the combination of one or more control defects, whose severity and economic consequences are lower than those of major defects, but it may still lead to the deviation of the company from the control objectives.
Defects other than general and important defects refer to other defects.
Article 25 the company distinguishes between internal control over financial reporting and internal control over non-financial reporting in accordance with the identification requirements of major defects, important defects and general defects in the guidelines for the evaluation of enterprise internal control, and in combination with factors such as the company’s size, industry characteristics, risk appetite and risk tolerance.
(I) the following signs indicate that there may be significant defects in the internal control of financial reporting:
1. Discover the fraud of directors, supervisors and senior managers;
2. Abnormal correction of published financial statements;
3. The certified public accountant finds that there is a material misstatement in the current financial report, but the internal control fails to find the misstatement in the operation process;
4. The audit committee of the board of directors and the internal audit department have ineffective supervision on the internal control of financial reporting.
(II) the following signs indicate that there may be significant defects in the internal control of non-financial reporting:
1. Violation of national laws, regulations or normative documents;
2. Major decision-making procedures are unscientific;
3. The absence of important systems may lead to systematic failure;
4. Major defects cannot be rectified in time;
5. Other situations that have a significant impact on the company.
Through the above description, the company can formulate qualitative and quantitative identification standards for possible defects in internal control over financial reports and non-financial reports.
Article 26 the internal control evaluation working group shall establish a cross review system of evaluation quality. The person in charge of the evaluation working group shall strictly review the evaluation working paper, sign and confirm the identified internal control defects, and submit them to the internal audit department.
Article XXVII the board of directors shall prepare a comprehensive review of the causes and effects of defects in the form of internal audit and continuous control, and put forward a summary of the defects found and their effects to the board of directors in the form of special audit and continuous control Report to the board of supervisors or the management. Major defects shall be finally identified by the board of directors of the company.
For the identified major defects, the company shall take countermeasures in time, effectively control the risk within the acceptable range, and investigate the responsibilities of relevant departments or relevant personnel.
Chapter VI internal control evaluation report
Article 28 the company shall design the type, format and content of internal control evaluation report, clarify the preparation procedures and requirements of internal control evaluation report, and disclose it to the public after being reviewed and approved by the board of directors in accordance with the basic norms of enterprise internal control and supporting guidelines and the regulatory requirements of listed companies.
Article 29 the internal control evaluation report shall include the internal environment, risk assessment, control activities, information and communication, internal supervision and other elements, and disclose the internal control evaluation process, the identification and rectification of internal control defects, the conclusion of the effectiveness of internal control and other relevant contents.
Article 30 the internal control evaluation report shall at least disclose the following contents:
(I) statement of the board of directors on the authenticity of the internal control report;
(II) overall situation of internal control evaluation;
(III) basis of internal control evaluation;
(IV) scope of internal control evaluation;
(V) procedures and methods of internal control evaluation;
(VI) internal control defects and their identification;
(VII) rectification of internal control defects and proposed rectification measures for major defects;
(VIII) conclusion on the effectiveness of internal control.
Article 31 the company shall timely prepare the internal control evaluation report according to the annual internal control evaluation results, combined with the working paper of internal control evaluation and the summary table of internal control defects, and in accordance with the specified procedures and requirements.
Article 32 the internal control evaluation report shall be disclosed to the public or submitted to relevant departments after being approved by the board of directors.
The internal control evaluation department of the company shall pay attention to whether there are factors affecting the effectiveness of internal control from the benchmark date of the internal control evaluation report to the date of issuance of the internal control evaluation report, and adjust the evaluation conclusion accordingly according to its nature and degree of influence.
Article 33 directors of the company
