China National Medicines Corporation Ltd(600511) : internal control evaluation report in 2021

China National Medicines Corporation Ltd(600511)

Internal control evaluation report in 2021

China National Medicines Corporation Ltd(600511) all shareholders:

According to the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control supervision requirements (hereinafter referred to as the enterprise internal control standard system), combined with the company’s (hereinafter referred to as the company’s) internal control system and evaluation methods, on the basis of daily and special supervision of internal control, We evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of the internal control evaluation report). I Important statement

It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.

The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results. II Internal control evaluation conclusion 1 On the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting

□ yes √ no

2. Evaluation conclusion of internal control over financial reporting

√ valid □ invalid

According to the identification of major defects in the company’s internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations. 3. Whether major defects in internal control over non-financial reporting are found

□ yes √ no

According to the identification of major defects in the company’s internal control over non-financial reports, the company found no major defects in the company’s internal control over non-financial reports on the benchmark date of the internal control evaluation report.

4. Factors affecting the evaluation conclusion of internal control effectiveness from the benchmark date of internal control evaluation report to the date of issuance of internal control evaluation report □ applicable √ not applicable

There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report. 5. Whether the internal control audit opinion is consistent with the company’s evaluation conclusion on the effectiveness of internal control over financial reporting

√ yes □ No 6 Whether the disclosure of major defects in internal control of non-financial reports in the internal control audit report is consistent with the disclosure of the company’s internal control evaluation report √ yes □ no III Internal control evaluation (I) Scope of internal control evaluation

According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. 1. The main units included in the evaluation scope include: China National Medicines Corporation Ltd(600511) headquarters, Sinopharm Guorui Pharmaceutical Co., Ltd., Sinopharm Logistics Co., Ltd., Sinopharm Airport (Beijing) International Trade Co., Ltd., Sinopharm prospect oral Technology (Beijing) Co., Ltd., Sinopharm Jiankun (Beijing) Pharmaceutical Co., Ltd., Sinopharm Beijing Medical Technology Co., Ltd Sinopharm holding Beijing Co., Ltd., Sinopharm holding Beijing Huahong Co., Ltd., Sinopharm holding Beijing Kangchen biomedical Co., Ltd., Sinopharm holding Beijing Tianxing Puxin biomedical Co., Ltd., Sinopharm holding Lanzhou Shengyuan Pharmaceutical Co., Ltd., Sinopharm special medical food (Anhui) Co., Ltd. and Sinopharm Xinte pharmacy (Beijing) Co., Ltd, Sinopharm Huixin Qingyuan (Beijing) Technology Development Co., Ltd., Sinopharm (Beijing) Medical Supply Chain Management Co., Ltd. and Yantai Haoqing Biotechnology Co., Ltd.

2. Proportion of units included in the scope of evaluation:

Proportion of indicators (%)

The ratio of the total assets of the units included in the evaluation scope to the total assets of the company’s consolidated financial statements 100

The total operating income of the units included in the evaluation scope accounts for 100% of the total operating income in the company’s consolidated financial statements

3. The main operations and matters included in the scope of evaluation include:

Organizational structure, development strategy, human resources, social responsibility, corporate culture, capital activities, procurement business, asset management, sales business, research and development, engineering projects, guarantee business, business outsourcing, financial reporting, comprehensive budget, contract management, internal information transmission, information system, etc. 4. High risk areas of focus mainly include:

Reform and business transformation, market competition, customer credit, scientific and technological innovation, cash flow risk, strategic planning, organizational structure, human resource management, product structure, corporate culture, etc.

5. The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company’s operation and management. Is there any major omission □ yes √ No 6 Is there a statutory exemption

□ yes √ No 7 Other explanatory matters

None (II) Basis of internal control evaluation and identification standard of internal control defects

The company organizes the internal control evaluation according to the enterprise internal control standard system and the internal control manual and system process documents of the units included in the evaluation scope. 1. Whether the specific identification standard of internal control defects is adjusted with that of previous years

√ yes □ no

According to the identification requirements of the enterprise internal control standard system for major defects, important defects and general defects, and in combination with the company’s scale, industry characteristics, risk preference, risk tolerance and other factors, the board of directors of the company distinguished internal control over financial reports from internal control over non-financial reports, and studied and determined the specific identification standards of internal control defects applicable to the company, Compared with previous years, the adjustment is as follows: this year China Meheco Group Co.Ltd(600056) Group Co., Ltd. issued the identification standard of internal control defects of the group. In order to be consistent with the final parent company, the board of directors of the company revised the identification standard of internal control defects of the company. See the annex for the comparison table of internal control defect identification standard revision.. 2. Identification standard of internal control defects in financial reporting

The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:

Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard

The errors and omissions in the pre tax profit financial report account for more than 5% (including 5%) of the company’s pre tax profit, and the former profit is 2% – 5% (including 2%), and the former profit is less than 2%

(including 5%)

Errors and omissions in financial reports of total assets account for more than 1% of total assets, accounting for 0.5% – 1% (including 0.5%) and less than 0.5%

Excluding 1%)

Note: the above reference indexes are or.

As long as the potential misstatement of an indicator meets the identification standard of major defects, the defect shall be identified as a major defect. If the pre tax profit is less than 1 million yuan, the profit index will not participate in the determination of quantitative standards.

The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:

Qualitative standard of defect nature

Major defects refer to the material misstatement in the financial report that cannot be prevented, found and corrected in time due to individual defects or other defects. The following situations are identified as major defects: ① directors, supervisors and senior managers abuse their power and commit fraud such as corruption, bribery and misappropriation of public funds. ② The company corrects the reported or disclosed financial report due to major accounting errors in previous years. ③ The audit committee of the board of directors and the internal audit institution of the company have no effect on the supervision of internal control. ④ The external auditor found that there was a material misstatement in the current financial report, and the internal control operation failed to find the misstatement.

Significant defects refer to those that cannot be prevented, discovered and corrected in a timely manner due to individual defects or together with other defects, although they are not met in the financial report

Misstatements that reach or exceed the importance level and still deserve the attention of the management. The following situations are identified as important defects: ① economic losses caused by unauthorized guarantee, investment in Securities and disposal of property rights / equity. ② Illegal disclosure of financial reports, mergers and acquisitions, investment and other major information, resulting in serious fluctuations in the company’s share price or serious negative impact on the company’s image. ③ The financial personnel or relevant business personnel of the company have unclear rights and responsibilities, chaotic positions, are suspected of economic and job-related crimes, and are detained by the discipline inspection and supervision department or handed over to the judicial authority. ④ Punishment or serious negative impact on the company’s image due to policy deviation, accounting error, etc. ⑤ Destroy, hide and arbitrarily change important original documents such as invoices / cheques, resulting in economic losses. ⑥ Non entry of cash income, private deposit of public funds or establishment of “small treasury” in violation of regulations.

General defects refer to other defects that do not constitute major defects or important defects. The following situations are identified as general defects: ① the person in charge of the accounting institution lacks the necessary qualification and competence. ② The responsibilities of accounting posts are not clear, and the key incompatible posts are not effectively separated. ③ Fixed assets and inventories are not checked and counted in accordance with the system, and the difference disposal is not properly approved or treatment opinions are not put forward. ④ Failing to reconcile with external transaction units as required by the system, and the reconciliation differences are not handled in time or the handling measures are not put forward; Differences in internal transactions and related party transactions are not handled in time or treatment measures are not put forward. ⑤ Failing to prepare the bank deposit balance reconciliation table as required, or the differences in the reconciliation table are not handled in time. ⑥ Important original vouchers, such as delivery / receipt orders, invoices / checks, etc., are not numbered or cancelled without approval. ⑦ Seals (special financial seal and legal seal) required for payment are not kept separately; In online banking account management, online banking voucher preparation and review authority, password and U shield (cipher) are not kept separately. ⑧ Accounting vouchers are not bound, kept and filed as required, or accounting vouchers are lost. ⑨ The user management or password management of the financial information system is not implemented as required, or the user authority setting of the financial information system does not meet the requirements of incompatible post separation. ⑩ Others.

3. Identification standard of internal control defects in non-financial reporting

The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:

Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard

Asset loss causes an asset loss of 50 million yuan, an asset loss of 5 million yuan, and an asset loss of less than or including 5 million yuan. More than 50 million yuan, inclusive.

following.

The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:

Qualitative standard of defect nature

Major defects are recognized as major defects if they occur under the following circumstances and cause significant impact: ① risk of causing major asset loss. ② It has been filed for investigation by judicial authorities or regulatory agencies, its main assets have been sealed up, seized, frozen or the enterprise faces administrative punishment, which has a significant impact on the normal production and operation of the company. ③ Sanctions imposed by foreign countries, regions or international organizations have a significant negative impact on the internationalization strategy or international image of the enterprise. ④ Published by domestic or overseas media networks, causing significant negative public opinion impact. ⑤ Other circumstances that have a significant impact on the company.

Important defects are identified as important defects if they occur in the following circumstances and have a great impact: ① the “triple” is not implemented