Ping An Insurance (Group) Company Of China Ltd(601318) insurance (Group) Co., Ltd
Internal control evaluation report in 2021
Ping An Insurance (Group) Company Of China Ltd(601318) insurance (Group) Co., Ltd. all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the enterprise internal control normative system), combined with the company’s (hereinafter referred to as the company’s) internal control system and evaluation methods, and on the basis of daily and special supervision of internal control, we evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of internal control evaluation report). I Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.
The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results. II Internal control evaluation conclusion 1 On the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting
□ yes √ no
2. Evaluation conclusion of internal control over financial reporting
√ valid □ invalid
According to the identification of major defects in the company’s internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations. 3. Whether major defects in internal control over non-financial reporting are found
□ yes √ no
According to the identification of major defects in the company’s internal control over non-financial reports, the company found no major defects in the company’s internal control over non-financial reports on the benchmark date of the internal control evaluation report. 4. Factors affecting the evaluation conclusion of internal control effectiveness from the benchmark date of internal control evaluation report to the date of issuance of internal control evaluation report □ applicable √ not applicable
There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report.
5. Whether the internal control audit opinion is consistent with the company’s evaluation conclusion on the effectiveness of internal control over financial reporting
□ yes □ no Whether the disclosure of major defects in internal control of non-financial reports in the internal control audit report is consistent with the disclosure of the company’s internal control evaluation report √ yes □ no III Internal control evaluation (I) Scope of internal control evaluation
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. 1. The main units included in the evaluation scope include: Ping An Group headquarters, Ping An Insurance (Group) Company Of China Ltd(601318) Property Insurance Co., Ltd. Ping An Insurance (Group) Company Of China Ltd(601318) Life Insurance Co., Ltd., Ping an Endowment Insurance Co., Ltd. Ping An Bank Co.Ltd(000001) , Ping An Trust Co., Ltd., Ping An Securities Co., Ltd., Ping An Asset Management Co., Ltd., Ping An Real Estate Co., Ltd., Ping An International Financial Leasing Co., Ltd There are 13 member companies of Ping An Health Insurance Co., Ltd., Ping An Technology (Shenzhen) Co., Ltd., Shenzhen Ping An comprehensive financial services Co., Ltd. and Shenzhen Ping An Financial Technology Consulting Co., Ltd.
2. Proportion of units included in the scope of evaluation:
Proportion of indicators (%)
The total assets of the units included in the evaluation scope accounted for 93.48% of the total assets in the company’s consolidated financial statements
The total operating income of the units included in the evaluation scope accounted for 94.48% of the total operating income in the company’s consolidated financial statements
3. The main operations and matters included in the scope of evaluation include:
Corporate governance, organizational structure, development strategy, human resources, corporate culture, social responsibility, sales management, fund utilization management, actuarial management, investment and financing management, anti money laundering management, related party transaction management, legal compliance management, risk management, operation management, financial management, asset management, document and seal management, consultation, complaint and customer return visit, information system management, information and communication, internal supervision Consumer protection and other aspects. 4. High risk areas of focus mainly include:
Corporate governance, sales management, fund utilization management, actuarial management, investment and financing management, anti money laundering management, related party transaction management, risk management, operation management, financial management, information system management, etc. 5. The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company’s operation and management. Is there any major omission □ yes √ No 6 Is there a statutory exemption
□ yes √ No 7 Other explanatory matters
None (II) Basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal control evaluation in accordance with the enterprise internal control standard system and the basic guidelines for internal control of insurance companies and other relevant regulatory requirements.
1. Whether the specific identification standard of internal control defects is adjusted with that of previous years
□ yes √ no
The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years. 2. Identification standard of internal control defects in financial reporting
The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Possible annualization possible annualized financial misstatement possible annualized financial misstatement possible annualized financial misstatement the proportion of financial misstatement in the company’s affected amount in the company’s combined amount in the current year in the company’s combined amount in the current year, accounting for 5% of the company’s profit before tax in the consolidated financial statements and 1% of the profit before tax in the consolidated financial statements to 1% of the profit before tax in the consolidated financial statements The combination of one or more control defects below 5% of one or more control defects
Note: the company makes quantitative judgment based on the pre tax profit of the consolidated financial statements of the current year, and evaluates the proportion of annual financial misstatement that may be caused by internal control defects in the pre tax profit of the company’s consolidated financial statements, which is divided into three levels: major defects, important defects and general defects.
The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative standard of defect nature
The combination of one or more internal control defects that have a reasonable possibility to prevent or detect and correct the material misstatement of the financial statements in a timely manner
Significant defect is a combination of one or more internal control defects in the internal control of financial reporting, which are less serious than major defects, but may still cause the company to deviate from the control objectives
General defects defects other than the above major and important defects in the internal control of financial reporting
3. Identification standard of internal control defects in non-financial reporting
The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Financial losses may cause losses to the company, may cause losses to the company, and may cause losses to the company, Or the actual impact of the defect itself or the actual impact of the defect itself or the actual impact amount of the defect itself accounts for 1% or less of the company’s consolidated financial statements of the current year, accounting for 5% or more of the company’s consolidated financial statements of the current year, and 1% to 5% of the company’s consolidated financial statements of the current year
between
The strategy and business objectives may lead to the medium and long-term strategy and economy, may lead to the realization of the company’s annual business objectives, may lead to the realization of the company’s annual business objectives, or may lead to the realization of the company’s annual business objectives (including 70%) due to 30% to 70% of the business objectives and 70% or more of the business objectives
30% or less of the battalion target
Operating efficiency and effect may make the effective operation of two or more businesses on one business process unlikely or only likely to have a certain impact on one process or some businesses of the evaluated unit, or the effective operation of the business process may cause the ineffective operation of the business process, which may lead to a business process or a slight impact
A business of the evaluated company cannot be
Effective operation
explain:
Internal control over non-financial reporting refers to the internal control over other objectives other than financial reporting objectives, which is divided into three levels: major defects, important defects and general defects.
The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Major defects 1 Legal compliance: violation of national laws and regulations or normative documents, resulting in restricted business scope, restricted establishment of branches, restricted disposal of assets (such as dividends to shareholders, purchase of assets, etc.), suspension of business for rectification and revocation of business license
2. Strategy and business objectives: the implementation of strategy and business objectives or key indicators is unreasonable, seriously deviates and has wrong direction, which has a serious negative effect on the realization of objectives
3. Continuous operation of business and customer service: it has a disastrous impact on the normal operation or service quality of important business, causing service interruption for a long time in a large range or a long time in a small range, or causing large-scale customer complaints, extreme behavior and major litigation
4. Information disclosure: wrong information may cause internal and external information users to make diametrically opposite decisions, resulting in irreparable decision-making losses
5. Reputation impact: negative news spreads all over the world, causing government or regulatory investigation, leading to major litigation and irreparable damage to the company’s reputation
Data and information system: it poses a fatal threat to the integrity of system data, and unauthorized changes of data will cause disastrous losses to business operation. It has a disastrous impact on the normal operation of the business, resulting in the interruption of all business operations and the loss of customers
Important defects 1 Legal compliance: violation of internal regulations and need to be handed over or reported to external supervision; Or violate national laws and regulations or normative documents, resulting in individuals or institutions being punished by economic punishment, circulated criticism, ordered to make corrections within a time limit, or individuals being demoted and restricted from carrying out business
2. Strategy and business objectives: the implementation of strategy and business objectives or key indicators is unreasonable and deviates seriously, which has a negative effect on the realization of objectives
3. Continuous operation of business and customer service: it has a great impact on the normal operation or service quality of important business, resulting in service interruption for a short period of time in a large range or a certain period of time in a small range, or causing a certain degree of customer complaints or a small number of customer excesses
4. Information disclosure: wrong information may affect the judgment of internal and external information users on the nature of things and lead to wrong decisions to a certain extent
