Quakesafe Technologies Co.Ltd(300767) : Quakesafe Technologies Co.Ltd(300767) internal control system (revised in March 2022)

Quakesafe Technologies Co.Ltd(300767)

internal control system

(revised in March 2022)

Chapter I General Provisions

Article 1 in order to standardize and strengthen the internal control of Quakesafe Technologies Co.Ltd(300767) (hereinafter referred to as the "company"), improve the operation and management level and risk prevention ability of the company, promote the sustainable development of the company and protect the legitimate rights and interests of investors, in accordance with the company law, the securities law, the basic norms of enterprise internal control and the rules for the listing of shares on the gem of Shenzhen Stock Exchange (hereinafter referred to as the "rules for the listing on the gem") This system is formulated in accordance with the provisions of laws and regulations, administrative regulations and departmental rules, the relevant rules of the exchange for the listing of the company's shares, and the Quakesafe Technologies Co.Ltd(300767) articles of Association (hereinafter referred to as the "articles of association").

Article 2 the internal control referred to in this system is a process implemented by the board of directors, the board of supervisors, the management and all employees of the company to achieve the control objectives.

Article 3 the objectives of the company's internal control are:

(I) ensure the implementation of relevant national laws, regulations and the company's internal rules and regulations;

(II) improve the operating efficiency and efficiency of the company, improve the quality of the company and increase the return to the shareholders of the company; (III) ensure the safety and integrity of the company's assets;

(IV) ensure that the company's information disclosure is true, accurate, complete, timely and fair;

(V) prevent business risks and moral hazard.

Article 4 the company shall establish and improve the internal control system (hereinafter referred to as the "internal control system") in accordance with laws and regulations, departmental rules and the GEM Listing Rules, so as to ensure the integrity, rationality and effectiveness of the implementation of the internal control system, so as to improve the effect and efficiency of the company's operation, enhance the reliability of the company's information disclosure and ensure the legality and compliance of the company's behavior.

The company shall follow the following principles when establishing and implementing the internal control system:

(I) principle of comprehensiveness. Internal control runs through the whole process of decision-making, implementation and supervision, covering various businesses and matters of the company and its subordinate units.

(II) principle of importance. Internal control focuses on important business matters and high-risk areas on the basis of comprehensive control.

(III) principle of checks and balances. Internal control restricts and supervises each other in terms of governance structure, institutional setting, distribution of rights and responsibilities and business processes, while taking into account operational efficiency.

(IV) principle of adaptability. The internal control shall adapt to the company's business scale, business scope, competition and risk level, and shall be adjusted in time with the changes of the situation.

(V) cost benefit principle. Internal control balances the implementation cost and expected benefits to achieve effective control at an appropriate cost.

The board of directors of the company is responsible for the formulation, effective implementation, inspection and supervision of the company's internal control system.

Article 5 the company establishes and implements effective internal control, including the following basic elements:

(1) Internal environment: refers to various comprehensive factors that affect the formulation, operation and effect of the company's internal control system, including the company's organizational structure, corporate culture, risk concept, business style, human resource management policy, etc. (2) Goal setting: the company's management sets the company's strategic objectives according to the risk preference, and decomposes and implements them at all levels within the company.

(3) Event identification: the company's management shall identify internal and external events that affect the achievement of the company's objectives and distinguish risks and opportunities.

(4) Risk assessment: the company's management analyzes various internal and external risks affecting the realization of its objectives, considering their possibility and impact degree, so that the company can formulate necessary countermeasures.

(5) Risk countermeasures: according to the company's risk preference and risk tolerance, the company's management adopts risk response methods of avoiding, reducing, sharing or accepting, and formulates corresponding risk control measures.

(6) Control activities: the measures and procedures adopted by the company's management to ensure the effective implementation and implementation of risk countermeasures, mainly including approval, authorization, verification, coordination, review, regular inventory, record verification, property protection, separation of responsibilities, performance appraisal, etc.

(7) Information and communication: it refers to identifying and collecting relevant information from inside and outside the company, and timely and effectively transmitting it to relevant personnel.

(8) Inspection and supervision: refers to the process of supervising and evaluating the effect of the company's internal control, which is carried out through continuous supervision activities, special supervision and evaluation or a combination of the two.

Article 6 the company's internal control activities cover all operating links of the company, including but not limited to: Sales and collection, procurement and expenses and payment, fixed assets management, inventory management, fund management (including investment and financing management), financial report, information disclosure management, human resources management, information system management, control policies and procedures of related party transactions, etc.

Article 7 the company's internal control system not only covers the control of all links of business activities, but also includes various management systems throughout all links of business activities, including but not limited to: seal use management, bill collection management, budget management, asset management, quality management, guarantee management, fund lending management, job authorization and agent system, information disclosure management Information system security management and management system for subsidiaries, etc.

Chapter II internal environment

Article 8 the board of directors shall establish a sound corporate governance environment, establish a sound incentive and control mechanism for the board of supervisors, and ensure that the board of directors can fully understand and control the risks of the company.

Article 9 the board of directors is responsible for the establishment, improvement and effective implementation of internal control. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for the daily operation of the company's internal control.

Article 10 the company shall establish an audit committee under the board of directors. The audit committee is responsible for reviewing the company's internal control, supervising the effective implementation of internal control and self-evaluation of internal control, and coordinating internal control audit and other related matters.

The person in charge of the audit committee shall have corresponding independence, good professional ethics and professional competence. Article 11 the company shall prepare an internal management manual to enable all employees to master the internal organization setting, post responsibilities, business processes, etc., clarify the distribution of rights and responsibilities, and correctly exercise their functions and powers.

Article 12 the company shall strengthen internal audit and ensure the establishment, staffing and independence of internal audit institutions.

The internal audit department shall supervise and inspect the effectiveness of internal control in combination with internal audit. The internal audit department shall report the internal control defects found in the supervision and inspection in accordance with the internal audit procedures of the enterprise; Have the right to report directly to the board of directors, its audit committee and the board of supervisors on the major defects of internal control found in the supervision and inspection.

Article 13 the company shall formulate and implement human resources policies conducive to the sustainable development of the company. The human resources policy includes the following contents:

(I) employment and training of employees, termination and dissolution of labor relations;

(II) salary, assessment, promotion, reward and punishment of employees;

(III) compulsory leave system and regular job rotation system for employees in key positions;

(IV) restrictive provisions on the departure of employees who master state secrets or important business secrets;

(V) other policies related to human resources management.

Article 14 the company takes professional ethics and professional competence as important standards for the selection and employment of employees, earnestly strengthens employee training and continuing education, and continuously improves the quality of employees.

Article 15 the company must strengthen cultural construction, cultivate positive values and sense of social responsibility, advocate honesty and trustworthiness, love and dedication, pioneering and innovative spirit and teamwork spirit, establish modern management concept and strengthen risk awareness.

Directors, supervisors and other senior managers shall play a leading role in the construction of corporate culture. The company's employees shall abide by the employee code of conduct and earnestly perform their post responsibilities.

Article 16 the company shall strengthen legal education, enhance the legal concept of directors, supervisors and other senior managers and employees, strictly make decisions, act and supervise according to law, establish and improve the legal adviser system and the filing system of major legal dispute cases.

Chapter III Risk Assessment

Article 17 the company shall comprehensively, systematically and continuously collect relevant information according to the set control objectives, and timely conduct risk assessment in combination with the actual situation.

When conducting risk assessment, the company shall accurately identify the internal and external risks related to the realization of control objectives and determine the corresponding risk tolerance.

Article 18 the company identifies internal risks and focuses on the following factors:

(I) human resource factors such as the professional ethics of directors, supervisors and other senior managers and the professional competence of employees;

(II) organizational structure, business mode, asset management, business process and other management factors;

(III) independent innovation factors such as research and development, technology investment and information technology application;

(IV) financial status, operating results, cash flow and other financial factors;

(V) safety and environmental protection factors such as operation safety, employee health and environmental protection;

(VI) other relevant internal risk factors.

Article 19 the company identifies external risks and focuses on the following factors:

(I) economic situation, industrial policy, financing environment, market competition, resource supply and other economic factors; (II) laws and regulations, regulatory requirements and other legal factors;

(III) social factors such as safety and stability, cultural tradition, social credit, education level and consumer behavior; (IV) scientific and technological factors such as technological progress and process improvement;

(V) natural environmental factors such as natural disasters and environmental conditions;

(VI) other relevant external risk factors.

Article 20 the company adopts a combination of qualitative and quantitative methods to analyze and rank the identified risks according to the possibility of risk occurrence and its impact degree, so as to determine the focus and priority control risks. When conducting risk analysis, the company shall fully absorb professionals, form a risk analysis team, and carry out work in accordance with strict and standardized procedures to ensure the accuracy of risk analysis results.

Article 21 the company shall weigh the risks and benefits and determine the risk response strategy according to the results of risk analysis and risk tolerance.

The company shall reasonably analyze and accurately grasp the risk preferences of directors, other senior managers and employees in key positions, and take appropriate control measures to avoid major losses to the company's operation due to personal risk preferences. Article 22 the company shall make comprehensive use of risk avoidance, risk reduction, risk sharing, risk tolerance and other risk response strategies to achieve effective risk control.

Article 23 the company shall, in combination with different development stages and business expansion, continuously collect information related to risk changes, carry out risk identification and risk analysis, and timely adjust risk response strategies.

Chapter IV control activities

Article 24 in combination with the risk assessment results, the company uses corresponding control measures to control the risk within the tolerability through the combination of manual control and automatic control, preventive control and discovery control.

Control measures generally include: incompatible job separation control, authorization approval control, accounting system control, property protection control, operation analysis control and performance evaluation control.

Article 25 the separation control of incompatible duties requires a comprehensive and systematic analysis and sorting of incompatible duties involved in the business process, the implementation of corresponding separation measures, and the formation of a working mechanism of performing their respective duties, assuming their respective responsibilities and mutual restriction.

Article 26 the control of authorization approval requires that the scope of authority, approval procedures and corresponding responsibilities of each post in handling business and matters shall be clarified according to the provisions of conventional authorization and special authorization.

(I) prepare authority guidelines for routine authorization, standardize the scope, authority, procedures and responsibilities of special authorization, and strictly control special authorization.

(II) routine authorization refers to the authorization carried out by the company in accordance with the established responsibilities and procedures in its daily operation and management activities.

(III) special authorization refers to the authorization carried out by the company under special circumstances and specific conditions. Managers at all levels shall exercise their powers and assume responsibilities within the scope of authorization.

(IV) for major businesses and matters, the system of collective decision-making approval or joint signing shall be implemented. No individual shall make decisions or change collective decisions without authorization.

Article 27 the control of the accounting system requires strict implementation of the national unified accounting standards system, strengthening the basic work of accounting, clarifying the processing procedures of accounting vouchers, accounting books and financial accounting reports, and ensuring the authenticity and integrity of accounting materials.

Article 28 property protection and control requires the establishment of a daily property management system and a regular inventory system, and the adoption of property records, physical storage, regular inventory, account verification and other measures to ensure the safety of property. Strictly restrict the access and disposal of property by unauthorized personnel.

Article 29 to establish an operation analysis system, the management shall comprehensively use the information of production, purchase and sale, investment, financing and finance, regularly carry out operation analysis through factor analysis, comparative analysis, trend analysis and other methods, find out the existing problems, find out the causes and improve them in time.

Article 30 performance evaluation control requires the establishment and implementation of a perfect performance evaluation system, the scientific setting of the evaluation index system, the regular evaluation and objective evaluation of the performance of each responsible unit and all employees, and the evaluation results shall be used as the basis for determining the salary of employees and job promotion, evaluation, demotion, job transfer, dismissal, etc.

Article 31 according to the internal control objectives, combined with the risk response strategies, comprehensively use the control measures to effectively control various businesses and matters.

Article 32 establish a major risk early warning mechanism and emergency handling mechanism, clarify the risk early warning standards, formulate emergency plans, clarify the responsible personnel and standardize the handling procedures for possible major risks or emergencies, so as to ensure that emergencies are handled in a timely and proper manner.

Chapter V internal control of special risks

Section I management and control of holding subsidiaries

thirty-third

- Advertisment -