Company code: Industrial Bank Co.Ltd(601166)
Industrial Bank Co.Ltd(601166)
Internal control evaluation report in 2021
Industrial Bank Co.Ltd(601166) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the enterprise internal control normative system), combined with the company's (hereinafter referred to as the company's) internal control system and evaluation methods, and on the basis of daily and special supervision of internal control, we evaluated the effectiveness of the company's internal control on December 31, 2021 (the benchmark date of internal control evaluation report). I Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise's internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise's internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.
The objective of the company's internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results. II Internal control evaluation conclusion 1 On the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting
□ yes √ No 2 Evaluation conclusion of internal control over financial reporting
√ valid □ invalid
According to the identification of major defects in the company's internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise's internal control standard system and relevant regulations. 3. Whether major defects in internal control over non-financial reporting are found
□ yes √ no
According to the identification of major defects in the company's internal control over non-financial reports, the company found no major defects in the company's internal control over non-financial reports on the benchmark date of the internal control evaluation report.
4. Factors affecting the evaluation conclusion of internal control effectiveness from the base date of internal control evaluation report to the date of issuance of internal control evaluation report
□ applicable √ not applicable
There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report. 5. Whether the evaluation on the effectiveness of the company's internal control report is consistent with the audit conclusion
√ yes □ No 6 Whether the disclosure of major defects in internal control of non-financial reports in the internal control audit report is consistent with the disclosure of the company's internal control evaluation report
√ yes □ no III Internal control evaluation (I) Scope of internal control evaluation
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. 1. The main units included in the evaluation scope include: all functional departments and branches of the company, Industrial Financial Leasing Co., Ltd., Industrial International Trust Co., Ltd., Industrial Fund Management Co., Ltd., industrial consumer finance Co., Ltd., Xingyin Wealth Management Co., Ltd., industrial Futures Co., Ltd., industrial economic research and Consulting Co., Ltd., industrial digital financial services (Shanghai) Co., Ltd Industrial Asset Management Co., Ltd. and other subsidiaries. 2. Proportion of units included in the scope of evaluation:
Proportion of indicators (%)
The ratio of the total assets of the units included in the evaluation scope to the total assets of the company's consolidated financial statements 100
The total operating income of the units included in the evaluation scope accounts for 3.5% of the total operating income in the company's consolidated financial statements The main operations and matters included in the scope of evaluation include:
Internal environment, risk assessment, information communication, internal supervision, risk management, channel and operation management, information technology management, corporate loans, trade financing, investment banking, inter-bank investment, capital transactions, personal loans, credit card business, financial management business, asset custody business, deposit business, agency business, special asset management, financial accounting management, human resource management, fixed assets and procurement management, etc. 4. High risk areas of focus mainly include:
Corporate business, retail business, interbank business, intermediary business, payment and settlement, seal management, anti money laundering, information technology operation management, employee behavior management, etc.
5. The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company's operation and management. Is there any major omission □ yes √ No 6 Is there a statutory exemption
□ yes √ No 7 Other explanatory matters
None (II) Basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal control evaluation in accordance with the enterprise internal control standard system, the guidelines for internal control of commercial banks, the accounting standards for business enterprises, the guidelines for self-discipline supervision of listed companies of Shanghai Stock Exchange and other relevant provisions, as well as the basic system of Industrial Bank Co.Ltd(601166) internal control and the measures for the administration of Industrial Bank Co.Ltd(601166) internal control evaluation. 1. Whether the specific identification standard of internal control defects is adjusted with that of previous years
□ yes √ no
The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company's size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years. 2. Identification standard of internal control defects in financial reporting
The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Misstatement of assets and liabilities 0.09% of total assets, 0.005% of total assets misstatement ≤ 0.005% of total assets, and potential misstatement ≤ 0.09% of total assets
Owner's equity misstatement 1.6% of owner's equity, 0.1% of owner's equity misstatement ≤ 0.1% of owner's equity, and potential misstatement ≤ 1.6% of owner's equity
Potential misstatement of profit and loss accounts > 6% of total profits > 0.38% of total profits < misstatement ≤ misstatement ≤ 0.38% of total profits < 6% of total profits
explain:
Internal control over financial reporting refers to the internal control designed and implemented for the objectives of financial reporting.
The defects of internal control over financial reporting mainly refer to the defects in the design and operation of internal control that can not reasonably ensure the reliability of financial reporting.
The losses that may be caused or caused by internal control defects related to the above items shall be measured according to the corresponding standards; If the loss is related to the above items at the same time, the applicable standard shall be determined according to the lower principle.
The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Material defect the combination of one or more internal control defects may lead to the failure to prevent, detect and correct the material misstatement in the financial report in a timely manner. Signs of major defects include: fraud by directors, supervisors or senior managers of the company; The company corrects the published financial report; Material misstatement in the current financial report found by the certified public accountant that has not been identified by the company's internal control; The supervision of the company's audit and related party transaction control committee and the internal audit department on the company's internal control over financial reporting is invalid.
Material defect the combination of one or more internal control defects may lead to the failure to prevent, detect and correct the misstatement in the financial report that does not constitute a material misstatement but should still attract the attention of the management. Signs of significant deficiencies include: failure to select and apply accounting policies in accordance with GAAP; Failure to establish anti fraud procedures and control measures; No corresponding control mechanism has been established or implemented for the accounting treatment of unconventional or special transactions, and there is no corresponding compensatory control; There are one or more defects in the control of the financial reporting process at the end of the period, and it can not reasonably ensure that the prepared financial statements achieve the true and complete goal.
General defects and other internal control defects that do not constitute major defects or important defects.
Note: none 3 Identification standard of internal control defects in non-financial reporting
The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Direct property loss direct property loss > 0.1% of owner's equity < direct property loss ≤ 1.6% of owner's equity property loss ≤ 0.1% of owner's equity
1.6%
explain:
Internal control over non-financial reporting refers to internal control over strategic objectives, asset safety, business objectives, compliance objectives and other objectives other than financial reporting objectives. The identification of the company's internal control defects in non-financial reporting is mainly based on the severity of the business nature involved, the nature of direct or potential negative impact, the scope of impact and other factors.
The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Major defect the combination of one or more internal control defects may bring significant operational risk, compliance risk or reputation risk to the company, which may lead to the company's serious deviation from the internal control objectives. Signs of major defects include: the company lacks scientific decision-making procedures; Serious violation of national laws and regulations and punishment; Serious loss of personnel in key positions, affecting the normal development of business; Frequent negative news in the media; Lack of system control or system failure of important business; Major defects in internal control have not been rectified.
Important defect is a combination of one or more internal control defects, whose severity and economic consequences are lower than those of major defects. If it is not improved, it may lead to compliance risk or reputation risk, and it may still lead to the deviation of the company from the internal control objectives. Signs of major defects include: the company's decision-making procedures exist but are not perfect; Seriously violate the company's internal rules and regulations and cause losses; The loss of personnel in key positions is serious; Negative news in the media and spread to local areas; Defects in important business systems or systems; Important defects in internal control have not been rectified.
General defects and other internal control defects that do not constitute major defects or important defects. These deficiencies have a low degree of impact, mainly in violation of best operating principles and practices that may lead to inefficiency, and are unlikely to lead to compliance risk or reputation risk.
Note: none (III) Identification and rectification of internal control defects 1 Identification and rectification of internal control defects in financial reporting 1.1 Major defects
Whether the company has major defects in internal control over financial reporting during the reporting period □ yes √ no 1.2 Important defects
Whether the company has significant defects in internal control over financial reporting during the reporting period □ yes √ no 1.3 General defect
The risks that may be caused by the general defects found during the reporting period of the company are within the controllable range, which will not have a substantive impact on the company's asset safety, the realization of development strategy and business objectives, the accuracy and integrity of financial information, the effectiveness of risk management system, and will not lead the company to deviate from the control objectives, and specific plans and measures have been formulated to seriously implement the rectification. 1.4. After the above rectification, on the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting that have not been rectified □ yes √ no 1.5 After the above rectification, on the benchmark date of the internal control evaluation report, whether the company has any important defects in the internal control of financial reporting that have not been rectified □ yes √ No 2 Identification and rectification of internal control defects in non-financial reporting 2.1 Major defects
Whether the company found any major defects in internal control over non-financial reporting during the reporting period □ yes √ no 2.2 Important defects
Whether the company found any significant defects in internal control over non-financial reporting during the reporting period □ yes √ no
2.3. General defect
