Cansino Biologics Inc(688185) Jinyu Bio-Technology Co.Ltd(600201) company
Internal control evaluation system
Chapter I General Provisions
Article 1 in order to standardize the internal control evaluation of Cansino Biologics Inc(688185) Jinyu Bio-Technology Co.Ltd(600201) company (hereinafter referred to as “the company”), improve the work efficiency and effect, improve the internal control and promote the company to improve the management level, according to the basic norms of enterprise internal control, the guidelines for the evaluation of enterprise internal control and the guidelines for the self-discipline supervision of companies listed on the science and Innovation Board of Shanghai Stock Exchange No. 1 – standardized operation This system is formulated in accordance with the provisions of laws, regulations and self-discipline rules such as the guidelines for self discipline supervision of listed companies on the science and Innovation Board No. 7 – matters related to annual reports, and in combination with the actual situation of the company.
Article 2 this system is applicable to the company and its subordinate branches and subsidiaries.
Article 3 the internal control evaluation mentioned in this system refers to the process in which the board of directors of the company comprehensively evaluates the effectiveness of internal control, forms evaluation conclusions and issues evaluation reports.
Article 4 the company’s internal control evaluation shall follow the following principles:
(I) principle of comprehensiveness. The evaluation shall include the design and operation of internal control, covering various businesses and matters of the company and its affiliated units.
(II) principle of importance. On the basis of comprehensive evaluation, the evaluation shall pay attention to important business units, major business matters and high-risk areas.
(III) the principle of objectivity. The evaluation shall accurately reveal the risk status of operation and management and truthfully reflect the effectiveness of the design and operation of internal control.
(IV) principle of checks and balances. The internal control system ensures the reasonable setting and division of labor of the company’s institutions, posts and their responsibilities and authorities, adheres to the separation of incompatible posts, ensures that the rights and responsibilities of different institutions and posts are clear, mutually restricted and supervised, and takes into account the operation efficiency.
(V) principle of adaptability. With the change of the external environment, the adjustment of the company’s business functions and the improvement of management requirements, the internal control system is constantly revised and improved to ensure that it is compatible with the enterprise’s business scale, business scope, competition and risk level.
(VI) cost benefit principle. The evaluation work should weigh the implementation cost and expected benefits, and complete the effective evaluation at an appropriate cost.
Chapter II Contents of internal control evaluation
Article 5 according to the basic norms of enterprise internal control, application guidelines and the company’s internal control system, focusing on the internal environment, risk assessment, control activities, information communication, inspection and supervision and other elements, combined with the actual situation of the company and its subordinate units, the company determines the specific contents of internal control evaluation and makes a comprehensive evaluation on the design and operation of internal control.
Article 6 the internal environment assessment shall identify and evaluate the design and operation of the company’s internal environment based on the application guidelines such as organizational structure, development strategy, human resources, corporate culture and social responsibility, combined with the internal control system of the company and its subordinate units. Focus on whether the governance structure exists in name only, whether the development strategy is feasible, whether the institutional settings overlap, whether the distribution of rights and responsibilities is clear, whether incompatible posts are separated, whether the human resources policy and incentive and restraint mechanism are scientific and reasonable, whether the corporate culture promotes the diligence of employees, and whether the social responsibility is effectively fulfilled. Article 7 risk assessment and evaluation shall be based on the requirements of the basic norms of enterprise internal control on risk assessment and the main risks listed in various application guidelines, and in combination with the internal control system of the company and its subordinate units, identify and evaluate the risk identification, risk analysis and coping strategies in the process of daily operation and management.
Article 8 the evaluation of control activities shall be based on the basic norms of enterprise internal control and the control measures of various application guidelines, and in combination with the internal control system of the company and its affiliated units, identify and evaluate the design and operation effectiveness of relevant business control measures.
Article 9 the evaluation of information communication shall be based on the relevant application guidelines such as internal information transmission, financial report and information system, and in combination with the internal control system of the company and its affiliated units, identify and evaluate the timeliness of information collection, processing and transmission, the integrity of anti fraud mechanism, the authenticity of financial report, the security of information system, and the effectiveness of using information system to implement internal control.
Article 10 the inspection, supervision and evaluation shall identify and evaluate the effectiveness of the internal inspection and supervision mechanism in accordance with the requirements of the basic norms of enterprise internal control and various application guidelines on internal inspection and supervision, and in combination with the internal control system of the company and its subordinate units. Focus on whether the board of supervisors, audit committee and internal audit institutions play an effective supervisory role in the design and operation of internal control.
Article 11 a working paper shall be formed for the internal control evaluation, which shall record in detail the contents of the evaluation carried out by the enterprise, including the evaluation elements, main risk points, control measures taken, relevant evidence and identification results, etc.
Chapter III Organization and implementation of internal control evaluation
Article 12 the company shall carry out internal control evaluation in an orderly manner in accordance with the procedures specified in the basic norms of enterprise internal control and the guidelines for enterprise internal control evaluation. The board of directors of the company approves the internal control evaluation report and is responsible for the authenticity of the internal control evaluation report.
Article 13 the division of responsibilities of internal control evaluation is as follows:
(I) the board of directors of the company shall be responsible for the design, operation and evaluation of the company’s internal control, review and approve the internal control self-evaluation report, and be responsible for the authenticity of the internal control evaluation report.
(II) the audit committee of the company shall guide the internal control evaluation, supervise the self-evaluation of internal control, and review the internal control evaluation report submitted by the internal audit department. Review the internal control evaluation on behalf of the board of directors and submit it to the board of directors for deliberation.
(III) the internal audit department of the company shall organize and implement the internal control evaluation on behalf of the audit committee. (4) All departments, branches and subsidiaries of the company shall cooperate with the internal audit organization to perform their duties, assist, support and cooperate with the internal control evaluation, and organize the implementation of defect rectification.
Article 14 internal control evaluation of the company includes annual evaluation and daily evaluation.
Annual evaluation refers to the evaluation of the effectiveness of the company’s establishment and implementation of internal control in a certain year according to the internal control objectives. The annual evaluation is a regular evaluation. After the end of each year and before the annual financial report is submitted to the board of directors for review, the internal audit department shall complete the regular inspection and submit the internal control evaluation report to the audit committee of the board of directors for review.
Daily evaluation refers to the evaluation of the effectiveness of the company’s internal control within a specific scope at a specific time point. Daily evaluation is generally irregular evaluation, which depends on the specific situation according to the needs, and is not limited by the inspection time and times.
Chapter IV evaluation procedures and methods
Article 15 internal control evaluation procedures generally include: formulating evaluation work plan, forming evaluation working group, implementing on-site test, identifying control defects, summarizing evaluation results, compiling evaluation report and other links.
Article 16 before carrying out the internal control evaluation, the internal audit department shall formulate the evaluation work plan, determine the inspection and evaluation methods according to the items, and formulate a scientific and reasonable evaluation work plan, which shall be implemented after being confirmed by the company’s management and approved by the audit committee.
Article 17 the internal audit department shall form an internal control evaluation working group according to the approved evaluation work plan to implement the internal control evaluation. The members of the evaluation working group are composed of business backbones familiar with the situation of all units of the company. Members of the evaluation working group shall implement the avoidance system for the internal control evaluation of their own department. The company may also entrust an intermediary institution to carry out internal control evaluation. An accounting firm providing internal control audit services shall not provide internal control evaluation services at the same time.
Article 18 the internal control evaluation working group shall conduct on-site test on the evaluated unit, and may comprehensively use the methods of individual interview, questionnaire, special discussion, walk through test, on-site inspection, sampling and comparative analysis to fully collect the evidence of the effectiveness of the internal control design and operation of the evaluated unit, truthfully fill in the evaluation working paper according to the specific contents of the evaluation, and study and analyze the defects of internal control.
Article 19 All units of the company are the basic subject of internal control evaluation, and are responsible for the internal control evaluation of their own units.
Chapter V identification of internal control defects
Article 20 classification of internal control defects.
(I) internal control defects can be divided into design defects and operation defects according to their causes. Design defect means that the internal control design is unscientific and inappropriate, and it is difficult to achieve the control goal even in normal operation; Operation defect refers to that the design is effective, but it is not implemented in strict accordance with the design intention in the actual operation process, resulting in the disconnection between the internal control operation and the design, and the failure to effectively implement the control and achieve the control objectives.
(II) internal control defects can be divided into internal control defects in financial reports and internal control defects in non-financial reports according to their manifestations. Internal control defects in financial reporting refer to control defects that occur in the process of accounting recognition, measurement, recording and reporting and have a direct impact on the authenticity and integrity of financial reports; Defects in internal control over non-financial reports refer to other defects that do not directly affect the authenticity and integrity of financial reports, but have an adverse impact on the realization of control objectives such as the legal compliance of enterprise operation and management, asset safety, operation efficiency and effect.
(III) the defects are divided into major defects and internal control defects according to the degree of importance. The identification standards of internal control defects determined by the company are as follows:
1. Identification standard of internal control defects in financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Potential misstatement of total net profit ≥ 10% of total net profit 5% of total net profit ≤ misstatement misstatement 10% 5% of total net profit
Potential misstatement of total assets ≥ 1% of total assets, 0.5% of total assets ≤ misstatement asset misstatement 1% of total assets, 0.5%
Potential misstatement of operating revenue ≥ 1% of operating revenue, 0.5% of operating revenue ≤ misstatement business misstatement 1% of operating revenue, 0.5% of operating revenue
(2) The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative standard of defect nature
1. It is found that the directors, supervisors and senior managers have fraud, which seriously affects the standardized operation of the company;
2. The company corrects the published financial statements due to major errors and other reasons;
Major defects 3 The external audit found that there were significant misstatements in the current financial statements, but the internal control failed to find such misstatements in the implementation process;
4. The supervision of the audit committee and the internal audit department on internal control is invalid.
1. Accounting policies are not selected and applied in accordance with generally accepted accounting standards or are not implemented and there is no corresponding compensatory control; Important defects 2 For the control of the preparation process of the final financial report, there are defects or a combination of defects that can not reasonably ensure the authenticity and accuracy of the financial statements.
Other internal control defects in financial reporting that do not constitute major defects or important defects.
2. Identification standard of internal control defects in non-financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Index major defect quantitative standard important defect quantitative standard general defect quantitative standard
name
Potential loss ≥ 10% of total net profit ≤ 5% of total net profit potential loss loss of total net profit 10% 5% of total net profit
(2) The qualitative criteria for the evaluation of internal control defects in non-financial reports are as follows:
Qualitative standard of defect nature
1. Major mistakes caused by the company’s decision-making procedures;
Major defects 2 The company violates national laws and regulations and is severely punished;
3. The company’s important business lacks system control or the system fails.
1. General mistakes caused by the company’s decision-making procedures;
Important defects 2 The company violates the internal rules and regulations of the enterprise, resulting in losses;
3. There are defects in the company’s important business system or system.
1. The company’s decision-making efficiency is not high;
General defects 2 Defects in the company’s general business system or system;
3. The company has other defects.
Article 21 the internal control evaluation working group shall preliminarily identify the internal control defects according to the evidence obtained from the on-site test. After cross review, the internal control evaluation department shall prepare the summary table of internal control defects identification, comprehensively analyze and review the internal control defects and their causes, manifestations and impact, put forward the preliminary identification opinions, and report to the management and the audit committee of the board of directors. Major and important defects shall be considered and finally determined by the board of directors.
Article 22 the company shall take timely countermeasures against the identified major defects to effectively control the risks within the acceptable range
