Internal control evaluation report in 2021
Yunnan Tourism Co.Ltd(002059) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the “enterprise internal control normative system”), combined with Yunnan Tourism Co.Ltd(002059) (hereinafter referred to as the “company”) internal control system and evaluation methods, on the basis of daily and special supervision of internal control, We evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of the internal control evaluation report).
1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.
The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Evaluation conclusion
According to the identification of major defects in the company’s internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations.
According to the identification of major defects in the company’s internal control over non-financial reports, the company found no major defects in the company’s internal control over non-financial reports on the benchmark date of the internal control evaluation report.
There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report.
3、 Evaluation basis
According to the basic norms of enterprise internal control, application guidelines and its own internal control system, the company has determined the specific contents of internal control evaluation around the internal environment, risk assessment, control activities, information and communication, internal supervision and other elements, and comprehensively evaluated the design and operation of internal control.
4、 Evaluation principle
The internal control evaluation conducted by the company this year follows the following principles:
(I) principle of comprehensiveness. The evaluation includes the design and operation of internal control, covering various businesses and matters of the enterprise and its subordinate units.
(II) principle of importance. On the basis of comprehensive evaluation, the evaluation focuses on important business units, major business matters and high-risk areas.
(III) the principle of objectivity. The evaluation work accurately reveals the risk status of operation and management and truthfully reflects the effectiveness of the design and operation of internal control.
5、 Evaluation scope
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. The main units included in the evaluation scope include: the company’s headquarters, subsidiaries and their subordinate enterprises. The total assets of the units included in the evaluation scope account for 100% of the total assets in the company’s consolidated financial statements, and the total operating revenue accounts for 100% of the total operating revenue in the company’s consolidated financial statements; The main businesses and matters included in the scope of evaluation include: existing business sectors such as culture and tourism complex operation sector, tourism comprehensive service sector, tourism culture and science and technology sector; The high-risk areas of focus mainly include organizational structure, development strategy, human resources, social responsibility, capital activities, procurement business, asset management, sales business, engineering projects, financial reports, comprehensive budget, contract management, information disclosure, information system management and other main business processes. The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company’s operation and management, and there are no major omissions.
6、 Evaluation work carried out
According to the guidelines for enterprise internal control evaluation and in combination with the actual situation of internal control design and operation, the company formulated the internal control evaluation scheme, stipulated the evaluation principles, contents, procedures, methods and report forms, clarified the responsibilities and authorities of relevant institutions or posts, implemented the responsibility system, and orderly completed the internal control evaluation of this year in accordance with the specified methods, procedures and requirements.
The company organizes and carries out internal environment assessment, and identifies and evaluates the design and actual operation of the internal environment based on the application guidelines such as organizational structure, development strategy, human resources, corporate culture and social responsibility, combined with its own internal control system.
The company organizes the evaluation of risk assessment mechanism, identifies and evaluates the risk identification, risk analysis and response strategies in the process of daily operation and management based on the requirements of risk assessment in the basic norms of enterprise internal control and the main risks listed in various application guidelines, combined with its own internal control system.
The company organizes the evaluation of control activities, identifies and evaluates the design and operation of relevant control measures based on the control measures in the basic norms of enterprise internal control and various application guidelines, combined with its own internal control system.
The company organizes and carries out information and communication evaluation. Based on the relevant application guidelines of internal information transmission, financial report and information system, combined with its own internal control system, the company recognizes and evaluates the timeliness of information collection, processing and transmission, the integrity of anti fraud mechanism, the authenticity of financial report, the security of information system, and the effectiveness of using information system to implement internal control.
The company organizes and carries out internal supervision and evaluation. Based on the requirements of internal supervision in the basic norms of enterprise internal control and the provisions of daily control in various application guidelines, combined with its own internal control system, the company recognizes and evaluates the effectiveness of the internal supervision mechanism, focusing on whether the audit committee of the board of directors and the internal audit department play an effective supervisory role in the design and operation of internal control.
7、 Evaluation procedures and methods
The internal control evaluation of the company in this year is carried out in accordance with the procedures specified in the internal control evaluation measures. The relevant working procedures include formulating the evaluation work plan, forming the evaluation working group, implementing on-site testing, identifying control defects, summarizing the evaluation results, compiling and reporting the evaluation report, etc.
The company authorizes the internal control evaluation working group (hereinafter referred to as the working group) to be responsible for the specific organization and implementation of the internal control evaluation, including formulating the evaluation work plan, clarifying the evaluation scope, work tasks, personnel organization, schedule and other relevant contents, which shall be implemented after being approved by the board of directors or its authorized organization.
The working group implements the internal control evaluation according to the approved evaluation plan.
The evaluation working group is composed of members of the audit committee, heads of subsidiaries included in the scope of internal control self-evaluation, leaders in charge of internal control and heads of functional departments of the company. Members participating in the evaluation working group shall implement the avoidance system for the internal control evaluation of their own department. The internal control evaluation working group fully collected the evidence of the effectiveness of the internal control design and operation of the evaluated unit by conducting on-site test on the evaluated unit, comprehensively using the methods of individual interview, special discussion, walk through test, on-site inspection, sampling and comparative analysis, and truthfully filled in the evaluation working paper according to the specific contents of the evaluation to study and analyze the defects of internal control.
8、 Defects and their identification
Internal control defects include design defects and operation defects. The company’s identification of internal control defects is based on daily supervision and special supervision, combined with the annual internal control evaluation. The internal control evaluation department will put forward identification opinions after comprehensive analysis, and make final identification after review according to the specified authority and procedures.
The internal control evaluation working group of the company preliminarily identified the internal control defects according to the evidence obtained from the on-site test, and divided them into major defects, important defects and general defects according to their impact degree.
Major defects refer to the combination of one or more control defects, which may cause the enterprise to seriously deviate from the control objectives. Important defect refers to the combination of one or more control defects, whose severity and economic consequences are lower than those of major defects, but it may still cause the enterprise to deviate from the control objectives.
General defects refer to other defects except major defects and important defects.
According to the identification requirements of the enterprise internal control standard system for major defects, important defects and general defects, and in combination with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, the management of the company distinguished the internal control of financial reports from the internal control of non-financial reports, and studied and determined the specific identification standards of internal control defects applicable to the company by combining quantitative and qualitative methods, And consistent with previous years. The identification standards of internal control defects determined by the company are as follows:
(I) standards for identifying defects in financial reports
Defect identification standard
Category quantitative judgment and qualitative judgment
1) Any degree of fraud found in the directors, supervisors and senior managers of the company;
2) The company misrepresents major errors in the announced financial report. Total assets: ≥ 3% positive;
Total significant operating income: ≥ 3% 3) ineffective control environment;
Defective owner’s equity ≥ 0.2% 4) the supervision of the audit committee and internal audit institutions on internal control is invalid;
Total profit: ≥ 3% 5) defects affecting income trend;
6) Defects affecting the total amount of connected transactions exceeding the amount of connected transactions approved by shareholders; 7) There is a material misstatement in the current financial report, but the internal control fails to find the misstatement in the operation process;
8) Other defects that may affect the correct judgment of report users.
Total assets: ≥ 1% and 3% 1) accounting policies are not selected and applied in accordance with GAAP;
Total operating income: ≥ 1% and 2) no anti fraud procedures and control measures have been established;
(3) there is no compensation mechanism or no corresponding compensation mechanism for non significant accounting transactions with ≥ 1.3% of the owner’s equity;
0.2% 4) there are one or more defects in the control of the financial reporting process at the end of the period, and the total profit: ≥ 1% and 3%, which can reasonably ensure that the prepared financial statements achieve the goal of authenticity and accuracy.
Total assets: 1% 1) there may be misstatement of financial information, but it only has a slight impact on the accuracy of information. Total general operating income: 1% will not affect the judgment of users;
Defective owner’s equity 0.1% 2) non important findings in external audit.
Total profit: < 1%
(II) identification criteria for defects in non-financial reports
Defect identification standard
Category quantitative judgment and qualitative judgment
1) Major mistakes caused by the company’s decision-making procedures;
2) The company violates national laws and regulations and is fined more than 2 million yuan, which is not the direct payment of the company caused by the control defect of financial report;
3) negative news frequently appeared in the media with the amount of major property losses of more than 3 million yuan, involving a wide range and no negative impact. The defect has been officially disclosed to the public and will be eliminated for the company;
The disclosure of the current report has a negative impact. 4) the company’s important business lacks institutional control or the institutional system fails;
5) Major internal defects or major defects of the company have not been rectified;
6) The company is punished by the CSRC or warned by the stock exchange.
The control defect of non-financial report causes the company’s direct 1) general error caused by the company’s decision-making procedure;
The amount of important property loss is 1 million yuan (including) 2) the company violates the internal rules and regulations of the enterprise, resulting in losses;
3) serious loss of business personnel in key positions of the company;
Punished by the national government department, but there is no defect in the company’s important business system or system;
The disclosure of the company’s periodic report has a negative impact. 5) the company’s internal important or general defects have not been rectified;
Defect identification standard
Quantitative judgment of species
