Internal control evaluation report in 2021
Venustech Group Inc(002439) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the "enterprise internal control standard system"), combined with the internal control system and evaluation methods of the company (hereinafter referred to as the "company"), on the basis of daily and special supervision of internal control, We evaluated the effectiveness of the company's internal control on December 31, 2021 (the benchmark date of the internal control evaluation report). 1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise's internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise's internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the report.
The objective of the company's internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Internal control evaluation conclusion
According to the identification of major defects in the company's internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise's internal control standard system and relevant regulations. According to the identification of major defects in the company's internal control over non-financial reports, the company found no major defects in the company's internal control over non-financial reports on the benchmark date of the internal control evaluation report.
There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report.
3、 Internal control evaluation
(I) evaluation scope of internal control
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas.
The main units included in the evaluation scope include: Venustech Group Inc(002439) , Venustech Group Inc(002439) Information Security Investment Co., Ltd., Beijing Venustech Group Inc(002439) Information Security Technology Co., Ltd., Shanghai Venustech Group Inc(002439) Information Technology Co., Ltd., Guangzhou Venustech Group Inc(002439) Information Technology Co., Ltd., Chengdu Venustech Group Inc(002439) Information Security Technology Co., Ltd., Beijing Chenxin lingchuang Information Technology Co., Ltd., Nanjing Chuantuo Dajiang Information Technology Co., Ltd At the end of the Information Security Technology Co., Ltd Tianjin Xinghe Information Technology Co., Ltd. , Tianjin Xinghe Information Technology Co., Ltd Beijing wangyuxingyun Information Technology Co., Ltd., Shanghai Tiantian Investment Co., Ltd., Venus Investment Limited, Venustech Group Inc(002439) Enterprise Management Co., Ltd., Venustech Group Inc(002439) enterprise management (Shanghai) Co., Ltd., Venustech Group Inc(002439) enterprise management (Chengdu) Co., Ltd., Changsha Yunzi credible enterprise management Co., Ltd., Beijing Yunzi Enterprise Management Co., Ltd Jinan Yunzi credible enterprise management Co., Ltd., Hangzhou Hezhong Data Technology Co., Ltd., Beijing Saibo Xing'an Technology Co., Ltd., Beijing Saibo Great Wall Information Technology Co., Ltd., Venus HK Limited, Venus (s) Pte.Ltd., Jiangxi Venustech Group Inc(002439) Information Security Technology Co., Ltd., Qinghai Venustech Group Inc(002439) information technology Co., Ltd., Panzhihua Venustech Group Inc(002439) Information Security Technology Co., Ltd Venustech Group Inc(002439) (Guiyang) Enterprise Management Co., Ltd., Anhui Venustech Group Inc(002439) Network Security Technology Co., Ltd., Hainan Venustech Group Inc(002439) Information Security Technology Co., Ltd., Chongqing Venustech Group Inc(002439) Information Security Technology Co., Ltd., Venustech Group Inc(002439) (Chongqing) Enterprise Management Co., Ltd., Jinan Venustech Group Inc(002439) Information Security Technology Co., Ltd., Guangdong Xingchen Beidou Network Security Technology Co., Ltd At the same time, it's the sort of Information Security Technology Co., Ltd Taizhou Venustech Group Inc(002439) Information Security Technology Co., Ltd., Nanjing Venustech Group Inc(002439) Information Security Technology Co., Ltd., Shandong Xingwei Jiuzhou Security Technology Co., Ltd., Venustech Group Inc(002439) (Zhejiang) Information Security Technology Co., Ltd., Yunfu Venustech Group Inc(002439) Information Security Technology Co., Ltd., Venustech Group Inc(002439) (Guangzhou) Enterprise Management Co., Ltd., Guangxi Venustech Group Inc(002439) Security Technology Co., Ltd Liuzhou Venustech Group Inc(002439) Network Security Technology Co., Ltd., wangyuxingyun (Liaoning) Information Technology Co., Ltd., Luohe wangyuxingyun Information Technology Co., Ltd., Xuzhou wangyuxingyun Information Technology Co., Ltd., Jiangsu wangyuxingyun Information Technology Co., Ltd. and Chongqing wangyuxingyun Information Technology Co., Ltd.
The total assets of the units included in the evaluation scope account for 100% of the total assets in the company's consolidated financial statements, and the total operating revenue accounts for 100% of the total operating revenue in the company's consolidated financial statements.
The main businesses and matters included in the evaluation scope include: the company's organizational structure, corporate culture, human resources, comprehensive budget, procurement, assets, sales, R & D management, contract management, quality control and production and operation management, engineering projects, related party transactions, foreign investment, raised funds, financial management, business outsourcing, seal management, information system construction, internal and external information and communication, information disclosure management and internal supervision.
The high-risk areas of focus mainly include:
1. Internal control of related party transactions
The company has formulated the related party transaction system and the detailed rules for the implementation of the related party transaction decision-making system, which clearly stipulates the related parties and related party transactions, the approval authority and decision-making procedures of related party transactions, and standardizes the transaction behavior with related parties. In the actual operation process, the company has determined the list of the company's related persons and updated them in time; When the company and its holding subsidiaries conduct transactions, they carefully judge whether they constitute related party transactions. At the same time, they have signed transaction contracts for all related party transactions in accordance with the principles of good faith, fairness, fairness and openness. The transaction pricing is fair and reasonable with reference to the market price of similar sales, so as to protect the interests of the company and minority shareholders; For daily connected transactions that often occur, the amount shall be estimated and submitted to the board of directors or the general meeting of shareholders for deliberation and disclosure before the disclosure of the previous annual report; When the board of directors or the general meeting of shareholders is convened to consider related party transactions, the related directors or related shareholders withdraw from voting; The internal audit department of the company shall audit the related party transactions and the occupation of funds by related parties every quarter, issue audit reports and submit them to the audit committee of the board of directors.
2. Internal control of foreign investment
In the articles of association and the measures for the administration of foreign investment, the company has made clear provisions on the approval authority and deliberation procedures of major investment, research and evaluation of investment matters, etc. The general meeting of shareholders is the authority of the company, which has the right to decide the company's business policy and investment plan, and the board of directors decides the company's business plan and investment plan. During the reporting period, the company's foreign investment has fulfilled the approval procedures, and the major investment meets the requirements of the company's interests. The company's external investment is audited by the internal audit department every quarter, and the audit report is issued and submitted to the audit committee of the board of directors. 3. Internal control of raised funds
In accordance with the company law, the securities law, the Listing Rules of Shenzhen Stock Exchange and other relevant laws and regulations, and in combination with the actual situation of the company, the management system of raised funds is formulated to improve the efficiency of the use of raised funds, prevent the risk of the use of funds, ensure the safety of the use of funds and effectively protect the legitimate rights and interests of investors, In addition, the company's internal audit department shall audit the use of raised funds every quarter, issue audit reports and submit them to the audit committee of the board of directors.
4. Internal control over financial reporting
The company has established an independent accounting system, specifically including accounting system, fund management, procurement management, sales management, asset management, expense management, cost management, current account management, financial statement submission management regulations, etc., and defined internal control links such as approval and authorization. The company strictly implements the financial system, strengthens internal financial management, and strictly controls key financial management and control, such as fund management, asset management, revenue recognition, cost accounting, purchase and sales business, etc. For the annual financial report, hire an accounting firm with relevant qualifications to audit and issue an audit report.
5. Control over holding subsidiaries
The company has established the management system of subsidiaries and branches. Through the shareholders' meeting and the appointment of directors, supervisors and senior managers, the company implements the control and management of the holding subsidiaries, brings the work of finance, major investment, personnel and information disclosure into the unified management system, and formulates a unified management system. The functional departments of the company provide professional guidance, supervision and support for the relevant business and management of the subsidiaries. The company has made provisions on the information report of subsidiaries, requiring subsidiaries to report and submit to the company the information that has a significant impact on the company and the information required to be disclosed by the securities regulatory authority. The company regularly obtains the monthly, quarterly, semi annual and annual financial reports of each holding subsidiary, focusing on the major contracts, major capital expenditures, major asset disposal, guarantee The legality, compliance and effectiveness of major economic activities such as financing and major losses, so as to improve the overall operation efficiency and risk resistance of the company.
6. Internal control of information disclosure
The company has established information disclosure management system, insider registration system, internal reporting system of major information, management system of external information users and accountability system for major errors in annual report information disclosure, which has made detailed provisions from the aspects of information disclosure institutions and personnel, information disclosure documents, affairs management, disclosure procedures, information reports, confidentiality measures, file management and accountability. In 2021, the company disclosed the matters to be disclosed in strict accordance with the disclosure standards and procedures, and the company's internal control over information disclosure was strict, sufficient and effective.
The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company's operation and management, and there are no major omissions.
(II) basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal evaluation in accordance with the provisions of the enterprise's internal control standard system and in combination with the provisions of the company's relevant systems, processes, guidelines and other documents.
According to the identification requirements of the enterprise internal control standard system for major defects, important defects and general defects, and in combination with the company's scale, industry characteristics, risk preference, risk tolerance and other factors, the board of directors of the company distinguished the internal control of financial reports from the internal control of non-financial reports, and studied and determined the specific identification standards of internal control defects applicable to the company. The identification standards of internal control defects determined by the company are as follows:
1. Identification standard of internal control defects in financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
The quantitative standard takes the operating income and total assets as the measurement indicators. When they are applied at the same time, the lower principle shall be adopted.
If the loss that may be caused or caused by the defect of internal control is related to the income statement, it shall be measured by the operating revenue index. If the amount of financial report misstatement that may be caused by the defect alone or in combination with other defects is less than 3% of the operating revenue, it is recognized as a general defect; If it exceeds 3% but less than 5% of the operating revenue, it is recognized as an important defect; If it exceeds 5% of the operating revenue, it is recognized as a major defect.
Losses that may be caused or caused by internal control defects related to asset management shall be measured by the total asset index. If the amount of financial report misstatement that may be caused by the defect alone or in combination with other defects is less than 3% of the total assets, it is recognized as a general defect; If it exceeds 3% but less than 5% of the total assets, it is recognized as an important defect; If it exceeds 5% of the total assets, it is recognized as a major defect.
(2) The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Signs of significant deficiencies in financial reporting include:
① Fraud of directors, supervisors and senior managers of the company;
② The company corrects the published financial report;
③ Material misstatement in the current financial report found by the certified public accountant but not identified by the company's internal control;
④ The supervision of the audit committee and the audit department on the company's external financial report and internal control over financial report is invalid.
Signs of significant deficiencies in financial reporting include:
① Failure to select and apply accounting policies in accordance with GAAP;
② Failure to establish anti fraud procedures and control measures;
③ No corresponding control mechanism has been established or implemented for the accounting treatment of unconventional or special transactions, and there is no corresponding compensatory control;
④ There are one or more defects in the control of the financial reporting process at the end of the period, and it can not reasonably ensure that the prepared financial statements achieve the true and complete goal.
General defects refer to other control defects other than the above major defects and important defects.
2. Identification standard of internal control defects in non-financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
The quantitative standard for the evaluation of internal control defects in non-financial reports shall be implemented with reference to the quantitative standard for the evaluation of internal control defects in financial reports.
(2) The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
The identification of non-financial report defects is mainly based on the impact of defects on the effectiveness of business processes and the possibility of occurrence.
If the possibility of defects is small, it will reduce the work efficiency or effect, or increase the uncertainty of the effect, or make it deviate from the strategic goal