Yifan Pharmaceutical Co.Ltd(002019)
Internal control evaluation report in 2021
Yifan Pharmaceutical Co.Ltd(002019) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the “enterprise internal control normative system”), combined with the internal control system and evaluation methods of Yifan Pharmaceutical Co.Ltd(002019) (hereinafter referred to as “the company” or “the company”), on the basis of daily and special supervision of internal control, We evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of the internal control evaluation report).
1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.
The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Internal control evaluation conclusion
According to the identification of major defects in the company’s internal control over financial reporting, the company has no major defects in the internal control over financial reporting on December 31, 2021. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations.
According to the identification of major defects in the company’s internal control over non-financial reports, the company found no major defects in the company’s internal control over non-financial reports on December 31, 2021.
There are no factors affecting the evaluation conclusion of internal control effectiveness between December 31, 2021 and the date of issuance of the internal control evaluation report.
3、 Internal control evaluation
(I) internal control scope
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. The main units included in the evaluation scope include the company and its affiliated companies. The total assets of the units included in the evaluation scope account for 99% of the total assets in the company’s consolidated financial statements, and the total operating revenue accounts for 99% of the total operating revenue in the company’s consolidated financial statements.
The main businesses and matters included in the evaluation scope include: internal environment, risk assessment, control activities, information and communication, internal supervision and other elements, specifically including the internal control related to financial statements involved in the company’s business: corporate governance, fund management, procurement and payment, sales and collection, investment and financing, asset management, research and development, engineering projects, comprehensive budget, guarantee business Financial reporting and information system.
The high-risk areas of focus mainly include capital risk, procurement risk, sales risk, investment and financing risk, asset management risk, R & D risk, engineering project risk, comprehensive budget risk and guarantee business risk.
The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company’s operation and management, and there are no major omissions.
(II) basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal control evaluation according to the enterprise internal control standard system. The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years. The identification standards of internal control defects determined by the company are as follows:
1. Identification standard of internal control defects in financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows (according to the principle of whichever is lower):
Defect grade
Major defect important defect general defect
Defect effect
Impact on Financial Reporting
≥5% 3%~5% <3%
(error and omission accounting for% of net profit after tax)
Direct economic loss accounts for ≥ 1% of sales revenue or total assets, 0.5% ~ 1% < 0.5%
(2) The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
1) Major defects: major misstatement in the financial report cannot be prevented, discovered and corrected in time due to individual defects or other defects. In case of any of the following circumstances, it shall be deemed as a major defect:
a) Invalid control environment;
b) The company’s directors, supervisors and senior managers commit fraud and cause heavy losses and adverse effects to the enterprise; c) The external audit found that there were significant misstatements in the current financial report, and the company failed to find them first;
d) Major defects that have been found and reported to the management have not been corrected within a reasonable time;
e) The supervision of the company’s audit committee and the company’s audit department on internal control is invalid.
2) Important defects: the qualitative criteria for important defects in the company’s internal control over financial reporting:
a) Failure to select and apply accounting policies in accordance with GAAP;
b) Failure to establish important check and balance systems and control measures to prevent fraud;
c) There are single or multiple defects in the process of financial reporting, which affect the authenticity and accuracy of the financial report, although it does not meet the identification standard of major defects.
3) General defects: other internal control defects that do not constitute major defects and important defect standards.
2. Identification standard of internal control defects in non-financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
The quantitative standard is measured by operating income and total assets. If the loss that may be caused or caused by the defect of internal control is related to the income statement, it shall be measured by the operating revenue index. If the amount of misstatement in the financial report caused by the defect alone or in combination with other defects may exceed 1% of the operating revenue, it shall be recognized as a major defect; If it exceeds 0.5% but less than 1% of the operating revenue, it is an important defect; If it is less than 0.5% of the operating revenue, it is recognized as a general defect.
Losses that may be caused or caused by internal control defects related to asset management shall be measured by the total asset index. If the amount of misstatement in the financial report caused by the defect alone or in combination with other defects may exceed 1% of the total assets, it shall be recognized as a major defect; If it exceeds 0.5% but less than 1% of the total assets, it is an important defect; If it is less than 0.5% of the total assets, it is recognized as a general defect.
(2) The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
1) Major defects in internal control over non-financial reporting shall be recognized as major defects in the following circumstances:
a) Violation of national laws, regulations or normative documents;
b) Unscientific decision-making procedure leads to major decision-making mistakes;
c) Institutional deficiency or systematic failure of important business;
d) Major or important defects cannot be effectively rectified;
e) Major negative impact of safety and environmental protection accidents on the company;
f) Other situations that have a significant negative impact on the company.
2) Non significant internal control deficiencies:
a) Defects in important business systems or systems;
b) Important defects found in internal control and internal supervision are not rectified in time;
c) Other situations that have a great negative impact on the company.
3) General defects of internal control over non-financial reporting:
a) Defects in general business system or system;
b) General defects found in internal control and internal supervision were not rectified in time.
(III) specific conditions of internal control evaluation
1. Internal environment:
(1) Corporate strategy
The company establishes strategic objectives, strategic planning and business plans, and ensures the realization of objectives through management and control measures. Set up strategic objectives and business plans according to the long-term business plan to guide business behavior. Timely adjust the strategy and business plan according to policy changes and market conditions. Through regular budget and operation analysis, timely grasp the market information and the company’s operation, make corresponding management decisions and countermeasures, and guide the management and operation behavior.
(2) Organizational structure and distribution of rights and responsibilities
In order to effectively plan, coordinate and control business activities, the company has reasonably set up an organizational structure consistent with its strategic development and business objectives, clearly defined the responsibilities and management authority of each department, implemented the principle of separation of incompatible positions, and formed a mutual check and balance mechanism. The company appoints special personnel to be specifically responsible for internal audit and ensure the implementation of internal control system related to financial report.
(3) Participation of governance
The articles of association clearly stipulates the responsibilities and obligations of the board of directors (including subordinate committees), the board of supervisors and the general meeting of shareholders. The management actively participates in supervising the company’s operation and internal control related to financial reporting, and has a significant impact on it.
(4) Management tone
The company’s management is responsible for the formulation, implementation and supervision of the company’s operation strategies and procedures. The company actively establishes the company culture and creates a good working environment; Pay attention to the internal control related to financial reporting and effectively supervise it. The company implements a scientific and democratic decision-making mechanism to strictly control ultra vires. Establish internal control measures and procedures to prevent and identify fraud risks, prevent possible fraud, and deal with problems in violation of policies and processes in a timely and effective manner.
(5) Code of conduct and ethics for employees
Integrity and moral values are an important part of the control environment. The company has always attached importance to creating a good atmosphere. The human resources department of the company has formulated the employee manual and employee post standards, including appearance, speech and behavior, work guidelines, use and maintenance of the company’s property, correct exercise of authority, intellectual property and confidentiality, employment relationship, avoidance of conflict of interest, information disclosure, external communication, security issues, etc.
(6) Human resources policy and Practice
The company has established and implemented a scientific personnel management system and employed competent personnel to complete the work within the scope of post responsibilities. The management of the company attaches great importance to the knowledge, experience and ability required for specific jobs, carries out various forms of training according to the needs of actual work, fully considers the needs of various functional departments and key positions of the company, and integrates the company’s strategy, culture, employee code, reporting mechanism, financial system, internal control, enterprise information management and other contents into the training, so that employees can be competent for their current jobs. The company implements salary management with incentive effect to ensure the enthusiasm of employees and complete their post responsibilities.
(7) Information system environment
The company’s operation and financial report use a stable and functional information system to realize information office. The system function not only covers the implementation and approval of business such as project initiation, contract approval, execution and payment, collection, but also supports financial operations and processing such as general ledger, a / R, a / P, fixed assets, projects and funds. The system is set according to the authorization mechanism of the company to support each process to strictly follow the company’s regulations. The company establishes and maintains information environment, including information planning, information system and information asset management, and manages the development, change and information security of information system. The company provides effective resources to ensure the normal and effective operation of the whole information system. The management of the company has always attached importance to and promoted information office to assist management decision-making.
2. Risk assessment
As the basis of internal control activities, risk assessment identifies and analyzes relevant risks in order to achieve enterprise objectives, including strategic risk, financial risk, market risk, operational risk, legal risk, etc. The company establishes a risk identification mechanism to anticipate and identify internal and external risk factors and take appropriate countermeasures.
3. Control activities
According to the risk assessment results, the enterprise adopts corresponding control measures to control the risk within the tolerable range. The company has designed and implemented appropriate control activities in key business process areas according to the risk level. In terms of fund management, procurement and payment, sales and collection, investment and financing, asset management, research and development, engineering projects, comprehensive budget, guarantee business, financial report and information system, it has established transaction authorization control, responsibility division control, voucher and record control, asset contact and record use control and independent inspection control. For the control of main business processes, the main risks, authority and responsibility requirements, key control operation requirements, etc. at the business process level are clarified to ensure that the requirements of the company’s internal control are implemented in the business field. In particular, targeted control measures have been implemented in key high-risk areas. The details are as follows:
(1) The company has established strict authorization and approval procedures for fund management, and incompatible Posts handling fund business are separated from each other. The company has defined the scope of use of cash and the provisions that should be observed when handling cash revenue and expenditure business in accordance with the Interim Regulations on cash management of the State Council. The company has formulated the settlement procedures of bank deposits in accordance with the relevant provisions of the people’s Bank of China. The company approves the opening and cancellation of bank accounts, regularly counts cash and regularly checks bank accounts, and strengthens fund management and supervision through internal control. In order to standardize the management and use of raised funds and improve the efficiency of fund use
