Beijing Vrv Software Corporation Limited(300352)
Self evaluation report on internal control in 2021
Beijing Vrv Software Corporation Limited(300352) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the "enterprise internal control normative system"), combined with the internal control system and evaluation methods of Beijing Vrv Software Corporation Limited(300352) (hereinafter referred to as " Beijing Vrv Software Corporation Limited(300352) ", "the company" and "the company"), on the basis of daily and special supervision of internal control, We evaluated the effectiveness of the company's internal control on December 31, 2021 (the benchmark date of the internal control evaluation report).
1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise's internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise's internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in this report, and bear individual and joint liabilities for the authenticity, accuracy and completeness of its contents.
The objective of the company's internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Internal control evaluation conclusion
According to the identification of major defects in the company's internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise's internal control standard system and relevant regulations.
According to the identification of major defects in the company's internal control over non-financial reports, the company found no major defects in the company's internal control over non-financial reports on the benchmark date of the internal control evaluation report.
From the base date of the internal control evaluation report to the issuance date of the internal control evaluation report, there are no factors affecting the evaluation conclusion of the effectiveness of internal control.
3、 Internal control evaluation
(I) evaluation scope of internal control
The scope of this internal control evaluation mainly includes Beijing Vrv Software Corporation Limited(300352) and its wholly-owned subsidiaries and holding subsidiaries.
The total assets of the units included in the evaluation scope account for 100.00% of the total assets in the company's consolidated financial statements, and the total operating revenue accounts for 100.00% of the total operating revenue in the company's consolidated financial statements.
The businesses and matters included in the evaluation scope include: organizational structure, corporate governance, development strategy, human resources, information disclosure, corporate culture, related party transactions, raised fund management, fund management, R & D projects, budget management, subsidiary management, etc. The details are as follows:
(1) Organizational structure
The company has established scientific and standardized institutions and posts according to its own business characteristics and internal management control requirements in accordance with the provisions of national laws and regulations and the requirements of regulatory authorities. The internal control structure of the company is composed of the general meeting of shareholders, the board of directors, the board of supervisors, the Secretary of the board of directors and senior management. The board of directors has a strategy and Development Committee, an audit committee, a nomination committee, a remuneration and assessment committee and other special committees, and the audit committee has an internal audit department. The responsibilities and authorities of various institutions and posts are clearly stipulated. The general meeting of shareholders, the board of directors, the board of supervisors and senior management exercise the functions of power organ, decision-making organ, supervision organ and executive organ respectively. Each organization performs its own duties and implements its rights and responsibilities to each responsible unit, and the operation is in good condition.
(2) Corporate governance
In accordance with the provisions of the company law, the articles of association and other laws and regulations, we have established a standardized corporate governance structure and rules of procedure, clarified the responsibilities and authorities in decision-making, implementation and supervision, and formed an effective division of responsibilities and check and balance mechanism.
The corporate governance structure of the general meeting of shareholders, the board of directors and the board of supervisors has been established. The general meeting of shareholders, the board of directors, the board of supervisors, independent directors and the Secretary of the board of directors can operate in accordance with the provisions of the company law, the securities law and other relevant laws and regulations, the articles of association and the company's internal system, perform their respective rights and obligations in accordance with the law, and there is no violation of laws and regulations.
(3) Development strategy
According to the articles of association, the strategy and Development Committee under the board of directors of the company is responsible for studying and making suggestions on the company's medium and long-term development strategy, major project investment decisions and major matters decided by the board of directors. The company has formed three strategic directions: information security and information innovation, mobile office and secure communication applications, smart community and health care. The company's strategy and Development Committee performs its duties seriously and standardizes the content of development strategy in strict accordance with the relevant provisions of the company, so as to enhance the company's core competitiveness and sustainable development ability, meet the needs of the company's growing business scale and accelerating development, and ensure the realization of the company's strategic objectives.
(4) Human resources
The company has established and fully implemented scientific personnel management systems such as employment, training, job rotation, assessment, reward and punishment, promotion and elimination. The post doctoral mobile station established by the company has laid a foundation for the company to further absorb excellent talents. Talent selection pays more attention to the high matching between post responsibilities and job requirements. In terms of personnel training, Xinyuan college has been established to link with the company's strategy, closely follow the milestones of the technical system and the product sales objectives and industrial policies of the business system, launch timely and effective training and activities, and carry out periodic and content iterative training in combination with the company's strategic objectives and new product R & D, so that employees can better do their own work and adapt to the company's strategic development; In order to pay more attention to the efficiency and quality of business realization and further improve the business approval process, when assessing the performance of business departments, the enterprise has designed a more reasonable organizational structure, departments, job descriptions and performance appraisal system, and formulated clear standards to ensure that rewards, punishments and promotions are more fair and impartial; In terms of work flow, we should unify and control the work flow of molecular companies all over the country and make it more standardized; The comprehensive use of the source secret letter mobile office has improved the work efficiency, quality and information security office environment. The workflow of each module of the human resource management system can run on the mobile terminal. The company's human resource management is undergoing a comprehensive digital transformation.
(5) Information disclosure
The company's information disclosure is carried out in strict accordance with relevant laws and regulations, Shenzhen Stock Exchange GEM Listing Rules and other normative documents, as well as the company's internal control system such as information disclosure affairs management system, so as to ensure the authenticity, accuracy and timeliness of information disclosure. Meanwhile, in terms of information disclosure, the company has formulated a series of internal control systems, such as information disclosure affairs management system, investor relations management system, insider information insider registration management system, and strictly implemented the above information disclosure system to ensure that the company's internal information is submitted in time and major information will not be disclosed in advance.
(6) Corporate culture
Adhering to the "trust and innovation" concept of China's enterprise, and always upholding the "trust and innovation" as the source of the enterprise's "internal and external values, it is worth pursuing and upholding the" trust and innovation "of China's enterprise, To ensure information security as its own responsibility, people-oriented, pioneering and innovative, the pursuit of excellence, firmly consolidate the market position of terminal security, and strive to build a leader in secure instant messaging. The company will strive to provide users with satisfactory products and services, create a harmonious working atmosphere and growth environment for employees, and create more value for shareholders in return.
(7) Related party transactions
In accordance with the relevant provisions of the company law, the company has formulated the measures for the administration of connected transactions. Clarify the decision-making procedures and approval authority of related party transactions, ensure that the related party transaction contracts concluded between the company and related parties comply with the principles of fairness, openness and impartiality, and safeguard the interests of shareholders and the company.
(8) Management of raised funds
In order to standardize the management and use of the company's raised funds and protect the interests of investors, the company has formulated the management measures for the special storage and use of raised funds, which has made clear provisions on the storage, use, management and supervision of raised funds. The internal audit department issued an internal audit report on the storage and use of raised funds every quarter. The storage and management of raised funds were in line with the provisions of self regulatory guidelines for listed companies on Shenzhen Stock Exchange No. 2 - standardized operation of companies listed on GEM and the management measures for special storage and use of raised funds. There were no violations in the use and disclosure of raised funds. The principle of special account storage and special fund is adopted for the raised funds, which is uniformly managed by the finance department, and external auditors are hired to audit the storage and use of the raised funds. The audit results and the progress of the investment project are disclosed in the annual report.
(9) Fund management
In order to strengthen the supervision and management of the use of funds in the company's system, accelerate capital turnover, improve capital profit margin and ensure capital safety, the company has established and improved various management systems for business modules such as investment, financing, guarantee, bank deposit management, capital budget, capital use approval and cash management in capital management. The company has established a perfect corresponding fund management system. According to the continuous development of the company's business, it puts forward higher management requirements for finance. At present, the application of financial management system NCC has strengthened the centralized management and efficiency of funds in the group's Financial Sharing Center, so as to ensure the safety of funds. Focusing on the safety, efficiency and liquidity of funds, the financial sharing center cooperates with the internal audit department to carry out regular fund inspection and management, and regularly reports to the general manager and the chairman according to the inspection. In the approval process of fund use, the Financial Sharing Center has established the provisions on the approval authority according to the positions of employees and fulfilled their respective responsibilities. The company shall do a good job in fund management in strict accordance with relevant management systems to ensure that the use of the company's funds complies with the principles of rationality, efficiency and safety, and to ensure sufficient financial support for the development of the company.
(10) R & D project management
The company has established a complete set of R & D project management process control system and formed a complete R & D system structure, so that each employee can clearly see their own work tasks and greatly improve work efficiency. According to the company's strategic development objectives, various categories of product lines have been reorganized, and effective control has been implemented at all stages of R & D. In terms of quality and cost-effectiveness, it is ensured that there are always review and responsible persons in each stage of the whole process of product development, so as to ensure the development progress and quality of the project.
(11) Budget management
According to the budget management system, the annual plan shall be formulated as a whole, the performance plan designated by each business department, the large capital plan formulated by the finance department and the human resources plan formulated by the human resources department. With the continuous development of the company, the budget management shall be more detailed to control the budget for the realization of the company's business objectives.
(12) Subsidiary management
In order to strengthen the management of subsidiaries and ensure the standardized, efficient and orderly operation of subsidiaries, the company has formulated the management system of holding subsidiaries. According to the company's internal control system, all functional departments of the company guide, manage and supervise the organization, finance, operation and investment decisions, major event decisions, internal audit, administration, personnel and performance appraisal of subsidiaries, so as to understand and make decisions in time, Ensure the effective management of subsidiaries by the company.
The above units, businesses and matters included in the evaluation scope and high-risk areas cover the main aspects of the company's operation and management, and there are no major omissions.
(II) basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal control evaluation in accordance with the enterprise internal control standard system, basic internal control standards and supporting guidelines. The board of directors of the company studied and determined the internal control defects applicable to the company according to the identification requirements of the enterprise internal control standard system for major defects, important defects and general defects, combined with the factors such as the company's scale, industry characteristics, risk preference and risk tolerance, and determined the internal control defects applicable to the company. The specific identification standards of the internal control defects determined by the company are as follows:
1. Identification standard of internal control defects in financial reporting
(1) The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
The company takes 5% of the total profit as the measurement index of the overall importance level of the income statement and 5% of the net assets as the measurement index of the overall importance level of the balance sheet:
When the potential misstatement amount of the income statement item is greater than or equal to 5% of the total profit, or the potential misstatement amount of the balance sheet item is greater than or equal to 5% of the net assets, it is recognized as a major defect;
When the potential misstatement amount of the income statement item is less than 5% of the total profit but greater than or equal to 2% of the total profit, or the potential misstatement amount of the balance sheet item is less than 5% of the net assets but greater than or equal to 2% of the net assets, it is recognized as an important defect;
When the potential misstatement amount of the income statement item is less than 2% of the total profit and the potential misstatement amount of the balance sheet item is less than 2% of the net assets, it is recognized as a general defect.
(2) The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
① Major defects: control environment failure; Abuse of power and fraud by directors, supervisors and senior managers; The internal control fails to find any material misstatement in the current financial report during its operation; The supervision of the enterprise audit committee and internal audit institutions on internal control is invalid.
② Significant deficiencies: failure to select and apply accounting policies in accordance with GAAP; Failure to establish anti fraud procedures and control measures; No corresponding control mechanism has been established or implemented for the accounting treatment of unconventional or special transactions, and there is no corresponding compensatory control; There are one or more defects in the control of the financial reporting process at the end of the period, and it can not reasonably ensure that the prepared financial statements achieve the goal of authenticity, integrity and accuracy.
③ General defects: other internal control defects that do not constitute major defects or important defects.
2. Identification standard of internal control defects in non-financial reporting
The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
(1) The quantitative standard of internal control defect evaluation of non-financial report determined by the company is consistent with the quantitative standard of internal control defect evaluation of financial report determined by the company. See the quantitative standard of internal control defect evaluation of financial report mentioned above.
(2) The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
① Identification standard of major defects: serious violation of laws and regulations; Decision making procedures lead to major mistakes and sustainable operation is challenged; Lack of institutional control or systematic failure of important business, and lack of effective compensatory control; Serious loss of middle and senior managers and R & D personnel in key positions; The results of the internal control evaluation, especially the major defects, have not been found