Internal control evaluation report in 2021
Dbappsecurity Co.Ltd(688023) all shareholders:
In accordance with the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control regulatory requirements (hereinafter referred to as the enterprise internal control normative system), combined with the company’s (hereinafter referred to as the company’s) internal control system and evaluation methods, and on the basis of daily and special supervision of internal control, we evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of internal control evaluation report). I Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control. The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report.
The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results. II Internal control evaluation conclusion 1 On the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting
□ yes √ no
2. Evaluation conclusion of internal control over financial reporting
√ valid □ invalid
According to the identification of major defects in the company’s internal control over financial reporting, there are no major defects in the internal control over financial reporting on the benchmark date of the internal control evaluation report. The board of Directors believes that the company has maintained effective internal control over financial reporting in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations. 3. Whether major defects in internal control over non-financial reporting are found
□ yes √ no
According to the identification of major defects in the company’s internal control over non-financial reports, the company found no major defects in the company’s internal control over non-financial reports on the benchmark date of the internal control evaluation report.
4. Factors affecting the evaluation conclusion of internal control effectiveness from the benchmark date of internal control evaluation report to the date of issuance of internal control evaluation report □ applicable √ not applicable
There are no factors affecting the evaluation conclusion of the effectiveness of internal control from the base date of the internal control evaluation report to the date of issuance of the internal control evaluation report. 5. Whether the internal control audit opinion is consistent with the company’s evaluation conclusion on the effectiveness of internal control over financial reporting
√ yes □ No 6 Whether the disclosure of major defects in internal control of non-financial reports in the internal control audit report is consistent with the disclosure of the company’s internal control evaluation report √ yes □ no III Internal control evaluation (I) Scope of internal control evaluation
According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. 1. The main units included in the evaluation scope include Dbappsecurity Co.Ltd(688023) and all its holding subsidiaries 2 Proportion of units included in the scope of evaluation:
Proportion of indicators (%)
The ratio of the total assets of the units included in the evaluation scope to the total assets of the company’s consolidated financial statements 100
The total operating income of the units included in the evaluation scope accounts for 100% of the total operating income in the company’s consolidated financial statements The main operations and matters included in the scope of evaluation include:
The company’s development strategy, organizational structure, corporate culture, human resources, capital activities, procurement and payment, sales and collection, asset management, business outsourcing, information system, fund-raising, financial report, R & D management, related party transactions, management of holding subsidiaries, information disclosure and internal information transmission. 4. High risk areas of focus mainly include:
Related party transactions, financial reports, foreign investment, use of raised funds, sales and collection, asset management, etc. 5. the above units, businesses, matters and high-risk areas included in the evaluation scope cover the main aspects of the company’s operation and management. Are there any major omissions □ yes √ no 6 Is there a statutory exemption
□ yes √ No 7 Other explanatory matters
(2) Basis of internal control evaluation and identification standard of internal control defects
The company organizes and carries out internal control evaluation according to the enterprise internal control standard system and the company’s internal control evaluation methods. 1. Whether the specific identification standard of internal control defects is adjusted with that of previous years
□ yes √ no
The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years. 2. Identification standard of internal control defects in financial reporting
The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Operating revenue if the defect alone or in combination with the financial and other defects that may be caused by the defect alone or in combination with other defects, the amount of misstatement in the financial report that may be caused by the financial and other defects that may exceed the amount of misstatement in the business report, and the amount of misstatement in the business report is less than 1% of the operating revenue, It is recognized as 0.5% but less than 1% of the heavy industry income, and 0.5% of the heavy industry income is recognized as a major defect. Is identified as an important defect. General defects.
Total assets if the defect alone or together with the financial and other defects that may be caused by the defect alone or together with other defects, the amount of misstatement in the financial report that may be caused by other defects exceeds the amount of misstatement in the financial report, and the amount of misstatement in the financial report is less than 1% of the total assets, It is recognized as 0.5% but less than 1% of the total re production, and 0.5% of the total re production is recognized as a major defect.
Is identified as an important defect. General defects.
Note: 1. If the loss that may be caused or caused by internal control defect is related to the income statement, it shall be measured by the operating revenue index; 2. Losses that may be caused or caused by internal control defects related to asset management shall be measured by the total asset index.
The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Major defect (1) the defect involves fraud of directors, supervisors and senior managers; (2) Make error correction for major errors in the announced financial report; (3) The certified public accountant finds that there is a material misstatement in the current financial statements, but the internal control fails to find the misstatement in the operation process; (4) The supervision of the board of directors and the Audit Committee on internal control is invalid
Significant defects (1) failure to select and apply accounting policies in accordance with generally accepted accounting standards; (2) Failure to establish anti fraud procedures and control measures; (3) No corresponding control mechanism has been established or implemented for the accounting treatment of unconventional or special transactions, and there is no corresponding compensatory control; (4) There are one or more items in the control of the financial reporting process at the end of the period, and there is no reasonable guarantee that the prepared financial statements achieve the goal of authenticity and accuracy.
General defects are other control defects other than the above major defects and important defects.
Note: none 3 Identification standard of internal control defects in non-financial reporting
The quantitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Index name major defect quantitative standard important defect quantitative standard general defect quantitative standard
Direct property loss of direct property loss ≥ 3% of the profit before tax of the current year ≤ direct property loss < tax of the current year
5% of the total profit of the absolute amount followed by property loss < 3% of the profit before tax of the current year
5% of profit
Description: None
The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Major defects (1) major mistakes caused by decision-making procedures; (2) Lack of control system or systematic failure of important business, and lack of effective compensatory control; (3) Major defects found in the internal control evaluation process have not been rectified; (4) Other situations that have a significant negative impact on the company
Important defects: (1) general mistakes caused by decision-making procedures; (2) Defects in important business systems or systems; (3) The important defects found in the internal control evaluation process have not been rectified; (4) Other situations that have a great negative impact on the company
General defects: (1) the efficiency of decision-making procedure is not high; (2) Defects in general business system or system; (3) The general defects found in the internal control evaluation process have not been rectified.
Note: none (III) Identification and rectification of internal control defects 1 Identification and rectification of internal control defects in financial reporting 1.1 Major defects
Whether the company has major defects in internal control over financial reporting during the reporting period □ yes √ no 1.2 Important defects
Whether the company has significant defects in internal control over financial reporting during the reporting period □ yes √ no 1.3 General defect
During the reporting period, the risks that may be caused by the general defects of the company’s internal control over financial reporting were within the controllable range. In view of the general defects of internal control over financial reporting, the company has formulated a rectification plan and implemented the rectification. 1.4. After the above rectification, on the benchmark date of the internal control evaluation report, does the company have any major defects in the internal control of financial reporting that have not been rectified □ yes √ no 1.5 After the above rectification, on the benchmark date of the internal control evaluation report, whether the company has any important defects in the internal control of financial reporting that have not been rectified □ yes √ No 2 Identification and rectification of internal control defects in non-financial reporting 2.1 Major defects
Whether the company found any major defects in internal control over non-financial reporting during the reporting period □ yes √ no
2.2. Important defects
Whether the company found any significant defects in internal control over non-financial reporting during the reporting period □ yes √ no 2.3 General defect
During the reporting period, the risks that may be caused by the general defects of the company’s internal control over non-financial reporting were within the controllable range. For the general defects of internal control over non-financial reporting, the company has formulated a rectification plan and implemented the rectification. 2.4. After the above rectification, on the benchmark date of the internal control evaluation report, does the company find any major defects in the non-financial reporting internal control that have not been rectified □ yes √ no 2.5 After the above rectification, on the benchmark date of the internal control evaluation report, whether the company finds any important defects in non-financial reporting internal control that have not been rectified □ yes √ no IV Description of other major matters related to internal control 1 Rectification of internal control defects in the previous year □ applicable √ not applicable 2 Operation of internal control in this year and improvement direction in the next year
√ applicable □ not applicable
During the reporting period, the company strictly managed the businesses and matters included in the evaluation scope, and reasonably ensured the realization of control objectives such as asset safety, authenticity and reliability of financial reports. For the general internal control defects found in the process of internal control evaluation, the strategy of “discovery and rectification” is adopted. The relevant departments and principals have timely communicated and formulated the rectification plan, which has been rectified and implemented. In 2022, the company will continue to strengthen the awareness of internal control, optimize the internal control environment, improve the level of internal control management, effectively prevent various risks and ensure the long-term and healthy development of the company in strict accordance with relevant laws, regulations and supporting guidelines. 3. Description of other major events
□ applicable √ not applicable
Chairman (authorized by the board of directors): Fan yuan Dbappsecurity Co.Ltd(688023)