Shenzhen Guohua Network Security Technology Co.Ltd(000004) year 2002
Internal control audit report
Zhitong Certified Public Accountants (special general partnership)
Zhitong Certified Public Accountants (special general partnership), 5th floor, set square, No. 22, Jianguomenwai street, Chaoyang District, Beijing, China, 100004
Tel. + 86 1085665588
Fax + 86 1085665120
www.grantthornton. cn.
Internal control audit report
Zhi Tong Shen Zi (2022) No. 440a016149 Shenzhen Guohua Network Security Technology Co.Ltd(000004) all shareholders:
In accordance with the guidelines on audit of internal control of enterprises and the relevant requirements of the practice standards for Certified Public Accountants of China, we have audited the effectiveness of internal control over the financial statements of Shenzhen Guohua Network Security Technology Co.Ltd(000004) (hereinafter referred to as Shenzhen Guohua Network Security Technology Co.Ltd(000004) company) as of December 31, 2021.
1、 Responsibility of enterprises for internal control
It is the responsibility of the board of directors of Shenzhen Guohua Network Security Technology Co.Ltd(000004) company to establish, improve and effectively implement internal control and evaluate its effectiveness in accordance with the basic norms of enterprise internal control, guidelines for the application of enterprise internal control and guidelines for the evaluation of enterprise internal control.
2、 Responsibilities of Certified Public Accountants
Our responsibility is to express audit opinions on the effectiveness of internal control over financial reporting based on the implementation of audit work, and disclose the significant defects of non-financial reporting internal control noted.
3、 Inherent limitations of internal control
Internal control has inherent limitations, and there is the possibility that misstatement can not be prevented and found. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control audit results.
4、 Matters leading to negative opinions
A major defect is a control defect or a combination of multiple control defects existing in the internal control that may lead to the failure to prevent, detect and correct the material misstatement of the financial statements in time. The following major defects exist in the internal control of financial reporting of Shenzhen Guohua Network Security Technology Co.Ltd(000004) company. (I) significant defects in internal control related to goodwill impairment
Shenzhen Guohua Network Security Technology Co.Ltd(000004) company issued the performance forecast for 2021 (hereinafter referred to as the performance forecast) on January 26, 2022. It is estimated that the net profit attributable to shareholders of the listed company of Shenzhen Guohua Network Security Technology Co.Ltd(000004) company in 2021 will be 100 million yuan – 148 million yuan. According to the 2021 financial statements approved by Shenzhen Guohua Network Security Technology Co.Ltd(000004) company at the 7th Meeting of the 10th board of directors on April 28, 2022, the audited net loss attributable to the shareholders of the listed company is 509.11 million yuan Shenzhen Guohua Network Security Technology Co.Ltd(000004) company failed to fully consider the target company Beijing Zhiyou Wangan Technology Co., Ltd. failed to complete the performance commitments in 2021 during the goodwill impairment test, and the goodwill impairment test was not prudent, resulting in insufficient provision for goodwill impairment, resulting in significant deviation between the 2021 financial statements and the performance forecast. (II) there are significant defects in the internal control related to the revenue cut-off. There is a cut-off problem in the revenue recognition of Shenzhen Guohua Network Security Technology Co.Ltd(000004) company. The revenue is recognized when the customer does not substantially obtain the control over the relevant goods or services, resulting in the early recognition of the revenue, resulting in a significant deviation between the financial statements of 2021 and the performance forecast. (III) there are major defects in the internal control related to employee salary and procurement, and there is a situation that the Commission of salesperson is paid from the procurement cost, resulting in the confusion of salary and cost, affecting the integrity and accuracy of expenses.
Effective internal control can provide reasonable guarantee for the authenticity and integrity of financial reports and relevant information, and the above major defects make Shenzhen Guohua Network Security Technology Co.Ltd(000004) company’s internal control lose this function.
Shenzhen Guohua Network Security Technology Co.Ltd(000004) the management of the company has identified some of the above major defects and included them in the enterprise internal control evaluation report. These deficiencies are fairly reflected in all material aspects. In the audit of 2021 financial statements of Shenzhen Guohua Network Security Technology Co.Ltd(000004) company, we have considered the impact of the above major defects on the nature, timing and scope of audit procedures.
Shenzhen Guohua Network Security Technology Co.Ltd(000004)
Internal control evaluation report in 2021
Shenzhen Guohua Network Security Technology Co.Ltd(000004) all shareholders:
According to the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control supervision requirements (hereinafter referred to as the enterprise internal control standard system), combined with Shenzhen Guohua Network Security Technology Co.Ltd(000004) (hereinafter referred to as the company) internal control system and evaluation methods, on the basis of daily supervision and special supervision of internal control, We evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of the internal control evaluation report).
1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors.
The management is responsible for organizing and leading the daily operation of the enterprise’s internal control.
The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report. The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Internal control evaluation conclusion
According to the identification of major defects in the internal control of the company’s financial reports and non-financial reports, on the benchmark date of the internal control evaluation report, the board of directors considered that the company had major defects in the internal control of financial reports, and the company failed to maintain effective internal control related to the financial statements in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations.
3、 Internal control evaluation
(I) evaluation scope of internal control
1. According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. The main units included in the scope of evaluation include: holding subsidiaries and branches all included in the scope of consolidation.
The total assets of the units included in the evaluation scope accounted for 100% of the corresponding subjects in the company’s consolidated financial statements in 2021.
2. The main operations and matters included in the scope of evaluation include:
Company level control includes organizational structure, development strategy, internal supervision, human resources, social responsibility, corporate culture, etc;
Business process level control includes subsidiary management system, fund management, sales business, financial report, information system management, etc.
3. The high-risk areas of focus mainly include:
Capital activity risk, sales management risk, financial reporting risk, etc.
The internal control of the above businesses and matters covers the main aspects of the company’s operation and management, and there is no major omission.
(II) basis of internal control evaluation and identification standard of internal control defects
According to the enterprise internal control standard system and the enterprise internal control system and evaluation methods, the company organizes and carries out internal control evaluation on the basis of daily and special supervision of internal control.
The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years.
1. Identification standard of internal control defects in financial reporting
The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows (the defect grade is determined when any evaluation index of total assets and operating revenue reaches the corresponding proportion):
Evaluation index general defect important defect major defect
Defect influence or (loss) 0.5% of the total assets in the consolidated financial statements ≤ defect influence or (loss) ≥ 0.5% of the total assets in the consolidated financial statements defect influence or (loss) 1% of the total assets in the consolidated financial statements
Defect impact or (loss) 0.5% of the operating revenue in the consolidated financial statements ≤ defect impact or (loss) ≥ 0.5% of the operating revenue in the consolidated financial statements defect impact or (loss) 1% of the operating revenue in the consolidated financial statements
Note: the quantitative standard takes the operating income and total assets as the measurement indicators. If the loss that may be caused or caused by the defect of internal control is related to the income statement, it shall be measured by the operating revenue index; Losses that may be caused or caused by internal control defects related to asset management shall be measured by the total asset index.
explain:
The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative standard of defect nature
One or more internal control deficiencies lead to the failure to prevent, detect and correct major misstatement in the financial report in time. The company’s defects under the following circumstances (including but not limited to) shall be classified as major defects in the internal control of financial reporting:
(1) The supervision and management department determines that the control environment is invalid;
(2) Fraud by directors, supervisors and senior managers;
Major defects (3) the external audit found that there was a major misstatement in the current financial report, but the company’s internal control failed to find the misstatement in the operation process;
(4) Major defects that have been found and reported to the management have not been corrected within a reasonable time;
(5) The company corrects the published financial statements due to material misstatement;
(6) Other defects that may affect the correct judgment of report users.
Significant defects: there are significant misstatements in the current financial report based on the above identification, and the control activities fail to identify the misstatements; Although not reached
Qualitative defect nature
To and beyond this level of importance, but from the nature, it should still attract the attention of the board of directors and management.
General defects are other control defects except major defects and important defects.
2. Identification standard of internal control defects in non-financial reporting
The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Defects of the company under the following circumstances (including but not limited to) shall be classified as major defects:
(1) Have a great negative impact on the company and disclose it in the form of announcement;
Major defects (2) violation of national laws and regulations, such as major production or environmental pollution accidents;
(3) Being exposed to negative news by the media, causing significant damage to the enterprise’s reputation;
(4) Loss of key management personnel or important talents