Shenzhen Guohua Network Security Technology Co.Ltd(000004)
As of December 31, 2021
Internal control evaluation report
Shenzhen Guohua Network Security Technology Co.Ltd(000004)
Internal control evaluation report in 2021
Shenzhen Guohua Network Security Technology Co.Ltd(000004) all shareholders:
According to the provisions of the basic norms of enterprise internal control and its supporting guidelines and other internal control supervision requirements (hereinafter referred to as the enterprise internal control standard system), combined with Shenzhen Guohua Network Security Technology Co.Ltd(000004) (hereinafter referred to as the company) internal control system and evaluation methods, on the basis of daily supervision and special supervision of internal control, We evaluated the effectiveness of the company’s internal control on December 31, 2021 (the benchmark date of the internal control evaluation report).
1、 Important statement
It is the responsibility of the board of directors of the company to establish, improve and effectively implement internal control, evaluate its effectiveness and truthfully disclose the internal control evaluation report in accordance with the provisions of the enterprise’s internal control standard system. The board of supervisors shall supervise the establishment and implementation of internal control by the board of directors. The management is responsible for organizing and leading the daily operation of the enterprise’s internal control.
The board of directors, the board of supervisors and the directors, supervisors and senior managers of the company guarantee that there are no false records, misleading statements or major omissions in the contents of this report, and bear individual and joint legal liabilities for the authenticity, accuracy and completeness of the contents of the report. The objective of the company’s internal control is to reasonably ensure the legal compliance of operation and management, asset safety, authenticity and integrity of financial reports and relevant information, improve operation efficiency and effect, and promote the realization of development strategy. Due to the inherent limitations of internal control, it can only provide reasonable assurance for the realization of the above objectives. In addition, as changes in circumstances may lead to inappropriate internal control or reduced compliance with control policies and procedures, there is a certain risk to speculate the effectiveness of internal control in the future according to the internal control evaluation results.
2、 Internal control evaluation conclusion
According to the identification of major defects in the internal control of the company’s financial reports and non-financial reports, on the benchmark date of the internal control evaluation report, the board of directors considered that the company had major defects in the internal control of financial reports, and the company failed to maintain effective internal control related to the financial statements in all major aspects in accordance with the requirements of the enterprise’s internal control standard system and relevant regulations.
3、 Internal control evaluation
(I) evaluation scope of internal control
1. According to the risk oriented principle, the company determines the main units, businesses and matters included in the evaluation scope and high-risk areas. The main units included in the scope of evaluation include: holding subsidiaries and branches all included in the scope of consolidation.
The total assets of the units included in the evaluation scope accounted for 100% of the corresponding subjects in the company’s consolidated financial statements in 2021.
2. The main operations and matters included in the scope of evaluation include:
Company level control includes organizational structure, development strategy, internal supervision, human resources, social responsibility, corporate culture, etc Shenzhen Guohua Network Security Technology Co.Ltd(000004)
As of December 31, 2021
Internal control evaluation report
Business process level control includes subsidiary management system, fund management, sales business, financial report, information system management, etc.
3. The high-risk areas of focus mainly include:
Capital activity risk, sales management risk, financial reporting risk, etc.
The internal control of the above businesses and matters covers the main aspects of the company’s operation and management, and there is no major omission.
(II) basis of internal control evaluation and identification standard of internal control defects
According to the enterprise internal control standard system and the enterprise internal control system and evaluation methods, the company organizes and carries out internal control evaluation on the basis of daily and special supervision of internal control.
The board of directors of the company distinguished the internal control of financial report from the internal control of non-financial report according to the identification requirements for major defects, important defects and general defects of the enterprise internal control standard system, combined with the factors such as the company’s size, industry characteristics, risk preference and risk tolerance, and studied and determined the specific identification standards of internal control defects applicable to the company, which are consistent with the previous years.
1. Identification standard of internal control defects in financial reporting
The quantitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows (the defect grade is determined when any evaluation index of total assets and operating revenue reaches the corresponding proportion):
Evaluation index general defect important defect major defect
Defect influence or (loss) 0.5% of the total assets in the consolidated financial statements ≤ defect influence or (loss) ≥ 0.5% of the total assets in the consolidated financial statements defect influence or (loss) 1% of the total assets in the consolidated financial statements
Defect impact or (loss) 0.5% of the operating revenue in the consolidated financial statements ≤ defect impact or (loss) ≥ 0.5% of the operating revenue in the consolidated financial statements defect impact or (loss) 1% of the operating revenue in the consolidated financial statements
Note: the quantitative standard takes the operating income and total assets as the measurement indicators. If the loss that may be caused or caused by the defect of internal control is related to the income statement, it shall be measured by the operating revenue index; Losses that may be caused or caused by internal control defects related to asset management shall be measured by the total asset index.
explain:
The qualitative criteria for the evaluation of internal control defects in financial reporting determined by the company are as follows:
Qualitative defect nature
One or more internal control deficiencies lead to the failure to prevent, detect and correct major misstatement in the financial report in time. The company’s defects under the following circumstances (including but not limited to) shall be classified as major defects in the internal control of financial reporting:
(1) The supervision and management department determines that the control environment is invalid;
(2) Fraud by directors, supervisors and senior managers;
Major defects (3) the external audit found that there was a major misstatement in the current financial report, but the company’s internal control failed to find the misstatement in the operation process;
(4) Major defects that have been found and reported to the management have not been corrected within a reasonable time;
(5) The company corrects the published financial statements due to material misstatement;
(6) Other defects that may affect the correct judgment of report users.
Significant defects: there are significant misstatements in the current financial report based on the above identification, and the control activities fail to identify the misstatements; Although not reached
Shenzhen Guohua Network Security Technology Co.Ltd(000004)
As of December 31, 2021
Internal control evaluation report
Qualitative defect nature
To and beyond this level of importance, but from the nature, it should still attract the attention of the board of directors and management.
General defects are other control defects except major defects and important defects.
2. Identification standard of internal control defects in non-financial reporting
The qualitative criteria for the evaluation of internal control defects in non-financial reporting determined by the company are as follows:
Qualitative standard of defect nature
Defects of the company under the following circumstances (including but not limited to) shall be classified as major defects:
(1) Have a great negative impact on the company and disclose it in the form of announcement;
Major defects (2) violation of national laws and regulations, such as major production or environmental pollution accidents;
(3) Being exposed to negative news by the media, causing significant damage to the enterprise’s reputation;
(4) Serious loss of key management personnel or important talents;
(5) Major defects in internal control evaluation have not been effectively rectified.
Major defects have important misstatements identified according to the above, and the control activities fail to identify the misstatements; Although the importance level is not reached or exceeded, the nature of the misstatement should still attract the attention of the board of directors and management.
General defects are other control defects except major defects and important defects.
4、 Identification and rectification of internal control defects
1. Identification and rectification of internal control defects in financial reports.
According to the above identification standards of internal control defects in financial reporting, the company had significant defects in internal control over financial reporting during the reporting period. There is a cut-off problem in the company’s revenue recognition. The revenue is recognized when the company’s customers do not substantially obtain the control over relevant goods or services, resulting in the early recognition of some revenue. During the goodwill impairment test, the company did not fully consider the outstanding performance commitments of the subsidiary Beijing Zhiyou Wangan Technology Co., Ltd. in the reporting period, and the goodwill impairment test was not careful, resulting in insufficient provision for goodwill impairment. The company found that the Commission of sales personnel was paid from the purchase cost, which affected the integrity and accuracy of the expenses.
The company has formulated the following rectification measures:
1) The company has informed the auditors in charge of the annual audit of the above major defects and cooperated with the auditors to explain the matters affected by the above major defects in the audit of financial statements.
2) Further strengthen the management and control construction of subsidiaries, strengthen the training and learning of the subsidiary management system, the notice on the operation and management authority of subordinate enterprises and the notice on the procurement management of subordinate enterprises related to the system, further sort out and design the business processes of subsidiaries, optimize the management mode, and improve the control and decision-making procedures of accounting system, Strengthen human resource allocation and other ways to ensure timely, accurate, true and complete exchange of information between parent and subsidiary companies. Further strengthen the training and learning of financial system, strengthen internal financial management, and strictly control key financial management and control such as fund management, asset management, revenue recognition, cost accounting and purchase and sales business. The internal audit department shall strengthen the irregular inspection of the implementation of relevant systems in revenue recognition, cost accounting, salary accounting and goodwill impairment test. 2. Identification and rectification of internal control defects in non-financial reports.
Shenzhen Guohua Network Security Technology Co.Ltd(000004)
As of December 31, 2021
Internal control evaluation report
According to the above identification standards of internal control defects in non-financial reports, no major defects and important defects in the company’s internal control over non-financial reports were found during the reporting period.
6、 Description of other major matters related to internal control
The company has no explanation of other major matters related to internal control.
Shenzhen Guohua Network Security Technology Co.Ltd(000004) board of directors
April 29, 2002