Gd Power Development Co.Ltd(600795)
Regulations on internal control risk management (for Trial Implementation)
Chapter I General Provisions
Article 1 in order to standardize and strengthen the internal control risk management of Gd Power Development Co.Ltd(600795) (hereinafter referred to as the company), in accordance with the company law of the people's Republic of China and other laws and regulations, the guidelines for comprehensive risk management of central enterprises (Guo Zi FA Gai [2006] No. 108) issued by the state owned assets supervision and Administration Commission of the State Council The basic norms for internal control of enterprises (CAI Kuai [2008] No. 7) and its supporting guidelines (CAI Kuai [2010] No. 11) issued by the Ministry of Finance and other five ministries and commissions, and the implementation opinions on strengthening the construction and supervision of the internal control system of central enterprises (Guo Zi FA Jian GUI [2019] No. 101) issued by the state owned assets supervision and Administration Commission of the State Council are formulated in combination with the development strategy and management reality of the company.
Article 2 the term "internal control risk management" as mentioned in these Provisions refers to the identification and evaluation of risks and controls carried out by enterprises in order to achieve strategic and operational management objectives, so as to know the risks faced and their types and sizes, formulate risk response strategies according to risk preference and risk tolerance, and implement a series of systems, procedures and methods, It is a dynamic management process that effectively controls the risks in the corresponding business, and adopts risk monitoring, internal control supervision and other means to promote risk response and control defect rectification, so as to avoid or reduce risk losses and provide reasonable guarantee for the realization of the overall goal of the enterprise.
Article 3 the company's internal control risk management adheres to strategic guidance, value creation and innovation drive, establishes and strengthens the internal control concept of institutionalized management, institutionalized process and process informatization, integrates the internal control risk management into the whole process of corporate governance and business development, realizes the control goal of "strengthening internal control, preventing risks and promoting compliance", and forms a comprehensive, full staff, whole process System wide risk prevention and control mechanism to promote the healthy and sustainable development of the company.
Article 4 the company shall establish and improve the management and control system integrating the two main lines of "risk, internal control, compliance and accountability" and "performance, benchmarking, supervision and evaluation", which runs through all aspects of corporate governance, Party construction, production and operation. Link, match and integrate business processes with system control, risk prevention and control, compliance supervision and accountability for violations, and promote the company's management objectives, responsibilities and implementation at all levels.
Article 5 the company adheres to the management standardization and standardized operation, strengthens the construction of internal control risk management system, establishes and improves the basic system of internal control risk management, comprehensive risk management manual (including internal control risk matrix), internal control manual, internal control evaluation standards, risk monitoring and early warning index system Various special systems and operation specifications such as typical case base of internal control risk and special risk management guidelines.
Article 6 internal control risk management shall follow the following principles:
(I) adhere to the principle of strategic orientation. Internal control risk management should serve the company's strategic positioning of "leader in conventional power energy transformation, main force in new energy development and leader in the construction of world-class enterprises", establish and improve a strict, standardized, comprehensive and effective internal control risk management system guided by risk management and focusing on compliance management and supervision around the company's central task, Give full play to the role of internal control risk management in strengthening the foundation and strengthening the foundation of enterprises.
(II) principle of comprehensiveness and importance. Internal control risk management should cover all aspects of enterprise strategic development, business operation and management support, and run through the whole process of decision-making, implementation, supervision and assessment. On the basis of comprehensive management and control, focus on key businesses, key areas of reform, important links of state-owned capital operation and supervision of overseas state-owned assets to strengthen the management and control of major risks.
(III) principles of compliance and checks and balances. Internal control risk management shall comply with national laws, regulations and relevant policies, follow international prevailing rules, and ensure the legal compliance of internal rules and regulations. In terms of governance structure, institutional setting, distribution of rights and responsibilities and business processes, a check and balance mechanism of mutual restriction and supervision should be formed, taking into account the operation efficiency.
(IV) principle of efficiency and adaptability. Internal control risk management should fully weigh the implementation cost and expected benefits, and achieve effective control at an appropriate cost in the selection of risk response strategies and control measures. And actively adapt to the changes of internal and external environment, continuously optimize the internal control risk management system and operation mechanism, and ensure that it always matches the business scale, business scope, competitiveness and management level of the enterprise. Article 7 these Provisions are applicable to the headquarters and affiliated units of the company (hereinafter referred to as "all units").
Chapter II Organization and responsibilities
Article 8 the Party committee of the company shall be responsible for the leadership of internal control risk management, make overall arrangements for the internal control risk management of the whole company, and study and consider the internal control risk management matters within the scope of "three priorities and one major" decision-making. Party committee members are responsible for organizing and coordinating internal control risk management in their respective fields.
Article 9 the board of directors of the company is the decision-making body of internal control risk management, which is responsible for overall monitoring the establishment, improvement and effective implementation of internal control risk management system, and mainly performs the following responsibilities:
(I) implement the provisions of the state and controlling shareholders on enterprise internal control risk management, and decide on the company's internal control risk management system;
(II) approve the company's internal control risk management system and determine the company's overall risk preference and risk tolerance;
(III) approve the company's annual internal control system work report, internal control evaluation report and other important documents, and regularly listen to the company's internal control risk management report; (IV) approve the company's internal control risk management and other major matters.
Article 10 the audit committee of the company is a professional committee under the board of directors of the company, which mainly performs the following duties:
(I) complete the supervision and guidance on internal control risk management appointed by the board of directors;
(II) evaluate the appropriateness of the design of the company's internal control risk management system;
(III) review the internal control evaluation report of the company and the internal control audit report issued by the external audit institution;
(IV) evaluate the results of the company's internal control evaluation and audit, and urge the rectification of internal control defects;
(V) coordinate other matters authorized by the board of directors and other matters involved in relevant laws and regulations.
Article 11 the board of supervisors of the company shall supervise the performance of internal control risk management responsibilities by directors and senior managers according to law.
Article 12 the general manager of the company is the first person responsible for internal control risk management and is responsible for leading the establishment, improvement and effective operation of the internal control risk management system covering all business fields, organizations and posts; Other leaders of the company are responsible for organizing the formulation of special systems, work plans and response measures for internal control risk management in their respective fields, supervising the implementation, and studying matters related to internal control risk management in their respective fields.
Article 13 the management of the company is the responsible subject of internal control risk management, responsible for the establishment, improvement and effective implementation of internal control risk management system, and mainly performs the following responsibilities:
(I) organize the establishment and implementation of internal control risk management system;
(II) review the company's basic internal control risk management system, overall risk preference and risk tolerance;
(III) review the company's annual internal control system work report and internal control evaluation report, and listen to the company's quarterly major risk control and monthly risk monitoring and early warning report;
(IV) approve the company's comprehensive risk management manual, internal control manual, internal control evaluation standards, risk monitoring index system, special risk management guidelines and other internal control risk management system documents;
(V) approve the company's annual major risk assessment results and solutions;
(VI) review the company's internal control risk management and other major matters.
Article 14 the Audit Department of the company is the centralized Department of the company's internal control risk management, responsible for the daily work of the company's internal control risk management, and mainly performs the following responsibilities:
(I) formulate the basic system, overall risk preference and risk tolerance of the company's internal control risk management;
(II) organize and supervise the company and all units to establish and improve the internal control risk management system and operation mechanism;
(III) organize the establishment of the company's internal control risk matrix, risk assessment standards and internal control evaluation standards, and form comprehensive risk management manual, internal control manual and other internal control risk management system documents;
(IV) organize and carry out annual risk assessment, determine risk management strategies and prepare major risk solutions;
(V) organize the establishment of the company's risk early warning and monitoring index system and carry out risk monitoring and early warning;
(VI) review relevant systems and processes of the company's internal control;
(VII) organize the effectiveness inspection and evaluation of the internal control risk management system and the special audit of internal control, formulate the annual internal control evaluation work plan, and track and supervise the implementation of defect rectification;
(VIII) organize the preparation of the company's annual internal control system work report and internal control evaluation report, quarterly major risk control report and monthly risk monitoring and early warning report, which shall be submitted to the controlling shareholder after approval;
(IX) supervise and urge the implementation of special risk assessment, and pay attention to the decision-making of major business matters such as investment, M & A, reform and restructuring;
(x) conduct annual assessment and evaluation on the internal control risk management of each unit; (11) Promote the informatization construction and application of the company's internal control risk management; (12) Carry out the cultivation of internal control risk management culture, organize internal control risk management training, establish and update the internal control risk management knowledge system, and cultivate a professional team of internal control risk talents.
Article 15 the functional departments of the company are the responsible subjects of internal control risk management in the business field of the Department, and mainly perform the following duties:
(I) implement the relevant provisions of the state, controlling shareholders and the company on internal control risk management, and establish and improve various management systems and business processes in the business field of the Department;
(II) establish and improve the internal control risk management system and operation mechanism in the business field of the Department, and continuously optimize and improve it;
(III) determine the risk preference and risk tolerance of the business field of the Department, and organize the internal control risk management in the business field;
(IV) formulate and implement risk management strategies and major risk solutions in the business field of the Department;
(V) establish the risk monitoring and early warning index system of the Department, and carry out risk monitoring and early warning and response disposal;
(VI) formulate special risk management guidelines for business areas of the Department, and organize special risk assessment and response;
(VII) embed the internal control risk control measures into the relevant business information system of the Department;
(VIII) carry out internal control evaluation in the business field of the Department, find out internal control defects and implement rectification;
(IX) supervise and inspect the establishment and operation of internal control risk management system in relevant business areas of each unit;
(x) prepare the annual internal control system work report, quarterly major risk control report and monthly risk monitoring and early warning report of the Department.
Each department of the company shall appoint a person as the internal control risk management liaison to organize and coordinate the daily work of internal control risk management of the Department.
Article 16 All units shall establish and improve their own internal control risk management organization system with reference to the performance mode of the company's organizational structure, clarify the centralized management department and allocate special personnel for internal control risk management, and other departments shall be equipped with part-time liaison personnel. Each unit mainly performs the following duties:
(I) implement the relevant provisions of the state and the company on internal control risk management, establish and improve the internal control risk management system and operation mechanism of the unit, and carry out internal control risk management in an orderly manner;
(II) organize the formulation of the basic internal control risk management system of the unit, and determine the risk preference and risk tolerance;
(III) according to the unified requirements of the company, carry out the annual risk assessment of the unit, assess major risks and implement prevention and control;
(IV) according to the unified requirements of the company, timely respond to the abnormal early warning indicators and alarm status of the company's unified construction risk monitoring, and take necessary countermeasures. Establish the risk monitoring and early warning index system of the unit in combination with its own situation;
(V) supervise and inspect the establishment and operation of the internal control risk management system of the unit, and continuously optimize and improve it;
(VI) organize the internal control evaluation of the unit, find out the internal control defects and implement the rectification;
(VII) organize the preparation of the unit's annual internal control system work report, quarterly control of major risks, monthly risk monitoring and early warning report and other important documents, and submit them to the company as required.
Article 17 the main person in charge of each unit is the first person responsible for internal control risk management, and is responsible for leading the establishment, improvement and effective operation of the internal control risk management system covering all business fields, organizations and posts; The members of the leading group of each unit shall take the main leadership responsibility for the internal control risk management in their respective fields.
Chapter III Risk and control identification
Article 18 risk and control identification means that the enterprise comprehensively, systematically and continuously collects information related to risk and internal control according to the strategy and operation and management objectives, timely identifies various risks affecting the enterprise's strategy and operation and management objectives in combination with the internal and external environment of the enterprise, and identifies corresponding control measures and responsible subjects in combination with the internal control system, Improve and perfect the internal control risk matrix to lay the foundation for internal control risk management.
Article 19 the company regards the possible impact of future uncertainty on the realization of the enterprise's strategy and business objectives as risk management.
Article 20 the internal control of the company is a process jointly implemented by the board of directors, the board of supervisors, the management and all employees to achieve the control objectives. Including internal environment, risk assessment, control activities, information and communication, internal supervision and other elements.
Article 21 based on business, the company and all units shall carry out information collection related to risk and internal control. The information content mainly includes historical data and future forecast, and the information sources include internal information and external information.
(I) internal information includes but is not limited to: the professional ethics of directors, supervisors, managers and other senior managers, professional competence of employees and other human resources factors; Organizational structure, business mode, asset management, business process and other management factors; Independent innovation factors such as research and development, technology investment and information technology application; Financial status, operating efficiency, cash flow and other financial factors; Operation safety, employee health, environmental protection and other safety and environmental protection factors.
(II) external information includes but is not limited to: economic situation, industrial policy, financing environment, market competition, resource supply and other economic factors; Laws and regulations, regulatory requirements and other legal factors; Security and stability, cultural tradition, social credit, education