Chapter I General Provisions
Article 1 is to standardize the risk management of Sichuan Guo Dong Construction Co., Ltd. (hereinafter referred to as "the Company").
Management, establish a standardized and effective risk control system, improve risk prevention ability, and ensure the safe and stable operation of the company.
Line, improve the management level, according to the "People's Republic of China (PRC) company law", "People's Republic of China (PRC) and national certificate.
Securities Law, Listing Rules of Shanghai Stock Exchange, Articles of Association and other relevant laws and regulations,
This system is formulated in combination with the actual production and operation management of the company.
Article 2 This system aims to provide reasonable guarantee for the company to achieve the following objectives:
1. Control the risk within a range that is appropriate and tolerable for the overall goal.
2. Realize the authenticity and reliability of internal and external information communication of the company.
3. Ensure compliance with laws and regulations.
4. Improve the benefit and efficiency of the company's operation.
5. Ensure that the company establishes a crisis management plan for all major risks so that it will not be affected by disasters.
Suffer heavy losses due to sexual risk or human error.
Article 3 Company risk refers to the influence of future uncertainty on the company's realization of business objectives.
Article 4 Risks are classified according to the different objectives of the company. Company risks are divided into: strategic risks,
Commercial risk, financial risk and legal risk.
1. strategic risk: the strategic decision not made or made is incorrect, which will affect the realization of strategic objectives.
Surface factors.
2. Business risk: improper business decisions, factors that hinder or affect the realization of business objectives.
3. Financial risks: including the risk of financial report distortion, the risk of asset security being threatened and the risk of fraud.
(1) Risk of financial report distortion. It does not fully comply with the relevant accounting standards and accounting systems.
Organizing accounting and preparing financial accounting reports, failing to disclose relevant information as required, resulting in distortion of financial accounting reports.
Information disclosure is incomplete, inaccurate and untimely.
(2) The risk of asset security being threatened. Failure to establish or implement the relevant asset management system leads to the reduction or elimination of the use value and liquidity of the company's equipment, inventory, securities and other assets.
Lost.
(3) Fraud risk. Obtaining unfair or improper benefits through intentional behavior.
4. Legal risk: failure to fully and conscientiously implement national laws, regulations and policies and listing.
Securities regulatory provisions, factors affecting the realization of compliance objectives.
Article 5 Risk can be divided into pure risk and opportunity wind according to whether it can bring profit opportunities to the company.
Risk.
Article 6 According to the degree of influence, risks can be divided into general risks and important risks.
Article 7 This system is applicable to the company's headquarters and subsidiaries.
Chapter II Risk Management and Division of Responsibilities
Article 8 The first line of defense for risk management of all functional departments and business units of the company; Internal audit department and
The audit committee under the board of directors is the second line of defense for risk management; The board of directors and shareholders' meeting are for risk management.
The third line of defense.
Article 9 The main responsibilities of the business management department of the company in risk control management are:
1, the business management department of the company, according to the overall risk assessment plan formulated by the internal control department of the company, according to
The business department shall cooperate with the internal control project team to identify and analyze the risks of relevant business processes and determine the risk response plan.
2
2. According to the identified risks and risk schemes, the control design method and description determined by the company.
Describe tools, design and record relevant controls, and modify and improve the control design according to the requirements of risk management. Including:
Establish a control management system, describe business processes according to specified methods and tools, and prepare risk control documents and
Program files, etc.
3, organize the implementation of the control system, supervise the implementation of the control system, discovery, collection, analysis and control.
System defects, put forward improvement suggestions to control defects and implement them. For major defects and substantial loopholes, except
For the company's internal control projects, in addition to reporting the situation to the leaders in charge of the department, feedback should also be given to the company's internal control project team.
Monitor the operation of internal control system.
4. Cooperate with internal audit and other departments to adjust events that cause great losses or adverse effects due to control failure.
Check and handle.
Article 10 The risk management and responsibility division of subsidiary companies and holding companies shall refer to the setting respectively.
The provisions of Articles 8 and 9 above.
Chapter III Collection of Initial Information of Risk Management
Article 11 Collect the internal and external information related to the company's risks and risk management extensively and continuously.
Initial information, including historical data and future forecasts, should be divided into different responsibilities for collecting initial information.
Close functional departments and business units.
Article 12 In terms of strategic risks, it is necessary to extensively collect cases in which the strategic risks of domestic and foreign companies are out of control, leading to the company's failure.
Loss cases, and collect macroeconomic policies, technical environment, market demand and competition related to the company.
Status and other important information, focusing on the company's development strategy and planning, investment and financing plans, annual economy.
Business objectives, business strategies and the relevant basis for compiling these strategies, plans, schemes and objectives.
Article 13 In terms of financial risks, widely collect domestic and foreign companies whose financial risks are out of control and lead to crisis.
Cases, collect important letters related to the company's profitability, asset operation ability, solvency and development ability indicators.
Interest, focusing on cost accounting, fund settlement and cash management that have occurred or are prone to errors.
A process or link.
three
Article 14 In terms of operational risks, we should extensively collect the neglect and inadequate response of domestic and foreign companies to market risks.
Measures that cause losses to the company, and collect information related to the company's product structure, market demand, competitors, main
Operation of important information such as customers and suppliers, existing business processes and information systems.
Bank supervision, operation evaluation and continuous improvement, and analyze the company's risk management status and ability.
Fifteenth, in terms of legal risks, widely collect the risks ignored by domestic and foreign companies and the lack of laws and regulations.
Handle the cases that the branch company suffered losses due to this measure, and collect information related to the company's legal environment, employee ethics and major agreements.
Information about contracts and major legal disputes.
Article 16 A company shall conduct necessary screening, refining, comparison and classification.
Risk assessment portfolio.
Chapter IV Risk Assessment
Article 17 A company's risk assessment mainly includes the establishment of risk management concept, risk acceptance degree and objectives.
Five basic procedures: formulation, risk identification, risk analysis and risk response.
Article 18 Establishing the company's risk management concept and risk acceptance degree is the company's risk assessment.
Foundation.
1, the concept of enterprise risk management is how the company knows the whole business process (from strategy formulation and implementation to
The company's beliefs and attitudes are characterized by risks in daily activities. The company takes risks carefully.
Management philosophy, take a cautious attitude towards high-risk investment projects.
2. Risk acceptance refers to the degree of risk that the company is willing to accept in the process of pursuing its goals. one
Generally speaking, companies can classify risk acceptance into three categories: high, medium or low. Company since
Considering the risk acceptance qualitatively, on the whole, the company determined that the risk acceptance was "low".
That is, the company adopts a cautious risk management attitude in the process of operation and management, and can accept a lower degree of risk.
Happen.
The company's risk acceptance is also consistent with the company's risk management philosophy.
four
Nineteenth goal setting is the premise of risk identification, risk analysis and risk countermeasures. Companies must first
Set the goal first, then you can identify and evaluate the risks that affect the realization of the goal, and take necessary actions.
Take action to control these risks. Company objectives include strategic objectives, business objectives, compliance objectives and financial objectives.
Four aspects of reporting objectives. The determination of objectives must conform to national laws and regulations and industry development plans, and conform to the public.
The company's strategic development plan conforms to the regulations of the securities regulatory agency of Shanghai Stock Exchange.
Article 20 Risk identification refers to identifying risks that may hinder the realization of the company's goals, prevent the company from creating value or affect the company's operation.
Factors that erode existing values. Companies can adopt the methods of questionnaire survey, group discussion, expert consultation and scenario analysis.
Identify risks through policy analysis, industry benchmarking and interviews.
Article 21 The analysis mainly focuses on the possibility of risk occurrence and the degree of influence on the company's objectives.
The angle to be analyzed. Risk analysis method is usually a combination of qualitative and quantitative methods. Feel uncomfortable in risk analysis
When the quantitative analysis is appropriate, or the data required for quantitative analysis is not available.
, or the acquisition cost is high, companies usually use qualitative analysis.
The company analyzes risks to determine which risks should be paid attention to and which risks should be paid general attention to.
The risks that need to be concerned are further divided and identified as "important risks" and "general risks" respectively.
So as to lay the foundation for risk countermeasures. The judgment of the importance of risk is mainly based on the possibility and
To determine the extent of the impact.
1. If the possibility of a risk is "extremely unlikely", you can ignore the risk.
2. If the possibility of risk occurrence is higher than or equal to "possible occurrence" and the impact of risk is small,
This risk is identified as general risk.
3. If the possibility of risk is equal to or higher than "possible risk", and the impact of risk.
Degree, this risk will be identified as an important risk.
Article 22 countermeasures. After risk analysis, the company shall, according to the results of risk analysis, combine
Reasons for the occurrence of risks Choose the risk response plan: avoid risks, accept risks, reduce risks or share risks.
five
1. Avoid risks: carry out various activities that will generate risks. An example of avoiding risk may be to stop using it.
A production line, stop expanding to a new geographical market, or sell a branch of the company.
2. Risk reduction: Take actions to reduce the possibility or impact of risks, or both.
Lower it. Reducing risk usually involves many daily business decisions.
3. Share risks: reduce the possibility and impact of risks by transferring risks or sharing some risks.
The ring. Common methods include buying insurance products, hedging futures or outsourcing an activity.
4. Accept the risk: don't take any action to affect the possibility or impact of the risk. After risk analysis,
When determining the risk response plan, the company should consider the following factors:
1, the impact of the risk response plan on the possibility and degree of risk occurrence, and whether the risk response plan is equal to publicity.
Our risk tolerance is the same.
2. Compare the cost and benefit of this scheme.
3. Compare the possible opportunities and related risks in the scheme.
4. Fully consider the combination of various risk response schemes.
Chapter V Management Solutions
Article 23 The company shall formulate policies for various risks or major risks according to the risk response strategy.
Insurance management solutions. The plan should usually include the specific objectives of risk resolution, the required organizational leadership and relevant personnel.
And the management and business processes, required conditions, means and other resources before, during and after the occurrence of risk events.
Specific countermeasures and risk management tools.
Article 24 The business strategy is consistent with the risk strategy, and risk control is balanced with business efficiency and effectiveness.
In principle, the company formulates an internal control plan to resolve the major risks involved in management and business processes.
Process, formulate the whole process control measures covering all links; For business processes involving other risks, it is necessary to
Take key links as control points and take corresponding control measures.
six
Article 25 Formulate reasonable and effective internal control measures, including the following contents:
1. Establish an authorization system for internal control posts. Posts involving internal control clearly define the authorized objects.
Conditions, scope and amount, etc. No organization or individual may make risky decisions beyond its authority;
2. Establish an internal control reporting system. Clearly define time, content,
Frequency, transmission route, departments and personnel responsible for handling reports, etc. ;
3. Establish an internal control approval system. For important matters involving internal control, clearly define the examination and approval procedures and articles of association.
Parts, scope and amount, necessary documents, departments and personnel with the right to approve and their corresponding responsibilities;
4. Establish an internal control responsibility system. In accordance with the principle of the unity of rights, obligations and responsibilities, it is clearly stipulated that each
The relevant departments and business units, posts and personnel should bear the responsibility and reward and punishment system;
5. Establish internal control audit inspection system. Combined with the relevant requirements, methods, standards and processes of internal control, clearly define the object, content, methods and responsible departments of audit inspection;
6. Establish an internal control evaluation system. Conditional companies should implement risk management in all business departments.
The situation is linked to performance pay;
7. Establish a major risk early warning system. Continuously monitor major risks and issue forecasts in a timely manner.
Police information, formulate emergency plans, and adjust control measures according to changes in the situation;
8. Establish and improve the company's legal adviser system. Vigorously strengthen the construction of the company's legal risk prevention mechanism and form
Led by the company's decision-making level, led by the company's legal department, provided by the company's legal adviser, and participated by all employees.
* * * Participatory legal risk responsibility system. Improve the filing management system of major legal disputes of the company;
9. Establish a system of checks and balances of power in important positions, and clearly stipulate the separation of incompatible duties. Mainly includes:
Responsibilities: authorization and approval, business handling, accounting records, property custody and audit inspection. What does internal control include?
Important positions can be set up with one post and two responsibilities, and one post and two responsibilities can restrict each other; Identify the superior department or personnel of this position.
Supervision measures and responsibilities of staff; Take this position as the focus of internal audit.
seven
Article 26 The Company shall carefully organize the implementation according to the division of responsibilities of relevant departments and business units.
Implement risk management solutions to ensure that all measures are in place.
Chapter VI Supervision and Improvement of Risk Management
Article 27 The company establishes a basic risk management process that runs through the whole process and connects all levels and departments.
Risk management information communication channels between the door and business units, to ensure timely, accurate and complete information communication, for
To lay the foundation for the supervision and improvement of risk management.
Article 28 All relevant departments and business units of the Company shall conduct self-inspection of risk management on a regular basis.
The inspection report shall be submitted to the risk management department of the company in time.
Department.
Article 29 The internal audit department of a company may report to relevant departments and business units regularly or irregularly.
Whether to carry out risk management work and its effectiveness in accordance with relevant regulations for supervision and evaluation, the supervision and evaluation report shall
Directly submitted to the board of directors or the audit committee under the board of directors. This work can also be combined with annual audit, term of office
Audit, outgoing audit or special audit shall be carried out together.
Chapter VII Supplementary Provisions
Article 30 the board of directors of the company shall be responsible for the interpretation of this system.
Article 31 This system shall be implemented as of the date of approval by the board of directors.