The basic framework of internal environment is the first element of the basic norms of internal control of enterprises in China;
Including corporate governance structure, internal human resources, corporate culture construction and legal education.
Requirements of China's Basic Standards for Enterprise Internal Control on risk assessment elements;
(1) Collect relevant information comprehensively, systematically and continuously according to the set control objectives, and conduct risk assessment in a timely manner in combination with the actual situation.
(2) When conducting risk assessment, an enterprise shall accurately identify internal risks and external risks related to the realization of control objectives, and determine the corresponding risk tolerance.
(3) Enterprises should pay attention to the following factors when identifying internal risks: ① human resources factors such as the professional ethics of directors, supervisors, managers and other senior managers and the professional ability of employees; ② Management factors such as organization, operation mode, asset management and business process; (3) Independent innovation elements such as R&D, technology investment and information technology application; ④ Financial factors such as financial status, operating results and cash flow; ⑤ Safety and environmental protection factors such as operation safety, employee health and environmental protection; ⑥ Other internal risk factors.
(4) Enterprises should pay attention to the following factors when identifying external risks: ① Economic factors, such as economic situation, industrial policy, financing environment, market competition, resource supply, etc. ② Legal factors such as laws, regulations and regulatory requirements; ③ Social factors such as security and stability, cultural tradition, social credit, education level and consumption behavior; (4) Technological factors such as technological progress and process improvement; ⑤ Natural disasters, environmental conditions and other natural environmental factors; ⑥ Other external risk factors.
(5) An enterprise shall adopt a combination of qualitative and quantitative methods, analyze and rank the identified risks according to the possibility of risk occurrence and its influence degree, and determine the key and priority risks to be controlled. When conducting risk analysis, enterprises should fully absorb professionals, form a risk analysis team, and work according to strict and standardized procedures to ensure the accuracy of risk analysis results.
(6) An enterprise shall, according to the results of risk analysis and risk tolerance, weigh the risks and benefits and determine the risk coping strategies. Enterprises should reasonably analyze and accurately grasp the risk preferences of directors, managers, other senior managers and employees in key positions, and take appropriate control measures to avoid serious losses caused by personal risk preferences to enterprise operations.
(7) Enterprises should comprehensively use risk avoidance, risk reduction, risk sharing and risk tolerance to achieve effective risk control.
(8) An enterprise shall, in combination with different development stages and business expansion, continuously collect information related to risk changes, conduct risk identification and risk analysis, and adjust risk response strategies in a timely manner.
Requirements of China's Basic Standards for Internal Control of Enterprises on Elements of Control Activities
(1) Enterprises should combine manual control with automatic control, preventive control with discovery control, and take corresponding control measures to control risks within tolerable levels. Control measures generally include: incompatible job separation control, authorization approval control, accounting system control, property protection control, budget control, business analysis control and performance evaluation control.
(2) The separation control of incompatible posts requires enterprises to comprehensively and systematically analyze and sort out the incompatible posts involved in the business process, implement corresponding separation measures, and form a working mechanism with their own responsibilities and mutual constraints.
(3) Authorization approval control requires enterprises to clarify the scope of authority, approval procedures and corresponding responsibilities of each position in handling business and matters according to the provisions of conventional authorization and special authorization. Enterprises should formulate guidelines on the authority of routine authorization, standardize the scope, authority, procedures and responsibilities of special authorization, and strictly control special authorization. Conventional authorization refers to the authorization carried out by an enterprise in accordance with established responsibilities and procedures in its daily operation and management activities. Special authorization refers to the authorization of enterprises under special circumstances and specific conditions.
Managers at all levels of an enterprise shall exercise their functions and powers and assume responsibilities within the scope of authorization. Enterprises shall implement the system of collective decision-making approval or joint signing for major business and matters, and no individual may make decisions alone or change the collective decision without authorization.
(4) Accounting system control requires enterprises to strictly implement the unified national accounting standards system, strengthen the basic accounting work, clarify the processing procedures of accounting vouchers, accounting books and financial accounting reports, and ensure the truthfulness and completeness of accounting data. Enterprises should set up accounting institutions according to law and be equipped with accounting practitioners. The person in charge of an accounting institution shall have the professional and technical qualifications of an accountant or above. Large and medium-sized enterprises should have a chief accountant. An enterprise with a chief accountant shall not set up a deputy who overlaps with its functions and powers.
(5) Property protection control requires enterprises to establish a daily property management system and a regular inventory system, and take measures such as property records, physical storage, regular inventory, and account verification to ensure property safety. Enterprises should strictly restrict unauthorized personnel from contacting and disposing of property.
(6) Budget control requires enterprises to implement a comprehensive budget management system, clarify the responsibilities and authority of each responsible unit in budget management, standardize budget preparation, approval, release and execution procedures, and strengthen budget constraints.
(7) Operation analysis and control requires enterprises to establish an operation analysis system. Managers should comprehensively use information on production, purchase and sale, investment, financing and finance. , and regularly use factor analysis, comparative analysis, trend analysis and other methods for operational analysis. , find out the existing problems, find out the reasons in time and improve.
(8) Performance appraisal and control requires enterprises to establish and implement a performance appraisal system, scientifically set up an appraisal index system, conduct regular assessment and objective evaluation on the performance of all responsible units and employees within the enterprise, and take the evaluation results as the basis for determining employees' salary, promotion, assessment, demotion, post adjustment and dismissal.
(9) An enterprise shall, in accordance with its internal control objectives and in combination with its risk coping strategies, comprehensively apply control measures to effectively control various businesses and matters.
(10) An enterprise shall establish a major risk early warning mechanism and an emergency response mechanism, clarify the risk early warning standard, formulate an emergency plan for possible major risks or emergencies, clarify the responsible personnel, standardize the handling procedures, and ensure that emergencies are properly handled in time.
The requirements of information and communication elements in China's Basic Standards for Internal Control of Enterprises;
(1) An enterprise shall establish an information communication system, clarify the procedures for collecting, processing and transmitting information related to internal control, ensure timely communication of information, and promote the effective operation of internal control.
(2) Enterprises should reasonably screen, check and integrate all kinds of internal and external information collected to improve the usefulness of information. Enterprises can obtain internal information through financial and accounting materials, management materials, research reports, special materials, internal publications, office networks and other channels. Enterprises can obtain external information through trade associations, social intermediaries, business units, market research, letters and visits, online media and relevant regulatory authorities.
(3) An enterprise shall communicate and feed back information related to internal control among all management levels, responsible units and business links within the enterprise, as well as between the enterprise and external investors, creditors, customers, suppliers, intermediaries and regulatory authorities. Problems found in the process of information communication should be reported and solved in time. Important information should be transmitted to the board of directors, the board of supervisors and the management in a timely manner.
(4) Enterprises should use information technology to promote information integration and sharing, and give full play to the role of information technology in information communication. Enterprises should strengthen the control of information system development and maintenance, access and change, data input and output, file storage and custody, network security and other links to ensure the safe and stable operation of information systems.
(5) An enterprise shall establish an anti-fraud mechanism, adhere to the principle of combining punishment with prevention and focusing on prevention, clarify the key areas and key links of anti-fraud work and the responsibilities and powers of relevant institutions in anti-fraud work, and standardize the reporting, investigation, handling, reporting and remedial procedures of fraud cases. Enterprises should at least take the following situations as the focus of anti-fraud work: ① occupying or misappropriating enterprise assets without authorization or seeking improper benefits by other illegal means; ② False records, misleading statements or major omissions in financial accounting reports and information disclosure; (3) Abuse of power by directors, supervisors, managers and other senior managers; (4) Relevant institutions or personnel collude in fraud.
(6) An enterprise shall establish a complaint reporting system and a whistleblower protection system, set up a hotline for reporting complaints, clarify the procedures, time limits and completion requirements for reporting complaints, and ensure that reporting complaints becomes an important way for enterprises to effectively grasp information. The complaint reporting system and the whistleblower protection system should be communicated to all employees in a timely manner.
Requirements of Basic Standards for Internal Control of Enterprises in China on Internal Supervision Elements
(1) An enterprise shall, in accordance with this Code and its supporting measures, formulate an internal control and supervision system, clarify the responsibilities and powers of internal institutions such as internal audit institutions (or other authorized supervision institutions) in internal supervision, and standardize the procedures, methods and requirements of internal supervision. Internal supervision is divided into daily supervision and special supervision. Daily supervision refers to routine and continuous supervision and inspection of the establishment and implementation of enterprise internal control; Special supervision refers to the targeted supervision and inspection of one or several aspects of internal control when the development strategy, organizational structure, business activities, business processes and employees in key positions of an enterprise undergo major adjustments or changes. The scope and frequency of special supervision should be determined according to the results of risk assessment and the effectiveness of daily supervision.
(2) An enterprise shall formulate standards for identifying internal control defects, analyze the nature and causes of internal control defects found in the process of supervision, put forward rectification plans, and report to the board of directors, the board of supervisors or the management in a timely manner in an appropriate form. Internal control defects include design defects and operation defects. Enterprises should follow up the rectification of internal control defects, and should investigate the responsibility of relevant responsible units or personnel for major defects found by internal supervision.
(3) Enterprises shall, in combination with internal supervision, conduct self-evaluation on the effectiveness of internal control on a regular basis and issue a self-evaluation report on internal control. The mode, scope, procedure and frequency of internal control self-evaluation are determined by the enterprise according to business adjustment, business environment change, business development and actual risk level.
(4) An enterprise shall properly keep relevant records or materials in the process of establishing and implementing internal control in writing or other appropriate forms, so as to ensure the verifiability of the process of establishing and implementing internal control.