The internal control system of an enterprise is a financial and information-based management system within an enterprise regarding asset security and risk prevention. For enterprises to be listed, they must strictly abide by the country's "Basic Standards for Enterprise Internal Control Systems" and must be reviewed and approved by the China Securities Regulatory Commission before they can be listed.

The following is the full text of the specification. You can basically understand it if you study it carefully

The full text of "Basic Standards for Enterprise Internal Control Systems"

In order to strengthen and standardize the internal control of enterprises Control, improve the level of enterprise management and risk prevention capabilities, promote the sustainable development of enterprises, and safeguard the socialist market economic order and public interests. In accordance with relevant national laws and regulations, the Ministry of Finance, together with the China Securities Regulatory Commission, the National Audit Office, the China Banking Regulatory Commission, and the China Insurance Regulatory Commission, formulated the " "Basic Standards for Enterprise Internal Control" is hereby issued and will be implemented within the scope of listed companies from July 1, 2009, and non-listed large and medium-sized enterprises are encouraged to implement it. Listed companies that implement these standards shall self-evaluate the effectiveness of the company's internal controls, disclose an annual self-evaluation report, and may hire an accounting firm with securities and futures business qualifications to audit the effectiveness of internal controls.

If you have any problems during implementation, please feedback to us in time.

"Basic Standards for Enterprise Internal Control"

Chapter 1 General Provisions

Article 1 In order to strengthen and standardize the internal control of enterprises, improve the level of enterprise management and risk prevention capabilities, promote the sustainable development of enterprises, safeguard the socialist market economic order and public interests, in accordance with the "Company Law of the People's Republic of China", "Securities Law of the People's Republic of China", " *The Accounting Law of the People's Republic of China and other relevant laws and regulations formulate this specification.

Article 2 This Code applies to large and medium-sized enterprises established within the territory of the People’s Republic of China.

Small businesses and other units can refer to this specification to establish and implement internal controls.

The classification standards for large and medium-sized enterprises and small enterprises shall be implemented in accordance with relevant national regulations.

Article 3 Internal control as referred to in this Code is a process implemented by the company’s board of directors, board of supervisors, managers and all employees to achieve control objectives.

The goal of internal control is to reasonably ensure the legal compliance of corporate operations and management, asset security, authenticity and completeness of financial reports and related information, improve operational efficiency and effectiveness, and promote the realization of corporate development strategies.

Article 4 An enterprise shall adhere to the following principles when establishing and implementing internal controls:

(1) Principle of comprehensiveness. Internal control should run through the entire process of decision-making, implementation and supervision, covering various businesses and matters of the enterprise and its affiliated units.

(2) Principle of importance. Internal control should be based on comprehensive control and focus on important business matters and high-risk areas.

(3) Principle of checks and balances. Internal control should form mutual constraints and mutual supervision in terms of governance structure, institutional setup, distribution of rights and responsibilities, business processes, etc., while taking into account operational efficiency.

(4) Principle of adaptability. Internal control should be adapted to the enterprise's operating scale, business scope, competition status, risk level, etc., and should be adjusted in a timely manner as the situation changes.

(5) Cost-benefit principle. Internal control should weigh implementation costs and expected benefits to achieve effective control at an appropriate cost.

Article 5 The establishment and implementation of effective internal control by an enterprise shall include the following elements:

(1) Internal environment. The internal environment is the basis for an enterprise to implement internal control, and generally includes governance structure, institutional setup and distribution of rights and responsibilities, internal auditing, human resources policies, corporate culture, etc.

(2) Risk assessment. Risk assessment is for an enterprise to promptly identify and systematically analyze risks related to the achievement of internal control objectives in business activities, and to reasonably determine risk response strategies.

(3) Control activities. Control activities are when an enterprise adopts corresponding control measures based on the risk assessment results to control risks within an acceptable level.

(4) Information and communication. Information and communication means that an enterprise collects and transmits information related to internal control in a timely and accurate manner to ensure effective communication of information within the enterprise and between the enterprise and the outside world.

(5) Internal supervision. Internal supervision is the company's supervision and inspection of the establishment and implementation of internal control, evaluation of the effectiveness of internal control, and the discovery of internal control deficiencies, which should be improved in a timely manner.

Article 6 An enterprise shall formulate its own internal control system and organize its implementation in accordance with relevant laws and regulations, this specification and its supporting measures.

Article 7 Enterprises should use information technology to strengthen internal control, establish an information system suitable for business management, promote the organic combination of internal control processes and information systems, realize automatic control of business and matters, and reduce Or eliminate the element of human manipulation.

Article 8 Enterprises should establish an incentive and restraint mechanism for the implementation of internal control, incorporate the implementation of internal control by each responsible unit and all employees into the performance evaluation system, and promote the effective implementation of internal control.

Article 9 The relevant departments of the State Council may, in accordance with laws and regulations, this Code and its supporting measures, clarify the specific requirements for the implementation of this Code, and supervise and inspect the establishment and implementation of internal controls by enterprises.

Article 10 An accounting firm that is entrusted by an enterprise to engage in internal control auditing shall audit the effectiveness of the enterprise’s internal control and issue an audit report in accordance with these Standards, its supporting measures and relevant practice standards. The accounting firm and its signing practitioners shall be responsible for the internal control audit opinions issued.

Accounting firms that provide consulting services for enterprise internal control shall not provide internal control audit services for the same enterprise at the same time.

6 Internal Control System