Article 2 Central enterprises shall implement these Guidelines in light of their own actual conditions. The board of directors of wholly state-owned companies of central enterprises is responsible for supervising the implementation of these guidelines; The state-owned holding enterprises are supervised by SASAAC and SASAAC through directors nominated by the shareholders' meeting and the board of directors according to legal procedures.
Article 3 The term "enterprise risk" as mentioned in these Guidelines refers to the influence of future uncertainty on the realization of business objectives of enterprises. Enterprise risks can generally be divided into strategic risks, financial risks, market risks, operational risks and legal risks. Risk can also be divided into pure risk (only one possibility of loss) and opportunity risk (two possibilities of loss and profit coexist), as a sign of whether it can bring profits to enterprises.
Article 4 The term "total risk management" as mentioned in these Guidelines refers to the process and method by which an enterprise cultivates a good risk management culture, establishes a perfect total risk management system, including risk management strategy, risk financial management measures, risk management organizational function system, risk management information system and internal control system, and implements the basic process of risk management in all aspects of enterprise management and operation, so as to provide reasonable guarantee for realizing the overall goal of risk management.
Article 5 The basic process of risk management as mentioned in these Guidelines includes the following main tasks:
(1) Collecting the initial information of risk management;
(2) Conduct risk assessment;
(3) Formulating risk management strategies;
(4) Propose and implement risk management solutions;
(v) Supervise and improve risk management.
Article 6 The term "internal control system" as mentioned in these Guidelines refers to the rules, systems and important business processes formulated and implemented by implementing basic risk management processes around the strategic objectives of risk management, aiming at enterprise strategy, planning, product research and development, investment and financing, market operation, finance, internal audit, legal affairs, human resources, procurement, processing and manufacturing, sales, logistics, quality, safe production and environmental protection.
Seventh enterprises to carry out comprehensive risk management should strive to achieve the following overall objectives of risk management:
(a) to ensure that the risk control is within the scope of adaptation and tolerance to the overall goal;
(two) to ensure that the internal and external, especially between enterprises and shareholders to achieve true and reliable information communication, including the preparation and provision of true and reliable financial reports;
(three) to ensure compliance with relevant laws and regulations;
(four) to ensure the implementation of the relevant rules and regulations of the enterprise and the major measures taken to achieve business objectives, to ensure the effectiveness of business management, to improve the efficiency and effectiveness of business activities, and to reduce the uncertainty of achieving business objectives;
(five) to ensure that the enterprise establishes a crisis management plan for all major risks, and to protect the enterprise from heavy losses due to catastrophe risks or human errors.
Article 8 Enterprises should pay attention to the prevention and control of risks that may cause losses and harm to enterprises, and should also regard opportunity risks as special resources of enterprises, and through their management, create value for enterprises and promote the realization of business objectives.
Article 9 An enterprise shall, based on the principle of proceeding from reality and stressing practical results, focus on the management of major risks and events (referring to the facts after the occurrence of major risks) and the internal control of important processes, and actively carry out comprehensive risk management. Conditional enterprises should comprehensively promote and establish a comprehensive risk management system as soon as possible; Other enterprises should formulate an overall plan for the implementation of comprehensive risk management and implement it step by step. First of all, they can choose one or more businesses such as development strategy, investment and acquisition, financial reporting, internal audit, derivative products trading, legal affairs, safety production, accounts receivable management, etc. Conduct risk management and establish one or more internal control subsystems. By accumulating experience and cultivating talents, we will gradually establish and improve a comprehensive risk management system.
Tenth enterprises to carry out comprehensive risk management should be closely integrated with other management work, and the requirements of risk management should be integrated into enterprise management and business processes. Conditional enterprises can establish three lines of defense for risk management, that is, all relevant functional departments and business units are the first line of defense; The risk management functional departments and risk management committees under the board of directors are the second line of defense; The internal audit department and the audit committee under the board of directors are the third line of defense. Article 11 To implement comprehensive risk management, an enterprise shall extensively and continuously collect internal and external initial information related to enterprise risk and risk management, including historical data and future forecast. The division of responsibilities for collecting initial information should be implemented in all relevant functional departments and business units.
Article 12 In terms of strategic risks, an enterprise shall extensively collect cases in which the strategic risks of domestic and foreign enterprises are out of control, and at least collect the following important information related to the enterprise:
(a) domestic and foreign macroeconomic policies and economic operation, industry status, national industrial policy;
(2) Relevant contents of scientific and technological progress and technological innovation;
(3) the market demand of the enterprise's products or services;
(four) the relationship with the enterprise strategic partners, the possibility of seeking strategic partners in the future;
(five) the main customers, suppliers and competitors of the enterprise;
(six) compared with the main competitors, the strength and gap of the enterprise;
(seven) enterprise development strategy and planning, investment and financing plans, annual business objectives, business strategies, and the relevant basis for the preparation of these strategies, plans, plans and objectives;
(eight) business processes or links that have occurred or are prone to errors in the process of foreign investment and financing.
Article 13 In terms of financial risks, enterprises should extensively collect crisis cases caused by out-of-control financial risks of domestic and foreign enterprises, and at least collect the following important information of enterprises (if there are industry average index or advanced indicators, they should also collect them as much as possible):
(1) Liabilities, contingent liabilities, debt ratio and solvency;
(two) cash flow, accounts receivable and their proportion in sales revenue, capital turnover rate;
(3) Product inventory and its proportion to sales cost, accounts payable and its proportion to purchase amount;
(4) Manufacturing expenses and management expenses, financial expenses and operating expenses;
(5) profitability;
(6) Business processes or links that have occurred or are prone to errors in cost accounting, fund settlement and cash management;
(7) Accounting policies, accounting estimates, differences with international accounting systems and adjustments related to enterprises (such as pensions and deferred income tax).
Article 14 In terms of market risk, an enterprise shall extensively collect cases in which domestic and foreign enterprises neglected market risk and lacked countermeasures, resulting in enterprise losses, and at least collect the following important information related to the enterprise:
(a) the price of products or services and changes in supply and demand;
(two) the adequacy, stability and price changes of energy, raw materials, accessories and other materials;
(3) Credit status of major customers and suppliers;
(4) Changes in tax policies and interest rates, exchange rates and stock price indices;
(five) potential competitors, competitors and their main products and substitutes.
Article 15 As far as operational risks are concerned, an enterprise shall at least collect the following information related to the enterprise and the industry:
(1) Product structure and new product development;
(two) new market development and marketing strategies, including product or service pricing and sales channels, marketing environment, etc.;
(3) Organizational efficiency, management status, corporate culture, knowledge structure and professional experience of senior and middle managers and professionals in important business processes;
(4) Processes and links that have occurred or are prone to errors in derivatives business such as futures;
(5) Business processes or links that have occurred or are prone to errors in quality, safety, environmental protection and information security management;
(six) the enterprise suffers losses or the business control system fails due to the moral hazard of the internal and external personnel of the enterprise;
(seven) natural disasters that cause losses to the enterprise and other pure risks except the above-mentioned related situations;
(eight) the ability to supervise, evaluate and continuously improve the operation of existing business processes and information systems;
(nine) the status quo and ability of enterprise risk management.
Article 16 In terms of legal risks, enterprises should widely collect cases in which domestic and foreign enterprises ignore the risks of laws and regulations and lack countermeasures, resulting in losses to enterprises, and at least collect the following information related to enterprises:
(a) The domestic and international political and legal environment related to enterprises;
(2) New laws, regulations and policies affecting enterprises;
(3) Abide by employee ethics;
(4) Major agreements and relevant trade contracts signed by the enterprise;
(five) the occurrence of major legal disputes in the enterprise;
(6) Intellectual property rights of enterprises and competitors.
Article 17 An enterprise shall screen, refine, compare, classify and combine the collected initial information in order to carry out risk assessment. Article 18 An enterprise shall conduct risk assessment on the collected initial information of risk management, various business management and important business processes of the enterprise. Risk assessment includes three steps: risk identification, risk analysis and risk assessment.
Nineteenth risk assessment should be carried out by the relevant functional departments and business units of the enterprise, and can also hire qualified and reputable professional risk management institutions to assist in the implementation.
Article 20 Risk identification refers to finding out whether and what risks exist in all business units, important business activities and important business processes of an enterprise. Risk analysis is to clearly define and describe the identified risks and their characteristics, and analyze and describe the possibility and conditions of risk occurrence. Risk evaluation is to evaluate the impact of risk on the realization of enterprise goals and the value of risk.
Twenty-first risk identification, analysis and evaluation should adopt a combination of qualitative and quantitative methods. Qualitative methods can be used, such as questionnaire survey, collective discussion, expert consultation, scenario analysis, policy analysis, industry benchmarking comparison, management interview, work interview presided over by special personnel, and investigation. Quantitative methods can be statistical inference (such as centralized trend method), computer simulation (such as Monte Carlo analysis method), failure mode and impact analysis, event tree analysis and so on.
Article 22 When conducting quantitative risk assessment, the unit of measurement and risk measurement model of each risk shall be uniformly formulated, and the rationality and accuracy of the assumptions, parameters, data sources and quantitative assessment procedures of the assessment system shall be ensured through tests and other methods. According to the change of environment, the assumptions and parameters should be reviewed and revised regularly, and the estimated results of quantitative evaluation system should be compared with the actual results, so as to adjust and improve the relevant parameters accordingly.
Article 23 Risk analysis shall include the analysis of the relationship between risks, so as to find out the comprehensive effects such as natural hedging between risks, positive correlation and negative correlation of risk events, and conduct unified and centralized management of risks from the perspective of risk strategy.
Article 24 When evaluating various risks, an enterprise shall draw a risk coordinate map according to the evaluation of the possibility of risk occurrence and the degree of influence on the target, compare various risks, and initially determine the management focus and strategy of each risk.
Article 25 An enterprise shall dynamically manage risk management information, identify, analyze and evaluate risks regularly or irregularly, and re-evaluate new risks and changes in existing risks. Article 26 The term "risk management strategy" as mentioned in these Guidelines refers to the overall strategy that an enterprise determines the risk preference, risk tolerance and risk management effectiveness standards according to its own conditions and external environment, selects appropriate risk management tools such as risk taking, risk avoidance, risk transfer, risk conversion, risk hedging, risk compensation and risk control, and determines the allocation principles of human and financial resources required for risk management.
Article 27 For strategic risks, financial risks, operational risks and legal risks, generally, methods such as taking risks, avoiding risks, transforming risks and controlling risks can be adopted. For risks that can be managed by financial means such as insurance, futures and hedging, methods such as risk transfer, risk hedging and risk compensation can be adopted.
Article 28 An enterprise shall, according to its different business characteristics, uniformly determine its risk preference and risk tolerance, that is, what risks it is willing to take, and specify the minimum and maximum risks that cannot be exceeded, and accordingly determine the risk warning line and corresponding countermeasures. To determine risk preference and risk tolerance, we should correctly understand and grasp the balance between risk and income, and prevent and correct the concepts and practices of ignoring risk, unilaterally pursuing income without talking about conditions and scope, and thinking that the greater the risk, the higher the income; At the same time, we should also prevent giving up development opportunities simply to avoid risks.
Article 29 An enterprise shall further determine the optimal order of risk management, define the capital budget of risk management cost and the overall arrangement of risk control organization system, human resources and countermeasures according to the principle of balance between risk and income and the position of each risk on the risk coordinate map.
Thirtieth enterprises should regularly summarize and analyze the effectiveness and rationality of the established risk management strategy, and constantly revise and improve it according to the actual situation. Among them, we should focus on checking whether the results implemented according to risk preference, risk tolerance and risk control warning line are effective, and put forward qualitative or quantitative effectiveness standards. Article 31 An enterprise shall, according to the risk management strategy, formulate a risk management plan for all kinds of risks or major risks. Usually, the plan should include the specific objectives of risk resolution, the required organizational leadership, the management and business processes involved, the required conditions and means, and other resources, the specific response measures taken before, during and after the occurrence of risk events, as well as risk management tools (such as key risk indicators management and loss event management).
Article 32 An enterprise should pay attention to the balance between cost and income, the quality of outsourcing work, the protection of its own business secrets and the prevention of dependence on risk mitigation outsourcing, and formulate corresponding prevention and control measures.
Article 33 An enterprise shall formulate an internal control plan for risk resolution, which shall meet the compliance requirements, adhere to the principle of consistency between business strategy and risk strategy, and balance the efficiency and effect of risk control and operation, and formulate full-process control measures covering all links for all management and business processes involved in major risks; For business processes involving other risks, we should take key links as control points and take corresponding control measures.
Article 34 An enterprise shall formulate internal control measures, which generally include at least the following contents:
(A) the establishment of internal control post authorization system. Clearly define the authorized object, conditions, scope and amount of each post involved in internal control, and no organization or individual may make risk decisions beyond authorization;
(2) Establish an internal control reporting system. Clearly define the whistleblower and receiver, the time, content, frequency, transmission route, departments and personnel responsible for handling the report, etc. ;
(3) Establish an internal control approval system. For important matters involving internal control, clearly define the approval procedures, conditions, scope and amount, necessary documents, departments and personnel with the right to approve and their corresponding responsibilities;
(4) Establish internal control responsibility system. In accordance with the principle of unity of rights, obligations and responsibilities, clearly define the responsibilities and reward and punishment systems of relevant departments and business units, posts and personnel;
(five) the establishment of internal control audit inspection system. Combined with the relevant requirements, methods, standards and processes of internal control, clearly define the object, content, methods and responsible departments of audit inspection;
(VI) Establish an internal control evaluation system. Conditional enterprises should link the implementation of risk management of each business unit with performance pay;
(seven) the establishment of a major risk early warning system. Continuously monitor major risks, timely release early warning information, formulate emergency plans, and adjust control measures according to changes in the situation;
(eight) to establish and improve the corporate legal adviser system with the general counsel system as the core. Vigorously strengthen the construction of enterprise legal risk prevention mechanism, and form a legal risk responsibility system led by enterprise decision makers, led by enterprise general counsel, provided by enterprise legal counsel and participated by all employees. Improve the filing management system of major legal disputes in enterprises;
(nine) to establish a system of checks and balances of power in important positions, and clearly stipulate the separation of incompatible responsibilities. It mainly includes: authorization approval, business handling, accounting records, property custody and audit inspection. Important positions involving internal control can be set up with one post and two people, two positions and two responsibilities, which restrict each other; Clarify the supervisory measures and responsibilities that the superior departments or personnel of this position should take; Take this position as the focus of internal audit.
Article 35 An enterprise shall, in accordance with the division of responsibilities of relevant departments and business units, carefully organize the implementation of risk management plans to ensure that all measures are put in place. Article 36 An enterprise shall pay attention to major risks, major events and major decisions, important management and business processes, supervise the initial information, risk assessment, risk management strategies, key control activities and the implementation of risk management solutions, test the effectiveness of risk management through stress testing, return testing, walk-through testing and risk control self-assessment, and make timely improvements according to changes and existing defects.
Article 37 An enterprise shall establish a risk management information communication channel that runs through the whole process of risk management and connects all levels, departments and business units to ensure timely, accurate and complete information communication and lay a foundation for risk management supervision and improvement.
Article 38 All relevant departments and business units of an enterprise shall conduct self-examination and inspection on risk management on a regular basis, find defects in time and make improvements, and the inspection and inspection report shall be submitted to the functional department of enterprise risk management in time.
Article 39 The functional department of enterprise risk management shall regularly check and test the implementation and effectiveness of risk management of all departments and business units, evaluate the risk management strategy and cross-departmental and cross-business unit risk management schemes according to the requirements of Article 30 of these Guidelines, put forward suggestions for adjustment or improvement, issue evaluation and suggestion reports, and submit them to the general manager of the enterprise or the senior management personnel entrusted by him in charge of risk management in time.
Article 40 The internal audit department of an enterprise shall, at least once a year, supervise and evaluate whether all relevant departments and business units, including risk management functional departments, can carry out risk management work in accordance with relevant regulations and their work effects, and the supervision and evaluation report shall be directly submitted to the board of directors or the risk management committee and audit committee under the board of directors. This work can also be combined with annual audit, term audit or special audit.
Article 41 An enterprise may employ an intermediary agency with qualifications, good reputation and strong professional ability in risk management to evaluate the overall risk management of the enterprise and issue a special report on risk management evaluation and suggestions. The report shall generally include the implementation, existing defects and suggestions for improvement in the following aspects:
(a) the basic process of risk management and risk management strategy;
(2) the construction of risk management and internal control system for major risks, major events and important management of enterprises;
(3) Risk management organization system and information system;
(4) The overall goal of comprehensive risk management. Article 42 An enterprise shall establish and improve a risk management organizational system, which mainly includes a standardized corporate governance structure, organizational leadership of risk management functional departments, internal audit departments and legal affairs departments, and other relevant functional departments and business units and their responsibilities.
Article 43 An enterprise shall establish and improve a standardized corporate governance structure, and the shareholders' (shareholders') meeting (a wholly state-owned company or enterprise, namely the State-owned Assets Supervision and Administration Commission, the same below), the board of directors, the board of supervisors and the managers shall perform their duties according to law, so as to form an efficient and effective supervision and restraint mechanism.
Article 44 A wholly state-owned company and a state-holding company shall establish a system of external directors and independent directors, and the number of external directors and independent directors shall exceed half of all members of the board of directors, so as to ensure that the board of directors can make judgments and choices independently of managers in major decision-making and major risk management.
Article 45 The board of directors shall be responsible to the shareholders' meeting for the effectiveness of comprehensive risk management. The Board of Directors shall mainly perform the following duties in comprehensive risk management:
(1) To review and submit the annual work report on enterprise comprehensive risk management to the shareholders' (general) meeting;
(2) Determine the overall goal, risk preference and risk tolerance of enterprise risk management, and approve the risk management strategy and major risk management plan;
(three) to understand and master the main risks faced by enterprises and their risk management status, and make decisions to effectively control risks;
(four) to approve the judgment standards or judgment mechanisms for major decisions, major risks, major events and important business processes;
(five) to approve the risk assessment report of major decisions;
(six) to approve the audit report of risk management supervision and evaluation submitted by the internal audit department;
(7) Approving the establishment of a risk management organization and its responsibility plan;
(eight) to approve risk management measures, correct and deal with the risk decisions made by any organization or individual outside the risk management system;
(nine) to supervise the cultivation of enterprise risk management culture;
(ten) other major issues of comprehensive risk management.
Forty-sixth qualified enterprises, the board of directors may set up a risk management committee. The convener of the Committee shall be the chairman who does not concurrently serve as the general manager; If the chairman concurrently serves as the general manager, the convener shall be an external director or an independent director. Members of the Committee shall include directors who are familiar with the important management and business processes of the enterprise, and directors who have knowledge or experience in risk management and supervision and have certain legal knowledge.
Article 47 The risk management committee is responsible to the board of directors and mainly performs the following duties:
(1) Submit an annual report on comprehensive risk management.
(2) Reviewing risk management strategies and major risk management solutions;
(3) Examining and judging standards or mechanisms for major decisions, major risks, major events and important business processes, as well as risk assessment reports for major decisions;
(4) Reviewing the comprehensive report on risk management supervision, evaluation and audit submitted by the internal audit department;
(5) Review the organizational structure and responsibility plan of risk management.
(6) Handling other matters related to comprehensive risk management authorized by the board of directors.
Article 48 The general manager of an enterprise shall be responsible to the board of directors for the effectiveness of comprehensive risk management. The general manager or the senior management personnel entrusted by the general manager is responsible for presiding over the daily work of comprehensive risk management, and organizing the formulation of enterprise risk management organization and its responsibility plan.
Article 49 An enterprise shall set up a full-time department or determine relevant functional departments to perform comprehensive risk management duties. This department is responsible to the general manager or the senior management personnel entrusted by him, and mainly performs the following duties:
(a) to study and put forward a comprehensive risk management report;
(two) to study and put forward the judgment criteria or judgment mechanism of major decisions, major risks, major events and important business processes across functional departments;
(three) to study and put forward the risk assessment report of major decisions across functional departments;
(4) To study and put forward cross-functional risk management strategies and major risk management plans, and be responsible for organizing the implementation of the plans and daily monitoring of risks;
(five) responsible for the effectiveness evaluation of comprehensive risk management, research and put forward the improvement plan of comprehensive risk management;
(six) responsible for organizing the establishment of risk management information system;
(seven) responsible for organizing and coordinating the daily work of comprehensive risk management;
(eight) responsible for guiding and supervising the relevant functional departments, business units and wholly-owned and holding subsidiaries to carry out comprehensive risk management;
(nine) to handle other related work of risk management.
Article 50 An enterprise shall set up an audit committee under the board of directors, and the internal audit department of the enterprise shall be responsible for the audit committee. The responsibilities of the audit committee and the internal audit department shall comply with the relevant provisions of the Interim Measures for the Administration of Internal Audit of Central Enterprises (Order No.8 of the State-owned Assets Supervision and Administration Commission). In terms of risk management, the Internal Audit Department is mainly responsible for researching and proposing a comprehensive risk management supervision and evaluation system, formulating relevant supervision and evaluation systems, conducting supervision and evaluation, and issuing supervision and evaluation audit reports.
Article 51 Other functional departments and business units of an enterprise shall accept the organization, coordination, guidance and supervision of risk management functional departments and internal audit departments in overall risk management, and mainly perform the following duties:
(a) the basic process of implementing risk management;
(two) to study and put forward the judgment criteria or judgment mechanism of major decisions, major risks, major events and important business processes of this functional department or business unit;
(three) to study and put forward the major decision-making risk assessment report of this functional department or business unit;
(four) do a good job in the establishment of the risk management information system of this functional department or business unit;
(5) Do a good job in cultivating risk management culture;
(six) to establish and improve the internal control subsystem of risk management in this functional department or business unit;
(seven) to handle other related work of risk management.
Article 52 An enterprise shall, through legal procedures, guide and supervise wholly-owned and holding subsidiaries to establish a risk management organization system that is suitable for the enterprise or conforms to the characteristics of wholly-owned and holding subsidiaries and can play an effective role. Article 53 An enterprise shall apply information technology to all aspects of risk management, and establish a risk management information system covering all aspects of basic risk management processes and internal control system, including information collection, storage, processing, analysis, testing, transmission, reporting and disclosure.
Article 54 An enterprise shall take measures to ensure the consistency, accuracy, timeliness, availability and completeness of business data and risk quantification values input into the risk management information system. Without approval, the data entered into the information system shall not be changed.
Article 55 A risk management information system shall be able to measure, quantitatively analyze and quantitatively test various risks. It can reflect the monitoring status of risk matrix and ranking spectrum, major risks and important business processes in real time; Being able to provide information early warning for major risks exceeding the upper limit of risk early warning; It can meet the requirements of risk management internal information reporting system and enterprise external information disclosure management system.
Article 56 The risk management information system shall realize the integration and sharing of information among functional departments and business units, which can not only meet the requirements of individual business risk management, but also meet the comprehensive requirements of the whole enterprise and cross-functional departments and business units.
Article 57 An enterprise shall ensure the stable operation and safety of the risk management information system, and constantly improve, perfect or update it according to actual needs.
Article 58 An enterprise that has established or basically established an enterprise management information system shall supplement, adjust and update the existing management processes and procedures, and establish a sound risk management information system; If the enterprise management information system has not been established, risk management should be planned, designed, implemented and operated in synchronization with various management business processes and management software of the enterprise. Article 59 Enterprises should pay attention to the construction of enterprise culture with risk awareness, promote the improvement of enterprise risk management level and staff risk management quality, and ensure the realization of enterprise risk management objectives.
Article 60 The construction of risk management culture should be integrated into the whole process of enterprise culture construction. Vigorously cultivate and shape a good risk management culture, establish a correct risk management concept, enhance employees' awareness of risk management, turn risk management awareness into employees' common understanding and conscious action, and promote enterprises to establish a systematic, standardized and efficient risk management mechanism.
Article 61 An enterprise shall create a cultural atmosphere of risk management at all internal levels. The board of directors should attach great importance to the cultivation of risk management culture, and the general manager is responsible for the daily work of risk management culture cultivation. Directors and senior managers should play an exemplary role in cultivating risk management culture. Managers and business operators of important management and business processes and risk control points should become the backbone of cultivating risk management culture.
Article 62 An enterprise shall vigorously strengthen the legal quality education of its employees, formulate standards for their ethical conduct, and form a risk management culture in which everyone stresses ethical conduct and operates legally and in compliance. Enterprises should seriously investigate and deal with violations of national laws and regulations and enterprise rules and regulations, fraud, favoritism and other illegal acts and violations of ethical standards.
Article 63 All employees of an enterprise, especially managers and managers at all levels, should strive to spread the enterprise risk management culture through various forms, and firmly establish the consciousness and concept that risks are everywhere, risks are everywhere, pure risks are strictly controlled, opportunities and risks are handled cautiously, and post risk management responsibilities are great.
Article 64 The construction of risk management culture should be combined with the salary system and personnel system, which is conducive to enhancing the risk awareness of managers at all levels, especially senior managers, and preventing blind expansion, one-sided pursuit of performance and neglect of risks.
Article 65 An enterprise shall establish a pre-job risk management training system for managers and business operators of important management and business processes and risk control points. Take various ways and forms to strengthen the training of risk management concepts, knowledge, processes and control core contents, cultivate risk management talents and cultivate risk management culture. Article 66 For a wholly state-owned enterprise without a board of directors among the central enterprises, the office meeting of the manager shall perform the duties of the board of directors in these Guidelines, and the general manager shall be responsible for the implementation of these Guidelines.
Article 67 The supporting documents in these Guidelines on central enterprises' investment, financial reports and risk management of derivative products transactions shall be issued separately.
Article 68 The appendix to this Guide explains the relevant technical methods and technical terms involved in this Guide.
Article 69 The State-owned Assets Supervision and Administration Commission of the State Council shall be responsible for the interpretation of these Guidelines.
Article 70 These Guidelines shall come into force as of the date of promulgation.