Internal control is the policies and procedures formulated by the enterprise to control business risks and achieve business objectives, and is implemented by the enterprise board of directors, managerial staff and other employees to provide reasonable assurance for the reliability of financial reporting, legal compliance, the effectiveness and efficiency of the operation of the achievement of the objectives of the process. 2008 June 28, by the Ministry of Finance, the Securities and Futures Commission, the Audit Commission, the Banking Regulatory Commission and the Insurance Regulatory Commission jointly formulated the "Basic Standard for Internal Control of Enterprises" issued on June 28, 2008; on April 26, 2010, the five ministries and commissions jointly issued the "Guidelines for the Supporting of Internal Control of Enterprises", which marked the "prevention of risks and control of fraud as the center, with control standards and evaluation standards as the main body, reasonable structure, hierarchical, articulated, scientific methods and complete system".
I. Objectives of Internal Control
The objective of internal control is to reasonably ensure that the operation and management of the enterprise is lawful and compliant, the safety of assets, financial reporting and related information is true and complete, improve operational efficiency and effectiveness, and promote the realization of the enterprise's development strategy.
(1) To ensure the truthfulness and integrity of financial reports and related information, and to prevent the occurrence of errors and fraud
This is the primary responsibility of management and the first objective of internal control. Since it is difficult to effectively measure controls other than those related to financial reporting, the most direct manifestation of the operation of internal control is to prevent fraud, reduce the false elements of financial reporting, and enhance the authenticity and reliability of financial information and the transparency of information disclosure.
(2) to ensure the safety and integrity of the unit's assets, to prevent the loss of assets
Enterprise assets, including physical assets and intangible assets, these assets may suffer losses due to theft, abuse and so on. Sound internal control can plug the loopholes, eliminate hidden dangers, prevent the loss of assets due to waste, inefficient use, inappropriate decision-making, etc., so as to protect the safety and integrity of assets.
(3) Improvement of business management, operational efficiency and effectiveness
This is set in order to realize the management's business policies and objectives, and is also the operational goal of internal control. A sound corporate governance structure with clear powers and responsibilities, a good information and communication system, and the establishment of an effective performance appraisal system and incentive mechanism will help to improve efficiency and effectiveness and prompt the enterprise to enhance its operational management.
Two, the principle of internal control
The establishment and implementation of internal control, must follow certain principles, in order to achieve twice the result with half the effort, otherwise the internal control management is difficult to implement, and even lead to the loss of control of management.
One is the principle of legality. The establishment and implementation of internal control must be in line with national laws and regulations, and can not contradict the laws and regulations and the norms promulgated by the relevant state departments.
The second is the principle of comprehensiveness. Internal control should cover a variety of businesses and matters of the enterprise and its affiliated units, and for the key control points in the process of business processing, the implementation of decision-making, implementation, supervision, feedback and other links.
Third, the principle of importance. Internal control should distinguish the importance of the business, using different control procedures and methods, on the basis of comprehensive control, focusing on important business matters and high-risk areas.
Fourth, the principle of checks and balances. The core of internal control is to establish an internal control system to avoid or reduce one person to control all aspects of the transaction. Enterprises should adhere to the separation of incompatible positions in the governance structure, organizational setup and distribution of authority and responsibility, business processes, etc., with clear division of authority and responsibility, mutual constraints, mutual supervision, while taking into account the operational efficiency.
Fifth, the principle of adaptability. Internal control should be adapted to the scale of operation, business scope, competition and risk level, and adjusted in a timely manner with the changes in the internal and external environment and the improvement of management requirements, and constantly revised and improved.
Sixth, the principle of cost-effectiveness. Internal control should take into account the economy, weighing the implementation costs and expected benefits, in the control costs and control effects of the balance between the reasonable cost to achieve the best control effect.
Three, the elements of internal control
Drawing on the COSO report, the "basic norms of internal control" establishes a five-factor internal control framework:
One is the internal environment, the implementation of the internal control of the enterprise's foundation, which generally includes the governance structure, institutional setup and allocation of authority and responsibility, internal audit, human resources policy, corporate culture, etc., if there is no good internal environment, internal control will be virtually null and void.
The second is risk assessment, is the enterprise timely identification, systematic analysis of business activities and the realization of internal control objectives related to risk, reasonable determination of risk response strategy, is an important part of the implementation of internal control. Only scientific risk assessment, consciously control the risk within the affordable range, in order to achieve sustainable development of enterprises.
Third, control activities, is the enterprise according to the risk assessment results, the use of appropriate control measures to control the risk within the degree of tolerance, is an important means of implementation of internal control, such as separation of incompatible positions, authorization and approval, a sound accounting system, the property of the restricted access control and regular inventory, the implementation of a comprehensive budgeting audit, timely and accurate analysis of the operation, a sound performance appraisal system, major risk warning and emergency response mechanism for emergencies. Risk warning and emergency response mechanism, etc.
Fourth, information and communication, is the enterprise timely, accurate and complete collection, collation and transmission of all kinds of internal and external information related to enterprise management, and with the help of information technology, to ensure that the information is effectively communicated within the enterprise, between the enterprise and the external and the correct use of information, is an important tool of internal control, for the effective operation of internal control to provide information to ensure that it helps to improve the efficiency and effectiveness of internal control.
Fifth, internal oversight, is the enterprise to the establishment and implementation of internal control supervision and inspection, evaluation of the effectiveness of internal control, internal control deficiencies found in order to improve in a timely manner, is the implementation of internal control is an important guarantee. Enterprises should develop an internal control monitoring system, clear responsibilities and authorities of the internal audit organization, through daily supervision and special supervision, to improve the effectiveness of the design and operation of internal control.
Four, mountain coal international information technology financial internal control construction
Financial management is an important part of enterprise management, good internal control of financial management can improve the effectiveness of enterprise operation, reduce financial risk, keep the financial report objective and fair, improve the ability to prevent risk, and enhance the level of enterprise operation and management.
Shancoal International is a subsidiary of Shancoal Group engaged in the production and sale of coal, which was successfully listed in December 2009, and now has 40 wholly-owned and holding subsidiaries (including 6 coal mines), forming a complete coal supply chain of "coal mine→railway→port→sea transportation→coal distribution center→users", with coal business spreading all over the country and international market, and the company has been able to provide a wide range of services to customers. The coal business is spread all over the country and international market, with a large geographical span and complicated management. To effectively control all units in the chain, it is necessary to use modern means and tools and rely on information system to standardize the business and financial processes. Based on the requirements of external supervision and internal management of the Company, Shanxi Coal International actively builds and implements financial internal control, and pays full attention to the organic integration of the Company's business and financial activities with the information network system in the process of construction, so as to realize the automatic control of business and financial matters, reduce the factors of man-made manipulation, and improve the level of internal control of finances and the quality of financial reports.
(I) Establishment of Organizational Guarantee System
Organizational guarantee is the foundation of the internal control environment and the key to control. The Company has established an organizational safeguard system for financial management and preparation and disclosure of financial reports, set up positions for financial management and preparation of financial reports throughout the Company, equipped with personnel with professional knowledge and regular training, and clarified the responsibilities and authority of the relevant departments and positions of each company in the process of fund management and preparation and disclosure of financial reports. The Internal Audit Committee is responsible for reviewing and supervising the effective implementation and self-evaluation of the internal control of the enterprise, coordinating internal control audits and other related matters; the Audit Department carries out its work independently under the leadership of the Board of Directors, and is specifically responsible for conducting regular or irregular internal audits of the financial activities and operating conditions of the companies as well as the day-to-day work of the Audit Committee; and the Securities Department carries out the examination and verification of the information disclosed to the public; The network technology department is responsible for the soundness, safety, stability, convenience and risk prevention of the information technology system. The company's internal fund management, report preparation, disclosure, auditing positions are separated from each other, constraints, supervision, and the establishment of an effective supervision and evaluation mechanism, the end of the year a comprehensive evaluation, awards and penalties.