internal audit supervision and management system
1. General rule
1.1. In order to strengthen the internal audit supervision work of XXXXXX Co., Ltd. (hereinafter referred to as the company), standardize the audit work behavior, and establish a scientific, institutionalized and effective internal audit supervision system, according to the Audit Law of the People's Republic of China, the Provisions of the National Audit Office on Internal Audit Work, and the
1.2. The purpose of implementing the internal audit supervision and management system is to promote the company's legitimate operation and clean government construction through internal audit supervision, protect shareholders' rights and interests according to law, and review the internal control system, so as to standardize the company's management, improve the company's economic benefits and promote the healthy development of the company's various operations and management.
1.3. the internal audit mentioned in this system refers to an evaluation activity carried out by the company's internal institutions or personnel on the effectiveness of its internal control and risk management, the authenticity and integrity of financial information, and the efficiency and effectiveness of business activities.
1.4. The internal control mentioned in this system refers to the process that the board of directors, the board of supervisors, senior managers and other relevant personnel of the company provide reasonable guarantees to achieve the following objectives:
1.4.1 Abide by national laws, regulations, rules and other relevant provisions;
1.4.2 improve the efficiency and effectiveness of the company's operation;
1.4.3 ensure the safety of the company's assets;
1.4.4 ensure the truthfulness, accuracy, completeness and fairness of company information disclosure.
1.5. this system is applicable to the company and its wholly-owned subsidiaries and holding subsidiaries.
2. Audit institutions and auditors
2.1. The company has set up an internal audit department to perform the supervision and evaluation functions independently and objectively, and through the inspection and supervision of the authenticity and integrity of the company's financial information, the establishment and implementation of the internal control system, etc., systematically and normatively review and evaluate the appropriateness, legality and effectiveness of the company's business activities and internal control, and promote the company to strengthen internal control, improve risk management and achieve the company's development strategic objectives. The internal audit department is responsible to the audit committee of the board of directors of the company and reports directly to the audit committee of the board of directors.
2.2. The company shall, according to the scale, production and operation characteristics and relevant regulations, equip full-time personnel to engage in internal audit work, and there shall be no less than three full-time auditors.
2.3. The internal audit department shall remain independent and shall not be placed under the leadership of the financial department or co-located with the financial department.
2.4. Grass-roots units and holding subsidiaries may set up internal audit institutions or full-time and part-time internal auditors according to their actual conditions, and be guided by the internal audit department of the company in business and report their work. In audit institutions, auditors at the deputy director level, director level, deputy manager level and manager level can be assigned according to the nature of audit supervision, and the company can be assigned the chief auditor according to the business scale.
2.5. Internal auditors should have the following professional abilities:
2.5.1. Professional knowledge in accounting, auditing and production and operation management of the company; Proficient in using internal audit standards, procedures and techniques;
2.5.2. Be familiar with the national laws, regulations and policies related to the company's production, operation and management activities, and be familiar with the company's internal control system and procedures;
2.5.3. Strong organization, communication and coordination, investigation and study, comprehensive analysis, professional judgment, computer operation, language and writing skills.
2.6. Internal audit institutions and personnel shall strictly abide by the professional ethics of internal audit, carry out internal audit business with due professional caution, and shall not engage in activities that conflict with audit supervision duties, and shall not be responsible for the decision-making and implementation of the business activities and internal control of the audited entity, and must be independent, objective, honest and confidential.
2.7. The company and its subordinate units shall protect the internal audit institutions and auditors from performing their duties according to law, and no unit or individual may take revenge. The company shall guarantee the funds required for the audit.
2.8. The company should take various forms to strengthen the follow-up education for internal auditors and maintain and improve their professional competence.
2.9. The head of the internal audit department (manager of the audit department) must be full-time, nominated by the audit committee of the board of directors, and appointed and removed by the board of directors. The company shall disclose the education background, professional title, work experience and whether there is any relationship with the controlling shareholder and actual controller of the company.
2.11. The internal audit departments at all levels of the company should adopt flexible auditing methods, combining direct auditing with indirect auditing, internal auditing with external auditing, reporting, on-site, entrusted or authorized auditing, joint auditing with classified auditing, earnestly perform their auditing duties, and timely disclose the company's operation and management risks.
3. Scope and responsibilities of internal audit supervision
3.1. Scope of internal audit supervision
3.1.1. From a business perspective, internal audit should cover all business links related to financial reporting and information disclosure, including but not limited to: sales and collection, purchase and payment, inventory management, fixed assets management, fund management, investment and financing management, and human resources.
3.1.2. From the management point of view, all departments involved in company control and management, and according to the actual situation, evaluate the rationality of internal control design and the effectiveness of implementation related to financial reporting and information disclosure.
3.2. The company's internal audit department shall perform the following main duties:
3.2.1. Formulate and improve the company's internal audit work system and prepare the annual internal audit work plan;
3.2.2. Guide, supervise and inspect the internal audit work of the company's subordinate units;
3.2.3. Summarize audit experience, exchange audit information, organize audit theory discussion, research and launch audit competition, etc.
3.2.4. Check and evaluate the integrity, rationality and effectiveness of the internal control system of the company's internal institutions, holding subsidiaries and shareholding companies with significant influence;
3.2.5. Audit the accounting data and other relevant economic data of the company's internal institutions, holding subsidiaries and shareholding companies with significant influence, as well as the legitimacy, compliance, authenticity and integrity of the reflected financial revenue and expenditure and related economic activities, including but not limited to financial reports, performance reports, voluntary disclosure of predictive financial information, etc.;
3.2.6. Supervise the principles, policies and management behaviors determined by the company's management;
3.2.7. Assist the company to establish and improve the anti-fraud mechanism, determine the key areas, key links and main contents of anti-fraud, and pay reasonable attention to and check possible fraud in the internal audit process;
3.2.8. Audit the economic responsibility of the main administrative leaders of subordinate units during their term of office or after leaving office;
3.2.9. Conduct process audit supervision on the company's infrastructure projects, major technical transformation and overhaul projects; The key point is to review the project establishment, pre-construction bidding, unplanned projects and over-budget projects;
3.2.11. Conduct special economic responsibility audit for the subordinate units with major financial anomalies;
3.2.11. The internal audit department shall conduct audit in time after the occurrence of important foreign investment matters. When auditing foreign investment matters, we should focus on the following contents:
3.2.11.1 Whether the foreign investment has gone through the examination and approval procedures in accordance with relevant regulations;
3.2.11.2 whether the contract is concluded according to the examination and approval contents and whether the contract is performed normally;
3.2.11.3 Whether to assign a special person or set up a specialized agency to study and evaluate the feasibility, investment risks and investment returns of major investment projects, and track and supervise the progress of major investment projects;
3.2.11.4 If the entrusted financial management matters are involved, pay attention to whether the company entrusts the approval power of entrusted financial management to individual directors or management, whether the trustee's credit record, operating status and financial status are good, and whether a special person is assigned to track and supervise the progress of entrusted financial management;
3.2.11.5 If securities investment matters are involved, we should pay attention to whether the company has established a special internal control system for securities investment behavior, whether the investment scale affects the normal operation of the company, whether the source of funds is self-owned, whether the investment risk is beyond the company's tolerance, whether to use other people's accounts or provide funds to others for securities investment, and whether independent directors and sponsors (including sponsors and sponsors' representatives, the same below) express their opinions (if applicable).
3.2.12. The internal audit department shall conduct an audit in time after the important purchase and sale of assets. When auditing the purchase and sale of assets, we should focus on the following contents:
3.2.12.1 Whether the purchase and sale of assets are subject to the examination and approval procedures in accordance with relevant regulations;
3.2.12.2 whether the contract is concluded according to the examination and approval contents and whether the contract is performed normally;
3.2.12.3 Whether the operating conditions of the purchased assets are consistent with the expectations;
3.2.12.4 whether the purchased assets are secured, mortgaged, pledged and other transfer restrictions, and whether litigation, arbitration and other major disputes are involved.
3.2.13. The internal audit department shall conduct an audit in time after the occurrence of important external guarantee matters. When auditing external guarantees, we should focus on the following contents:
3.2.13.1 Whether the external guarantees are subject to the examination and approval procedures in accordance with relevant regulations;
3.2.13.2 whether the guarantee risk is beyond the company's tolerance, and whether the guaranteed party's credit record, operating status and financial status are good;
3.2.13.3 whether the guaranteed party provides counter-guarantee and whether the counter-guarantee is enforceable;
3.2.13.4 whether the independent directors and sponsors express their opinions (if applicable);
3.2.13.5 whether to assign a special person to continuously pay attention to the operation and financial status of the guaranteed party.
3.2.14. The internal audit department shall conduct audit in time after the occurrence of important related party transactions. When auditing related party transactions, we should focus on the following contents:
3.2.14.1 Whether to determine the list of related parties and update it in time;
3.2.14.2 Whether the related party transactions have gone through the examination and approval procedures in accordance with relevant regulations, and whether the related shareholders or related directors abstained from voting when considering the related party transactions;
3.2.14.3 whether the independent directors approved in advance and expressed their independent opinions, and whether the sponsors expressed their opinions (if applicable);
3.2.14.4 Whether a written agreement is signed for related party transactions, and whether the rights, obligations and legal responsibilities of both parties are clear;
3.2.14.5 whether the transaction object is secured, mortgaged, pledged or otherwise restricted from transfer, and whether litigation, arbitration and other major disputes are involved;
3.2.14.6 whether the integrity record, operating status and financial status of the counterparty are good;
3.2.14.7 whether the pricing of related party transactions is fair, whether the transaction targets have been audited or evaluated in accordance with relevant regulations, and whether related party transactions will encroach on the company's interests.
3.2.15. The internal audit department shall audit the deposit and use of raised funds at least once a quarter, and express opinions on the authenticity and compliance of the use of raised funds. When auditing the use of raised funds, we should focus on the following contents:
3.2.15.1 Whether the raised funds are deposited in a special account decided by the board of directors for centralized management, and whether the company has signed a tripartite supervision agreement with the commercial banks and sponsors that deposit the raised funds;
3.2.15.2 Whether the raised funds are used according to the investment plan of raised funds promised in the issuance application documents, whether the investment progress of the raised funds projects is in line with the planned progress, and whether the investment income is in line with expectations;
3.2.15.3 Whether the raised funds will be used for pledge, entrusted loans or other investments that change the use of the raised funds in disguise, and whether the raised funds are occupied or misappropriated;
3.2.15.4 whether the approval procedures and information disclosure obligations are fulfilled in accordance with the relevant provisions, and whether the independent directors, the board of supervisors and the sponsors express their opinions in accordance with the relevant provisions (if applicable) when the self-owned funds that have been put into fund-raising projects in advance are replaced with raised funds, the working capital is temporarily supplemented with idle raised funds, and the investment of raised funds is changed.
3.2.16. The internal audit department shall audit the performance report before it is disclosed to the public. When auditing the performance report, we should focus on the following contents:
whether p>3.2.16.1 complies with the Accounting Standards for Business Enterprises and related regulations;
3.2.16.2 Whether the accounting policies and accounting estimates are reasonable and whether there is any change;
3.2.16.3 whether there are any major anomalies;
whether p>3.2.16.4 meets the going concern assumption;
3.2.16.4 whether there are significant defects or risks in the internal control related to financial reporting.
3.2.17. When reviewing and evaluating the establishment and implementation of the information disclosure management system, the internal audit department should focus on the following contents:
3.2.17.1 Whether the company has formulated the information disclosure management system and related systems in accordance with relevant regulations, including the information disclosure management and reporting systems of internal institutions, holding subsidiaries and shareholding companies with significant influence;
3.2.17.2 Whether the scope and content of material information, as well as the transmission, review and disclosure process of material information are clearly defined;
3.2.17.3 Whether to formulate confidentiality measures for undisclosed major information, and clarify the scope and confidentiality responsibilities of insiders of inside information;
3.2.17.4 Whether the rights and obligations of the company and its directors, supervisors, senior managers, shareholders, actual controllers and other relevant information disclosure obligors in information disclosure affairs are clearly defined;
3.2.17.5 if the company, the controlling shareholder and the actual controller have public commitments, does the company assign a special person to track the performance of the commitments?
3.2.17.6 whether the information disclosure management system and related systems have been effectively implemented.
3.2.18. Put forward suggestions for self-correction or treatment within a time limit if the audited entity's financial information is seriously untrue or its business behavior violates laws and regulations;
3.2.19. The internal audit department shall submit an annual internal audit work plan to the audit committee of the board of directors within two months before the end of each fiscal year, and submit an annual internal audit work report to the audit committee of the board of directors within two months after the end of each fiscal year;
3.2.21. the internal audit department shall, in accordance with the