Internal audit system and process in the hotel industry

Internal Audit Supervision and Management System

1. General Principles

1.1. In order to strengthen the internal audit supervision of XXXXXX Co., Ltd. (hereinafter referred to as the company) and standardize the audit work conduct, establish a scientific, institutionalized and effective internal audit supervision system, in accordance with the "Audit Law of the People's Republic of China", "Provisions of the National Audit Office on Internal Audit Work", "Interim Measures for the Internal Audit Management of Central Enterprises" ", "China Internal Audit Standards", "Internal Audit Work Guidelines for Small and Medium Enterprise Board Companies" and the company's articles of association formulate this system.

1.2. The purpose of the company's implementation of the internal audit supervision and management system is to promote the company's legal operations and clean governance through internal audit supervision, protect the rights and interests of shareholders in accordance with the law, review the internal control system, standardize company management, and improve the company's economic benefits. , Promote the healthy development of the company's various operations and management work.

1.3. The internal audit referred to in this system refers to the internal audit by the company’s internal institutions or personnel on the effectiveness of internal control and risk management, the authenticity and completeness of financial information, and the efficiency and effectiveness of operating activities. An evaluation activity carried out to evaluate the effectiveness, etc.

1.4. The term “internal control” in this system refers to the process by which the company’s board of directors, board of supervisors, senior managers and other relevant personnel provide reasonable guarantees to achieve the following goals:

1.4. 1. Comply with national laws, regulations, rules and other relevant provisions;

1.4.2 Improve the efficiency and effectiveness of the company's operations;

1.4.3 Ensure the safety of the company's assets;

1.4.4 Ensure that the company’s information disclosure is true, accurate, complete and fair.

1.5. This system applies to the company and its wholly-owned subsidiaries and holding subsidiaries.

2. Audit institutions and auditors

2.1. The company has established an internal audit department to independently and objectively perform supervision and evaluation functions. Inspect and supervise the establishment and implementation of internal control systems, systematically and normatively review and evaluate the appropriateness, legality and effectiveness of the company's operating activities and internal controls, and promote the company to strengthen internal controls, improve risk management, and realize the company's development strategy Target. The internal audit department is responsible to the Audit Committee of the Board of Directors and reports directly to the Audit Committee of the Board of Directors.

2.2. The company should allocate full-time personnel to engage in internal audit work based on its scale, production and operation characteristics and relevant regulations, and there should be no less than three full-time auditors.

2.3. The internal audit department should maintain independence and should not be placed under the leadership of the financial department, or work together with the financial department.

2.4. Grassroots units and holding subsidiaries may set up internal audit institutions or full-time and part-time internal auditors based on the actual conditions of the unit. The business shall be guided and reported by the company's internal audit department. Within the audit institution, auditors at the deputy director level, director level, deputy manager level, and manager level may be assigned based on the nature of the audit supervision work. Companies may be assigned chief auditors based on the scale of their business.

2.5. Internal auditors should have the following professional capabilities:

2.5.1. Have accounting, auditing and professional knowledge related to the company’s production and operation management; be able to skillfully use internal auditing Standards, procedures and technologies;

2.5.2. Be familiar with national laws, regulations and policies related to the company’s production, operation and management activities, and be familiar with the company’s internal control systems and procedures;

2.5.3. Have strong organization, communication and coordination, investigation and research, comprehensive analysis, professional judgment, computer operation, language and written expression skills.

2.6. Internal audit institutions and personnel shall strictly abide by the internal audit professional ethics, perform internal audit work with due professional prudence, and shall not engage in activities that conflict with audit supervision responsibilities, and shall not be responsible for the audited The decision-making and execution of the unit's business activities and internal controls must be independent, objective, honest and confidential.

2.7. The company and its affiliated units should protect the internal audit institutions and auditors from performing their duties in accordance with the law, and no unit or individual may retaliate. The company should guarantee the funds required for the audit.

2.8. Companies should adopt various forms to strengthen follow-up education for internal auditors to maintain and improve their professional competence.

2.9. The head of the internal audit department (audit department manager) must be full-time, nominated by the audit committee of the board of directors, and appointed or removed by the board of directors. The company shall disclose the academic qualifications, professional titles, work experience of the person in charge of the internal audit department, and whether there is any related relationship with the company's controlling shareholder and actual controller.

2.10. The internal audit departments at all levels of the company should adopt flexible audit methods, combining direct audit with indirect audit, internal audit with external audit, and combination of submission, on-site, entrusted or authorized audit. Combined, joint auditing and hierarchical auditing methods are used to conscientiously perform auditing responsibilities and promptly disclose the company's operating and management risks.

3. Scope and responsibilities of internal audit supervision

3.1. Scope of internal audit supervision

3.1.1. From a business perspective, internal audit should cover the company’s operations All business aspects related to financial reporting and information disclosure matters in activities, including but not limited to: sales and collections, procurement and payment, inventory management, fixed asset management, fund management, investment and financing management, human resources management, information System management and information disclosure affairs management, etc., the internal audit department can adjust the above business links according to the company's industry and production and operation characteristics.

3.1.2. From a management perspective, all departments involved in company control and management, and based on the actual situation, evaluate the rationality of the design and implementation effectiveness of internal controls related to financial reporting and information disclosure matters. Make an evaluation.

3.2. The company’s internal audit department performs the following main responsibilities:

3.2.1. Formulate and improve the company’s internal audit work system and prepare an annual internal audit work plan;

3.2.2. Guide, supervise and inspect the internal audit work of the company's affiliated units;

3.2.3. Summarize audit work experience, exchange audit work information, organize audit theory discussions, research, and carry out audit work Competitions, etc.;

3.2.4. Inspect and evaluate the integrity, rationality and effectiveness of the internal control systems of the company’s internal institutions, holding subsidiaries and joint-stock companies with significant influence, as well as the effectiveness of their implementation ;

3.2.5. Accounting information and other relevant economic information of the company’s internal organizations, holding subsidiaries and joint-stock companies with significant influence, as well as the reflected financial revenues and expenditures and related economic activities Conduct audits on legality, compliance, authenticity and completeness, including but not limited to financial reports, performance reports, voluntary disclosure of predictive financial information, etc.;

3.2.6. Research on company managers Supervise the various guidelines, policies and management behaviors determined;

3.2.7. Assist the company to establish and improve the anti-fraud mechanism, determine the key areas, key links and main content of anti-fraud, and carry out the internal audit process Reasonably pay attention to and inspect possible fraud;

3.2.8. Conduct an economic responsibility audit or outgoing economic responsibility audit on the main administrative leaders of their units;

3.2 .9. Conduct process audit and supervision of the company's infrastructure projects and major technical transformation, overhaul and other projects; focus on reviewing project approval, pre-construction bidding, unplanned projects, over-budget projects, etc.;

3.2. 10. Carry out special economic responsibility audit work for affiliated units where major financial abnormalities occur;

3.2.11. The internal audit department should conduct timely audits after the occurrence of important external investment matters.

When auditing external investment matters, focus should be placed on the following contents:

3.2.11.1 Whether the external investment has been subject to review and approval procedures in accordance with relevant regulations;

3.2.11.2 Whether the contract has been concluded in accordance with the review and approval content, Whether the contract is performed normally;

3.2.11.3 Whether a dedicated person is assigned or a specialized agency is established to study and evaluate the feasibility, investment risks and investment returns of major investment projects, and track and supervise the progress of major investment projects;

3.2.11.4 When it comes to entrusted financial management matters, pay attention to whether the company has delegated the authority to approve entrusted financial management to individual directors or operating management of the company, whether the trustee's integrity record, operating conditions and financial status are good, and whether a dedicated person has been assigned to follow up. Supervise the progress of entrusted financial management;

3.2.11.5 For securities investment matters, pay attention to whether the company has established a special internal control system for securities investment behavior, whether the investment scale affects the company's normal operations, and whether the source of funds is its own Whether funds and investment risks exceed the company's tolerable range, whether other people's accounts are used or funds are provided to others for securities investment, and whether independent directors and sponsors (including sponsor institutions and sponsor representatives, the same below) express opinions (if applicable).

3.2.12. The internal audit department should conduct timely audits after important asset purchases and sales occur. When auditing the purchase and sale of assets, focus should be placed on the following:

3.2.12.1 Whether the purchase and sale of assets has been subject to approval procedures in accordance with relevant regulations;

3.2.12.2 Whether it has been in accordance with the review and approval procedures The content of the contract is concluded and whether the contract is performed normally;

3.2.12.3 Whether the operating conditions of the purchased assets are consistent with expectations;

3.2.12.4 Whether there are guarantees and mortgages for the purchased assets , pledge and other restrictions on transfer, whether it involves litigation, arbitration and other major disputes.

3.2.13. The internal audit department should conduct timely audits after the occurrence of important external guarantee matters. When auditing external guarantee matters, focus should be placed on the following contents:

3.2.13.1 Whether the approval procedures for external guarantees have been carried out in accordance with relevant regulations;

3.2.13.2 Whether the guarantee risk exceeds the company's ability to bear scope, whether the credit record, operating conditions and financial status of the guaranteed party are good;

3.2.13.3 Whether the guaranteed party provides a counter-guarantee and whether the counter-guarantee is enforceable;

3.2.13.4 Whether independent directors and sponsors express opinions (if applicable);

3.2.13.5 Whether designated personnel are assigned to continuously pay attention to the operating conditions and financial status of the guaranteed party.

3.2.14. The internal audit department should conduct timely audits after important related party transactions occur. When auditing related party transactions, focus should be placed on the following:

3.2.14.1 Whether the list of related parties is determined and updated in a timely manner;

3.2.14.2 Whether related transactions are in accordance with relevant regulations Perform the approval procedures and review whether related shareholders or directors abstain from voting when reviewing related transactions;

3.2.14.3 Whether independent directors recognize and express independent opinions in advance, and whether the sponsor expresses opinions (if applicable);

3.2.14.4 Whether a written agreement has been signed for related-party transactions, and whether the rights, obligations and legal responsibilities of both parties to the transaction are clear;

3.2.14.5 Whether there are guarantees, mortgages, pledges and other transfer restrictions on the subject matter of the transaction situation, whether it involves litigation, arbitration and other major disputes;

3.2.14.6 Whether the integrity record, operating conditions and financial status of the counterparty are good;

3.2.14.7 Relatedness Whether the transaction pricing is fair, whether the transaction subject matter has been audited or evaluated in accordance with relevant regulations, and whether related transactions will encroach on the company's interests.

3.2.15. The internal audit department should audit the storage and use of raised funds at least once every quarter, and express opinions on the authenticity and compliance of the use of raised funds. When auditing the use of raised funds, focus should be placed on the following:

3.2.15.1 Whether the raised funds are deposited in a special account decided by the board of directors for centralized management, and whether the company has signed an agreement with the commercial bank or sponsor where the raised funds are deposited Three-party supervision agreement;

3.2.15.2 Whether the raised funds are used in accordance with the raised funds investment plan promised in the issuance application document, whether the investment progress of the raised funds projects is in line with the planned progress, and whether the investment returns are in line with expectations;

3.2.15.3 Whether the raised funds are used for pledge, entrusted loans or other investments that change the purpose of the raised funds in a disguised manner, and whether the raised funds have been occupied or misappropriated;

3.2.15.4 occurs in order to raise funds When replacing self-owned funds that have been invested in raised capital projects in advance, using idle raised funds to temporarily replenish working capital, changing the investment direction of raised funds, etc., whether the approval procedures and information disclosure obligations are performed in accordance with relevant regulations, whether the independent directors, the supervisory board and the sponsor Express opinions in accordance with relevant regulations (if applicable).

3.2.16. The internal audit department should audit the performance report before it is disclosed to the outside world. When auditing the performance report, you should focus on the following contents:

3.2.16.1 Whether the "Accounting Standards for Business Enterprises" and related regulations are complied with;

3.2.16.2 Whether the accounting policies and accounting estimates are reasonable , whether changes have occurred;

3.2.16.3 Whether there are major abnormal events;

3.2.16.4 Whether the going concern assumption is met;

3.2.16.4 and financial reports Whether there are any major deficiencies or major risks in relevant internal controls.

3.2.17. When reviewing and evaluating the establishment and implementation of the information disclosure management system, the internal audit department should focus on the following:

3.2.17.1 Whether the company has complied with the requirements Relevant regulations formulate information disclosure management systems and related systems, including information disclosure management and reporting systems for internal organizations, holding subsidiaries, and joint-stock companies with significant influence;

3.2.17.2 Whether major provisions are clearly defined The scope and content of the information, as well as the process of transmission, review and disclosure of major information;

3.2.17.3 Whether confidentiality measures have been formulated for undisclosed major information, and the scope and confidentiality responsibilities of insiders of inside information have been clarified;

3.2.17.3 p>

3.2.17.4 Whether the rights and obligations of the company and its directors, supervisors, senior managers, shareholders, actual controllers and other relevant information disclosure obligors in information disclosure matters are clearly stipulated;

3.2.17.5 If the company, controlling shareholders and actual controllers have public commitments, does the company assign a dedicated person to track the fulfillment of the commitments?

3.2.17.6 Whether the information disclosure management system and related systems are effectively implemented.

3.2.18. Propose self-correction or handling suggestions within a time limit for the audited unit’s financial information that is seriously untrue or its business behavior that violates laws and disciplines;

3.2.19. Internal audit department An annual internal audit work plan shall be submitted to the Audit Committee of the Board of Directors within two months before the end of each fiscal year, and an annual internal audit work report shall be submitted to the Audit Committee of the Board of Directors within two months after the end of each fiscal year;

3.2.20. The internal audit department shall implement appropriate review procedures in accordance with relevant regulations, evaluate the effectiveness of the company's internal controls, and submit an internal control evaluation report to the audit committee of the board of directors at least once a year; the evaluation report shall explain the review and evaluation of internal controls The purpose, scope, review conclusions and suggestions for improving internal control of the system.

3.2.21. Report to the Audit Committee of the Board of Directors at least once every quarter, including but not limited to the implementation of the internal audit plan and the problems discovered during the internal audit work, as well as the internal control discovered during the review process. Major deficiencies or major risks must be reported to the Audit Committee of the Board of Directors in a timely manner.

3.2.22. Other audit matters required by laws and regulations and required by the company's board of directors and the audit committee of the board of directors.

4. Audit agency authority

4.1. Have the right to participate in the company’s important meetings related to production, operation, management, etc.

4.2. Have the right to require the audited unit to submit records, documents, computer software and other relevant information related to business activities and internal control.

4.3. Have the right to use the financial, supply, sales and other computer network systems of the company and the audited unit to obtain information related to production, operation, and internal control and management activities.

4.4. Investigate the units and individuals related to the audit matter and require them to provide supporting materials. The unit and its employees where the audit matter is located shall not refuse; it is necessary to investigate and collect evidence outside the unit where the audit matter is located (including requesting When confirming a letter), the unit where the audit matter is located should cooperate.

4.5. For ongoing behaviors that may cause serious losses, waste and adverse effects to the unit, a temporary stop decision can be made and reported to the audit committee and board of directors of the company in a timely manner.

4.6. With the authorization of the company's board of directors, accounting documents, accounting books, accounting statements, and information related to economic activities that may be transferred, concealed, tampered with, or destroyed shall be temporarily sealed.

4.7. Put forward opinions and suggestions for improving internal control and risk management and improving economic benefits, and supervise their implementation.

4.8. The company’s board of directors or principal responsible person shall authorize the internal audit institution to exercise necessary processing and punishment powers within the scope of management authority.

4.9. With the approval of the company's board of directors, the internal audit institution may entrust a social intermediary agency to audit relevant matters of the unit.

4.10. All internal agencies, holding subsidiaries and joint-stock companies with significant influence shall cooperate with the internal audit department to perform their duties in accordance with the law and shall not hinder the work of the internal audit department.

5. Audit procedures and quality control

5.1. The internal audit institution shall form an audit team based on the audit matters determined in the annual audit work plan. Before the implementation of an audit project, a pre-trial investigation should be fully conducted, and a project audit plan and specific audit implementation plan should be formulated.

5.2. The internal audit institution shall deliver an audit notice to the audited unit 5 working days before conducting the audit. In special circumstances, an audit notice can be sent at the beginning of the audit; with the approval of the company's board of directors or principal responsible person, a surprise audit can also be implemented.

5.3. Internal auditors review accounting vouchers, accounting books, and accounting statements, review documents and materials related to audit matters, inspect cash, physical objects, and securities, conduct on-site observations, and report to relevant units and individuals Conduct audits through surveys (including interviews, questionnaires, and request for correspondence) and obtain audit evidence. Auditors shall be held responsible for any behavior in which the audit evidence they collect is seriously inaccurate, or the audit evidence is concealed, tampered with, or destroyed. The leader of the audit team shall bear responsibility for the failure to collect audit evidence on important audit matters or the audit evidence is insufficient to support the audit conclusion, resulting in serious consequences.

5.4. Internal auditors shall prepare and review audit working papers in accordance with relevant regulations.

The elements of audit working papers include:

5.4.1. Name of the audited unit, that is, the name of the unit or project being audited;

5.4.2. Audit matters, that is, audit implementation Audit matters determined in the plan;

5.4.3. Accounting period or deadline, that is, the accounting period or deadline to which the audit matter belongs;

5.4.4. Auditors and preparation date, That is, the personnel who implemented the audit project and prepared the audit working papers and the date of preparation;

5.4.5. Audit conclusions or a summary of the problems found in the audit and their basis, that is, a brief description of the audit conclusions or the nature of the problems found in the audit , amount, quantity, time, place, method, etc., as well as relevant basis;

5.4.6. Review personnel, review opinions and review date, that is, the audit team leader or the qualified person entrusted by him The auditor's review opinions on the audit working papers and the date of the review;

5.4.7. Index number and page number, that is, the unified number of the audit working papers and the page number of this page;

5.4.8. Attachments are the audit evidence and related information attached to the audit working papers.

5.5. Auditors are responsible for the authenticity and completeness of audit working papers; failure to implement the audit implementation plan resulting in major problems not being discovered; problems discovered during the audit process being concealed or not reported truthfully; and bear responsibility for serious misrepresentations of issues identified in the audit. The audit team leader is responsible for the review opinions and is responsible for failing to discover serious inaccuracies in the audit working papers.

5.6. After the audit team has audited the audit matters, it shall submit an audit report to the internal audit institution that dispatched the audit team.

5.7. The leader of the audit team should sign the audit report and be responsible for the authenticity, legality and completeness of the audit report he or she submits; major issues recorded in the audit work papers will not be reflected If the audit report fails to reflect the truth or the issues reflected in the audit report are seriously inaccurate, the audit report shall bear responsibility.

5.8. Before issuing an audit report, the audit team should exchange audit opinions with the audited unit. If the audited unit has objections, it shall submit written opinions within 10 working days from the date of exchange of audit opinions. If it fails to submit the opinions within the time limit, it will be deemed to have no objection; if the audited unit has objections to the important matters disclosed in the audit report and has passed If consensus still cannot be reached through communication, the internal audit institution will truthfully report the opinions of both parties to the company's board of directors for processing.

5.9. After the audit report is reviewed by the internal audit agency, it is submitted to the company’s board of directors for approval. The internal audit institution shall issue an audit opinion or audit decision to the audited unit based on the review opinions. Within 15 days after receiving the audit opinion or audit decision, the audited unit shall provide a written reply to the internal audit institution, informing it of its acceptance of the audit recommendations and its plan for rectification and handling.

5.10. The internal audit institution should track and understand the rectification of audit matters of the audited unit. If there are any objections to the rectification plans and measures of the audited unit, timely feedback should be given to the audited unit, and follow-up audits can be conducted if necessary.

5.11. The internal audit institution shall report major disciplinary violations that are serious, egregious in nature, and have a relatively large amount discovered during the audit in the company system, and shall be linked to the relevant reward and punishment responsibility system.

5.12. Internal audit institutions should collect materials related to audit projects and establish audit files in accordance with audit file management requirements.

6. Disqualification and Audit Reporting System

6.1. Internal auditors shall recuse themselves from handling audit matters if they have an interest in the audited unit or audit matters.

6.2. After the audit is completed, internal auditors should formulate audit conclusions and recommendations based on verified audit evidence, issue a written audit report, and conduct process audits and interim audits based on actual needs. Auditors can issue interim written reports and oral reports in order to take timely and effective corrective measures to improve operating activities and internal controls.

6.3. Audit reports should be objective, complete, clear, timely, constructive, and reflect the principle of materiality.

6.4. Internal auditors can issue various audit handling and punishment opinions based on the approval of the audit report by the company's board of directors and in accordance with relevant regulations. The audit report and various handling and punishment opinions have the same enforcement effect.

6.5. Important situations discovered during the audit, opinions and suggestions for improving internal audit work, and experience information can be submitted at any time, but the various supervision results of the internal audit department cannot be disclosed to the outside world without the approval of the board of directors. .

7. File management

7.1. Establish audit files. The written information generated by each audit matter handled by the internal audit department should be designated by a dedicated person to manage, file, file and The storage period shall be implemented in accordance with relevant regulations and shall not be destroyed at will without approval.

8. Supervision, management and penalties

8.1. Supervision and management

8.1.1. The company should establish an incentive and restraint mechanism for the internal audit department to Supervise and assess the work of auditors to evaluate their work performance.

8.1.2. If major problems are found in the internal audit work or violations of this system are found, the company shall investigate the responsibility and deal with the relevant responsible persons in accordance with the employee reward and punishment system and other relevant regulations.

8.2. Penalties

8.2.1. For units that violate national financial laws and regulations and the company’s various internal control systems, the internal audit department may handle them according to the following provisions depending on the circumstances:

p>

8.2.1.1 Give criticism or report within the company;

8.2.1.2 Order the correction of disciplinary violations;

8.2.1.3 Order the return or confiscation of illegal gains;

8.2.1.4 The right to collect the income that should be turned over;

8.2.1.5 Recover the embezzled or misappropriated assets;

8.2.1.6 Order to adjust the relevant Accounts;

8.2.1.7 Implement administrative and economic penalties according to the company’s relevant reward and punishment regulations.

8.2.2 If the internal audit department fails to discover serious violations of national financial laws and regulations or serious defects in internal control procedures, the principal person in charge and the chief accountant of the unit shall be held accountable in accordance with regulations. In addition to the relevant responsibilities of the person in charge (or the person in charge of financial work) and the person in charge of the financial department, the supervisory responsibilities of the relevant internal audit personnel will also be held accordingly.

8.2.3 Problems of retaliation against internal auditors should be corrected in a timely manner; those suspected of committing crimes should be transferred to judicial authorities for processing in accordance with the law. Internal auditors who are victims of retaliation have the right to report the situation directly to the company's board of directors.

8.2.4 If the relevant personnel of the audited unit do not cooperate with the internal audit work, refuse to audit or fail to provide information, provide false information, or refuse to implement the audit conclusions, they shall be punished in accordance with the company's employee reward and punishment system and relevant national regulations. Relevant personnel will be subject to disciplinary sanctions; those suspected of committing crimes will be transferred to judicial authorities for processing in accordance with the law.

9. Supplementary Provisions

9.1. This system shall be implemented from the date of adoption, and the right of interpretation and modification shall belong to the company's board of directors.

9.2. Matters not covered in this system shall be implemented in accordance with relevant national laws, regulations and the company's articles of association.

9.3. If this system conflicts with the laws and regulations promulgated by the state or the company's articles of association after being modified through legal procedures, it shall be implemented in accordance with the relevant national laws, regulations and the company's articles of association, and shall be revised immediately and reported to the board of directors. Reviewed and approved.