1、xx消费金融有限公司 xx消费金融公司xx年度内部控制评价报告XX xx internal control evaluation reportxx年本公司依据企业内部控制基本规范、商业银行内部控制指引等规章,开展了内部控制评价工作。本次评价采用方法包括:主要业务条线管理部门的全面自评价、问卷调查、个别访谈等,同时采用适当的抽样方法,选择部分营业网点进行了现场测试。本次评价范围覆盖了公司层面、流程层面及IT层面的关键控制领域。评价结果表明,xx年,本公司内部控制体系的健全性和内部控制制度执行的有效性不断提高,在所有重大方面基本符合企业内部控制基本规范和商业银行内部控制指引的要求,内部控制体系建设
2、和运行整体有效。In xx, our company performed internal control evaluation according to some regulations of Basic Standard for Enterprise Internal Control, Guidelines for Internal Control of Commercial Banks, etc. The methods of the evaluation included whole evaluation on main business line management departm
3、ent, questionnaire and interview, etc. Meanwhile, we also used appropriate sampling methods and selected some POSes to perform on-site testing. The evaluation covered key control field of company level, process level and IT level. The evaluation result showed that, in xx, the soundness of internal c
4、ontrol system and effectiveness of internal control execution has got improved continually, the all significant aspects basically in line with the requirements of Basic Standard for Enterprise Internal Control, Guidelines for Internal Control of Commercial Banks, and internal control system establis
5、hment and execution were effective as a whole.鉴于内部控制存在固有局限性,其有效性可能随内、外部环境及经营情况的变化而改变,本公司仅能对内部控制的完整性和效果提供合理保证。本公司内部控制设有检查监督机制,内控缺陷一经识别,本公司将立即采取整改措施。现将本公司的内部控制情况陈述如下。Due to the inherent limitation of internal control, the effectiveness of internal control system may change with the change of internal
6、and external environment and business condition. Our company can only provide the reasonable guarantee on completeness and effectiveness of internal control. The internal control of our company equipped with check and supervision mechanism, correspondingmeasures will be taken in case of internal con
7、trol defect identified. We hereby state the internal control situation as follows:一、 内部控制体系的基本构成The basic construction of internal control system(一) 内部控制体系Internal control system本公司遵循企业内部控制基本规范、商业银行内部控制指引等法规对企业内部控制建设的要求,从内部环境、风险评估、控制活动、信息与沟通、内部控制评价与监督五个方面构建多层次、全方位、一体化的内部控制体系。Our company set up multi
8、level, omnibearing and integrative internal control system from five areas of internal environment, risk assessment, control activity, information and communication, and internal control evaluation and supervision, complying with the requirements about internal control establishment to enterprise of
9、 Basic Standard for Enterprise Internal Control, Guidelines for Internal Control of Commercial Banks.董事会高度重视内控制度建设,于2013年6月通过了高级管理层提交的xx消费金融公司内部控制政策,根据津银监发xx-第29号_天津银监局关于转发商业银行内部控制指引的通知有关要求,xx年12月份,公司内部控制框架进行了调整。同时,董事会及风险及内控管理委员会督促高级管理层在日常工作中切实落实并加强内部控制及风险管理。公司各部门严格遵循内控政策要求,将其落实于日常经营管理中。The Board of
10、 Directors thinks highly of the system construction of internal control and continuously improves the internal control system of the Company. Advanced version of the Internal Control Policy of the Company was submitted by the Senior Management in June, 2013. Recently the internal control framework h
11、as changed in Dec. xx, according to new regulation “Circular of the China Banking Regulatory Commission on Issuing the Guidelines for the Internal Control of Commercial Banks” Yin Jian Fa xx No.40. In addition, the Board of Directors and Internal Control and Risk Committee steadily urge Senior Manag
12、ement to practically implement and enhance the internal control and risk management in Companys activities. All departments has been following the internal control rules set in the Policy and has been implementing it into daily business operation and management. 高级管理层在日常经营管理中十分注重内部控制,并对各部门的内控情况进行日常管
13、理。从内部制度方面来讲,公司不仅通过了较高层面的内控政策,各部门还就其部门内部各项流程控制及管理制订了相应的内部制度及流程,并须严格遵守。其遵守情况受到合规、内审部门的严格监督。Senior Management has focused on internal control during daily business operation and takes charge of the overall internal control of all departments routine management. In respective of internal regulation rega
14、rding internal control, the Company not only has formulated an internal control policy at high management level, but also specified variety of internal control procedures and processes at departmental level in terms of the each departments daily business and actual situation. The internal control po
15、licy and the departmental procedures are required and closely monitored by compliance and internal audit departments to be strictly obeyed. (二) 内部控制体系建设的总体目标和原则Internal control system objectives and principle1. 公司的内部控制目标包括:Companys internal control objectives including:- 确保国家法律规定和公司内部规章制度的贯彻执行。Guara
16、nteeing the implementation of state laws as well as the internal rules and bylaws of company- 确保公司发展战略和经营目标的全面实施和充分实现。Guaranteeing the all-round implementation and full realization of companys development strategies and business objectives.- 确保风险管理体系的有效性。Guaranteeing the validity of the risk managem
17、ent system- 确保业务记录、会计信息、财务信息和其他管理信息的及时、真实和完整。Guaranteeing the timeliness, authenticity and integrity of the business records, accounting information, financial information and other management information2. 公司的内部控制应当贯彻以下基本原则:Companys internal control shall comply with the following fundamental princ
18、iples:- 全覆盖原则。本公司内部控制应当贯穿决策、执行和监督全过程,覆盖本公司的各项业务过程和管理活动,覆盖所有的部门、岗位和人员。Full coverage principle. The internal control of company shall penetrate the whole process of decision-making, implementation and supervision, cover all business processes and management activities, and cover all departments, posts
19、 and staff.- 审慎性原则。本公司内部控制应当坚持风险为本、审慎经营的理念,设立机构或开办业务均应坚持内控优先。Prudential principle. The internal control of company shall insist on the philosophies of risk focus and prudential operations, and the establishment of any institution or the running of any business shall give the priority of internal con
20、trol.- 制衡性原则。本公司内部控制应当在治理结构、机构设置及权责分配、业务流程等方面形成相互制约、相互监督的机制。Balance principle. The internal control of company shall form a mutual restriction and supervision mechanism in respect of governance structure, institutional setting, distribution of powers and responsibilities, business processes and so o
21、n.- 相匹配原则。本公司内部控制应当与管理模式、业务规模、产品复杂程度、风险状况等相适应,并根据情况变化及时进行调整。Matching principle. The internal control of company shall adapt to management mode, business scale, product complexity, risk conditions and so on, and be adjusted in time according to changes in circumstances. 二、 内部环境Internal environment 公司
22、董事会、监事和高级管理层充分认识自身对内部控制所承担的责任。The board of directors, the supervisor and the senior management staff of company fully recognize their responsibilities for internal control.董事会负责保证公司建立并实施充分有效的内部控制体系,保证公司在法律和政策框架内审慎经营;负责明确设定可接受的风险水平,保证高级管理层采取必要的风险控制措施;负责监督高级管理层对内部控制体系的充分性与有效性进行监测和评估。The board of direc
23、tors can ensure that the company establishes and implements sufficient and effective internal control systems, and operates prudently within the framework of relevant laws and policies; specify and determine acceptable risk level for the company, and ensure that senior management takes necessary ris
24、k control measures; and, supervise the monitoring and evaluation of sufficiency and effectiveness of the companys internal control system by the senior management.监事负责监督董事会、高级管理层完善内部控制体系;负责监督董事会、高级管理层及其成员履行内部控制职责。The supervisor can be responsible for supervising the board of directors and the senior
25、 management in their improvement efforts of the internal control system; and, supervising the board of directors, senior management and members thereof in their performance of duties related to internal control.高级管理层负责执行董事会决策;负责根据董事会确定的可接受的风险水平,制定系统化的制度、流程和方法,采取相应的风险控制措施;负责建立和完善内部组织机构,保证内部控制的各项职责得到有
26、效履行;负责组织对内部控制体系的充分性与有效性进行监测和评估。The senior management can be responsible for implementing decisions of the board of directors; formulating systematic systems, processes and methods, and taking corresponding risk control measures according to the acceptable risk level as determined by the board of dir
27、ectors; establishing and improving the internal organizational structure, and guaranteeing the effective implementation of all duties related to internal control; and, organizing the monitoring and evaluation of the sufficiency and effectiveness of the internal control system.董事会下设的风险及内部控制委员会具体负责组织协
28、调内部控制的建设与执行。董事会下设的审计委员会负责审查公司内部控制,监督内部控制的有效实施和内部控制自我评价情况,协调内部控制审计及其他相关事宜等。The risk and internal control committee under the board of directors organizes and co-ordinates the construction and implementation of internal control. The audit committee under the board of directors in responsible for exami
29、ning the companys internal control, monitoring the effective operation of internal control and control self-assessment, coordinating internal control audit and other related activities.公司指定内部控制官根据本政策牵头内部控制体系的统筹规划、组织落实和检查评估。The company designates Internal Control Officer to take the lead in the overa
30、ll planning, organization, implementation, check and evaluation of the internal control system according to this policy.内部审计部门履行内部控制的监督职能,负责对公司内部控制的充分性和有效性进行审计,及时报告审计发现的问题,并监督整改。The internal audit department fulfilled duties of supervision over internal control, audit the sufficiency and effectivene
31、ss of the internal control of the company, report any problem found out during audit in a timely manner, and supervise the corrections thereof.业务部门负责参与制定与自身职责相关的业务制度和操作流程;负责严格执行相关制度规定;负责组织开展监督检查;负责按照规定时限和路径报告内部控制存在的缺陷,并组织落实整改。The business departments can be responsible for participating in the formu
32、lation of the business system and operation processes relating to its duties; strictly enforcing relevant provisions of the system; organizing to conduct supervision and check; and, reporting defects of internal control as per stipulated time limit and route, and organizing to carry out corrections
33、thereof.三、 风险评估Risk Evaluation自开业以来,我公司初步建立并完善了内部控制和全面风险管理体系。通过制定公司层面的规章制度,明确了公司的风险管理及内部控制要求。通过梳理业务流程和制定部门层面的流程文件、工作手册,识别出业务流程中的风险点并采取了有效的控制措施,把风险降到了可接受范围内。Since launch the company initially established and improved the internal control and comprehensive risk management system. Through the developme
34、nt of company level policies, we defined the companys risk management and internal control requirements. Through combing business processes and building department level procedures and working manuals, we defined the risk points of business processes and carried out effective control actions to redu
35、ce the risk to acceptable level.公司建立了涵盖各项业务、全公司范围的风险管理系统,对合规风险、信用风险、操作风险、市场风险、流动性风险、外包风险、声誉风险等各类风险进行持续的监控。The company established a risk management system covering all items of business and within the whole company, and continuously monitored and controlled various risks including credit risks, mark
36、et risks, liquidity risks, and operation risks, etc.公司在风险及内部控制委员会统筹下开展风险评估,风险管理部门准确识别与实现控制目标相关的内部风险和外部风险,确定相应的风险承受度,并每季度将评估与控制情况报告风险及内部控制委员会、董事会。The risk and internal control committee can take lead in the risk assessment, the risk management department accurately identified the internal and externa
37、l risks that affect the accomplishment of its established control objectives and set appropriate risk appetite for the identified risks. The status of risk evaluation and control has been reported to the risk and internal control committee and BOD quarterly.根据内控政策要求,我公司内审部也应对公司进行年度风险评估,内审部于xx年底实施了年度
38、风险评估项目,年度风险评估覆盖所有部门,所有流程。评估结果表明,绝大多出的风险均在可接受范围内。According to the Internal Control Policy, The Internal Audit department shall conduct annual risk evaluation for the whole company. IA department carried out internal risk evaluation project from end, xx to evaluate the risk of all department and all p
39、rocess/activities. The result of risk evaluation shows that the overwhelming majority of the risks are within acceptable level.1. 合规风险 Compliance Riskxx年,公司致力于有效的合规风险管理并主要从以下方面开展了合规管理工作:In year xx, the company had endeavored to effectively manage compliance risk. Compliance management was mainly car
40、ried out in below aspects:1) 制定合规管理计划:Compliance Plan Formulationxx年,公司合规部门根据有关要求制定合规管理计划并根据计划及合规管理政策开展合规风险的管理工作,根据银监会商业银行合规风险管理指引,合规部门针对合规管理的常规及特殊项目制定了工作计划。其中,主要常规项目包括:法律法规跟踪、合规咨询及培训、合规监控及检查等。In year xx, the compliance department had formulated proper compliance plan and had carried out the complia
41、nce risk management work according to the compliance control policy and compliance plan. During year 2013, according to the CBRC Guideline on the Compliance risk management, compliance department had made the plan with regular compliance work as well as ad hoc tasks assigned by senior management. Th
42、e main part of the regular work includes: legislation monitoring, compliance consultation and training, compliance monitor and check etc.2) 法律法规跟踪Legislation monitoringxx年,公司合规部门持续跟踪各类最新发布的法律、法规、规章制度,并将有关情况编制月度法律跟踪报告提交高级管理层,对于重大法规的颁布则按照实时报告原则进行报告。公司法务部门及合规部门在法律法规跟踪监控领域保持密切合作及信息交流。During xx, the comp
43、liance department had continually monitored the newly promulgated legislation from regulator and provided the legislation monitoring report monthly to senior management, for important ones, on real time basis. In legislation monitoring work, the company legal department and compliance department had
44、 been working closely and cooperate a lot on information exchanging.3) 合规咨询及培训:Compliance consultation and training按照合规计划,公司将为员工定期组织合规培训。xx年,公司继续致力于新员工的合规培训,并在xx年完成了全体员工的合规培训。Regular compliance training to staffs had been included in the compliance plan. In year xx, the company continues with compli
45、ance awareness training to new hires successfully and also successfully finished the compliance training.4) 合规监控及检查Compliance monitoring and check合规部协调推动各部门建立起法规及监管报告清单,旨在监督并确保有关报告、报表得到及时报送。合规部定期对报告报送情况进行检查。在xx年,所有报告已由相关部门确认按照有关要求进行了及时、全面的报送。Compliance department also coordinated and pushed departme
46、nts to prepare their obligatory reporting list- reports the company has obligation to prepare and submit to the regulator. For such list, compliance department made regular check with related department to ensure they had fulfilled their obligation of reporting. For year xx, all regulatory reporting
47、 obligations had been fulfilled by CFC as confirmed by all Department heads in their respective obligation list on monthly basis.2. 信用风险Credit Risk目前信用风险管理在消费金融公司里起到了一个与足轻重的作用。基于消费金融业务的特点,xx消费金融有限公司组建了适合中国特色和当地特点的风险管理制度和团队。消费金融风险管理以信用风险为重点,本着集中化管理结合本地执行的原则,在消费金融业务的生命周期中实现风险调节的利润最大化。公司的信用风险管理系统通过先进的自
48、动化流程,工具和系统,由具有丰富经验和才能的专业人才管理执行。Credit risk management plays the most significant role in consumer finance business. Risk team is fully staffed and experienced to manage and support all credit risk management functions in the company. Main principle is to establish a specific credit risk control syst
49、em, including risk management policy, underwriting rules and provisioning policy, by taking into consideration the local market specifics, financial culture, and local regulation. With highly calibrated and state of the art designed, system supported control system; XXC offers loans to customer depending on the following basic principles, all phases of consumer loan life
浙ICP备2021020529号-1 | 浙B2-20240490 
