(2) The enterprise shall identify and evaluate the major internal and external risks faced by the organization during the realization of its objectives. Enterprises should examine the main internal and external risks faced by enterprises from the perspective of development and change, and respond to changes in an appropriate way at an appropriate time. The identification and evaluation of risks should be based on the understanding of the internal and external environment, and at the same time, the probability of risk events and the severity of the consequences of risk events should be estimated, so as to take appropriate measures or strategies to deal with risks.
(3) Enterprises should formulate, communicate and implement policies aimed at supporting the realization of organizational objectives and risk management, so that members can understand the expectations of the organization and the scope of their own actions. This standard fully embodies the idea of decentralization. Every manager and employee should work within the scope of the rights and responsibilities entrusted to them and must not exceed their own authority.
(four) the enterprise shall formulate relevant plans and effectively transmit the information of these plans to the employees of the enterprise. The plan includes the effective allocation of various material resources and human resources within the enterprise.
(5) The objectives and related plans should include measurable performance objectives and their evaluation indicators. In order to accurately evaluate the implementation of objectives and plans, it is necessary to quantify or convert them into corresponding evaluation indicators when formulating objectives and plans. (1) Enterprises should establish ethical standards including honesty and integrity, and at the same time let all members of the enterprise understand and follow these ethical standards through communication. Moral standards are an integral part of corporate culture and the basis for maintaining a good internal environment.
(2) The enterprise's human resources policies and practices should be consistent with the organization's moral values and goals. Human resource policies, including new employee recruitment, employee promotion, employee resignation and employee reward policies, must be consistent with the moral values of enterprises.
(3) Enterprises should clearly define their rights and responsibilities, be responsible for them and be consistent with organizational goals, and be able to make decisions by appropriate people. Any group or individual in an enterprise must have the authority and responsibility corresponding to its work, and bear the corresponding responsibility for the work results.
(4) to cultivate an atmosphere of mutual trust within the enterprise, so as to promote the information exchange between employees and urge them to work hard to achieve enterprise goals. (1) Employees of an enterprise should have the necessary knowledge and skills to help the enterprise achieve its goals, or use external services to meet the needs of the enterprise under certain circumstances.
(2) The information communication process should be able to support the organization's values and promote its realization of enterprise goals. This principle applies to the situations of transmitting orders, negotiating resource allocation, coordinating actions, searching for information and urgently transmitting information about risks and opportunities within enterprises.
(3) The enterprise shall fully and timely identify and transmit relevant information to its employees so that they can perform their duties.
(4) The decisions and actions of different departments within the enterprise should be coordinated with each other. The decision-making of different departments must be guided by the overall goal of the enterprise and try to avoid the competition for interests of small groups.
(5) The design of control operation should be an inseparable part of the organization, taking into account the organizational objectives, the risks faced in achieving these objectives and the correlation between control elements. Among them, control activities refer to the routine procedures established to ensure that the operation of the enterprise is carried out as planned and meets the requirements of the relevant policies of the enterprise. Control activities and related policies and procedures can be communicated to employees informally or formally explained in the work manual. (1) Enterprises should monitor the external and internal environment to obtain information, which may indicate the need to re-evaluate organizational objectives or controls.
(2) Monitor the business performance of the enterprise and compare it with the performance targets and related indicators determined in the strategic planning of the enterprise. Then, according to the comparison results, the organizational objectives and related indicators of the enterprise are revised.
(3) We should periodically re-examine the assumptions on which the enterprise goals are established.
(4) When the enterprise's objectives change or internal control defects are found, the enterprise's information needs and related information systems should be re-evaluated.
(5) The enterprise shall establish and effectively implement a follow-up investigation system to ensure that the deviation has been corrected or appropriate measures have been taken.
(6) The management should regularly evaluate the effectiveness of internal control and feed back the evaluation results to the personnel in charge of various controls.