(On December 25, 2004 Bank of China industry supervision Management Committee makes 2004 9th, announced since on February 1, 2005 up purposes) first chapter General first article for specification and strengthening on commercial banks internal control of evaluation, urged its further established internal control system, sound internal control mechanism, for full risk management system of established lay based, guarantee commercial banks security sound run, according to People's Republic of China banking supervision management method, and People's Republic of China commercial banks method
    And other laws and regulations, these measures are formulated.
    Second evaluation of commercial bank's internal control refers to the construction of commercial bank's internal control system, implementation and results of independent surveys conducted activities, testing, analysis and evaluation of system performance. Internal control evaluations include process evaluation and outcome evaluation. Process evaluation of the internal control environment, risk identification and assessment, internal controls, supervision evaluation and correction of, information-sharing and feedback of system elements, such as evaluation.
    Evaluation is the evaluation of achievement of the main objectives of internal controls.
    Article III of commercial bank's internal control system of commercial banks in order to achieve management objectives through policies, procedures and programmes to develop and implement a systematic, effective risk identification, assessment, control, monitoring and improvement of dynamic processes and mechanisms.
    The fourth commercial bank shall establish and maintain systems, transparency, documentation of the internal control system periodically, or when the relevant laws and regulations and other significant changes in the business environment, and to review and improve the internal control system.
    Fifth commercial banks ' internal control evaluation by the China Banking Regulatory Commission (hereinafter referred to as the CBRC) and its agency organizations.
    The sixth internal control internal control evaluation evaluators should accept the knowledge and skills training, with the corresponding qualifications and ability.
    Chapter evaluation objectives and principles article seventh evaluation of commercial banks ' internal control objectives include: (a) promote commercial banks to strictly abide by State laws and regulations, the regulator's regulatory requirements and the principle of commercial prudence.
    (B) the promotion of commercial banks to improve risk management, and ensure the realization of its development strategy and business objectives.
    (C) promoting enhanced business of commercial banks, finance and management of the authenticity, completeness and timeliness of the information.
    (D) promoting the awareness of managers and employees at all levels to strengthen internal control of commercial banks, strictly implement the control measures, and ensure the effective operation of internal control system.
    (E) promotion of business innovation of commercial banks, restructuring and new major changes, timely and effectively assess and control risks that may arise.
    Eighth article from the adequacy of internal control evaluation, compliance, effectiveness and suitability of four aspects: (I) process and whether risks have been fully identified.
    (B) procedures and risk control measures are in compliance with the relevant requirements, be clearly defined and implemented and maintained.
    (C) the effectiveness of control measures.
    (D) the suitability of the control measures. Nineth internal control evaluation should be guided by the following principles: (a) the overall principle.
    Evaluation should cover the activities of the commercial banks ' internal control the whole process and all systems, departments, and jobs. (B) the principle of unity.
    Evaluation criteria, scope, procedures and methods should be consistent, and evaluation process to ensure accuracy and objectivity and comparability of evaluation results. (C) the principle of independence.
    Evaluation for the CBRC or authorised to evaluate independently. (D) the principle of impartiality.
    Evaluation should be based on the facts, to legal and regulatory requirements as the criteria, objectively and impartially, seeking truth from facts. (E) the materiality principle.
    Evaluation should be based on the risk and the importance of setting priorities, focus on key areas and key business. (F) the principle of timeliness.
    Evaluation should be carried out according to a predetermined time interval, when significant changes in the management environment, should be re-evaluated.
    Chapter III content section of internal control environment the tenth Bank's corporate governance.
    Commercial banks should establish a general meeting of shareholders, Board of Directors, Board of supervisors and senior management of the corporate governance structure to ensure agencies regulate the operation, the separation of powers.
    (A) the shareholders, Board of Directors, Board of supervisors and under the rules of procedure of the General Assembly and decision-making bodies, and establish rules of procedure and the decision-making process.
    (B) clear the Board and Supervisory Board of Directors, and supervisors, senior management and senior management responsibilities in internal control.
    (C) the establishment of independent director system, the Board's objective, impartial opinion of the discussion.
    (D) establishment of external supervisor system, on the Board of Directors, Board members, senior management and oversight.
    11th the Board of Directors, Board of supervisors and senior management responsibilities.
    Board is responsible for guarantee commercial banks established and implementation full and effective of internal control system; is responsible for approval overall business strategy and major policy and regularly check, and evaluation implementation situation; is responsible for ensure commercial banks in legal and policy of framework within carefully business, clear set can accept of risk degree, ensure senior management layer take necessary measures recognition, and measurement, and monitoring and control risk; is responsible for approval organization institutions; is responsible for guarantee senior management layer on internal control system of full sex and effectiveness for monitoring and assessment.
    Board of supervisors oversees the Board of Directors, senior management and improve internal control systems; supervise the Board of Directors and the Managing Director, senior management and senior management personnel to perform internal control responsibilities; responsible for requirements Director and Chairman of and senior managers to correct the damage to commercial interests and supervise the implementation.
    Senior management is responsible for establishing internal control policies, on the adequacy and effectiveness of the internal control system for monitoring and evaluation is responsible for implementing decisions of the Board responsible for establishing procedures for identifying, measuring, monitoring and controlling risk and measures responsible for establishing and improving internal organization to ensure effective compliance with the internal control functions.
    Board of Directors and senior management should also foster good internal control culture, improve risk awareness and professional quality of staff, establish patency of internal and external communication channels to ensure timely access to internal control-related human, material and financial resources, information, and technology resources.
    12th the internal control policy. Commercial banks should implement operational and management activities develop a clear policy on internal control to provide internal control principles and basic requirements, and provide guidance for the development and assessment of internal control objectives. Internal control policy should: (a) and commercial banks of business purposes and development strategy phase consistent; (ii) reflected continued improved internal control of requirements; (three) meet existing legal regulations and regulatory requirements; (four) reflected out focuses on control of risk type; (five) reflected out on different area, and industry, and products of risk control requirements; (six) convey to applies post of employees, guide employees implementation risk control measures; (seven) can for risk related party by gets, and sought benefit cooperation; (eight) regularly for review,
    To ensure its continuing suitability and effectiveness.
    13th internal control objectives. Commercial banks should establish and maintain on the relevant functions and levels within the control.
    Internal control internal control objectives should be consistent with the policy, and reflects the requirements of continuous improvement.
    At the time of setting up and evaluation of internal control objectives should be considered legal, regulatory requirements, and other requirements, as well as technology, finance, operations and risk-related factors such as, inter alia, consider the internal control requirements of regulatory authorities. Internal control objectives should be measurable.
    If possible, be quantified target indicators.
    14th organizational structure. Commercial banks should establish a rational division of labor, responsibilities, reporting relationships clear organizational structure, clear all risk and internal control-related departments, positions, responsibilities and authorities of personnel and documents be communicated.
    Special consideration should be given to: (a) establishing the mandate system, unified corporate management and corporate mandates.
    (B) the necessary separation of responsibilities and mutual supervision between horizontal and vertical.
    (C) related to assets, liabilities, financial and personnel changes in important matters such as the Central Government may by one person alone.
    (D) identify key positions, special and incompatible positions and control requirements.
    (E) establishment of key positions with regular or irregular rotation and mandatory vacations for.
    Commercial banks should set up responsible for internal control system, implementation of the special responsibility of the specialized committees or departments, make clear its responsibility, authority and reporting lines. Commercial banks should set up a complete system of vertical management, with full independence of the internal audit department. Internal audit sector should equipped with has corresponding qualification and capacity of audit personnel; should right to get commercial banks of all business, and management information; should according to on's is institutions of risk rating results determine audit frequency, and on institutions and business of audit coverage, regularly or not regularly on internal control of sound sex and effectiveness implementation check, and evaluation; should timely to Board or Board Audit Committee submitted audit report; Board and the senior management layer should guarantee audit report in the pointed out that of internal control of missing get timely corrected rectification
    ; Office to appoint and dismiss heads of internal audit should be agreed by the Board of directors or the Supervisory Board.
    15th enterprise culture. Commercial banks should cultivate a healthy corporate culture, the connotation of enterprise culture and its planning, infiltration, evaluation and improvement to make clear rules.
    Should be conveyed to employees comply with laws and regulations and in particular the importance of the implementation of internal control, and guide employees to set up compliance and risk awareness, improve their moral standards employees, regulate employee behavior.
    16th article human resource.
    Commercial banks should improve human resources policies and procedures, ensuring that risk and internal control-related personnel with appropriate skills and awareness.
    Commercial bank risk and internal control should be clear and suitable conditions of the person concerned, and identifying relevant education, work experience, training and skills requirements, and to ensure that competent personnel.
    Senior managers must meet regulatory agency requirements for qualifications for senior managers. Commercial banks should develop and maintain training plans, to ensure that senior management and all employees can complete its tasks and responsibilities for internal control.
    Training plans should be periodically reviewed, and should take into account the different levels of staff responsibilities, capacities and level and the risks they face.
    Introduction of commercial banks ' employees, exit, selection, performance evaluation, salary, benefits, administrative penalties for professional and technical positions such as personnel management detailing, and fully consider the risks in the process of human resources management.
    Section II of risk identification and assessment article 17th management risk identification and assessment. Commercial banks shall establish and maintain written procedures to sustain effective risk identification and assessment.
    The main risks, including credit risk, market risk (including interest rate risk), operational risk, country and transfer risk, liquidity risk, legal risk and reputation risk.
    Should identify and determine the operational and management activities of conventional and non-conventional, and to identify the risk of these activities (whether by internally generated), taking into account the type, source and its sphere of influence, in particular, shall consider the risk of using a computer system. In accordance with laws and regulations, regulatory requirements and internal control policies determine whether the risk is acceptable in order to determine whether to take further measures.
    Risks can be accepted, should be monitored and periodically reviewed to ensure a continuing acceptable risk is unacceptable, control measures should be developed. Commercial banks for various types of risk identification and assessment of internal and external factors should be considered.
    The internal factors include organizational structure the complexity of nature, banking business, institutional change and movement of staff; fluctuations in external factors include economic conditions, industry trends, and so on.
    When the environment changes and conditions, should be to identify and evaluate the risks in a timely manner, to ensure that any new risks to control and has not previously been identified and controlled.
    Risk identification and assessment shall be: (a) time limits according to the scope and nature of the business and take the initiative.
    (B) assess the consequences of the risk, probability and risk levels.
    (C) when necessary, developing and applying risk assessment methods and models.
    18th identification of legal, regulatory and other requirements.
    Commercial banks should be established and maintained to identify and access to applicable laws and regulations, regulatory requirements, and other requirements of the program as risk identification and assessment, development of control objectives and control programme is based on.
    Commercial banks should be timely updated information on laws and regulations, regulatory requirements and other requirements, and communicating this information to the relevant employees and other related parties.
    19th internal control program. Commercial banks ' internal control programmes should be developed to control unacceptable risks that have been identified.
    Internal control measures should include the following elements: (a) in order to implement the provisions of relevant risk control responsibility and authority.
    (B) control strategies, methods, resources, needs and time requirements.
    If related to the organizational structure, processes, computer systems and other aspects of a major change, should take into account new risks that may arise.
    Section III internal control measures article 20th running control.
    Commercial banks should establish control measures need to be taken of the operational and management activities, based on the planning of control measures and existing control procedures to control these activities. (A) control measures include the following: 1. the top check. Board of Directors and senior management should request the subordinate departments to promptly report to the management and particularly in order to check the implementation of the internal control and the progress towards meeting the objectives of internal control.
    Senior management should be submitted according to the lack of internal controls, supervise the functions of management improvement. 2. behavioral control.
    Functional management departments at all levels to review daily, weekly or monthly special reports or reports for management and special situations, ask questions, and for corrective measures. 3. physical control.
    Main control measures including physical limitations, double storage and inventory on a regular basis. 4. review of risk exposure limits.
    Review of compliance in following exposure limits, violations continue to monitor. 5. approval and authorization.
    According to a number of restrictions on the business and management activities for approval and authorization, a clear management responsibility at all levels. 6. validation and verification.
    Validation operations, management activities as well as the risk management model, and to verify on a regular basis and find you need to fix the problem in a timely manner and report to the functions of management. 7. the proper separation of incompatible positions.
    Implement a proper segregation of duties, identified and minimized the potential conflicts of interest.
    (B) control points include: 1. could lead to deviations from the operation of the internal control policy, objectives, shall establish and maintain documented procedures and requirements, and operation and control standards set in the program.
    2. important activities for continuous recording and supervision should be implemented.
    3. in the case of possible, you should consider using computer systems to control.
    4. procurement or outsourcing of facilities, equipment, systems and services has been identified in the risk, shall establish and maintain procedures and related procedures and requirements to the supplier to ensure the compliance with control requirements related to commercial banks.
    5. for products, organizational structures, processes, computer system design process, establishing an effective control program.
    21st computer environment under control. Computer system should be considered under the environment operational operational characteristics of commercial banks, establish an information security management system, hardware, operating systems and applications, data, and operating environments, as well as the design, procurement, security and use control, ensuring the integrity, security and availability of information.
    Clear Development Department of computer information systems, management and application of responsibility, establish and improve the system of risk management of computer information systems, ensure that the computer system, data, system security and system environment.
    22nd emergency preparedness and management. Commercial banks should establish and maintain plans and procedures to identify the possibility of accidents or emergencies (including computer systems).
    Accidents and emergencies occur, should make timely response, to prevent or reduce possible losses to ensure business continuity. Commercial banks should carry out periodic checks, maintenance, emergency facilities, equipment and systems to ensure their application status.
    If possible, you should regularly test contingency plans. Commercial banks should review their contingency plans, especially the aftermath of accidents or emergencies.
    Emergency preparedness and the possibility of accidents or emergencies (including accidents, hazards), adapted to the nature of.
    Supervision evaluation and correction in the fourth section the 23rd performance monitoring of internal control.
    Commercial banks shall establish and maintain written procedures through appropriate monitoring activities, continuous monitoring of internal control performance.
    Monitoring includes: (a) internal control objectives are achieved.
    (B) compliance of the laws, regulations and regulatory requirements.
    (C) accidents, hazards, and other poor internal control performance history.
    24th disposal of illegal, dangerous situations, accidents and corrective and preventive measures.
    Commercial banks shall establish and maintain written procedures, illegal, dangerous situations, accidents of discovery, reporting, disposal, and corrective and preventive measures, including: (a) found an illegal, dangerous situations, accidents and report, if necessary, the kinds of reports.
    (B) the timely disposal of illegal, dangerous situations, accidents.
    (C) establish corrective and preventive measures to prevent violations, dangerous situations, accidents happen, and happen again and are consistent with the size of the problem and the degree of risk.
    (D) the corrective and preventive measures in the risk assessment should be conducted before the implementation.
    (E) implementing and tracking and verifying corrective and preventive measures.
    (Vi) emergency and accident liability.
    Evaluation of internal control system of the 25th. Commercial banks shall establish and maintain documented procedures implementation evaluation of the internal control system to ensure adequate internal control system, compliance, effectiveness and appropriateness.
    Procedures should include an assessment of the objectives, criteria, scope, frequency, methods, and responsibilities and requirements.
    Evaluation should take into account activities of risk assessment, operational and management processes, and previous evaluation results, covering all activities within the system. According to assessment results determine the level of internal control.
    Agency managers should take steps to eliminate causes of violations and verify the effect of the measures taken.
    Assessment and evaluation activities of direct responsibility personnel, the evaluators should possess appropriate knowledge, competence evaluation.
    The 26th management review.
    Measures should be taken to ensure that the Board of Directors regularly reviews the State of internal control, ensure that the system is sustainable and effective improvement.
    (A) the management review should include the following elements: 1. the results of the evaluation of the internal control system.
    2. implementation of internal control policies and the achievement of the objectives of internal control.
    3. external information has an important impact on the internal control system, such as major changes in laws and regulations.
    4. the organizational structure of major adjustments.
    5. accident and emergency and major corrective and preventive measures.
    6. follow-up from previous management reviews.
    7. suggestions for improvement of the system of internal control.
    (B) the management review should be implemented on the following proposed improvement measures and: 1. the internal control system and process improvements.
    2. the objectives of internal control policies, changes.
    3. internal control-related resource requirements.
    27th continuous improvement.
    Commercial banks should use internal control policies, internal control objectives, results, performance monitoring and analysis of data, corrective and preventive actions and management review, and so on, continuously improve the effectiveness of the internal control system.
    The fifth Festival 28th Exchange and communication of information exchange and feedback.
    Commercial banks should establish and maintain procedures for information exchange and communication, clearly on the financial, management, operations, events and marketing information and other related information to identify, collect, process, communicate, communication, feedback, channels and manner of disclosure.
    Commercial banks should identify the risk of internal and external stakeholders, taking into account their requirements and objectives, establish mechanisms for Exchange of information with these parties to ensure that: (a) the Board of Directors and senior management to understand business information, management information, and other important information.
    (B) all employees fully understand the relevant information, policies and procedures to comply with its responsibilities and obligations.
    (C) danger, an accident occurs, information can get reports in a timely manner and communicate effectively.
    (D) timely, truthful and complete manner to regulators and external reporting and disclosure of relevant information.
    (E) dynamic information obtaining and processing of domestic and international economic, financial, and established business objectives and corporate-related information to all levels of management. Exchange of information should take into account the security and confidentiality of the information and communication requirements.
    Report, publish, disclose relevant information should be authorized.
    In order to maintain the traceability of information communication and, if necessary, should maintain records of information exchange and communication.
    29th internal control system requirements for file. To establish and maintain a documented system is to realize information exchange and feedback ...
    Shall establish and maintain necessary internal control system of commercial bank documents, including: (a) the description of the internal control system elements and their interaction.
    (B) internal control policies and objectives.
    (C) key positions and their duties and powers.
    (D) an unacceptable risk and its prevention and control measures.
    (V) control program, job AIDS, and other internal documents.
    Article 30th document control.
    Commercial banks shall establish and maintain written procedures to ensure that internal control system required by the file meets the following requirements: (a) easy to query.
    (B) be approved by the authorized person before implementation.
    (C) the periodic review and, if necessary, be amended and by authorized personnel to confirm its suitability.
    (D) all related posts can be a valid version.
    (E) fails, from all points of issue and points of use, or to take other measures to prevent misuse.
    (Vi) identify timely identification and disposal of foreign file and, if necessary, into internal documents.
    (VII) retention of archive documents and information should be appropriately identified.
    The 31st record control.
    Commercial banks shall establish and maintain written procedures to provide for the internal control related activities involved in the recording of identification, generation, storage, protection, retrieval, retention time and disposition.
    Records should remain legible, readily identifiable and retrievable, to provide evidence that meets the requirements and effective operation of the internal control system, and can be traced back to the activities related to it.
    The fourth chapter evaluation procedures and methods for the 32nd evaluation of internal control evaluation process generally includes preparation, evaluation, evaluation reports and feedback and so on.
    Article 33rd evaluation preparation. Composition of the evaluation team. The background and skills of the members of the review group should consider.
    If necessary, you may retain experts in business or management. Develop an evaluation plan.
    This evaluation of the implementation plan should be clear purpose, scope, criteria, timing and the corresponding allocation of resources. Prepare the necessary working papers.
    Include evaluation questionnaires, sampling plan, evaluation of the internal control system files and related records.
    Site assessment should establish initial contact with the institutions being evaluated before to confirm and arrange matters relating to evaluation.
    Article 34th evaluation. Evaluation Group should be implemented in accordance with the established evaluation programme evaluation.
    In the implementation of the evaluation should be evaluated within the Group and evaluation team communication with the rating agencies made formal arrangements, through appropriate methods and evaluation purpose, scope and standards-related information, to test the project being evaluated under the evaluation programme, the relevant data were identified and analysed and recorded.
    Appraisal of the implementation of the specific methods, see the 39th to 43.
    35th evaluation report form.
    According to the appraisal of the implementation of the evaluation group, write evaluation reports should focus on the following aspects: (a) the internal control system by the evaluation agency situation, problems and trend analysis.
    (B) similar banks.
    (C) recommendations.
    (D) possible understanding.
    The 36th article feedback.
    After a comprehensive evaluation of the internal control system by the Evaluation Agency should communicate with the management of the organizations was evaluated and used to check the data, confirm the facts and questions in the evaluation for comments. 37th the CBRC and its local agencies according to the evaluation report, in accordance with the relevant laws and regulations, make findings and decisions, and formally in writing sent by rating agencies, rectification.
    Meanwhile, evaluation findings shall be reported to higher authority.
    38th method is implemented for the purpose of internal control evaluation, evaluation of the internal control system of analysis and evaluation techniques and tools that have been taken collectively. 39th internal control evaluation includes: understanding internal control system.
    Should understand the basic conditions of evaluation of the internal control system, confirm the scope of the evaluation, determining evaluation of the integrity of the internal control system of the body, then decided to test the approach. Implementation testing and analysis. Implementation testing and analysis is understanding of the internal control system on the basis of evaluation of the internal control system operation and performance.
    Specific indicators of compliance testing and analysis can be taken, among them, the process evaluation of internal control compliance testing method on evaluation of internal control, the main index analysis method.
    40th understanding internal control system.
    Understanding the evaluation of internal control systems through questioning, inspection, observation, flowcharts and other methods, based on a preliminary evaluation is the evaluation of the internal control system adequacy and compliance.
    41st compliance testing. Evaluation of compliance testing is to obtain evidence to prove in practice of internal control compliance, effectiveness and appropriateness is consistent implementation of relevant provisions in practice, control measures can be used to control, and control measures is appropriate.
    Compliance testing can be divided into two forms: (a) operational tests, which test your important business or typical business and dealt with in accordance with the operational procedures for checking to confirm that the control point for compliance and earnest implementation to determine whether internal control compliance.
    (B) the functional test, on a specific aspect of a control, select several periods of similar checks confirm that the control measures are consistent or ongoing work.
    Compliance testing methods include sampling, through tests, examination of evidence and stress testing methods.
    42nd test sample. Sample depends on the rating agencies or evaluation of project risks, operating frequency, importance, etc.
    According to business based on frequency sampling, combined with the evaluation of project risks and the importance of adjusting.
    According to the reference standard of business determines the frequency of sampling is as follows: (a) once a month business or events, the sample volume should be between 2-6.
    (B) performed weekly, business or events, the sample volume should be between 4-10.
    (C) once daily business or events, the sample volume should be between 10-25.
    (D) performed several times daily business or events, below the total of 10,000, the sample volume should be between 25-50 full year more than 10,000 times, sampling should be maintained above 50.
    43rd of the indicator analysis.
    Evaluation of internal control should be collected information on outcome indicators, analysis of trends in verification, analysis and, thereby to the achievement of the objectives of internal control evaluation. Chapter fifth scoring standards and internal control assessment scoring system rated 44th.
    Process and results of the internal control sets a certain standard scores and determined according to the evaluation scores were evaluating the internal control levels. 45th internal control evaluation standard of 500 points, of which:-100 internal control environment, risk identification and assessment of 100 points, internal control measures 100 points, 100 points of information exchange and feedback, supervision evaluation and correction of 100 points.
    These five parts total evaluation score divided by 5, get the process evaluation of the actual score. 46th when internal control evaluation, in accordance with the requirements of chapter content, combined with the four aspects of the article eighth, converted to specific evaluation questions and the project being evaluated according to test scores.
    47th article of the initial implementation of internal control evaluation, are accountable for all operational and management activities and support activities were evaluated. Again, evaluation, should at least include: credit business, fund business, deposit and counter operation, major business, financial, accounting, management, computer information systems, and so on.
    Other activities in each evaluation cycle again three times to be covered at least once.
    48th specific scoring criteria of the evaluation of the internal control process is as follows: (a) evaluation procedure and risks have been fully identified, the score can be 20%.
    (B) meet on the basis of the foregoing paragraph, evaluated the project's process and risk control measures are prescribed and follow requirements, available the score of 30%.
    (C) meet on the basis of the first two, evaluated the project's provisions are implemented and maintained, then the score of 30%.
    (D) meets the first three items on the basis of projects being evaluated in terms of risk control results, effective and appropriate control measures, then the score of 20%. 49th in the testing process in the event of an operational deficiency or problem "not applicable", the scores in the evaluation of projects involved total score should be deducted.
In order to maintain comparability, in coming to remaining apply after the score, the total scores of the evaluation projects should also be adjusted.
    All applicable project score adjusted rate = total score =------------------x100 total total =tbl/>-n project evaluation project item scores subtotal and total scores have a decimal rounding.
    50th article if involves need take sampling test determine evaluation conclusion of, should according to following situation determine: (a) if in sampling range within not found violations, the items evaluation have full marks; in sampling range within, found two items above violations (containing two items), the items evaluation not scored; only found a items violations of, should expanded 1 time times sampling, in expanded sampling range within not found new of violations of, can have the evaluation project score of 50%, in expanded sampling range within and found new of violations of, the evaluation project not scored.
    (B) the finding of danger or accident, deduct scores for this evaluation project. 51st result evaluation of internal controls. Evaluation results evaluation mainly the implementation of internal control objectives, quantitative evaluation of these indicators can be carried out by way of off-site. Ten indicators for results evaluation mainly included: capital profit margin, return on assets, the cost/income ratio, large risk concentration index, related-party transactions index, asset quality indicators, bad loan provisioning coverage ratio, capital adequacy, liquidity index, case indicators, indicators and controls, see Appendix.
    Results of internal control evaluation standard score of 500 points, converted mark is just the actual score.
    CBRC according to overall risk situation, the focus of work of the economic and financial situation and the China Banking Regulatory Commission, Supplement, modify or adjust the assessment index and standard scores. 52nd according to the process evaluation and outcome evaluation determine the internal control system of total.
    Among them, the process evaluation of the weight of 70%, results evaluating the weight of 30%, two score and total evaluation score is obtained. 53rd composite based on scores determine the ratings of the evaluation of the internal control system should be scoring criteria on evaluating internal control projects deal with scores to determine ratings. Grading criteria: level: comprehensive scoring 90 points or more (90 minutes).
    Means the rating agency has a sound system of internal control, in all aspects of the effective implementation of internal control measures, can effectively identify and control all risks, without any blind spots of risk control, control measures, and business results. Level II: comprehensive score of 80-89 points.
    Means the rating agency's internal control system is sound, each link can be used to implement internal control measures, to identify and control the major risk, suitable control measures, business is better. Three levels: the comprehensive score of 70-79 points.
    Means the rating agencies ' internal control systems, although we have established most of the internal control, but the lack of systematic and continuous, in the implementation of internal control measures has long been the lack of compliance, there are a small number of major risks, operating a general effect. Grade: a comprehensive score of 60-69 points.
    Poor evaluation of internal control systems, internal control system is not perfect or important internal control measures are not implemented or invalid, there are significant problems in the management of, and business security. Level five: comprehensive scoring 60 points or less (not including 60 minutes).
    Evaluating internal control system is very poor, there is a serious lack of internal control system internal control measures or is invalid, there is an obvious loophole, operating out of control, there are significant financial risks.
    Above also applies to the individual rating, individual ratings are mainly used for comparative analysis.
    54th, if negligently by rating agencies during the evaluation period, should be on the basis of the rating by one level.
    Major accident includes: (a) due to improper safety measures, and financial fraud, theft, robbery, explosion and other, causing a significant impact or loss.
    (B) the events runs due to poor management.
    (C) business system failure, resulting in a significant impact or loss.
    (D) confirmed significant petition event.
    Internal control system of the 55th consecutive in three institutions of any improvement in the evaluation period, the level of internal control evaluation should properly cut.
    Sixth chapter organization and internal control evaluation in accordance with article 56th "unified leadership and management" principle.
    57th articles under the scope of the evaluation, the evaluation of internal control can be divided into the following levels: (a) the CBRC and its local institutions on corporate commercial bank's overall performance, in principle once every two years.
    (B) the CBRC and its local institutions the evaluation of commercial bank's headquarters, in principle once every two years.
    (C) the CBRC and its local agencies to bank branches at different levels of evaluation every three years an evaluation cycle, covering at least one-third per year branch, must cover all branches within three years.
    58th article should be based on risk and the importance of internal control of commercial banks and their branches the frequency and scope of the evaluation, management of major change, when commercial banks a major acquisition or disposal, major changes on the operations or financial information handling changes, and so on, or the CBRC considers it necessary, should overall evaluation of the internal control of commercial banks. 59th CBRC Commercial Bank Corporation overall evaluation, headquarters to the overall evaluation score of 60%, branches average rating to the overall evaluation score of 40% into a final rating results.
    Among them, the first overall evaluation, the head office and all branches should be overwritten; whole again when the branches shall take at least one-third.
    CBRC commercial bank branches in the various agencies on their internal control evaluation can be carried out, mutatis mutandis.
    60th the CBRC and its local agencies should collect, analyzed and understood by evaluating non-spot supervision of the submitted data, National Audit Department audits and evaluations the internal audit information, full use of regulators are evaluating a variety of field test results.
    The 61st article CBRC or its agency is price improvement of internal control system for follow-up, order a review found against breaches or risk corrective action, and to rectify the situation and verify the validity.
    62nd internal control evaluation phases involve about records, forms, evaluation reports, and tracking relevant information should be verified as regulation archive for safekeeping. 63rd CBRC required to entrust an external agency to evaluate the internal control system of commercial banks. Trustee agencies and personnel must be familiar with the operation and functioning of commercial banks, have experience with establishment or evaluation of commercial bank's internal control system.
    When the agency employment agency, must be reported to the approval of the China Banking Regulatory Commission.
    Entrusted Agency of commercial bank's internal control evaluation shall comply with the measures.
    Seventh chapter penalty 64th the CBRC according to rating results of evaluations as reflected in the report, evaluation of internal control system of the nature and extent of the problem, can be taken one or more of the following measures: (a) the appointment was first in charge or the Director of the rating agencies.
    (B) on the evaluation of internal control system problems may lead to the risk of, tips and warnings to evaluation agencies.
    (C) require rating agencies to problems of rectification of the internal control system.
    (D) increase the on-site inspections and frequency.
    (E) the proposed management changes.
    (F) cancellation of personnel qualifications for certain term or life banking.
    (VII) be ordered to rectify or suspending business.
    (H) delays approve or refuse the establishment of branches, the introduction of new business applications.
    65th found violations, violations of internal control evaluation, should be based on the relevant provisions, take appropriate sanctions. 66th article without approval or permission, no unit or individual may not release evaluation of the internal control system of grading results.
    Where the grading results announced without authorization, shall be investigated for responsibility of the persons concerned.
    Eighth chapter supplementary articles article 67th this approach relates to the important terms are explained in the following: (a) the system: a set of interrelated or interacting elements. (B) documents: information and its supporting medium.
    Media can be paper, computer disk, CD or other electronic media, or a combination thereof. (C) the procedures for carrying out an activity or a process under way.
    Procedures can be documented or not documented; when the procedure file, commonly referred to as written procedures. (Iv) risks related to: and in terms of risk and its control of commercial banks are interested individuals or groups.
    Risks include risks associated direct and indirect stakeholders, such as investors, customers or employees of commercial banks, such as regulatory bodies.
    (E) internal control performance: according to the policies and objectives of internal control, in terms of controlling risk achieved measurable results (performance measurement, including internal control activities and results of measurements).
    (F) accidents: damage caused by unexpected events.
    (G) danger: events that might lead to a loss.
    (H) violations: did not meet the stipulated requirements, which may be caused by ' subject, and possibly other objective reasons.
    (I) preventive measures: to eliminate potential violations, emergency measures taken or the cause of the accident.
    (J) the corrective measures: to eliminate discovered violations, emergency measures taken and the cause of the accident.
    68th commercial banks should be in accordance with the measures to develop appropriate rules for their implementation and report to the CBRC or its agency of record. 69th article this regulation is applicable in the People's Republic of China legally established in the territory of the State-owned commercial banks, joint-stock commercial banks, foreign banks, city commercial banks, rural commercial banks and rural cooperative banks and postal savings institutions.
    Policy banks and rural credit cooperatives and non-bank financial institutions, the evaluation can be performed in accordance with the measures.
    70th article does not carry out shareholding commercial banks, cooperative banks and postal savings institutions, policy banks and rural credit cooperatives and non-bank financial institutions, senior management should be responsible for the internal control system set up, maintain, and improve, and independent decision making, monitoring and enforcement responsibilities and authority.
    71st article of the approach by the banking regulator is responsible for the interpretation and amendment. 72nd these measures shall come into force on February 1, 2005.