2019 Annual Report (^157)
for any possible defects and improvements already
made in terms of internal controls, and assists the
CFO in building the internal control environment. The
internal audit department independently monitors and
assesses the status of internal controls for all business
operations.
Risk Assessment
Huawei has a department dedicated to internal
controls and risk management to regularly assess
risks to the company’s global business processes.
This department identifies, manages, and monitors
significant risks, forecasts potential risks caused by
changes to the internal and external environments, and
submits risk management strategies along with risk
mitigation measures for decision making. All process
owners are responsible for identifying, assessing, and
managing business risks and taking necessary internal
control measures. Huawei has instituted a mechanism
for improving internal controls and risk controls to
efficiently manage critical risks.
Control Activities
Huawei has established the Global Process
Management System and the Business Transformation
Management System, released the global Business
Process Architecture (BPA), and appointed Global
Process Owners (GPOs) in line with the BPA.
Responsible for building processes and internal
controls, GPOs:
■ Identify key control points and the Separation of
Duties Matrix for each process, and apply these to
all regional offices, subsidiaries, and BUs.
■ Conduct monthly compliance tests on key control
points and issue test reports to ensure the
effectiveness of internal controls is continuously
monitored.
■ Optimize processes and internal controls based
on business pain points and key requirements
for financial statements. The aim is to improve
operating efficiency and financial results, ensure
compliance and the accuracy and reliability of
financial statements, and help achieve business
objectives.
■ Perform annual assessments of internal controls,
comprehensively assess overall process design and
process execution within each business unit, and
then report the results to the Audit Committee
(AC).
Information & Communication
Huawei has developed multi-dimensional information
and communication channels to ensure the timely
acquisition of external information from customers,
suppliers, and other parties. It has also created formal
channels for transferring internal information, and
offered an online space, the Xinsheng Community,
for employees to freely communicate their thoughts
and ideas. Corporate management holds regular
meetings with departments at all levels to effectively
communicate management orientation to employees
and ensure effective implementation of management
decisions. All business policies and processes are
available on the company’s Intranet.
Managers and process owners regularly organize
training programs on business processes and internal
controls to ensure that up-to-date information is
made available to all employees. The company has
established a mechanism for process owners at all
levels to regularly communicate with each other,
review the execution of internal controls, follow up on
internal control issues, and implement improvement
plans.
Monitoring
Huawei has established an internal complaint channel,
an investigation mechanism, an anti-corruption
mechanism, and an accountability system. The
Agreement on Honesty and Integrity that Huawei
has signed with its suppliers clearly stipulates that
suppliers may report improper conduct by Huawei
employees through the channels stipulated in the
Agreement to assist the company in monitoring
the integrity of its employees. The internal audit
department independently assesses the overall status
of the company’s internal controls, investigates
any suspected violations of the BCGs, and reports
the audit and investigation results to the AC and
senior management. Huawei has also implemented
a mechanism for internal control appraisals of GPOs
and regional managers, holding them accountable and
pursuing impeachment when and where necessary.
The AC and the CFO regularly review the company’s
internal control status, and listen to and review reports
on action plans for improving internal controls and
plan execution progress. Both have the authority to
request the relevant GPOs or business executives to
explain their internal control issues and take corrective
actions.
coco
(coco)
#1