Verification Opinion on the 2025 Internal Control Self-Assessment Report of Sangfor Technologies Inc. by CITIC Construction Investment Securities Co., Ltd.
CITIC Construction Investment Securities Co., Ltd. (hereinafter referred to as "CITIC Construction Investment" or "Sponsor") is the sponsor for Sangfor Technologies Inc. (hereinafter referred to as "Sangfor" or "Company") in its issuance and listing of convertible corporate bonds on the Growth Enterprise Market to unspecified objects. In accordance with the "Regulations on the Management of Securities Issuance and Listing Sponsorship Business" and other relevant laws, regulations, and normative documents, CITIC Construction Investment conducted a verification of Sangfor's 2025 Internal Control Assessment Report. The specific circumstances are as follows:
1. Verification of the Company's 2025 Internal Control Assessment Report
The sponsor representative of CITIC Construction Investment carefully reviewed the "2025 Internal Control Assessment Report." Through inquiries with the company's directors, senior management, internal auditors, and external audit institutions, as well as reviewing documents from the shareholders' meeting, board meetings, and various business and management regulations, the integrity, reasonableness, effectiveness, and the authenticity and objectivity of the "2025 Internal Control Assessment Report" were verified from aspects such as Sangfor's internal control environment, internal control system construction, and implementation.
2. Evaluation of the Effectiveness of the Company's Internal Control System
(1) Conclusion of Internal Control Assessment
Based on the identification of significant defects in the internal control of financial reporting, as of the benchmark date, the company has no significant or important defects in financial reporting internal controls. The board believes that the company has maintained effective financial reporting internal controls in all significant aspects in accordance with the requirements of the enterprise internal control normative system and relevant regulations. Based on the identification of significant defects in non-financial reporting internal controls, as of the benchmark date, the company has not discovered significant or important defects in non-financial reporting internal controls. No factors affecting the effectiveness evaluation of internal controls have arisen between the benchmark date and the issuance date of this internal control assessment report.
(2) Scope of Internal Control Assessment
The company determined the main units, businesses, and high-risk areas included in the assessment scope based on a risk-oriented principle. The main units included in the assessment scope comprise the company and its subsidiaries. The total assets of the included units account for 100% of the total assets in the consolidated financial statements, and the total operating income accounts for 100% of the total operating income in the consolidated financial statements. The main businesses and matters included in the assessment scope encompass: organizational structure, development strategy, human resources, social responsibility, corporate culture, capital activities, procurement, asset management, sales, research and development, engineering projects, financial reporting, contract management, information systems, related party transactions, fundraising, information disclosure, guarantee business, and management of controlling subsidiaries.