Corporate Governance

Huawei continued to design and implement an internal control system based on its organizational structure and operating model. The internal control framework and its management system apply to all business and financial processes of the company and its subsidiaries and business units. The internal control system is based on the five components of the COSO framework: Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring. It also covers internal controls of financial statements to ensure their truthfulness, integrity, and accuracy.

Control Environment

A control environment is the foundation of an internal control system. Huawei is committed to a corporate culture of integrity, business ethics, and compliance with laws and regulations. Huawei has issued the BCGs to identify acceptable business conduct. The BCGs must be observed by all employees, including senior executives. Regular training programs are offered, and all employees are requested to sign the BCGs to ensure that the BCGs have been read, understood, and observed.

Huawei has implemented a mature governance structure, with clearly defined authorization and accountability mechanisms. The governance structure comprises the BOD, its committees, group functions, and multi-level management teams.

Huawei clearly defines the roles and responsibilities of its organizations to ensure the effective separation of rights and responsibilities. The CFO of Huawei is in charge of internal controls. The business control department reports to the CFO for any possible defects and improvements already made in terms of internal controls, and assists the CFO in building the internal control environment. The internal audit department independently monitors and assesses the status of internal controls for all business operations.

Risk Assessment

Huawei has a department dedicated to internal controls and risk management to regularly assess risks to the company's global business processes. This department identifies, manages, and monitors significant risks, forecasts potential risks caused by changes to the internal and external environments, and submits risk management strategies along with risk mitigation measures for decision-making. All process owners are responsible for identifying, assessing, and managing business risks and taking necessary internal control measures. Huawei has instituted a mechanism for improving internal controls and risk controls to efficiently manage critical risks.

Control Activities

Huawei has established the Global Process Management System and the Business Transformation Management System, released the global BPA, and appointed GPOs in line with the BPA. Responsible for building processes and internal controls, GPOs:

• Identify key control points and the Separation of Duties Matrix for each process, and apply these to all regional offices, subsidiaries, and business units.
• Conduct monthly compliance tests on key control points and issue test reports to ensure continuous and effective monitoring of internal controls.
• Optimize processes and internal controls based on business pain points and key requirements for financial statements. The aim is to improve operating efficiency and financial results, ensure operational compliance and the accuracy and reliability of financial statements, and help achieve business objectives.
• Perform SACAs to assess the overall process design and the effectiveness of process execution by each business unit, and then report the results to the AC.

Information & Communication

Huawei has developed multi-dimensional information and communication channels to ensure the timely acquisition of external information from customers, suppliers, and other parties. It has also created formal channels for transferring internal information, and offered an online space, Xinsheng Community, for employees to freely communicate their thoughts and ideas. Corporate management holds regular meetings with departments at all levels to effectively communicate management orientation to employees and ensure effective implementation of management decisions.

All business policies and processes are available on the company's Intranet. Managers and process owners regularly organize training programs on business processes and internal controls to ensure that up-to-date information is made available to all employees. The company has established a mechanism for process owners at all levels to regularly communicate with each other, review the execution of internal controls, and follow up on internal control issues.

Monitoring

Huawei has established an internal complaint channel, an investigation mechanism, an anti-corruption mechanism, and an accountability system. The Agreement on Honesty and Integrity that Huawei has signed with its suppliers clearly stipulates that suppliers may report improper conduct by Huawei employees through the channels stipulated in the Agreement to assist the company in monitoring the integrity of its employees. The internal audit department independently assesses the overall status of the company's internal controls, investigates any suspected violations of the BCGs, and reports the audit and investigation results to the AC and senior management.

Huawei has also implemented a mechanism for internal control appraisals of GPOs and regional managers, as well as their accountability and impeachment when and where necessary. The AC and the CFO regularly review the company's internal control status, and receive reports on action plans for improving internal controls, if necessary, and on plan execution progress. Both have the authority to request the relevant GPOs or business executives to explain their internal control issues and take corrective actions. The AC and the CFO may also need to submit their proposals to the HRC for disciplinary action or impeachment.