Group 1 - The company has established internal control defect recognition standards to enhance its internal control system and ensure effective evaluation of internal controls [1][2] - Internal control defects are categorized into design defects and operational defects based on their causes [1][2] - The severity of internal control defects is classified into major defects, important defects, and general defects, with major defects leading to a conclusion of ineffective internal control [1][2] Group 2 - Financial reporting internal control defects are defined as those that cannot reasonably ensure the reliability of financial reports, with a combination of qualitative and quantitative methods used for classification [2][3] - Major financial reporting defects are identified when misstatements exceed 1% of revenue or total assets, while important defects are identified when misstatements are below these thresholds but still significant [2][3] - Non-financial reporting internal control defects are assessed based on the severity of the business nature involved and the potential negative impact on various objectives [2][4] Group 3 - Major non-financial reporting defects are defined as those causing direct financial losses of 10 million RMB or more, while important defects range from 500,000 to 10 million RMB [3][4] - General defects are classified as those below 500,000 RMB and do not fall into the major or important categories [4]

Core Viewpoint - The internal control defect recognition standards of Hangzhou Tianmu Mountain Pharmaceutical Co., Ltd. aim to ensure the establishment and effective execution of internal control systems, enhancing operational management and risk prevention capabilities, and promoting standardized operations and healthy development of the company [2]. Summary by Sections General Principles - The standards are formulated based on relevant regulations, considering the company's operational scale, industry characteristics, risk levels, and significance [2]. Classification of Internal Control Defects - Internal control defects are categorized into design defects and operational defects: - Design defects refer to the absence of necessary controls or inappropriate design that hinders achieving control objectives [3]. - Operational defects refer to effective designs that fail to operate as intended due to improper execution or lack of necessary authority or competence [3]. Severity of Internal Control Defects - Defects are classified based on their severity: - Major defects can severely impact the effectiveness of internal controls, leading to significant deviations from control objectives [3]. - Important defects are less severe but still warrant attention from the board and management [3]. - General defects encompass all other defects not classified as major or important [3]. Overall Recognition Standards for Internal Control Defects - Defects are further divided into financial reporting defects and non-financial reporting defects, with recognition standards developed based on qualitative and quantitative considerations [4]. Financial Reporting Internal Control Defect Recognition Standards - Specific quantitative thresholds are established for recognizing defects based on potential misstatements in total assets and pre-tax profits: - Major defects are recognized if potential misstatements exceed 0.5% of total assets or 5% of pre-tax profits [5][6]. - Important and general defects have lower thresholds for recognition [5][6]. Non-Financial Reporting Internal Control Defect Recognition Standards - Non-financial reporting defects are recognized based on direct property losses and penalties from government authorities, with specific monetary thresholds set for major, important, and general defects [7]. Additional Considerations - The recognition of internal control defects also considers the risk accumulation effect of defect combinations and the mitigating effects of certain controls [7]. - The financial indicators used for quantitative standards are based on the company's most recent audited consolidated financial data [7]. - The company must reassess and revise the recognition standards if there are significant changes in operational conditions or financial metrics [7]. Applicability and Governance - These standards apply to the company and its subsidiaries, with the board of directors responsible for their formulation, revision, and interpretation [7].

Core Viewpoint - The company has established internal control defect recognition standards to enhance its internal control system, ensuring effective evaluation and compliance with relevant regulations [1][2][3]. Group 1: Internal Control Defect Classification - Internal control defects are categorized into design defects and operational defects based on their causes [1]. - Defects are further classified into major defects, important defects, and general defects according to their severity and impact on internal control objectives [1][2]. Group 2: Financial Reporting Internal Control Defects - Financial reporting internal control defects are defined as those that compromise the reliability of financial reports [2]. - Major defects are identified when the misstatement amount is equal to or greater than 2% of total revenue, while important defects range from 1% to less than 2%, and general defects are less than 1% [2]. Group 3: Non-Financial Reporting Internal Control Defects - Non-financial reporting internal control defects are classified based on the severity of the business nature involved and the potential negative impact [3][4]. - Major defects result in property losses equal to or greater than 1% of total assets, important defects range from 0.5% to less than 1%, and general defects are less than 0.5% [4].