Group 1 - The company has established internal control defect recognition standards to enhance its internal control system and ensure effective evaluation of internal controls [1][2] - Internal control defects are categorized into design defects and operational defects based on their causes [1][2] - The severity of internal control defects is classified into major defects, important defects, and general defects, with major defects leading to a conclusion of ineffective internal control [1][2] Group 2 - Financial reporting internal control defects are defined as those that cannot reasonably ensure the reliability of financial reports, with a combination of qualitative and quantitative methods used for classification [2][3] - Major financial reporting defects are identified when misstatements exceed 1% of revenue or total assets, while important defects are identified when misstatements are below these thresholds but still significant [2][3] - Non-financial reporting internal control defects are assessed based on the severity of the business nature involved and the potential negative impact on various objectives [2][4] Group 3 - Major non-financial reporting defects are defined as those causing direct financial losses of 10 million RMB or more, while important defects range from 500,000 to 10 million RMB [3][4] - General defects are classified as those below 500,000 RMB and do not fall into the major or important categories [4]

杭州天目山药业股份有限公司内部控制缺陷认定标准 杭州天目山药业股份有限公司 内部控制缺陷认定标准 （2025 年 8 月修订） 第一章 总则 杭州天目山药业股份有限公司内部控制缺陷认定标准 企业内部控制的有效性，进而导致企业严重偏离控制目标。当存在任 何一个或多个内部控制重大缺陷时，应当在内部控制评价报告中作出 内部控制无效的结论。 （二）重要缺陷：指一个或多个控制缺陷的组合，其严重程度和 经济后果低于重大缺陷，但仍有可能导致企业偏离控制目标。重要缺 陷的严重程度低于重大缺陷，不会严重危及内部控制的整体有效性， 但也应当引起董事会和管理层的充分关注。 第一条 为保证杭州天目山药业股份有限公司（以下简称公司） 内部控制制度的建立健全和有效执行，提高公司的经营管理水平和风 险防范能力，促进公司规范运作和健康发展，根据《公开发行证券的 公司信息披露编报规则第 21 号-年度内部控制评价报告的一般规定》 《企业内部控制基本规范》《企业内部控制评价指引》及其配套指引 的有关规定，结合公司经营规模、行业特点、风险水平和重要性等因 素，制定本认定标准。 第二章 内部控制缺陷的分类 第三条 按照内部控制缺陷的成因或来源，公司 ...

Core Viewpoint - The company has established internal control defect recognition standards to enhance its internal control system, ensuring effective evaluation and compliance with relevant regulations [1][2][3]. Group 1: Internal Control Defect Classification - Internal control defects are categorized into design defects and operational defects based on their causes [1]. - Defects are further classified into major defects, important defects, and general defects according to their severity and impact on internal control objectives [1][2]. Group 2: Financial Reporting Internal Control Defects - Financial reporting internal control defects are defined as those that compromise the reliability of financial reports [2]. - Major defects are identified when the misstatement amount is equal to or greater than 2% of total revenue, while important defects range from 1% to less than 2%, and general defects are less than 1% [2]. Group 3: Non-Financial Reporting Internal Control Defects - Non-financial reporting internal control defects are classified based on the severity of the business nature involved and the potential negative impact [3][4]. - Major defects result in property losses equal to or greater than 1% of total assets, important defects range from 0.5% to less than 1%, and general defects are less than 0.5% [4].