Completing the control environment for administrators to be fully aware of
the importance of the internal control system from which they always pay due
attention to the design and operation of regulations, policies, steps, and control
procedures at every stage, every level, every part of the bank. In particular, the
Board of Directors needs to be aware of the control environment that has a
pervasive effect on all activities in the organization, impacts on behaviors and
consciousness of its members, is influenced by cultural factors and history. The
control environment will be the foundation for the construction of the remaining
components of internal control. The improvement of the basic elements of the
control environment in commercial banks focuses on such issues as strengthening
the communication on the enforcement of integrity and ethical values; Develop
commitment policies on capacity; Building credibility, management philosophy,
and executive style of the Board of Directors; Improving personnel policies
27 trang |
Chia sẻ: honganh20 | Ngày: 07/03/2022 | Lượt xem: 388 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Internal control system in Vietnamese commercial banks, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
city.
8
1.3. Conclusion on research gaps
Through the author's overall research, there have been many studies on
internal control systems in different industries, fields, and units but there are still
gaps for the topic to continue researching and exploiting. can:
Regarding the content: According to the author's overall research, from a
theoretical research perspective, most of the topics approach to internal control
systems under the perspective of corporate governance within a Sector, a
Ministry, or a Corporation. ... but has not mentioned the role of the State with the
function of macro-management, performing the management/supervision of
operations for enterprises in general and banks in particular.
Regarding the scope of research: According to the author's overall research,
there are very few general studies on the theory and practice of internal control
systems of commercial banks in the industry, especially approaching internal
control systems. with the important function of warning and preventing risks that
may occur in business activities of the banking industry.
From the above reasons, the author thinks that space for the author to study
the topic "Internal control in Vietnamese commercial banks" is completely
appropriate and necessary. The thesis focuses on studying the basic issues of
internal control systems in commercial banks; assess the status of the internal
control system in commercial banks in Vietnam from the perspective of state
management and the components of the internal control system itself; propose
solutions to perfect the internal control system in commercial banks in Vietnam.
Chapter 2
BASIC ISSUES ON INTERNAL CONTROL AND INTERNAL CONTROL
SYSTEM OF COMMERCIAL BANKS
2.1. Internal control
2.1.1. Control in management
2.1.1.1. The concept and role of control in governance
Control is a function that managers must perform, even though the results of
the work of all departments are achieved according to the set plan. To ensure
things are on track, managers must monitor and evaluate the results of their work.
Actual results must be compared with the goals established earlier for the manager
to take the necessary actions to ensure the organization is on track.
From different perspectives on control and identifying the role of control in
management, according to the author, a comprehensive understanding of control
can be understood as follows: Control is an important function of management.
done regularly in all aspects of operations and all levels of management within the
business. The ultimate goal of control is to make the business reach its highest
goal with the lowest cost and level of risk.
2.1.1.2. Classification of control
9
Control is classified according to the relationship of the controlling subject
with the controlling object; influence level, time of control, content, target, control
target.
2.1.2. Internal control
2.1.2.1. The history of development and the nature of internal control
According to COSO's definition of internal control: "Internal control is a
process, influenced by the board of directors, managers and employees of the unit,
designed to provide a consistent assurance. reason to achieve operational,
financial reporting and compliance goals "
From the different perspectives on internal control, in the author's opinion,
internal control is processes, measures, and methods set up by management and
other individuals in the unit to control all activities taking place. in the business as
well as preventing and dealing with risks that may occur during the operation of
the unit, to achieve the ultimate goal of ensuring that the business operates in the
right direction, business strategy. have set and sustainable development, achieving
the highest efficiency with the lowest level of risk.
2.1.2.2. Limitations of internal control
Stemming from the characteristics of internal control is to help provide a
reasonable guarantee for achieving the goals of the business. Therefore, internal
control systems, no matter how perfectly designed, cannot overcome inherent
limitations: Internal control only takes into account expected errors without taking
into account irregularities or irregularities; Errors caused by staff in designing
procedural control and performing tasks in the internal control system; Controls may
be disabled due to collusion; Due to the fault of the software features; The risk
depends entirely on the selection board; Limit on cost.
2.2. The internal control system in commercial banks
2.2.1. Overview of the internal control system in commercial banks
2.2.1.1. Concept and evaluation framework of the internal control system in
commercial banks
The internal control system is defined at Circular 13 of the State Bank:
"Internal control system is a set of mechanisms, policies, processes, internal
regulations, the organizational structure of commercial banks and branches.
foreign banks are built following the provisions of the Law on Credit Institutions,
this Circular, and relevant laws and are implemented to control, prevent, detect,
and handle in time. risk and achieve set requirements. Internal control system
implements supervision of senior management, internal control, risk management,
internal assessment of sufficient capital and internal audit "
The evaluation framework of the internal control system issued by COSO is
used not only in the US but also widely applied in many countries around the
world. Most of the banks in the countries have applied the unified framework for
internal control according to COSO to evaluate the internal control system. Based
on the internal control framework of the COSO, the Basel Committee has issued a
10
framework for internal control, which serves as a guide for the establishment and
evaluation of internal control systems in banks, especially those that comply with
Basel. ..
2.2.1.2. Roles and objectives of the internal control system in commercial banks
The internal control system plays a very important role in the operation of
the bank. Because the operation of the internal control system is an integral part of
the daily activities of the bank. The internal control system is organized regularly
and continuously to ensure that all operational processes of the bank are
implemented under the laws, safety, and efficiency.
2.2.1.3. Basic principles of the internal control system in commercial banks
The internal control system is associated with the responsibilities and powers
of all departments, processes, operations, and every employee in a unit. It is
designed by business administrators. An internal control system is considered to
promote wellness, it should follow 5 basic principles: ensure validity; ensure
efficiency; ensure completeness and comprehensiveness; ensure the rationality;
Ensure timeliness.
2.2.2. Components of the internal control system in commercial banks
2.2.2.1. Environment controlled
According to the COSO Report, "The control environment reflects the
general nuance of an organization, affecting the consciousness of everyone in the unit,
which is the foundation for other parts of the system". The control environment includes
management and management functions, perceptions, and actions of the Management
Board and the Board of Directors related to internal control of the operation of the
entity. The control environment reflects the character of the entity, influenced by the
consciousness of the people within the organization.
2.2.2.2. Risk assessment process
The risk assessment process will help identify and analyze the risks to the
implementation of the entity's goals from which to design control procedures -
which is considered a key factor to promote. efficiency and performance of the
internal control system. The Bank not only sets the desired goals to achieve but
also understands the risks encountered in the implementation process. The risk
assessment process is carried out through the following steps: Determining goals;
Identify risks; Analyze and assess risks; Decide on appropriate actions for such
risks.
2.2.2.3. Operation control
According to COSO 2005, the control activities are the supporting policies
and procedures to ensure the direction of managers. The objective of the control
activities is to ensure that the directions of the Board of Directors are followed.
Control activity appears throughout the organization, at all levels, and in all
functions. Control exists at all levels of governance within the bank, including
general control related to multiple control objectives and specific control activities
that focus on each objective.
11
2.2.2.4. Information system and information exchange
The information and information exchange system creates a report, containing
information necessary for the management and control of the unit. The necessary
information must be identified and collected and exchanged within the unit to help
people perform their duties. The information and information exchange system includes
an overall system related to the processing, storage, and provision of information within
the unit and contributes to the connection with other components in the internal control
system.
2.2.2.5. Monitoring
Monitoring of controls is the process of assessing the performance of internal
control systems in each period, to ensure that the internal control system is always
operating effectively, promptly detecting the defects of the internal control system
and taking measures. remedy as soon as possible. Monitoring includes regular and
periodic monitoring, evaluation of internal control systems, and reporting of
system limitations.
2.2.3. Internal control system and risk management in commercial banks
2.2.3.1. Risks and risk management in the bank
Risk is associated with any business in the process of operation. Risks are
things that happen unexpectedly and bring bad consequences. There are many different
ways of defining risks, the author approaches the State Bank's definition of risks "Risk is
the possibility of losses (financial losses, non-financial losses) that reduce income and
capital. own capital has led to a reduction in capital adequacy ratio or restriction of
foreign bank branch's ability to achieve business objectives ". During its operation, the
bank may encounter the following significant risks:
Credit risk, operational risk, market risk, liquidity risk, interest rate risk on
the bank book
To minimize the losses and losses caused by risks to the bank and minimize
the adverse effects of risks, managers at all levels in the bank must conduct risk
management.
Figure 2.2: Risk management process of commercial banks
12
Source: Author complied
2.2.3.2. Internal control system and risk management in the bank
Internal control systems and bank risk management have a two-way
relationship, mutual interaction, and mutual support. This is shown by the internal
control system itself is built based on identifying and analyzing the risks that may
occur in the operation of the bank, and the internal control system is set up and
operated for purpose of preventing and minimizing possible risks, affecting the
implementation of the bank's objectives.
2.3. The influence of commercial bank characteristics on the internal
control system
2.3.1. Commercial banks and the requirements set out for the internal
control system
Commercial banks are a special type of business with the most complex
business operations in the economy. In essence, a commercial bank is a form of
financial intermediation standing between lenders and borrowers, the basic
operation of the bank is to borrow to lend and the object of the bank's transactions are
economic institutions and individuals. Therefore, the bank's business activities have
certain characteristics, thereby setting requirements for the design and operation of
internal control systems based on scale, potential risks, broad customer relationships.
and diversity, the scope of activities and interdependence are very large and the most
closely managed management agencies ...
2.3.2. Factors affecting internal control systems in commercial banks
The internal control system is understood not as a factor but rather as a
collection of elements of the same type that are closely related to achieve the set targets.
Therefore, to find out the factors affecting the design of internal control systems, the
author is based on the concept of "mixing" in Mikes's research.
Figure 2.3. Factors affecting internal control system
Source: Author complied
13
2.3.3. State management for the internal control system in commercial banks
Within the scope of the study, the author limits the subject of state
management to commercial banks as the SBV. Therefore, when researching the
state management of commercial banks on the internal control system, in the
aspect of management of the State Bank for internal control of the internal
banking system, including the following contents:
2.3.3.1 Building and maintaining the operation of internal control systems in
commercial banks
This is a mandatory requirement for commercial banks, whereby they must
build an internal control system that helps the General Director (Director) to
operate smoothly, safely, and lawfully all operations. Ensuring compliance with
the accounting and accounting regimes according to regulations and having an
internal information system on finance, operations, compliance situation in the
bank and economic situation, outside the market. management, reliability, and
timeliness to serve the management and effective operation
2.3.3.2. The internal control system in commercial banks must regularly self-
check and evaluate
To ensure the operation of the internal control system is effective and
effective, individuals and departments at all levels of the bank must regularly,
continuously inspect and self-inspect the implementation of internal regulations
and processes. related and must be responsible for the results of the performance
of assigned operations.
2.3.3.3. The operation of internal control systems in commercial banks must
be independently assessed
The independent evaluation of independent audits for the internal control system is
implemented following the State Bank's regulations on an independent audit of
commercial banks. To ensure the objectivity of the review and completion, the internal
control system of commercial banks must be independently evaluated by the provisions
of Clause 3, Article 40 of the Law on Credit Institutions.
2.3.3.4. Report the operation of the internal control system to the State
management agency
The State Bank manages the internal control system of commercial banks
through the reports of commercial banks. The report on the internal control system
must update the existing, limited, new risks arising from the internal control
system in all commercial banks (including parts at the head office, branches and
other dependent units of According to the State Bank's regulations on the
commercial bank's operation network, the report on the internal control system
includes: Annual report on the results of self-examination and evaluation of
internal control; about risk management, about the internal assessment of
sufficient capital, and internal audit.
14
2.4. International experience on the operation of internal control systems
in commercial banks and lessons learned for Vietnam
In the UK
The model of the internal control system is built based on practice, very
effective in risk management at banks in the UK such as Lloyds, Bank of England
... is a three-round defense model. The purpose of building this model is to better
manage risk and thereby increase shareholder's assets
In Thailand
The Thai banking system has been in operation for hundreds of years, however, it
was shaken during the Asian financial crisis in 1997-1998. Many commercial banks and
financial companies went bankrupt or were forced to merge. In this situation, Thai banks
must review the entire policy, manner, process of banking activities, especially internal
control activities in banks to minimize risks.
Conclusion for Chapter 2
In chapter 2, the author systematized and concretized the basic theoretical
issues about the internal control system. The components of the system are also
analyzed, synthesized, and generalized to clarify the nature of the internal control
system as an effective tool for managers to realize the goals of the internal control
system. specific bank:
- Systematize basic theoretical issues about internal control systems in
enterprises in general and banks in particular. Analysis of different views on the
internal control system, the role, position, objectives, principles, and five
components of the internal control system in commercial banks.
- Analyzing factors affecting the internal control system in commercial banks. The
thesis clarifies the influence of operational characteristics of commercial banks affecting
the design and operation of internal control systems while analyzing internal control
systems with risk management in commercial banks.
- Analysis of state management of the internal control system in commercial
banks, limited state management entity is the State Bank and state management of
internal control system in commercial banks, including 4 main contents.
- The thesis researches the experience of operating internal control systems
of banks in some countries around the world such as the United Kingdom,
Thailand, Singapore, from which draw lessons for the construction and operation
of internal control systems in banks. Vietnam commercial banks.
Chapter 3
CURRENT SITUATION OF INTERNAL CONTROL SYSTEM IN
VIETNAMESE COMMERCIAL BANKS
3.1. Operation of Vietnamese commercial banks and internal control
regulations in commercial banks
3.1.1. Overview of Vietnamese commercial banks
Vietnam's commercial banking system consists of three main banking
groups, namely state-owned commercial banks, joint-stock commercial banks, and
15
foreign commercial banks. Also, there are joint venture banks and representative
offices of foreign credit institutions. Vietnam's commercial banking system has
experienced rapid growth in both quantity and scale. From the beginning of 2013,
the Vietnamese commercial banking system has begun the restructuring process
under Project 254 / QD-TTG of Prime Minister.
Table 3.1: Number of Vietnamese commercial banks in the period of 2013-2018
Year State-owned
Comercial
banks
Private
Joint-stock
commercial
banks
Policy banks Foreign
Joint-venture
banks
Foreign banks Total
2013 5 33 2 4 5 49
2014 5 33 2 4 5 49
2015 7 28 2 3 5 45
2016 4 31 2 2 8 47
2017 4 31 2 2 9 48
2018 4 31 2 2 9 48
Source: Author complied from website https: //www.sbv.gov.vn
3.1.2. Regulations on internal control systems in Vietnamese commercial
banks
3.1.2.1. The internal control system was organized and operated by Decision
No. 03 / NHNN and the 1997 Law on Credit Institutions.
3.1.2.2. The internal control system was organized following the Law on
Credit Institutions 2004, Decision 36/2006 / QD-NHNN, and Decision 37/2006 /
QD-NHNN dated August 1, 2006, of the State Bank of Vietnam.
3.1.2.3. The internal control system was organized following the Law on
Credit Institutions 2010 and Circular 44/2011 / TT-NHNN dated December 29,
2011, of the State Bank of Vietnam.
3.1.2.4. The Internal Control system was organized following the Law on
Credit Institutions amended and effective from January 15, 2018, and Circular
No. 13/2018 / TT-NHNN dated May 18, 2018. from 1 January 2019
3.1.3. Material risks in commercial bank operations
Credit risk
In Vietnamese commercial banks, the credit risk has been quite complicated
in recent years, reflected in the increasing bad debts which are difficult to control in
the years before 2013. Since 2013 with the establishment of the Management
Company asset (VAMC), the bad debt of commercial banks is also gradually
controlled more effectively. Non-performing loans of commercial banks in the period
of 2013-2018 tended to decrease gradually from 3.6% in 2013 to 2.4 in 2018.
Operational risks
In recent years, operational risks have had quite complicated changes due to
ineffective internal control activities, in the context of the lack of synchronism and
incomplete legal corridor of banking operations. Due to the increasingly diverse
16
and complex conditions associated with the development of information
technology, the potential risks are higher for domestic commercial banks.
Market risks.
Interest rate risk: Because market interest rates have been quite complicated
in previous years, it not only affects commercial banks' capital mobilization and
lending activities but also causes disadvantages to the financial situation. loan
customers.
Exchange rate risk: In previous years, commercial banks all mobilized and
lent in foreign currencies, so the exchange rate risk was always potential.
Securities price risk: The price of securities - a tool held by commercial banks -
always has erratic happenings that cause negative impacts on commercial banks holding
large securities, and also cause risks. the risk with securities lending banks.
Payment risk
Liquidity in the market of commercial banks was relatively stable because
this was the period when the banking sector implemented restructuring so the
liquidity was always under control.
Centralized risk
This is the risk because commercial banks have business activities focusing
on one customer, partner, product, transaction, industry, economic field, currency
at a significant impact level. to the income, risk status according to internal
regulations of commercial banks.
Strategic risks
In the context of global and regional financial markets, there are always
unpredictable developments, requiring commercial banks to make correct
forecasts and have appropriate response scenarios for each situation. and specific
circumstances.
3.2. The situation of internal control systems in Vietnamese commercial banks
3.2.1. Actual state management of internal control system in commercial banks
As a state management agency for the operation of internal control systems
in commercial banks, the State Bank Inspection and Supervision Agency is
responsible for supervising the operation of internal control systems in
commercial banks and is the recipient of a report on the internal control system of
commercial banks following the provisions of the Circular 13 dated May 18,
2018, of the SBV on the Regulation on the internal control system of commercial
banks and foreign bank branches. This shows that the state management for the
operation of internal control systems in commercial banks has gradually been
completed. In particular, the reports of commercial banks reflected the current
situation of the internal control system of the bank, the reporting criteria have met
the requirements of state management agencies as prescribed in Circular 13.
3.2.2. The situation of internal control systems in Vietnamese commercial
banks
3.2.2.1. The real situation of controlled environment
17
The control environment includes internal and external factors that affect the
design and operation of internal control systems. Results of the survey of the
controlled environment are shown in the following table:
Table 3.3: Results of a controlled environment survey
Measurement Indicator Minimum Maximum Mean
Honestly and Ethical Behaviour for Board of
Management and Employees
1.00 5.00 3.62
Guarantee Capacity for Board of Management and
Employees
1.00 5.00 3.95
Participation of BoM 1.00 5.00 3.43
Management’s philosophy and và operating style
Management
1.00 5.00 3.06
Organization structure 1.00 5.00 4.18
Functional authority and Responsibility 1.00 5.00 3.75
Human resource Policy 1.00 5.00 3.85
3.2.2.2. The situation on the risk assessment process
Identifying and assessing risks will form the basis for the bank's leadership to
determine the risks that need to be managed and the level of risk tolerance to
ensure that the bank controls its significant risks and The risk does not affect the
operational objectives of the bank.
Table 3.4: Results of the survey on the risk assessment process
Measurement indicator Minimum Maximum Mean
Clear goals and focus on resource
Các file đính kèm theo tài liệu này:
- internal_control_system_in_vietnamese_commercial_banks.pdf