FINAL REPORT

Internal Auditing

Based on the course’s material and your own understanding,

do research and out how major banks in Vietnam have
implemented internal controls as tools for risk prevention
and/or performance improvement. What are the limitations
for those institutions?

Lecturer : MA. Ngo Tri Trung

Class : AC2015D&E
Program : Analyzing, Accounting and Auditing
Group : 2

Ha Noi, 17th May 2019

 GROUP MEMBERS

1. Bùi Thị Thùy Linh

2. Đặng Khánh Linh

3. Hoàng Thị Phương Linh

4. Ngô Thanh Tùng

5. Trịnh Thị Trang

6. Nguyễn Thị Khánh Huyền

7. Vũ Phương Thảo
Contents
I. INTRODUCTION:..................................................................................................................................1
II. THE IMPLEMENTATION INTERNAL CONTROL OF CREDIT ACTIVITIES OF SOME MAJOR BANKS IN
VIETNAM:....................................................................................................................................................3
1. Joint Stock Commercial Bank for Investment and Development of Vietnam (BIDV):.......................3
2. Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietinbank):.................................12
III. LIMITATIONS OF INTERNAL AUDIT ING BANKS:..............................................................................18
IV. SUGGESTIONS................................................................................................................................19
V. References.........................................................................................................................................20

Figures
Figure 1- BIDV's organizational structure....................................................................................................3
Figure 2- Internal control activities of credit activities at BIDV...................................................................5
Figure 3- The process of collecting and storing credit activity information.................................................6
Figure 4- Internal audit model....................................................................................................................8
Figure 5- Vietinbank's organzational structure.........................................................................................12
Figure 6- Organizational structure of branches under Vietinbank............................................................13
I. INTRODUCTION:
All enterprises aim to perform effectively, manage the business risks,
comply with laws and regulations, and prepare reliable financial statements.
However, during the operations, they expose to the potential risk of not
achieving these objectives due to weaknesses of managers, staff or a third
person that cause risks and reduce their performance. Building IC is one of the
solutions to evaluate and manage risks, improve performance effectiveness and
achieve business objectives. In recent years, the commercial bank system in
Vietnam has considerably developed in term of asset size, branch-office system,
products and services, and the information technology system. However,
besides growth in size and profit, the bank system is facing many limits,
weaknesses and has potential risks. While the banking system tends to expand
in size, its performance is unstable, and lots of risks arise and need to be
resolved like bad debt, potential bankruptcy of banks. One of the urging
strategic solutions is to establish and upgrade IC of commercial banks
(Podpiera, R., 2006). IC becomes an important self-defense system against
risks, which enhances effectiveness of banks’ performance. Moreover, the State
Bank of Vietnam (SBV) sets the tightening risk management requirements as
Circular 36/2014/TT-NHNN and Circular 06/2016/TT-NHNN on safety limits
and prudential ratios in the operation of banks, Circular 02/2013/TT-NHNN and
Circular 09/2014/TT-NHNN on loan classification and provision, which had
certain impacts on the overall business results of local banks if effective
management measures were not comprehensive employed. The issuance of
Circular 41/2016/TT-NHNN by the SBV regulating the capital adequacy ratio
according to Basel II (standardized method). To reduce this negative impact of
these risks, Vietnam’s banks should combine many resolutions to manage
effectively such risks.

The Committee of Sponsoring Organizations (COSO) of the Tread way

Commission’ s Internal Control-- Integrated Framework is an example of one
such method that many banks have found to be useful. The COSO framework
includes five internal control elements. These elements can be tailored based on
the size and complexity of the bank.

1
- Control Environment – The board of directors and senior managers are
responsible for identifying the bank’s key business strategies, objectives,
and goals. Board members should tailor the control framework to
influence the bank’s philosophy, culture, and ethics with the goal of
establishing and maintaining an appropriate control environment.
- Risk Assessment – The board of directors and senior managers should
timely assess the risks at the entity level as well as the risks inherent in
the activities and processes managed. After identifying the risks, the
board of directors and senior managers should determine the bank’s risk
tolerance and establish risk measurement practices that are appropriate
for their organization.
- Control Activities – Control activities can consist of a mix of
preventative and detective controls and can be manual or automated.
Control activities are performed at all levels of the entity, at various
stages within business processes, and across the technology environment.
As risk exposures change, management should determine whether new
and/or altered control activities are needed to manage the level of risk.
- Information and Communication – Information required to successfully
achieve the organization's control objectives should typically be stored in
a management information system and disseminated to bank personnel as
appropriate in a timely manner. Sensitive information also needs to be
protected and controlled.
- Monitoring Activities – Monitoring of controls is often carried out within
the business lines and by the audit function. Results of business line self-
assessments and audit reviews should be communicated to the board and
senior management in a timely manner. However, some smaller banks do
not have an independent internal audit department. If a bank does not
have an internal audit department, the bank should ensure appropriate
review activities are built into operations, are ongoing, and are performed
relative to the nature and scope of its activities. In addition to assessing
the effectiveness of controls, monitoring activities often help institutions
identify and manage areas with higher risk. For example, periodic fair
lending assessments of loan denials and comparative file reviews are
important to assist institutions in identifying, managing, and controlling
their fair lending risk.

2
II. THE IMPLEMENTATION INTERNAL CONTROL OF CREDIT
ACTIVITIES OF SOME MAJOR BANKS IN VIETNAM:

1. Joint Stock Commercial Bank for Investment and Development of

Vietnam (BIDV):

1.1Current status of internal control of credit activities at BIDV:

a. Control environment:
- The Board of Directors of BIDV is aware of the importance of credit
activities for the bank's survival and the need to manage and control credit
risks. BIDV has organized an internal audit and internal control according to
the regulations of the State Bank and the bank's management requirements.
Senior managers uphold the principles of banking business respect the law
and the necessity of building a risk management model suitable to BIDV's
operation characteristics. At the same time unified the sense of compliance
laws and respect business ethics rules throughout all levels management,
management of the bank.
- The organizational model of implementing credit control shows the effort to
achieve transparency, completeness and professionalism, with the depth of
the parts in the approval apparatus:

Figure 1- BIDV's organizational structure

- At BIDV, the credit granting process for customers is carried out in the
sequence of steps including: Credit proposal; Credit risk assessment; Credit

3
 approval; signing a credit contract and accounting for disbursement /
guarantee issuance.
- The Executive Board determines that the control culture is an essential
component of the internal control system and makes an important
contribution to ensuring an effective internal control system of the Bank.
b. Risk assessment:
- BIDV has established a Risk Management Committee, including a Credit
Risk Management Division, which specializes in dealing with issues, related
to risk management in credit activities. The tasks undertaken by the Risk
Management Committee include: (i) advising and advising the Board of
Directors on risk management strategies and policies; (ii) advise the Board
of Directors in planning policies and mechanisms in risk management across
the system; (iii) approving the method of valuation of risks and risk limits
according to its authority.
- BIDV measures credit risk through indicators such as overdue debt ratios,
bad debt ratios, risk of loss of capital, risk coverage factors ... which are
most commonly used only bad debt. The use of bad debt indicators has
many advantages such as the scale and ratio of irrecoverable capital of a loan
portfolio, depending on the size of bad debt the bank can use the risk reserve
fund. Profit or equity to compensate. However, the use of these indicators is
limited only to indicate the level of risk of the Bank at the time in the past
could not predict the risk of a loan before granting credit.
- BIDV controls and manages credit risks through building the jurisdiction of
each branch based on the effectiveness, actual credit quality of each branch
and assessing the management capacity of each branch. , assess the potential
of each region. The Bank builds a customer policy to screen, select good
customers, and have appropriate and consistent behavioral policies for each
customer.
- Some other internal management assessment support tools are used to
manage credit risk such as structured debt management program, accrued
interest rate analysis, debt classification.
- Based on the assessment results, credit risk measurement, BIDV
implemented measures to prevent, minimize and overcome credit risks such
as editing, perfecting policies and professional regulations; Arranging,
arranging, rotating and training cadres; Upgrading information technology
system to support credit risk management and warning ...
4
- BIDV controls and manages credit risk by setting credit limits corresponding
to the level of risk that the Bank can accept for each customer, for each
industry sector as well as setting up medium and long-term credit limits are
in line with capital mobilization structure.
b. Control activities:
- BIDV has issued policies, regulations, regulations and credit process.
Internal control is designed, installed, implemented immediately in every
step of the credit process, at all units and departments in the Bank.
- Credit operation process is set up for inspection and control posts; ensure
cross-checking mechanism between individuals and departments; ensure that
each step in the business process must have at least two participants (a
person performing the transaction, a person who controls the transaction),
absolutely not allowing any individual to conduct it alone and decide a
business process, a specific transaction, except for transactions within the
limits allowed by the Bank in accordance with law.
- Model of internal control activities of credit activities at BIDV:

Figure 2- Internal control activities of credit activities at BIDV

5
 c. Information and Communication:
- The process of collecting and storing credit activity information:

Figure 3- The process of collecting and storing credit activity information

- In order to collect internal information in credit operations, BIDV has

developed and issued a system of internal management reports for each
Board / Branch in the Bank and set the time for each report to provide a
timely, reasonable and reliable information on credit activities and
compliance of the Bank. Management reports can be created manually or
extracted from SIBS system software and business module of loan module,
trade finance module, and guarantee module.
- In order to collect external information, the Bank develops a program for
training and development which facilitates and provides financial support for
participating staff and external programs and workshops. This program not
only helps employees who have the conditions to study, improve their
knowledge and achieve the necessary diplomas and degrees for their jobs,
but also helps qualified employees gather external information. At the same
time, the Internal Audit Department periodically updates changes in the
relevant legal provisions of credit activities to update the Bank's current
internal audit policies.
6
- BIDV has deployed online technology throughout the system, ensuring that
all branches and units in the bank's system can exploit information, share
customer database and update information. Time in the processing system.
Information transmission line is connected throughout the system so that the
units in the system can exchange and communicate information about the
bank's policies, the operation of each place through BIDV internal website.
- BIDV also pays great attention to the management and confidentiality of
information within the Bank. Regulations on management and secret
protection of information No. 1606 / QD-HDQT on September 19, 2013 set
out the principle of requiring all employees to arbitrarily approach, exploit,
use and supply granting information without the consent of the authorized
person. Information is classified into confidential information, limited access
information, internal circulation information, and other information and for
each type of information, specific instructions for use.
- BIDV also established information channels to exchange with external
partners. Information channel from the Credit Information Center (CIC) of
the State Bank of Vietnam provides all information about customer loans at
credit institutions, including positive and negative information to help BIDV
refinement. Customers before making a loan decision to prevent limiting
risks, ensuring system safety. Information channel from the Supervision
Agency of the Bank provides outstanding issues in credit operations as well
as the operation of the internal control system through the results of
supervision inspection at BIDV's units. Information channel to exchange
information with the Tax Administration to grasp the situation of tax arrears,
tax violations of enterprises with a loan relationship at BIDV.
d. Monitoring:
- At BIDV, the Internal Audit apparatus are set up to regularly assess the
whole operation of the bank, including the effectiveness of the design and
operation of internal control policies and procedures.
- Centralized inspection and internal audit model:

7
 Figure 4- Internal audit model

- The Inspection and Supervision Board is a unit set up by the Board of

Directors of BIDV with a structure of 06 professional divisions including 4
Inspection and Supervision Divisions 1,2,3,4 with the function of checking
and supervising. Comprehensive supervision of the activities of the Boards /
Centers at BIDV Head Office and branches and transaction offices by
location and area.
- The functions of the Inspection and Supervision Board are as follows:
 Supervise the key activities of the Boards / Centers at the Head
Office, member units; assess safety, compliance, potential risks and
propose solutions and remedies.
 Examine the compliance with the provisions of law, regulations,
operational procedures, internal regulations of BIDV;
 Advice to help members of the Steering Committee to fight against
corruption, bank crime prevention as prescribed.
 Focal point to advise and direct and / or directly verify and propose
solutions to resolve complaints and denunciations of units in the
system under the jurisdiction of BIDV.
- Internal Audit Department under the Supervisory Board (established under
the Decision No. 168 / QD-HDQT dated May 2, 2012 of the Board of
Directors and re-established under Decision No. 1254 / QD-HĐQT dated 01

8
 month 8, 2013) with eleven (11) officers (not including the Chief of Internal
Audit Department who is also part-time by the Supervisory Board member).
According to the Operation Regulation No. 168 / QD-HDQT dated May 2,
2012 of the Board of Directors of BIDV, the Internal Audit Department
performs 2 basic functions: internal audit and assisting the Inspection
Committee. Some tasks need to be performed with specific role as internal
audit:
 Prepare an annual or unexpected internal audit plan and carry out
internal audit activities according to plan or unexpected audit at the
request of the Association
 Board of Management, Supervisory Board; implement policies,
procedures and inspection procedures
 internal math has been approved, ensuring quality and efficiency;
 To examine, review and evaluate independently and objectively all
BIDV's units, departments and activities based on the level of risk and
influence on BIDV's operations;
 Proposing measures to correct and remedy errors; propose handling
violations; propose measures to improve, improve the effectiveness
and efficiency of the internal control system;
 Establish a record of competency and requirements required for
internal auditors as a basis for recruitment, promotion, staff rotation
and professional support; make recruitment plans and arrange
adequate personnel to ensure continuous monitoring work; continuous
training to improve and ensure professional capacity for internal
auditors;
 Maintain regular consultation and exchange with independent auditing
organization, State Bank (Banking Inspection and Supervision
Agency, State Bank branch) to ensure effective cooperation fruit; is
the coordinating unit, coordinating with external agencies for jobs
related to the functions and tasks of the internal audit;
 Monitoring the process of hiring independent auditors; supervising the
process of performing the work of independent auditors; evaluate the
performance of the independent audit.

1.2Assessment of internal control of credit activities at BIDV:

a. Control activities:
9
- The Board of Directors regularly pays attention to credit quality control.
Directing units in the whole system to strengthen credit management, credit
quality control.
- Create a culture of awareness and risk control in each employee of BIDV:
Each individual, from the customer specialist to the staff of the support
units, must comply with regulations; processes and sense of responsibility
assess, detect risks early and find ways to prevent risks arising. That is, risk
management is implemented by the whole system, not the sole responsibility
of the risk management division.
- Professional ethics of officials is increasingly focused: Professional ethics
standards through the Code, regulations on style and working space, through
which the Board of Directors and employees are evaluated according to
BIDV's ethical standards.
b. Risk assessment:
- In all cases of exceeding the limit of risk control, it will be promptly
reported to the authorized level of approval (the Board of Directors or the
Director General) and at the same time propose effective measures to return
to the state within micro limit of risk control in the shortest time. The
departments / units with the function of risk management at the Head Office
are responsible for monitoring and managing each type of risk according to
the management profession (vertical system).
- The process of credit quality review allows for early forecasting of changes
in the financial situation and repayment capacity of partners based on
qualitative and quantitative factors. The credit limit for each customer is
established through the use of a credit rating system, in which each customer
is ranked at a risk level. This level of risk can be revised and updated
regularly.
c. Control activities:
- Strict credit control regulations have limited the possibility of operational
risks. Currently, BIDV manages operational risks by a number of internal
measures such as two-handed inspection on multiple areas, responsibility
isolation, access rights decentralization, multi-story transaction approval ...
to ensure information security. Of banks and customers, preventing the use
of bank assets for wrong purposes.
- The establishment of control buttons in the credit process is quite
reasonable, effectively preventing fraud through the moderator's censorship
10
 in most important control points: loan decision, resolution decision the bank,
the decision to extend the debt and decide to settle the loan.
- The control procedures are relatively reasonable, contributing to the
restriction of frauds in credit activities. Control procedures are built on the
"two-handed" principle, ensuring mutual supervision in professional
activities.
d. Information and communication:
- With modern technology infrastructure, BIDV has established a risk
prevention information system; transparent network within BIDV system
allows units to exchange and collect data, analyze creditworthiness level of
economic units, serve well for the work for borrowing, improving credit
quality, reducing risks for BIDV.
- With the management information system, computer network is
strengthened; upgrading both capacity and quality of communication is a
great support for the improvement of reporting and statistical information
between BIDV and the State Bank. , between BIDV branches and
headquarters to help the direction and administration of the entire system are
more responsive, accurate and timely.
e. Monitoring:
- Monitoring Activity: Initial monitoring has been effective. Monthly and
quarterly, the Inspection and Supervision Board shall supervise and evaluate
the implementation, progress and results of implementation of the direction
and administration contents of the Board of Directors and the Chairman of
the Board; at the same time, implementing topics to monitor the results of
implementation of major plans and programs of BIDV.
- Supervisory Board act as a focal point to implement many tests at the units.
Through the inspection, a number of errors and operational errors in the
credit work have been detected at the units and petitioned units to correct in
time. Based on the inspection results, proposals and recommendations have
been made to help the Executive Board supplement and correct the
shortcomings in the credit mechanism, policies, regulations and professional
processes to limit the risks born during the operation. In the case of errors,
major violations have proposed appropriate forms of treatment, increasing
deterrence and reducing violations of units in the system. Test results are the
basis for risk warning, institutional completion and regulation, process and
proposal arrange the handling of responsibilities for staff in the system
11
 2. Vietnam Joint Stock Commercial Bank for Industry and Trade
(Vietinbank):
VIETINBANK was established on 26/03/1988 after its separation from the State
Bank of Vietnam in accordance with Decree No.53/HDBT by the Ministers
Council. Being one of the four largest State-owned commercial banks of Vietnam,
VIETINBANK ’s total assets account for over 20 percent of the market share of
the whole Vietnamese banking system. VIETINBANK ’s capital resources keep on
increasing over the years and have been substantially rising since 1996 with the
annual average growth of 20 percent, especially up 35 percent a year against that of
last year. VIETINBANK has developed an operations network comprising of 155
branches, over 1.000 transaction offices, established correspondent relationship
with 900 banks, financial institutions of 90 countries and territories all over the

world (VietinBank, 2018, p. 9)

2.1Current status of internal control of credit activities at Vietinbank:

Figure 5- Vietinbank's organizational structure

Vietinbank’s organizational structure includes: Grand meeting of shareholders,

Board of Directors, Broad of management and specialized divisions.

With the Brands of Vietinbank, its organizational structure has: Board of Directors,
08 specialized divisions and 08 transaction offices. The Board of Directors is
responsible to the CEO and Vietinbank's Member Council for business activities
12
and staff organization at the Branch. Assisting the Director is 03 Deputy Directors,
in charge of the professional areas of Credit and Accounting – Treasury and
Human Resources. They assist the Director in executive management some jobs in
the assigned areas and have responsibilities for the overall activities of the Branch:
Directing, guiding, supervising and inspecting the implementation of the work and
implementing policies, Branches’ s activities organized according to the
specialized departments: Business Planning Division (Business Planning),
Accounting Department - treasury, Human Resources - Administration
Department, Marketing Services Department, Inspection and Control Department,
Foreign Exchange Business Department and Computer Department. In addition, to
ensure effective business operations and safety, Branches are establishing
professional departments and sections under the following divisions: the Post-
Control Department under the Accounting Department - treasury; Debt collection
team, Appraisal Department under the Division of Planning and Investment.

Figure 6- Organizational structure of branches under Vietinbank

Board of Directors: 4 members including 1 Director and 3 Deputy Directors.

Director is the person who directly organizes the operation of the whole branch
under the direction of the General Director to ensure asset safety, direct, inspect
and administer according to VietinBank's delegation of authority. Director is

13
responsible for the law, CEO, Chairman of the Board, Board of Members and is the
person who representing the Branch to decide on employment issues, reporting,
signing contracts...

The Deputy Director is the person who assists the Director in directing and
managing, responsible to the Director for his / her decisions; running the work
when the Director is absent as part of the Director's authorization. A Deputy
Director is absent, the work will be undertaken by another Deputy Director,
ensuring the work is always supervised and managed.

Human Resource Administration Department: Organize administrative work, build

daily and quarterly work programs for the whole Branch, urge the implementation
of the programs approved by the Director; carry out information, propaganda and
marketing, under the direction of the Board of Directors; Human resource
management, implementation of procedures for recruitment, staffing, staff
assignment in line with capacity, ensuring the work requirements of the Branch as
decided by the Director, present training courses to improve the quality of human
resources.

Division of Business Administration: It is duty to open L / C for export and import

payment, discount documents, buy and sell foreign currencies, monitor daily
foreign exchange rates.

Room of Marketing Services: Execute checking, registering customer information,

opening an account, issuing ATM card, managing fund of ATM trees, managing
and propagating about TSC's products and services.

To customers in the area, answer and provide information when customers need to
learn or questions about products and services.

Division of Business Planning: Implementing credit operations; guiding the

implementation of documents under credit, monitor the management and use of
capital; preparing and managing business plans, developing loan products;

14
searching for borrowers, reviewing, appraising and advising the Director in
deciding to grant credit to customers to ensure compliance with regulations and
quality; Managing the entire credit process from the process of document making,
appraisal, disbursement, loan settlement; in charge of credit risk, review and take
measures to deal with debts that must be dealt with according to regulations.
Carrying out debt classification, setting up and using credit risk provisions, debt
collection teams to make plans and implement debt recovery; Regularly check the
situation of borrowers.

Treasury Accounting Department: Performing accounting, managing vouchers and

payment invoices; Preparing financial statements day, month, quarter, year;
Financial planning; Making accounting of expenditures, disbursements, loan
interest collection, principal collection, mortgage, collateral, loan settlement, cost
accounting, money collection and expenditure, monitoring of contracts, providing
accounting information for functional departments and the Board of Directors.

Department of Computing: Providing a number of software programs to manage

business closely, ensuring timely updating and upgrading software on the basis of
guidance of Information Technology Center.

Department of Internal Control and Assessment: Performing inspection, internal

control and monitoring of business activities of the Branch in compliance with the
bank's regulations, industry regulations and the laws of the State, in order to detect
and prevent timely time of violation of operation regulations, ensuring monetary
operations, treasury, credit, and safe services.

2.2Assessment of internal control of credit activities at BIDV:

- In all operations of the business process, the Branch has control work to
limit risks when performing operations. In the arising operation, there are
some operations that have both supervisors and directors jointly controlling
and approving. Each branch of Vietinbank has assigned the Division of
Planning and Investment to undertake risk management. The Division of

15
 Planning and Investment has appointed a specialist to assess risks that may
arise from the credit contract, identifying the risks that are not focused by
the Branch, and not having a full-time staff.
- In credit activities, the Branches have identified the arising risks as credit
risks. Credit risk is the risk of financial loss that may be direct and indirect
causes. The direct reason is that some of the Branches have not had good
control and supervision of the loan, the credit process is lacking when
appraising. They does not adequately assess the conditions of customer loans
in the present and in the future, the credit contract is prepared according to
the model for each industry but does not mention the characteristics of each
loan. Indirect causes derive from borrowers who fail to fulfill their debt
payment obligations as committed in the credit contract. Due to loss-making
business activities, which made the many branches under Vietinbank unable
to pay principal and interest to the debt, the repayment of the principal
interest was turned into overdue; the debt group was transferred to bad debt,
making the Branch unable to recover its capital. They mentioned the
manifestations of the risk identified as: Failure to collect interest on time,
failing to collect part of the principal, the entire original on time, overdue
periodic interest, overdue debt .The branch conducts grading and customer
ratings that meet the debt classification and assesses loan risks, credit quality
management. Customers who are graded according to a list are listed and
rated A, B, C, and D. If a customer reaches a total score of 88 points or more
and ranked A and B, the Branch considers lending new and continued loans.
Customers rated C and D are likely to generate bad debts so Branches need
to consider and find ways to recover capital, stop new loans.
- At the Branch, regular monitoring activities are conducted through the
department leaders including the chief, deputy manager, the Board of
Directors, each deputy director supervising the work that is assigned by the
Director. Lending activity of credit officers from the step of seeking
customer information, making loan application, appraising, granting credit to
customers to borrow, supervising the loan portfolio of the branch. Every
month, the leader of the Planning Department and the Director of the
transaction office report all the activities performed during the month to the
Board of Directors.

16
- Supervision after lending at the Branch implementation: The loan manager
will be responsible for overseeing and proposing to process. The loan
controller will monitor and supervise the implementation of the monitoring,
consider the proposal of handling. Leaders will direct and inspect the
monitoring and decision of handling through monitoring reports.
- Officers through the system monitor the balance of deposit and loan account,
the implementation of debt repayment schedules and customer debt groups;
through the analysis of financial statements verify types of customer reports
such as debt reporting, inventory reporting. Moreover, through inspection
and auditing results; information from the government, mass media, and
concerned agencies to monitor the use of loan capital, debt payment, loan
conditions and agreements at credit activity.
- At the same time, tracking customer scores and ratings on Vietinbank's
internal credit rating system and change the status of loans according to debt
groups. When the loan manager finds a sign of risk in the loan process and
sees the higher debt group, he will propose to conduct customer inspection
to take appropriate measures for internal treatment such as adding conditions
of credit activity, monitoring cash flow, suspending disbursement, reducing
credit limit of customers, requiring customers to add collateral, recovering
debt before maturity.
- The staff is responsible for reporting the monitoring results. For loans, the
lending director will decide the time of reporting, the content of the report,
the place where the report is received, and the handling method through
supervision.
- Periodic reports: All loans, including problematic loans, quarterly, by the
tenth of the first month of the following quarter at the latest.
- Extraordinary reports: For debts proposed to be recovered before the due
date through inspection; debt transferred to bad debt, debt with high risk
detection. Reporting time is within 03 working days from the date of arising.
- Periodic supervision and control is carried out at the Branches of
Vietinbank. Conduct periodic monitoring by the Department of Internal
Auditing and Inspection of the Branches. The test takes place annually or
unexpectedly on the day of the month with the permission of the Director.
The content of the inspection is to monitor credit operations and treasury
operations viewed from employees in compliance with the standards;

17
 supervise the inspection of labor organization; check the implementation of
regulations and processes of each operation. The process prevents abuse and
violation of regulations, strengthens risk management and helps activities
management safely and effectively. However, in reality, the monitoring and
evaluation activities of the internal control is only formative on the basis of
subjective judgment, lack of coordination with the inspection and procedure
agencies in the professional process, especially credit has not been closely
monitored, the assessment has not been objective.

III. LIMITATIONS OF INTERNAL AUDIT ING BANKS:

3.1 Limitation:

- Some bank officials, including high-ranking bank leaders, have not really
valued integrity and moral values.

- The function of risk management, identification, assessment and response to

risks in banking business of the internal control system is still limited.

- The principles of control operation design have not been fully complied
with.

- The supervising role of internal audit for the internal control system is still
limited, not timely discovering the shortcomings of the internal control
system to overcome.
3.2 The reasons of limitations:

- There are no guidelines on models and methods for evaluating internal

control systems in Vietnamese commercial banks.

- The internal control system is still limited, not keeping up with the
development of banking activities.

18
 - The shortage of personnel with experience in auditing: Currently there are
many commercial banks with very few auditors, not suitable for scale.

- Lack of assessment of internal control systems from independent auditing

companies.

- The skills of judging the problems in the audit process of the internal
auditors are still limited.

- Inadequacies in the system of professional standards and related legal

provisions.

- Coordination between state management agencies (State Bank Inspectorate

and Supervision Agency, Ministry of Finance ...), tight commercial banks
and auditing companies

IV. SUGGESTIONS
The banks is gradually improving the internal control system in order to provide
information to those who are interested in a timely and reliable manner, ensuring
the operation of the banks in compliance with the law and regulations, internal
procedures for management and activities, and ethical standards set by the bank
itself, as well as bringing business efficiency. There are some suggestions for banks
to complete the internal control:

- First: Completing the internal control system must meet the requirements of
innovation and development, especially when the Banks is in the transition
phase of modernizing the whole system according to the new retail model.
Economic integration requires banks to grasp the trend and requirements of
the industry in the world.
- Second: Ensuring it is suitable to the size and characteristics of the banking
industry. Each department and business division needs an appropriate
control process to ensure close monitoring, inspection and evaluation. It
helps managers understand the business situation and make decisions set
accordingly.

19
 - Third: Completing the internal control system must comply with the
regulations issued by the State, the current legal provisions and the applied
standards.
- Fourthly: Completing the internal control system must be suitable to the
level of staff, and at the same time, the apparatus must be compact and
promote the strengths of information technology applied in accounting,
inspection and approval to improve transaction accuracy.

V. References
Websites
1. http://www.vietinbank.vn/web/home/en/index.html
2. https://www.bidv.com.vn/

20