Professional Documents
Culture Documents
Internal Auditing
7. Vũ Phương Thảo
Contents
I. INTRODUCTION:..................................................................................................................................1
II. THE IMPLEMENTATION INTERNAL CONTROL OF CREDIT ACTIVITIES OF SOME MAJOR BANKS IN
VIETNAM:....................................................................................................................................................3
1. Joint Stock Commercial Bank for Investment and Development of Vietnam (BIDV):.......................3
2. Vietnam Joint Stock Commercial Bank for Industry and Trade (Vietinbank):.................................12
III. LIMITATIONS OF INTERNAL AUDIT ING BANKS:..............................................................................18
IV. SUGGESTIONS................................................................................................................................19
V. References.........................................................................................................................................20
Figures
Figure 1- BIDV's organizational structure....................................................................................................3
Figure 2- Internal control activities of credit activities at BIDV...................................................................5
Figure 3- The process of collecting and storing credit activity information.................................................6
Figure 4- Internal audit model....................................................................................................................8
Figure 5- Vietinbank's organzational structure.........................................................................................12
Figure 6- Organizational structure of branches under Vietinbank............................................................13
I. INTRODUCTION:
All enterprises aim to perform effectively, manage the business risks,
comply with laws and regulations, and prepare reliable financial statements.
However, during the operations, they expose to the potential risk of not
achieving these objectives due to weaknesses of managers, staff or a third
person that cause risks and reduce their performance. Building IC is one of the
solutions to evaluate and manage risks, improve performance effectiveness and
achieve business objectives. In recent years, the commercial bank system in
Vietnam has considerably developed in term of asset size, branch-office system,
products and services, and the information technology system. However,
besides growth in size and profit, the bank system is facing many limits,
weaknesses and has potential risks. While the banking system tends to expand
in size, its performance is unstable, and lots of risks arise and need to be
resolved like bad debt, potential bankruptcy of banks. One of the urging
strategic solutions is to establish and upgrade IC of commercial banks
(Podpiera, R., 2006). IC becomes an important self-defense system against
risks, which enhances effectiveness of banks’ performance. Moreover, the State
Bank of Vietnam (SBV) sets the tightening risk management requirements as
Circular 36/2014/TT-NHNN and Circular 06/2016/TT-NHNN on safety limits
and prudential ratios in the operation of banks, Circular 02/2013/TT-NHNN and
Circular 09/2014/TT-NHNN on loan classification and provision, which had
certain impacts on the overall business results of local banks if effective
management measures were not comprehensive employed. The issuance of
Circular 41/2016/TT-NHNN by the SBV regulating the capital adequacy ratio
according to Basel II (standardized method). To reduce this negative impact of
these risks, Vietnam’s banks should combine many resolutions to manage
effectively such risks.
1
- Control Environment – The board of directors and senior managers are
responsible for identifying the bank’s key business strategies, objectives,
and goals. Board members should tailor the control framework to
influence the bank’s philosophy, culture, and ethics with the goal of
establishing and maintaining an appropriate control environment.
- Risk Assessment – The board of directors and senior managers should
timely assess the risks at the entity level as well as the risks inherent in
the activities and processes managed. After identifying the risks, the
board of directors and senior managers should determine the bank’s risk
tolerance and establish risk measurement practices that are appropriate
for their organization.
- Control Activities – Control activities can consist of a mix of
preventative and detective controls and can be manual or automated.
Control activities are performed at all levels of the entity, at various
stages within business processes, and across the technology environment.
As risk exposures change, management should determine whether new
and/or altered control activities are needed to manage the level of risk.
- Information and Communication – Information required to successfully
achieve the organization's control objectives should typically be stored in
a management information system and disseminated to bank personnel as
appropriate in a timely manner. Sensitive information also needs to be
protected and controlled.
- Monitoring Activities – Monitoring of controls is often carried out within
the business lines and by the audit function. Results of business line self-
assessments and audit reviews should be communicated to the board and
senior management in a timely manner. However, some smaller banks do
not have an independent internal audit department. If a bank does not
have an internal audit department, the bank should ensure appropriate
review activities are built into operations, are ongoing, and are performed
relative to the nature and scope of its activities. In addition to assessing
the effectiveness of controls, monitoring activities often help institutions
identify and manage areas with higher risk. For example, periodic fair
lending assessments of loan denials and comparative file reviews are
important to assist institutions in identifying, managing, and controlling
their fair lending risk.
2
II. THE IMPLEMENTATION INTERNAL CONTROL OF CREDIT
ACTIVITIES OF SOME MAJOR BANKS IN VIETNAM:
- At BIDV, the credit granting process for customers is carried out in the
sequence of steps including: Credit proposal; Credit risk assessment; Credit
3
approval; signing a credit contract and accounting for disbursement /
guarantee issuance.
- The Executive Board determines that the control culture is an essential
component of the internal control system and makes an important
contribution to ensuring an effective internal control system of the Bank.
b. Risk assessment:
- BIDV has established a Risk Management Committee, including a Credit
Risk Management Division, which specializes in dealing with issues, related
to risk management in credit activities. The tasks undertaken by the Risk
Management Committee include: (i) advising and advising the Board of
Directors on risk management strategies and policies; (ii) advise the Board
of Directors in planning policies and mechanisms in risk management across
the system; (iii) approving the method of valuation of risks and risk limits
according to its authority.
- BIDV measures credit risk through indicators such as overdue debt ratios,
bad debt ratios, risk of loss of capital, risk coverage factors ... which are
most commonly used only bad debt. The use of bad debt indicators has
many advantages such as the scale and ratio of irrecoverable capital of a loan
portfolio, depending on the size of bad debt the bank can use the risk reserve
fund. Profit or equity to compensate. However, the use of these indicators is
limited only to indicate the level of risk of the Bank at the time in the past
could not predict the risk of a loan before granting credit.
- BIDV controls and manages credit risks through building the jurisdiction of
each branch based on the effectiveness, actual credit quality of each branch
and assessing the management capacity of each branch. , assess the potential
of each region. The Bank builds a customer policy to screen, select good
customers, and have appropriate and consistent behavioral policies for each
customer.
- Some other internal management assessment support tools are used to
manage credit risk such as structured debt management program, accrued
interest rate analysis, debt classification.
- Based on the assessment results, credit risk measurement, BIDV
implemented measures to prevent, minimize and overcome credit risks such
as editing, perfecting policies and professional regulations; Arranging,
arranging, rotating and training cadres; Upgrading information technology
system to support credit risk management and warning ...
4
- BIDV controls and manages credit risk by setting credit limits corresponding
to the level of risk that the Bank can accept for each customer, for each
industry sector as well as setting up medium and long-term credit limits are
in line with capital mobilization structure.
b. Control activities:
- BIDV has issued policies, regulations, regulations and credit process.
Internal control is designed, installed, implemented immediately in every
step of the credit process, at all units and departments in the Bank.
- Credit operation process is set up for inspection and control posts; ensure
cross-checking mechanism between individuals and departments; ensure that
each step in the business process must have at least two participants (a
person performing the transaction, a person who controls the transaction),
absolutely not allowing any individual to conduct it alone and decide a
business process, a specific transaction, except for transactions within the
limits allowed by the Bank in accordance with law.
- Model of internal control activities of credit activities at BIDV:
5
c. Information and Communication:
- The process of collecting and storing credit activity information:
7
Figure 4- Internal audit model
8
month 8, 2013) with eleven (11) officers (not including the Chief of Internal
Audit Department who is also part-time by the Supervisory Board member).
According to the Operation Regulation No. 168 / QD-HDQT dated May 2,
2012 of the Board of Directors of BIDV, the Internal Audit Department
performs 2 basic functions: internal audit and assisting the Inspection
Committee. Some tasks need to be performed with specific role as internal
audit:
Prepare an annual or unexpected internal audit plan and carry out
internal audit activities according to plan or unexpected audit at the
request of the Association
Board of Management, Supervisory Board; implement policies,
procedures and inspection procedures
internal math has been approved, ensuring quality and efficiency;
To examine, review and evaluate independently and objectively all
BIDV's units, departments and activities based on the level of risk and
influence on BIDV's operations;
Proposing measures to correct and remedy errors; propose handling
violations; propose measures to improve, improve the effectiveness
and efficiency of the internal control system;
Establish a record of competency and requirements required for
internal auditors as a basis for recruitment, promotion, staff rotation
and professional support; make recruitment plans and arrange
adequate personnel to ensure continuous monitoring work; continuous
training to improve and ensure professional capacity for internal
auditors;
Maintain regular consultation and exchange with independent auditing
organization, State Bank (Banking Inspection and Supervision
Agency, State Bank branch) to ensure effective cooperation fruit; is
the coordinating unit, coordinating with external agencies for jobs
related to the functions and tasks of the internal audit;
Monitoring the process of hiring independent auditors; supervising the
process of performing the work of independent auditors; evaluate the
performance of the independent audit.
With the Brands of Vietinbank, its organizational structure has: Board of Directors,
08 specialized divisions and 08 transaction offices. The Board of Directors is
responsible to the CEO and Vietinbank's Member Council for business activities
12
and staff organization at the Branch. Assisting the Director is 03 Deputy Directors,
in charge of the professional areas of Credit and Accounting – Treasury and
Human Resources. They assist the Director in executive management some jobs in
the assigned areas and have responsibilities for the overall activities of the Branch:
Directing, guiding, supervising and inspecting the implementation of the work and
implementing policies, Branches’ s activities organized according to the
specialized departments: Business Planning Division (Business Planning),
Accounting Department - treasury, Human Resources - Administration
Department, Marketing Services Department, Inspection and Control Department,
Foreign Exchange Business Department and Computer Department. In addition, to
ensure effective business operations and safety, Branches are establishing
professional departments and sections under the following divisions: the Post-
Control Department under the Accounting Department - treasury; Debt collection
team, Appraisal Department under the Division of Planning and Investment.
Director is the person who directly organizes the operation of the whole branch
under the direction of the General Director to ensure asset safety, direct, inspect
and administer according to VietinBank's delegation of authority. Director is
13
responsible for the law, CEO, Chairman of the Board, Board of Members and is the
person who representing the Branch to decide on employment issues, reporting,
signing contracts...
The Deputy Director is the person who assists the Director in directing and
managing, responsible to the Director for his / her decisions; running the work
when the Director is absent as part of the Director's authorization. A Deputy
Director is absent, the work will be undertaken by another Deputy Director,
ensuring the work is always supervised and managed.
To customers in the area, answer and provide information when customers need to
learn or questions about products and services.
14
searching for borrowers, reviewing, appraising and advising the Director in
deciding to grant credit to customers to ensure compliance with regulations and
quality; Managing the entire credit process from the process of document making,
appraisal, disbursement, loan settlement; in charge of credit risk, review and take
measures to deal with debts that must be dealt with according to regulations.
Carrying out debt classification, setting up and using credit risk provisions, debt
collection teams to make plans and implement debt recovery; Regularly check the
situation of borrowers.
15
Planning and Investment has appointed a specialist to assess risks that may
arise from the credit contract, identifying the risks that are not focused by
the Branch, and not having a full-time staff.
- In credit activities, the Branches have identified the arising risks as credit
risks. Credit risk is the risk of financial loss that may be direct and indirect
causes. The direct reason is that some of the Branches have not had good
control and supervision of the loan, the credit process is lacking when
appraising. They does not adequately assess the conditions of customer loans
in the present and in the future, the credit contract is prepared according to
the model for each industry but does not mention the characteristics of each
loan. Indirect causes derive from borrowers who fail to fulfill their debt
payment obligations as committed in the credit contract. Due to loss-making
business activities, which made the many branches under Vietinbank unable
to pay principal and interest to the debt, the repayment of the principal
interest was turned into overdue; the debt group was transferred to bad debt,
making the Branch unable to recover its capital. They mentioned the
manifestations of the risk identified as: Failure to collect interest on time,
failing to collect part of the principal, the entire original on time, overdue
periodic interest, overdue debt .The branch conducts grading and customer
ratings that meet the debt classification and assesses loan risks, credit quality
management. Customers who are graded according to a list are listed and
rated A, B, C, and D. If a customer reaches a total score of 88 points or more
and ranked A and B, the Branch considers lending new and continued loans.
Customers rated C and D are likely to generate bad debts so Branches need
to consider and find ways to recover capital, stop new loans.
- At the Branch, regular monitoring activities are conducted through the
department leaders including the chief, deputy manager, the Board of
Directors, each deputy director supervising the work that is assigned by the
Director. Lending activity of credit officers from the step of seeking
customer information, making loan application, appraising, granting credit to
customers to borrow, supervising the loan portfolio of the branch. Every
month, the leader of the Planning Department and the Director of the
transaction office report all the activities performed during the month to the
Board of Directors.
16
- Supervision after lending at the Branch implementation: The loan manager
will be responsible for overseeing and proposing to process. The loan
controller will monitor and supervise the implementation of the monitoring,
consider the proposal of handling. Leaders will direct and inspect the
monitoring and decision of handling through monitoring reports.
- Officers through the system monitor the balance of deposit and loan account,
the implementation of debt repayment schedules and customer debt groups;
through the analysis of financial statements verify types of customer reports
such as debt reporting, inventory reporting. Moreover, through inspection
and auditing results; information from the government, mass media, and
concerned agencies to monitor the use of loan capital, debt payment, loan
conditions and agreements at credit activity.
- At the same time, tracking customer scores and ratings on Vietinbank's
internal credit rating system and change the status of loans according to debt
groups. When the loan manager finds a sign of risk in the loan process and
sees the higher debt group, he will propose to conduct customer inspection
to take appropriate measures for internal treatment such as adding conditions
of credit activity, monitoring cash flow, suspending disbursement, reducing
credit limit of customers, requiring customers to add collateral, recovering
debt before maturity.
- The staff is responsible for reporting the monitoring results. For loans, the
lending director will decide the time of reporting, the content of the report,
the place where the report is received, and the handling method through
supervision.
- Periodic reports: All loans, including problematic loans, quarterly, by the
tenth of the first month of the following quarter at the latest.
- Extraordinary reports: For debts proposed to be recovered before the due
date through inspection; debt transferred to bad debt, debt with high risk
detection. Reporting time is within 03 working days from the date of arising.
- Periodic supervision and control is carried out at the Branches of
Vietinbank. Conduct periodic monitoring by the Department of Internal
Auditing and Inspection of the Branches. The test takes place annually or
unexpectedly on the day of the month with the permission of the Director.
The content of the inspection is to monitor credit operations and treasury
operations viewed from employees in compliance with the standards;
17
supervise the inspection of labor organization; check the implementation of
regulations and processes of each operation. The process prevents abuse and
violation of regulations, strengthens risk management and helps activities
management safely and effectively. However, in reality, the monitoring and
evaluation activities of the internal control is only formative on the basis of
subjective judgment, lack of coordination with the inspection and procedure
agencies in the professional process, especially credit has not been closely
monitored, the assessment has not been objective.
3.1 Limitation:
- Some bank officials, including high-ranking bank leaders, have not really
valued integrity and moral values.
- The principles of control operation design have not been fully complied
with.
- The supervising role of internal audit for the internal control system is still
limited, not timely discovering the shortcomings of the internal control
system to overcome.
3.2 The reasons of limitations:
- The internal control system is still limited, not keeping up with the
development of banking activities.
18
- The shortage of personnel with experience in auditing: Currently there are
many commercial banks with very few auditors, not suitable for scale.
- The skills of judging the problems in the audit process of the internal
auditors are still limited.
IV. SUGGESTIONS
The banks is gradually improving the internal control system in order to provide
information to those who are interested in a timely and reliable manner, ensuring
the operation of the banks in compliance with the law and regulations, internal
procedures for management and activities, and ethical standards set by the bank
itself, as well as bringing business efficiency. There are some suggestions for banks
to complete the internal control:
- First: Completing the internal control system must meet the requirements of
innovation and development, especially when the Banks is in the transition
phase of modernizing the whole system according to the new retail model.
Economic integration requires banks to grasp the trend and requirements of
the industry in the world.
- Second: Ensuring it is suitable to the size and characteristics of the banking
industry. Each department and business division needs an appropriate
control process to ensure close monitoring, inspection and evaluation. It
helps managers understand the business situation and make decisions set
accordingly.
19
- Third: Completing the internal control system must comply with the
regulations issued by the State, the current legal provisions and the applied
standards.
- Fourthly: Completing the internal control system must be suitable to the
level of staff, and at the same time, the apparatus must be compact and
promote the strengths of information technology applied in accounting,
inspection and approval to improve transaction accuracy.
V. References
Websites
1. http://www.vietinbank.vn/web/home/en/index.html
2. https://www.bidv.com.vn/
20