Elements of Internal Control

According to Decree No. 88/2015/QH13, " Internal control is the establishment and implementation within the accounting unit of internal mechanisms, policies, procedures, and regulations in accordance with legal provisions to ensure timely prevention, detection, and handling of risks and achieve set requirements " [24, p.18].

From the above concepts, it can be seen that the concept of internal control of organizations and individuals has the following common characteristics: Internal control is a process, designed and operated by managers and employees to ensure the implementation of the goals of the unit or organization .

Through studying the above concepts of internal control, the author's viewpoint of this thesis is in high agreement with the concept of internal control of INTOSAI, which can be summarized as follows:

Internal control is a process: any organization or unit that wants to achieve its set goals must control its activities in all stages, and at the same time, control activities must be present and take place continuously in all departments within the unit;

Maybe you are interested!

KSNB not only has the function of accounting management but also undertakes many other functions in the unit, such as: human resource organization, unit development plan,...

- To ensure sustainable development, units must design and implement policies, procedures, rules, regulations and laws; protect assets, achieve the mission, goals and results of the unit's activities or programs, and ensure the goals of integrity and ethical values;

- Internal control in the unit is closely linked to risk management, which is the establishment and implementation of internal mechanisms, policies, procedures, and regulations in accordance with legal provisions to ensure timely prevention, detection, and handling of risks and achieve set requirements.

- Internal control ensures the rationality for managers but does not absolutely ensure the implementation of managers' goals because internal control always has inherent limitations, such as: The tendency to save costs for control activities; Most control regulations are established for regular, repetitive operations rather than for irregular operations; Because humans themselves always have

Inherent limitations, such as lack of concentration, limited capacity... leading to errors in the control process (self-control or control of other people and departments); The ability of internal control to not detect collusion between related people in the unit when they embezzle or profit for the personal interests of each person or a group of people; The ability of the person performing the control to abuse his privileges to embezzle or profit for his personal interests and due to changes in mechanisms and management requirements, the control procedures become outdated, which leads to the occurrence or omission of errors.

Thus, internal control is an important step in managing all operational processes of the unit, so managers often pay attention to building and maintaining internal control in the unit to achieve the unit's goals.

1.1.2. Objectives of internal control

The objectives of internal control include three objectives: performance objectives; information objectives and compliance objectives with applicable laws and regulations [14, p.4].

First , performance objectives include operational efficiency and effectiveness:

- Effective use of assets and various resources.

- Limit risks.

- Ensure coordination of all departments to achieve unit goals

taste with performance and consistency.

- Avoid unnecessary costs due to putting other interests (of employees, customers, etc.) above the interests of the unit.

Second , the information objective must ensure the reliability and quality of information: In a unit, to make management decisions, managers need a lot of information, however, information on financial accounting is still the most important information. The information provided must ensure timeliness, accuracy and reliability of the actual status of operations, fully and objectively reflecting the main contents of all activities. To achieve that goal, the information must satisfy the following requirements: Approval (decisions are made by competent authorities, to make decisions, it is necessary to fully consider the factors: Reality (accounting information must be honest, reflecting the reality at the unit, not recording

fake transactions, not related to the unit); Completeness (all transactions must be recorded completely, without omission); Correct assessment (transactions are accounted for at their correct value and in accordance with accounting principles, the way of viewing information must be honest and objective, regardless of who the subject of reflection or the person conveying the information is); Correct accounting (shown in the organization of accounting work at the unit must comply with current regulations).

Third , the compliance objective is to ensure compliance with laws and regulations. Internal control must be designed so that decisions and legal regimes related to the unit's operations are properly complied with, thus requiring it to meet the following requirements: Maintain compliance with policies related to the unit's operations; Prevent and promptly detect and handle fraudulent errors in all operations of the unit; Ensure full and accurate recording, prepare honest and objective financial statements and settlement reports. In addition to maintaining and checking compliance with policies, internal control must also prevent, promptly detect and handle violations and fraud in the unit's operations, thereby raising awareness of compliance with those policies.

Thus, the objectives of internal control are very broad, they cover all activities and are important to the existence and development of the unit. Although the four objectives are in a unified whole, sometimes there are conflicts with each other, such as the conflict between the unit's operational efficiency and the purpose of protecting assets, books or providing complete and reliable information of the accounting system. The conflicts need to be resolved in agreement with the unit's general objectives. The objectives may have different priorities, so when designing internal control, managers need to know how to harmoniously combine the objectives to create the most effective internal control process.

1.1.3. Benefits of internal control

Internal control is essentially the integration of activities, measures, and control mechanisms within the unit to minimize and prevent possible risks to the unit. This system is often integrated into the unit's management and administration system. Thus, internal control is closely related to the unit's management and administration system, and it plays an important role in the decision-making of managers [14, p.5].

A strong internal control system will bring benefits to the unit, such as:

* In terms of operations

- Increase operational efficiency: Effective internal control requires integrating and standardizing the unit's operational processes, so it helps the unit reduce wasted time, increase the amount of work processed in a period of time, and reduce unproductive downtime.

- Increase the quality of business operations: Effective internal control will help managers limit and prevent unnecessary risks or unnecessary losses, help the unit reduce the error rate, and increase the accuracy of data.

- Ensure the continuity and accuracy of financial, accounting and statistical data for production, business and investment activities.

* In terms of management

- Better management of the unit's human resources:

+ Ensure the unit operates effectively, makes optimal use of resources and achieves set goals;

+ Protect assets from damage;

+ Early prevention of fraud, theft, corruption, and misuse of the unit's resources.

- Internal control is a tool to support planning and decision making: thanks to being provided with timely and rich information about all areas of the unit's operations as well as tighter cost control, decision making will be quicker and easier; helping to respond to changes in the business environment better, faster and more effectively.

- Increase management efficiency at all management levels: Internal control requires that at every stage of operation and at every management level, control checkpoints are established to conduct inspection, supervision and provide useful information to help managers operate better and more effectively.

- Create a smooth, transparent and effective operating mechanism in management work.

management

* Organizational

KSNB requires all members to comply with the internal rules, regulations, and operating procedures of the unit as well as the provisions of the law. Organizational benefits are expressed

shown through the views, ethics and motivation of each individual as well as the coordination and cooperation between employees in the unit. This creates a common culture of the entire unit, where everyone is working towards the common goals of the unit, towards a professional, disciplined, cooperative and responsible working style.

With the above benefits, designing and operating appropriate internal control in each unit to effectively implement the set goals is an essential need of every unit in the process of development and integration.

1.1.4. Elements that make up internal control

Depending on the characteristics, scale and needs of each unit, internal control is designed and implemented in an appropriate manner. However, the internal control model considered appropriate and effective in public service units today is internal control according to the viewpoint of INTOSAI 2013. Accordingly, internal control in organizations includes five main components, which are: Control environment; Risk assessment; Control activities; Information and communication and Monitoring activities [14, p.6].

1.1.4.1. Control environment

The control environment sets the tone for an organization and influences the control consciousness of its employees. The control environment is the foundation for all other elements of internal control, creating discipline, ethics and organizational structure. Elements of the control environment include:

- Honesty and ethical values: Honesty and respect for ethical values of leaders and staff, determine the standard of conduct in their work, demonstrated through compliance with regulations, rules and ethics on the conduct of State officials. For example, such as public disclosure of assets, concurrent positions outside work, gifts and reporting conflicts of interest. At the same time, the public must see this spirit in the mission and ethical standards of public organizations through official documents.

- Staff capacity: Staff capacity includes the level of knowledge and working skills necessary to ensure disciplined, honest, economical, effective and efficient implementation, as well as having a correct understanding of their own responsibilities in establishing internal control, leaders and staff maintain a sufficient level of understanding of the construction, implementation, maintenance of internal control, the role of internal control and responsibilities.

their responsibilities in carrying out the overall mission of the organization. Every individual in the organization plays a role in internal control because of their responsibilities. Leaders and employees also need the necessary skills to assess risks. Risk assessment ensures that they fulfill their responsibilities in the organization. Training is an effective way to improve the qualifications of members in the organization. One of the training contents is guidance on internal control objectives, methods to solve difficult situations at work.

- Management philosophy and leadership style: Management philosophy and leadership style are reflected in the personality, character and attitude of the leader when operating. If the senior leader believes that internal control is important, other members of the organization will also feel that and will accordingly wholeheartedly build internal control. This spirit is expressed in the ethical regulations in the organization. For example, building internal control in internal control shows the leader's concern for internal control. On the contrary, if members of the organization believe that internal control is not important, it means that the leader has not paid due attention to internal control. As a result, internal control is only a formality and has no real meaning, leading to the unit's goals and tasks no longer being achieved as desired.

- Organizational structure: A reasonable organizational structure will ensure the transparency in the delegation of authority and assignment of responsibilities. The organizational structure is designed so that it can prevent violations of internal control regulations and eliminate inappropriate activities. Activities considered inappropriate are those activities whose combination can lead to violations and concealment of errors and violations. The organizational structure includes:

+ Division of reporting rights and responsibilities.

+ Appropriate reporting system.

The organizational structure also includes an internal audit department, a control board, an inspection and examination department that is organized independently of the audit subjects and reports directly to the highest leadership in the agency.

- Human resource policy: Human resource policy includes recruitment, training, education, evaluation, appointment, reward or discipline, and guidance of employees. Each individual plays an important role in internal control. The ability and reliability of employees

Employees are essential to effective control. Therefore, the way in which employees are recruited, trained, educated, evaluated, promoted, rewarded, or disciplined is an important part of the control environment. Employees must be qualified in terms of ethics and experience to perform the assigned work. Leaders need to establish incentive programs, by rewarding and increasing incentives for specific activities. At the same time, strict disciplinary measures for violations also need to be concerned by leaders.

1.1.4.2. Risk assessment

Internal control serves to achieve organizational objectives, risk assessment is very important because it records important events that threaten the objectives and tasks of the unit. Risk assessment analysis to narrow down to the main risks. The identification of main risks is very important, because it is related to the threats of risks and related to the division of responsibilities and resources to deal with risks.

Risk assessment involves the process of identifying and analyzing risks that threaten an organization's objectives and determining appropriate responses.

- Risk identification: Including external and internal risks, risks at the unit level and risks of each activity. Risks are continuously reviewed throughout the unit's operations, related to the public sector, state agencies must manage risks that affect assigned goals.

- Risk assessment: Is to assess the importance, estimate the damage caused by the risk and the likelihood of the risk occurring.

There are many methods of risk assessment depending on each type of risk, however, risk assessment must be systematic. For example, risk assessment criteria must be established, then the order of risks must be arranged based on which the leader will allocate resources to deal with the risk.

- Develop countermeasures

There are four ways to deal with risk:

+ Risk analysis;

+ Accept risks;

+ Avoid risks;

+ Risk management.

In most cases, risks must be managed and the unit maintains internal control to take appropriate measures, because the State unit must comply with its assigned tasks. The measures to handle risks are limited to a reasonable level because of the relationship between benefits and costs, but if risks are identified and assessed, better preparedness is achieved.

When the environment changes such as economic conditions, state regime, technology, and laws, the risks will change, so the risk assessment should also be regularly reviewed and adjusted from time to time.

1.1.4.3. Control activities

Control activities are policies and procedures for dealing with risks that ensure the achievement of the unit's objectives and tasks. To be effective, control activities must be appropriate, consistent over time, understandable, reliable and directly related to the control objectives. Control activities are present throughout the organization, at all levels and functions. Control activities include preventive and risk detection controls. The balance between detection and prevention control procedures is the coordination of control activities to limit and complement each other between control procedures.

- Delegation and approval: The execution of operations is only performed by authorized persons according to their responsibilities and scope. Delegation is a key way to ensure that only real operations are approved as desired by the leader. Delegation procedures must be clearly documented and published, including specific conditions. In compliance with the detailed provisions of the delegation, employees act according to instructions, within the limits prescribed by the leader and the law.

- Segregation of duties: A system of control requires that no one person is given too much responsibility and authority. One person cannot objectively see all the errors and also creates an environment where fraud can occur. The non-dual functions that an organization needs to assign to each individual are:

+ Right to approve and make decisions.

Comment