Knowing and assessing risks means being better prepared.
When the environment changes (economic conditions, government policies, technology, laws, etc.) leading to changes in risks, risk assessment must be regularly reviewed and adjusted from time to time.
1.3.3. Control activities
- Principle 10: The unit must select and establish control activities to minimize risks and achieve the unit's objectives at an acceptable level.
Maybe you are interested!
-
Internal control of revenue and expenditure activities at the National Children's Hospital - 2 -
Internal Control of Revenue and Expenditure Activities in Public Service Units -
Internal control of revenue and expenditure activities at Vietnam Academy of Traditional Medicine - 15 -
Rate of infection and carrying genes resistant to 3rd generation Cephalosporin and Quinolone of Klebsiella strains causing respiratory infections isolated at the National Children's Hospital, 2009 - 2010 - 16 -
Evaluation of internal control system on revenue and expenditure activities at Agribank Vietnam - Aluoi District Branch - 1
- Principle 11: The entity selects and develops general IT control activities to support the achievement of objectives.
- Principle 12: The unit must implement control activities based on
on policies that have been established and implemented into procedures.
Control activities are present throughout the organization, at all levels and functions, and are the policies and procedures that ensure that management directives are carried out. Control activities include both preventive and detective controls. Therefore, to balance between detective and preventive controls, it is usually necessary to coordinate control activities to limit and complement each other among control procedures.
* Delegation and approval procedures
The performance of operations shall be performed only by authorized persons within the scope of their responsibilities and scope. Authorization procedures shall be clearly documented and published, and shall include specific conditions. Authorization is a primary means of ensuring that only actual operations are approved in accordance with the wishes of management. In compliance with the detailed provisions of the authorization, employees shall perform as directed, within the limits prescribed by management and the law.
* Division of responsibilities
An individual cannot objectively see all the faults. If the functions are concentrated in one person, negative effects will arise, while good people will
opportunities to commit crimes and conditions that make it too easy to commit fraud. To prevent errors or fraud, separate job functions must be assigned to each person. To reduce the risk of errors, waste, intentional wrongdoing and unpreventable risks, a system of controls must ensure that no one person is given too much responsibility and authority to avoid creating an environment where fraud and errors can occur.
Primary responsibilities include authorizing, approving, recording, processing, and evaluating transactions. However, collusion or coordination among these groups of people will reduce or destroy the effectiveness of internal control.
In some small-scale organizations, there are too many employees to segregate tasks. In these cases, management must recognize the risk and respond with other controls such as staff rotation. Staff rotation ensures that one person does not handle one aspect of the business for an extended period of time. Also, encouraging and requiring employees to take annual leave can help reduce risk by providing temporary staff rotation.
* Documents and records
The design of vouchers and books and their appropriate use help ensure accurate and complete recording of all data on transactions that occur. Voucher and book templates need to be simple and effective for recording, minimizing errors, duplication, and easy to reconcile and review when necessary. Vouchers need to have spaces for approval and confirmation by those involved in the transaction. Uniform numbering of vouchers arising in the unit is easy to manage, easy to trace and minimize possible fraud and violations.
Access to assets and records must be limited to those individuals who are responsible for their custody or use. The responsibility of the custodian of assets is demonstrated through documentation, inventories, and records. Restricting access to assets reduces the risk of misuse or
causing loss of state assets. The level of limitation depends on the risk of loss of assets. The level of limitation must be considered and determined.
* Asset protection
An organization's assets are not only money, goods, machinery and equipment... but also information. Procedures needed to protect assets include:
- Effective monitoring and separate identification of functions
- Maintain and record assets, including information
- Limit access to property
- Keep assets in a separate, safe place, keep seals and other signatures available (if available).
* Check comparison
Transactions and events must be checked before and after processing. Records must be reconciled with appropriate documents to promptly detect and handle errors.
Operations, processes and activities are periodically reviewed to ensure compliance with applicable principles, procedures, policies and other applicable regulations.
Careful supervision ensures that organizational goals are achieved. Employee assignment and approval of work includes:
- Clear communication, obligations, responsibilities and accountability assigned to each member.
- Systematically evaluate the work of each member within the scope of work.
- Approve work according to standards to ensure work
is done in the same direction.
Supervisors provide employees with the necessary guidance and training to ensure that errors, omissions and misconduct are minimized and results are achieved.
1.3.4. Information and communication
- Principle 13: The unit collects, communicates and uses appropriate, quality information to support other components of internal control.
- Principle 14: The unit must communicate internally the necessary information to support the control function. The subjects that must be informed include: employees, managers, and board of directors.
- Principle 15: The entity must communicate to external parties information related to its operations such as shareholders, owners, customers, suppliers, etc.
To improve the control capacity in the unit, information and communication are indispensable and necessary conditions to achieve the objectives of internal control.
* Information
The first condition for ensuring relevant and reliable information is that the information must be recorded promptly, properly classified into transactions and events, and transmitted in forms and routes that ensure employees perform their functions in B. Therefore, B requires that all transactions be fully documented. The decision-making ability of leaders is affected by the quality of information such as relevance, timeliness, update, accuracy and usability. Thus, not just any information becomes necessary information, but it must meet the following requirements:
- Accuracy: information must accurately reflect the content of the situation.
- Timeliness: information is provided timely and accurately according to the requirements of managers.
- Completeness and system: information must fully reflect every aspect of the situation, helping users to evaluate the problem comprehensively.
- Confidentiality: information must be provided to the appropriate person in accordance with their authority and responsibility.
An appropriate information system should generate reports on financial and accounting activities according to the accounting regime of the Ministry of Finance, compliance issues to support the management and control of activities. It should include not only internal data but also consider external information, conditions and activities necessary for decision making and reporting.
* Media
Communication is a part of the information system. Effective communication is the provision of information from superior to subordinate or from subordinate to superior or across departments, information throughout the entire organization.
Individuals receive clear communication from management about their responsibilities in internal control. They must understand their role in internal control, in relation to other members of the organization. In addition, there must be effective communication from outside the organization.
1.3.5. Monitoring
- Principle 16: The entity shall select, implement and conduct continuous and/or periodic evaluations to ensure that the components of internal control are present and operating.
- Principle 17: Must promptly evaluate and notify internal control system's recommendations to responsible entities such as managers and Board of Directors to take remedial measures.
Monitoring is the process by which management evaluates the quality of control activities. Internal control must be monitored to assess the quality of the system's performance over time. Monitoring may be performed on a regular basis, periodically, or a combination of both.
* Regular monitoring:
Regular monitoring B is established for the normal and repetitive activities of the organization. It includes periodic monitoring and management activities during the daily work of employees. Regular monitoring is carried out on all elements of B and is related to the prevention and detection of all violations of the law, inefficiency and inefficiency of the system.
* Periodic monitoring:
The extent and frequency of periodic monitoring depends on the assessment of the level of risk and the effectiveness of ongoing monitoring. Periodic monitoring covers the entire assessment, effectiveness of B and ensures that B achieves the desired results based on control methods and procedures.
Internal control deficiencies should be communicated to senior management. This oversight includes reviewing the auditor's audit findings and recommendations to ensure they are effectively implemented.
Summary 1
In this chapter, the author has systematized the theoretical basis of internal control in public hospitals as well as explained the concept and classified public hospitals.
The thesis explores the nature, role, objectives, principles of designing and implementing internal control. At the same time, it explores the elements that make up internal control, including: control environment; risk assessment; control activities; information and communication; monitoring.
Chapter 1 is the basis for analyzing and evaluating the current situation in chapter 2 and is the basis for building appropriate internal control solutions in chapter 3 of the thesis.
Chapter 2
CURRENT STATUS OF INTERNAL CONTROL OF REVENUE AND EXPENDITURE ACTIVITIES AT THE NATIONAL CHILDREN'S HOSPITAL
2.1. Overview of N Tru Hospital
2.1.1. History of formation and development
The Institute for Child Health Protection (now the Central Hospital) was established by the Council of Ministers (now the Government) under Decision No. 111/CP dated July 14, 1969, headquartered on the 2nd floor of the 2-storey building, located in the campus of Bach Mai Hospital, in difficult living conditions and the Northern region had to deal with the destructive war, the number of sick children, especially those with severe malnutrition such as aramus, washiorkor or combination was quite large . The establishment of the hospital responded promptly to the work of protecting children's health, contributing to ensuring the health and saving the lives of many sick children.
On December 22, 1979, at the height of the historic air war, part of Bach Ai Hospital (including the Institute for Child Health Protection), along with many other public works such as factories, schools, and other hospitals, were destroyed by a series of B52 bombs. At the same time, the Government and People of Sweden decided to help build a new headquarters for the Institute in Lang Thuong Ward, Dong Da District, Hanoi City. The project began in 1975, right after the country was completely liberated, and was inaugurated on March 16, 1981. The takeover of the new facility, funded by the Swedish Government, marked a major turning point in the development and growth of the Institute for Child Health Protection.
The project was built at the site of La Thanh Street, 7 hectares wide. This is a lake, surrounded by residential areas, which at that time was still the suburbs of Hanoi. The Ministry of Health established the Project Management Board with Mr. Dang Luan as Head of Security and Mr. Hoang Phuc Tuong - Deputy Director of the Institute as Deputy Head of the Board. The architectural model of the construction of the Institute for Child Health Protection was designed by architect Thuy Dien and experts from the Institute.