18
that determination throughout the unit. A reasonable organizational structure also contributes to effectively preventing fraud and errors in the unit's financial and accounting activities.
Maybe you are interested!
-
Internal control of revenue and expenditure activities at the National Children's Hospital - 2 -
Internal control of revenue and expenditure activities at the National Children's Hospital - 5 -
Internal control of revenue and expenditure activities at Vietnam Academy of Traditional Medicine - 15 -
Evaluation of internal control system on revenue and expenditure activities at Agribank Vietnam - Aluoi District Branch - 1 -
Request for Completion of Internal Control of Revenue and Expenditure Activities at Vietnam Academy of Traditional Medicine
Management's instructions and guidance: Managers always want to establish an effective control environment and operate in accordance with the policies set by the unit. If working with a team of employees who are incompetent in their work and lack integrity in their ethics, internal control will not be effective. If the plan is carried out scientifically and seriously, it will become an effective control tool. Therefore, in reality, managers often pay attention to the progress of plan implementation, monitor factors affecting the established plan to promptly detect unusual problems and thereby handle and adjust the plan.
Human resource policy: Is the regulations and procedures on recruitment, training, appointment, evaluation, dismissal, promotion, advancement and punishment of employees... affecting the effectiveness of the control environment through impact on other factors in the control environment such as ensuring competence, integrity and ethical values. Therefore, a correct human resource policy can complement the weakness of the control environment.
Internal control is performed by people, while the control environment is the collective of people, the value of each person in the organization. Therefore, it can be said that the control environment is the central factor of internal control. Saying so does not mean that a good or bad control environment will determine whether the internal control system is good or not. In fact, through that, it only determines whether the cost of maintaining the internal control system in the organization is little or much.
The control environment has a direct impact on the effectiveness of control procedures. Control procedures may not achieve their objectives or remain a mere formality in a weak control environment. On the contrary, a strong control environment will be the foundation for the effective operation of internal control. However, a strong control environment does not mean a strong internal control system. A strong control environment by itself is not enough to ensure the effectiveness of the entire internal control system. It can limit some of the shortcomings of control procedures. The control environment cannot replace control procedures when necessary.
19
1.2.4.2. Risk assessment
Risk is what can threaten the achievement of a certain goal or can be understood as the risk that an action or event will have an adverse impact on the achievement of goals as well as the successful implementation of business strategies. For each goal of each department, risks should be identified. When identifying risks, it should cover both internal and external risks. Managers can ask a series of questions to identify risks, such as: What could go wrong? Where are our weaknesses? How do we know if we are achieving our goals? Risk assessment is the identification and analysis of risks related to the achievement of goals of effective operations, reliable financial reporting and compliance with regulations. Therefore, risk assessment serves as the basis for deciding how to manage risks.
Activities related to the unit, including activities taking place at the unit and activities outside, can generate risks and are difficult to control. Regardless of size, structure, type or geographical location, any organization or enterprise in the production and business process must face risks. These risks can be caused by the enterprise itself or by the impact of the external economic, political and social environment. Therefore, the unit must be careful when identifying and analyzing factors affecting risks that make the goals - including general goals and specific goals for each activity of the unit - not be achieved and must try to control these risks. Risks affecting the enterprise include:
Internal risks of the enterprise: Often due to conflicting causes in the purpose of operations, the strategies of the enterprise that hinder the implementation of goals such as lack of transparency in management, disregard for professional ethics; low quality of staff; breakdown of computer systems, equipment, infrastructure; lack of appropriate inspection and control...
External risks to the business: Technological changes alter operating processes; changes in consumer habits make current products and services obsolete; the emergence of unwanted competition affecting prices and market share; the promulgation of a new law or policy affecting the organization's operations...
20
To limit risks to an acceptable level and avoid damage caused by the above impacts, organizations need to regularly identify risks: identify existing and potential risks; analyze risks based on established objectives, their impacts and determine measures to manage and minimize harm to the organization, thereby controlling risks.
Identifying the unit's objectives: The 1992 COSO report does not consider this to be the task of internal control, however, members of the internal control system must know the unit's objectives in order to identify and assess the risks that affect the implementation of the set objectives.
Risk identification: Risks can affect the unit at the unit-wide level or affect specific activities.
At the unit-wide level, risk factors are: Technical innovation, changing customer needs, changes in competitors' products, changes in government policies... Within each activity such as sales, purchases... risks can arise and impact each activity before causing a chain reaction to the entire unit. Normally, risks related to each department come from the unit's policies such as market share expansion policy, technical improvement policy...
To identify risks, organizations can use a variety of methods ranging from using forecasting tools, analyzing historical data, to regularly reviewing operations.
Risk analysis and assessment:
Because risks are difficult to quantify, this is a rather complex task and there are many different methods. Typically, a risk analysis and assessment process includes the following steps: Estimating the magnitude of the risk through its possible impact on the achievement of the unit's objectives, considering the likelihood of the risk occurring and the measures that can be used to deal with the risk.
1.2.4.3. Control activities
Control activities are measures, processes and procedures that ensure that the Board of Directors' directives in minimizing risks and facilitating the organization to achieve its objectives are strictly implemented throughout the organization. These are policies and
21
procedures developed by an entity to help safeguard its assets. Control activities include a number of activities that span the entire entity. Through control activities, management will have greater confidence that the entity's assets are safeguarded and that financial statements are reliable.
The control activities of an enterprise are specified by control procedures. These procedures are designed by the enterprise's managers to prevent and detect errors and fraud, ensuring the implementation of the specific objectives of the unit: protecting assets, providing reliable accounting data... Control steps and control procedures are designed very differently for each type of transaction and also very different between different enterprises. Control activities can be grouped into two main groups: preventive control and detection control.
Preventive control: is demonstrated by establishing standard policies and procedures, assigning reasonable responsibilities and authorizing and approving. Most businesses today have not established specific procedures for each operational cycle. Activities are carried out spontaneously and under the direction of the Department Head and Director. Due to the lack of procedures, implementation steps are issued and strictly applied, so preventive control procedures have not been effective.
Detection control: Expressed in the form of special reporting, reconciliation or periodic inspection. Control activities are built according to the following basic principles:
- Approval, authorization: In their management activities, unit managers cannot handle all the work according to the unit's affairs, so they must authorize subordinates to decide on some work on behalf of the unit manager within a certain scope on the principle that the unit manager is still responsible for that work and must still maintain a certain level of control. The authorization process continues to be carried out with lower levels, creating a system of division of responsibilities and powers between levels while still ensuring the centralization of the unit.
In authorizing and approving activities, the approving authority should review the relevant documents, question any irregularities and ensure that there is sufficient information to evaluate and justify the transaction before signing. Pre-signing on blank documents is strictly prohibited.
22
- Separation of responsibilities: Separation of responsibilities is a key element for an effective internal control system. The basis of this principle is that when many people do the same job, errors are easier to detect and fraud is less likely to occur. Therefore, according to this principle, authority and responsibility should be divided among many people in a department and many different departments in an organization. Its purpose is to make sure that no individual or department can perform a complete operation from the first step to the last step. The division of responsibilities also has the effect of creating specialization, creating a mechanism for checking and promoting each other in work. It helps reduce the risk of errors and non-conformities. A general principle is that the functions of approval, accounting, reconciliation and asset management must be separated. When these functions cannot be separated due to small scale, detailed monitoring of related activities is required as a compensating control activity. Segregation of duties is also an activity to prevent and limit fraud because it requires collusion with many other employees to commit fraud.
- Non-concurrent holding principle: This principle comes from the special relationship between responsibilities with concurrent holding easily leading to fraud that is difficult to detect. For example, an accountant concurrently holding the position of treasurer can lead to embezzlement of public funds and modification of accounting data to conceal the deficit; a warehouse keeper concurrently holding the position of warehouse accountant can easily lead to errors and fraud in import, export or inventory data. This principle requires separation of authority and responsibility for a number of tasks such as responsibility for performing operations with responsibility for recording books; responsibility for preserving assets with responsibility for recording books; responsibility for reviewing with responsibility for recording books... Implementing this principle well will create a good control mechanism in preventing loss and embezzlement of the unit's assets.
1.2.4.4. Information and communication
Information and communication means that information about plans, the control environment, risks, control activities and their implementation must be reported up, down and across the organization. Information and communication consists of two interlinked components. These are the information collection, processing and recording system and the internal and external reporting system.
23
Information is collected, processed and communicated to individuals and departments within the unit to be able to complete their tasks and provide external subjects about the unit's operations, finances, and compliance to different subjects including internal and external subjects. Information is necessary for all levels of the unit because it helps to achieve different control objectives. Information is provided through information systems. The unit's information system can be processed on computers, through manual systems or a combination of both. Control activities at the unit can only be performed if information is updated promptly, completely, accurately and checked for its effectiveness.
The main purpose of internal control is to collect reliable information about the business activities to be ready to provide to those who need it, through which, managers at all levels can identify risks. The main information system of the unit is the accounting system including accounting documents, accounting books, accounting accounts and balance sheet summary system. In which, the process of preparing and circulating documents plays an important role in the internal control work of the unit. The purpose of an organization's accounting system is to identify, collect, classify, record and report the organization's financial and economic activities, satisfying the information and control functions of accounting activities. An effective information system must ensure detailed control objectives:
Realism: The control structure does not allow recording of unreal transactions in the unit's books;
Approval: Ensure that all transactions occurring are properly approved;
Completeness: Ensures complete reflection of arising economic transactions;
Evaluation: Ensure that there are no errors in the calculation of prices and fees;
Accuracy: Ensure that the recording of arising transactions is done promptly according to prescribed regime;
The process of transferring and summarizing books accurately, accounting data recorded in subsidiary books must be added and transferred correctly, and summarized accurately on the unit's financial statements.
24
For a small and medium-sized unit with active participation of the owner, a simple manual accounting system with only one competent and honest accountant can provide a complete accounting system; while for a large economic unit or group, a more complex system is required including clear definition of responsibilities and written procedures and policies.
Appropriate and reliable information needs to be communicated internally within the enterprise and to external parties such as suppliers, customers, etc. through mandatory or optional forms and diagrams. Communication plays an important role in internal control. It helps employees understand their roles and responsibilities, know how their work relates to others, and who they are required to report information to. For the accounting information system, accounting charts, manuals on accounting policies and procedures, and accounting reports are effective means of communication. They help to handle transactions correctly and consistently throughout the unit. Through this, management knows the financial situation and general operations of the enterprise as well as each department. Communication can be done by any means, from official documents to the internal email system within the organization.
1.2.4.5. Monitoring
Monitoring is the process of assessing the quality of internal control. According to Vietnam Auditing Standard VAS 315, “Monitoring of controls is the process of evaluating the effectiveness of internal control at each stage. This process includes assessing the effectiveness of controls in a timely manner and taking necessary corrective measures. Management monitors controls through ongoing activities, separate assessments or a combination of both. Ongoing monitoring activities are often associated with the unit's repetitive activities, including regular management and monitoring activities”. This monitoring activity requires the unit to determine whether the internal control system is operating as designed and whether it is necessary to modify it to suit each stage of the unit's development. Monitoring plays an important role in internal control, it helps internal control maintain its effectiveness at different times. Monitoring activities include regular monitoring and periodic monitoring.
25
Regular monitoring: Takes place during operations, carried out by managers and employees within their responsibilities.
Periodic monitoring: Usually carried out through the internal audit function or periodic activities of the Board of Control, thereby promptly detecting weaknesses in the system to propose improvement measures.
Management has an important responsibility to establish and maintain internal controls on an ongoing basis, including reviewing whether they are operating as intended and whether they have been modified to reflect changes in the organization. Monitoring is also about ensuring that controls continue to operate effectively over time. Internal auditors or personnel performing similar functions may participate in monitoring the organization’s controls through separate evaluations. Typically, these individuals provide timely, regular information on the operation of internal controls and focus their attention on evaluating the effectiveness of internal controls and communicating strengths and weaknesses and making recommendations for improving internal controls. Monitoring activities may include the use of information obtained through discussions with parties outside the entity that may indicate problems or geographic areas or business areas that need improvement.
1.3. Internal control of revenue and expenditure activities in public service units
1.3.1. Contents of revenue and expenditure activities
1.3.1.1. Content of revenue and expenditure provided by the state budget
* Collection content
Revenues provided by the state budget are operating revenues provided by the state budget and other operating revenues retained for administrative units, including:
- Regular revenue: Reflects the amount of state budget allocated to the unit to perform regular tasks or other ad hoc support that is considered a source to ensure regular expenditures and other state budget amounts allocated other than the above contents.
- Irregular revenue: Reflects the revenue allocated by the State budget for irregular tasks such as funding for implementing scientific and technological tasks (for units that are not scientific and technological organizations); funding for national target programs; other programs, projects, and plans; counterpart funding.