Perfecting the process and organization of internal audit apparatus in Vietnamese state-owned commercial banks

change security measure

- Check the appraisal procedure for requests to withdraw/add/replace collateral/change security measures to ensure: (i) conditions for applying credit security measures (ii) do not affect the obligation to repay the debt secured by the remaining assets and the handling of collateral later.

- Check approval documents of competent authority.

- Check the procedures for cases where the guarantor is a reorganized legal entity:

- In case of agreement between the parties: check the written agreement of the branch with the relevant parties on the inheritance of secured obligations and secured transactions;

- In case of failure to reach an agreement but the secured transaction is still carried out: Check the document recording the change of the secured party or re-sign the secured contract. Re-register the secured transaction.

- In case of failure to sign the agreement document/document recording the change of the guarantor/failure to re-sign the guarantee contract: check the procedures for handling the secured assets/termination of the contract.

credit granting, debt collection early.

8.2

Check the preservation and management of TSBĐ records

Collect the minutes of inventory of collateral documents at the branch, evaluate the inventory/reconciliation procedures:

- Inventory schedule

- Components participating in inventory

- Inventory method (inventory each type of collateral document or inventory only by sealed package)

- Procedure for comparing data between the warehouse department and the accounting department.

- Find out information about the department responsible for managing TSBĐ records at the branch.

- Check the management system and track collateral records.

- Collect reports on monitoring TSBĐ records during the period

- Select some TSBĐ file input templates, check the TSBĐ file handover minutes, and related TSBĐ files.

- Check the preservation of the mortgage documents.

received from customer but not yet processed for import

Maybe you are interested!

Official warehouse because the customer has not provided enough documents.

- Select some samples of TSBĐ issued by customers to settle contracts or withdraw assets: check the handover records between the branch and the customer and related records (contract liquidation records/ approval records for asset withdrawal);

- Select a sample of some TSBĐ files issued for customers to borrow (especially loaned files that have not been returned to the warehouse):

- Check the handover records between the branch and the customer, the branch director's approval records on the loan issuance, the asset loan request document and the customer's commitments.

- Evaluate the reasonableness of the loan period. Check the implementation of document return for files that are due for return.

- Evaluate the methods the branch applies to ensure the ability to manage/recover loan documents:

+ Assign staff to coordinate with the guarantor to complete the procedures and collect them immediately upon completion;

+ In case of needing time to process the application: coordinate with the authorities to get an appointment letter and request to return the documents only to the branch.

+Other methods

- In cases where the credit amount exceeds the authority of the branch director, check the branch director's report to the competent authority on the lending of documents: reasons and management measures.

- In case the customer borrows part of the mortgage documents, check the preservation of the remaining documents during the loan period.

- Check the tracking of loan records by the TSBĐ records management department

- Check the periodic reconciliation of TSBĐ data

send warehouse between CBQLN and treasury department.

8.3

Check declaration procedures, update TSBĐ information on the system

- Check the declaration and update of TSBĐ information on the HOST information system

- Check import/export procedures for the table

Newly received collateral, collateral of old credit contracts are received

used for new contracts, collateral changes value,

TSBĐ mortgage release.

8.4

Check the procedure for handling secured assets

- Cases of guarantee:

- Check the notice requesting the branch to perform the guarantee obligation sent to the guarantor.

- Check the measures taken by the branch in case the guarantor fails to perform or improperly performs the guarantee obligation.

- Cases of asset security: Assess the reasonableness, implementation progress, and feasibility of the branch's asset handling measures being applied;

- In case of multiple obligations of the TSBĐ:

- Check the notice of handling of collateral sent to the parties receiving the guarantee

- Check the handling of proceeds from the handling of collateral

- Check TSBĐ processing time:

- For assets at risk of losing value/decreasing value, debt collection rights, GTCG, bill of lading: CN has the right to handle immediately

- For other collateral: according to the agreement between the borrower and the customer. In case there is no agreement: no earlier than 7 days for personal property/ 15 days for real estate from the date of notification of asset handling.

product

Check the management of related customer groups/borrowers at multiple branches.

- Assess the management/operational relationship and the level of business dependence between customers in the group.

- Level/nature of internal transactions of customers in the group.

- Check disbursement records, input/output records to identify cases with signs of money transfer within the group.

- Evaluate the management mechanism of loans according to related customer groups at the branch.

- For customers/customer groups borrowing capital at many branches: evaluate the coordination mechanism between branches in managing customers/groups.

client.

Check out co-financed loans

- For co-financing with branches as focal points: Check the branch's coordination/monitoring mechanism for the performance of obligations of member banks and customers.

- For co-financing accounts with branches as members: Check the information coordination mechanism with the focal bank in updating information/monitoring

customer/loan

Check the process for handling problem debts

- Interview the Branch's customer service officer about the actual situation of customers with bad debts and debts that have been processed for DPRR by the audit deadline.

- Check debt settlement records and collateral records of some customers with large and long-term bad debts to evaluate the branch's debt settlement measures for problem debts, especially for loans/borrowers with long-term overdue debts and difficult debt collection.

- Overdue debt notice sent to customers (at least once a month)

- Evaluate the cause. Strengthen control.

- File a lawsuit/handle TSBĐ

- Other measures

- Evaluate the supervision of the customer/project investment department leader throughout the loan monitoring process.

- In case of loans/customers being sued or at risk of bankruptcy, evaluate the measures that the Branch has taken to protect

Bank benefits

APPENDIX 2.5

RISK SCORING GUIDE - RETAIL BUSINESS

1. Document preparation

- Personnel information: Staff CV form - Form 05/CN LĐTL (request TCCB Department to provide)

- Information on data on business segments in retail operations of Branches (request CSSPBL Department to provide)

- Information on card operations: CT3 indicator data in the Branches' Salary Scoring Table (Provided by the Accounting Department, based on the assessment of functional departments at HSC)

- Information on results of inspections, audits and audits at branches

2. Conduct scoring

2.1. Inherent risk points

2.1.1. Group of indicators with fixed scores (branches have the same indicator score due to the characteristics of the business sector)

Target

Weight	Point	Point weighted	Interpretation (reference barem) points on the inherent risk scorecard)
Work frequency	0.1	2	0.2	Work takes place every day
Detailed steps in the process	1	5	5	The process is divided into small steps, checkpoints are designed but sometimes when not full
Regulations	0.8	6	4.8	Clear, specific, changeable
Likelihood cheat	0.6	7	4.2	Above average

2.1.2. Group of indicators with non-fixed scores

i. Scoring of violations in previous audits:

- Data: Information on results of inspections, audits, and audits at branches, issues related to Retail operations.

- Summarize the issues and put them into a table.

- Branches without information are given 5 points, branches with many existing problems are given 6-10 points depending on each case.

ii. Scoring Sales Size

- Data: Information on business data in retail activities of Branches - Provided by the CSSPBL Department and indicators [CT3.3], [CT8.1+CT8.2] in the Branches' Salary Scoring Table (Provided by the KTTC Department, scored by functional departments)

=> get data on business areas: can get all data on business areas according to the data table provided by P.CSSPBL for evaluation or at least based on the

Main segments are: personal capital mobilization (weight 0.4), individual credit (weight 0.35), modern banking services [CT8.1+CT8.2] (weight 0.25)

Scale score = Personal capital mobilization scale * 0.4 + Personal credit scale * 0.35 + Modern banking service scale * 0.25

- Calculation method: according to the scale in the inherent risk score table (compared with the average data of the whole system)

+ Step 1: calculate points according to the formula, determine the score areas 2, 4, 6, 8, 10

+ Step 2: Review and adjust the score to be more reasonable. For example, branch A has a capital mobilization scale of 65, branch B is 120, branch C is 185, according to the formula, they all get 6 points, but after reviewing and adjusting: branch A has 5 points, B has 6 points, C has 7 points

Note: In case there is no data from the CSSPBL department, it is possible to exploit data on the accounting balance sheet - Get capital mobilization turnover from personal accounts, specifically as follows:

Sales Statement of Branch Accounts From January to November 2011 (Including: Opening balance - Sales during the period - Closing balance):

+ Account 220101002

+ Account 220101004

+ Account 220102002

+ Account 220102102

+ Account 220103102

+ Account 220103103

+ Account 220201003

+ Account 220201004

+ Account 220201007

+ Account 220201008

+ Account 220202001

+ Account 220202002

+ Account 220302001

+ Account 220303001

+ Account 220304001

+ Account 220304003

+ Account 220103101

+ Account 220103105

+ Account 220103106

+ Account 220202011

+ Account 220202012

=> Enter data into the table, get the ending balance of each account => add up the total)

iii. Scoring Plan Deviation

- Data: Information on business data in retail operations of Branches - Provided by CSSPBL Department

- Calculation method: according to the scale in the inherent risk scoring table (determine the percentage compared to the plan)

Plan deviation score = deviation of KH Capital mobilization*0.3+ Individual credit*0.3+ SMS*0.1+Internet*0.1+ Personal money transfer to foreign country*0.1+ Credit insurance*0.1

- Note: Newly established branches without planning targets or without generating data will be given an average score of 6 points.

vi. Scoring Activity Complexity

- Score according to 3 criteria:

+ Criterion 1 - Business activities: according to the characteristics of each activity: Retail or Accounting, Credit... Retail segment is rated 6 points. (Weight 0.3)

+ Criterion 2 - Business environment: Based on the general environment (mostly agreed upon in previous years) and adjusted according to the characteristics of the Retail business. (Weight 0.4)

+ Criterion 3 - Product structure: Branches located in Hanoi, Ho Chi Minh City and other strongly developed and diversified economic centers will have higher product structure scores. (Weight 0.3)

2.2. Human risk score

2.2.1. Management and professional qualifications of leaders

This indicator currently does not have enough information to evaluate => calculate the score equally for all branches 5 points

2.2.2. Support and attention from senior management

All branches were rated 4 points, except for SGD and HCM, which were rated 2 points (with more support, supervision and attention from senior leaders).

2.2.3. Remaining indicators: Continuous stability of the leadership team, Work experience of employees

- Data: Staff CV Form 05/CN LĐTL (request TCCB Department to provide)

- Calculation method: according to human risk scoring scale

APPENDIX 2.6

RISK SCORE TABLE (A 100)

Objective: Risk assessment Audit planning for 2013 Content: Retail Retail operations

Date created: 12/6/2012 10:18

MCN

Point

Retail

Frequency of work

job

0.1

0.2

Detailed steps in the process

5.0

Errors detected during the inspection

pre-calculation

0.8

4.0

4.8

4.0

5.6

4.0

4.8

4.0

4.8

4.0

4.8

4.0

4.8

4.0

5.6

4.0

5.6

4.0

Regulations

0.8

4.8

Likelihood

to cheat

0.6

4.2

Scale, business

number

8.3

7.4

5.9

6.3

6.5

6.7

8.3

5.6

5.4

5.3

6.5

6.9

5.9

4.8

6.0

8.0

2.7

5.8

4.7

2.6

6.6

5.9

6.1

6.4

6.9

6.1

4.3

3.3

6.3

6.9

4.7

4.0

4.1

6.0

4.0

4.1

3.0

5.5

4.1

5.7

6.9

6.0

Plan deviation

0.5

2.5

1.5

3.0

3.5

3.0

1.5

2.5

5.0

2.5

3.0

2.0

3.0

5.0

3.5

1.5

4.0

3.5

4.5

2.5

3.5

3.0

3.5

2.0

5.0

2.0

3.5

5.0

2.5

4.0

4.5

3.0

2.5

4.0

5.0

3.0

2.5

4.0

2.5

2.0

3.0

Complexity

of activities

1.2

10.6

10,

9.7

8.9

9.7

10,

9.2

8.9

9.2

9.4

9.7

10,

8.9

9.2

8.9

8.4

7.9

8.9

10,

8.4

8.9

10,

7.9

10,

8.9

8.4

10,

9.2

7.9

8.4

7.9

10,

7.9

10,

9.4

Inherent Risk

39.5

37,

36,

37,

39,

35,

37,

35,

38,

36,

37,

36,

37,

36,

33,

35,

36,

31,

37,

36,

39,

36,

34,

35,

37,

38,

35,

33,

36,

37,

35,

33,

32,

38,

34,

36,

37,

36,

Management and professional qualifications

of leadership

1.5

7.5

Stability

continuous on leadership team

6.0

4.0

6.0

2.0

8.0

4.0

2.0

4.0

7.0

4.0

8.0

2.0

6.0

2.0

10,

4.0

2.0

8.0

6.0

2.0

7.0

2.0

4.0

6.0

2.0

8.0

6.0

4.0

2.0

6.0

2.0

5.0

2.0

6.0

2.0

6.0

Support supervision and attention of leaders

high-class

0.5

1.0

2.0

1.5

2.0

Experience

work of

staff

Human risk

18.5

15,

19,

15,

21,

17,

15,

17,

20,

17,

15,

21,

15,

19,

15,

25,

17,

15,

21,

19,

15,

20,

15,

17,

19,

15,

23,

19,

17,

15,

19,

15,

18,

15,

19,

15,

19,

Total conversion risk

58.0

53,

56,

52,

59,

60,

53,

52,

56,

54,

57,

54,

53,

58,

49,

55,

51,

56,

54,

51,

57,

58,

52,

54,

50,

54,

57,

51,

57,

56,

54,

50,

53,

47,

56,

49,

56,

52,

56,

A100/

MCN	47	48	49	50	51	52	53	54	55	56	57	58	59	60	61	62	63	64	65	67	69	70	71	72	73	74	75	76	77	78	79	80	81	83
	Retail
1	Work frequency	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2	0.2
2	Detailed steps in the process	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0	5.0
3	Errors found in previous audit	4.0	4.0	5.6	4.0	4.0	4.0	4.0	4.0	4.0	4.8	4.0	4.0	4.0	4.0	5.6	4.0	4.8	4.0	4.8	4.8	4.0	4.8	4.0	4.8	4.0	4.0	5.6	4.0	4.0	4.0	4.0	4.0	4.0	4.0
4	Regulations	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8	4.8
5	Possibility of fraud	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2	4.2
6	Size, sales	3.4	6.5	5.4	5.6	5.3	4.0	6.1	6.4	5.9	7.0	2.8	2.4	4.5	5.4	5.1	3.5	4.8	4.0	4.4	3.0	5.1	4.3	3.7	5.1	2.6	2.8	3.9	4.2	3.0	3.4	3.8	2.3	3.3	2.6
7	Plan deviation	4.0	2.5	2.0	3.5	3.0	5.0	3.0	3.0	3.5	3.5	5.0	3.5	4.0	5.0	2.5	5.0	3.5	3.5	3.5	3.5	4.0	3.5	2.5	2.5	3.5	3.5	3.5	3.5	3.5	3.5	5.0	3.5	3.5	2.5
8	Complexity of operations	7.9	8.4	10.2	9.4	10.2	8.9	10.2	9.7	9.7	7.9	7.9	7.9	8.4	8.4	10.2	7.9	8.4	7.9	8.4	8.9	9.4	9.4	10.2	10.2	7.9	7.9	7.9	7.9	8.4	7.9	8.4	8.4	8.4	7.9
	Inherent Risk	33.5	35.6	37.4	36.7	36.7	36.1	37.5	37.4	37.3	37.4	33.9	32.1	35.1	37.0	37.6	34.6	35.7	33.6	35.3	34.4	36.7	36.2	34.6	36.8	32.2	32.4	35.1	33.8	33.1	33.1	35.4	32.4	33.4	31.2
1	Management and professional qualifications of leaders	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5	7.5
2	Continued stability in leadership	4.0	4.0	6.0	2.0	4.0	4.0	6.0	4.0	4.0	4.0	2.0	2.0	2.0	2.0	2.0	6.0	6.0	8.0	6.0	4.0	2.0	4.0	2.0	4.0	6.0	4.0	4.0	2.0	2.0	2.0	2.0	10.0	10.0	10.0
3	Support and attention from senior management	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0	2.0
4	Employee work experience	4	4	4	4	2	4	4	4	4	4	2	2	6	4	4	4	4	4	2	4	4	6	4	4	4	6	10	8	6	4	8	4	6	6
	Human risk	17.5	17.5	19.5	15.5	15.5	17.5	19.5	17.5	17.5	17.5	13.5	13.5	17.5	15.5	15.5	19.5	19.5	21.5	17.5	17.5	15.5	19.5	15.5	17.5	19.5	19.5	23.5	19.5	17.5	15.5	19.5	23.5	25.5	25.5
	Total conversion risk	51.0	53.1	56.9	52.2	52.2	53.6	57.0	54.9	54.8	54.9	47.4	45.6	52.6	52.5	53.1	54.1	55.2	55.1	52.8	51.9	52.2	55.7	50.1	54.3	51.7	51.9	58.6	53.3	50.6	48.6	54.9	55.9	58.9	56.7

GENERAL STAFF

APPROVING OFFICER
Vu Thu Ha	Nguyen Thi Mai

APPENDIX 2.7

BANK …… INTERNAL AUDIT

SOCIALIST REPUBLIC OF VIETNAM

Independence - Freedom - Happiness

..., date... month... year...

AUDIT PLAN FOR THE YEAR …

1. BASIS FOR AUDIT PLANNING FOR THE YEAR…

1.1 Scale and growth rate

1.2 Risk level

1.3 Human resources

Details are in the human resource allocation plan of the Head Office Internal Audit Department and the Regional Internal Audit Department.

2. AUDIT PLAN FOR THE YEAR …

2.1 Scope, audit subjects, audit time and allocation of audit personnel

STT

Object Audit (*)	Scope Audit	Human Resources expected	Time expected (**)

(*) The number of audited units includes the number of officially audited units and the number of backup units.

(**) There is no scheduled time for backup audits, the number of backup audits is approximately 10% of the volume of official audits.

2.2 Audit objectives and focus in each transaction

3. PROPOSALS, RECOMMENDATIONS

Chief Internal Auditor/

Regional Internal Audit Manager

APPENDIX 2.8

HUMAN RESOURCE ALLOCATION PLAN FOR THE YEAR …

Regional Internal Audit Department/Internal Audit Department

Plan for the year ….

Name of officer

Total

Total working days by mode

(except holidays, Saturday, Sunday)

Non-working day

Day off

Day on the road

Another day

Total working days

Auditing

Train

Meeting (work, organization...)

Summary, post-audit follow-up

Risk assessment, planning

Research, review processes, evaluate

internal control system price…)

Preventive

Chief of Internal Audit Department Head of Internal Audit

APPENDIX 2.9 ABC COMMERCIAL JOINT STOCK BANK AUDIT REPORT

(No. 2- [2012]/BCKT-KToNB)

Audited Unit: Branch A

Audit scope: Comprehensive audit of all operations at ABC Commercial Joint Stock Bank branch Audit period: Quarter 1/2012

Audit time at the unit: at least 10 working days from the date of announcement of the audit decision

OVERVIEW

Pursuant to Decision No. 059/QD-BKS-NH ABC dated April 13, 2012 on establishing a team to comprehensively inspect all operations at ABC Commercial Joint Stock Bank, Branch A

1. Audit team composition

1. Le Thi A KTV - Compliance Audit Department - Team Leader

2. Dang Van B, Head of KTNB Department, Region 12 - Deputy Head of Delegation

3. Tran Thi C Auditing and monitoring department - Member

2. Scope of audit

Comprehensive audit of all aspects of branch A's operations

3. Audit objectives

- Assess compliance with legal regulations; internal regulations, procedures and documents directing and operating the NH headquarters... in the branch's business activities (specifically for credit operations and accounting operations)

- Identify risks, warn and advise branches on measures to prevent and limit risks.

- Reflect on difficulties and problems arising at the branch and propose solutions to the head office.

4. Methodology

The audit was conducted based on the system audit method, which means evaluating the credit and accounting system at branch A through reviewing the system of processes, operations, and policies issued by the Bank...; selecting samples, evaluating, and specifically checking:

- Information collection, interviews;

- Evaluate organizational structure;

- Describe the business process;

- Select samples (non-statistical), check documents in detail;

- Evaluate.