Figure 1.1: Relationship between system audit testing and basic audit testing
(Source: Author)
Maybe you are interested!
-
The Nature and Role of the Internal Control System -
Perfecting the process and organization of internal audit apparatus in Vietnamese state-owned commercial banks - 20 -
Organizing internal control system in budget units under the Ministry of National Defense - 25 -
Initial Research Model on Factors Affecting the Internal Control System on Social Insurance Collection -
Internal Combustion Engine Vibration Isolation System
The diagram above shows the impact of the quality of the internal control system on the proportion of audit testing. Basically, if the internal control system is assessed by the auditor as strong, the proportion of basic audit testing will be reduced and vice versa. That is, through the study of the internal control system, the auditor will predict the control risk, thereby deciding which audit method to use, or if combined, what proportion to ensure the highest audit efficiency.
1.2.4.3. Prepare audit report
The audit report should include the following: [73, p.15]
- General and summary information about the unit/business
- Objective of the audit
- Audit scope
- Summary of audit evidence
- Audit opinion.
The audit report must be accurate, objective, clear, constructive, complete and timely. The issues noted during the audit are the basis for the conclusions and recommendations of the internal audit and should be included in the internal audit report. Audit findings and recommendations often go hand in hand with a comparison between actual performance and best practice. Regardless of the differences, they will be the basis for the internal audit report.
Finally, the internal auditor must express his or her conclusions and opinions. These are assessments of the impact of the matters noted and opinions on the activities reviewed. Conclusions may be for the entire audit scope or for specific areas. The audit opinion may include an overall assessment of the controls or areas reviewed, or it may be specific to certain controls or areas of the audit.
Recommendations are made based on the issues noted and conclusions, and require the resolution and improvement of those issues. Recommendations may suggest corrective measures or measures to enhance performance as well as provide guidance to the unit's management to achieve the desired results. Recommendations may be for general issues or for specific issues. For example, in some cases, recommendations may suggest general actions and suggest specific implementation activities. In other cases, recommendations may simply suggest further investigation or research.
The internal audit report should outline any improvements made by the organization, including achievements, improvements since the previous audit, or the establishment of stronger controls. The internal audit report should include the organization's response to the auditor's conclusions, opinions, and/or recommendations. In cases where internal audit and the organization disagree on the audit findings, the report may include the status and reasons for the disagreement.
of disagreement. The unit's response may be presented in the main body or as an appendix to the report.
1.2.4.4. Post-audit supervision: [73, p.18]
The IIA requires internal audit managers to establish and maintain a system to monitor and ensure that management activities are being effectively implemented and that the results of consulting contracts are being delivered as agreed with the client. If the decision on the risk is not resolved, it must be reported to the highest level, the Board of Directors/Shareholders' Meeting. Therefore, the tasks to be done are:
- Require the audited unit to report in writing the results of implementing the recommendations of the internal audit.
- Conduct a review of the implementation of recommendations at the audited unit.
1.3. FACTORS AFFECTING INTERNAL AUDIT OF COMMERCIAL BANKS
1.3.1. Objective factors
1.3.1.1. Economic environment
When the macro economy becomes unstable, it will affect the operations of banks in general and customers in particular because at this time, credit, payment, investment activities of banks... have high risks, many new types of risks arise that are difficult to predict.
The globalization trend is taking place vigorously in the world, in that context, the economy of the region and Vietnam cannot avoid recession and crisis, the ability to withstand difficulties of enterprises is low, resulting in high bad debt ratio, declining loan quality. As risks increase, internal audit work will face more challenges, audit risks will be greater, more errors and frauds can be overlooked.
1.3.1.2. Social environment
Social ethics are related to risks in some aspects such as people's education level, habits, and social awareness. Customers themselves in the context of social ethics not being improved will be more likely to delay and procrastinate in completing their tasks.
repaying loans, thereby causing difficulties for banking operations in general and internal audit operations in particular. Particularly for bank staff in that context, there are many tendencies to abuse their authority, collude with each other, even with customers for personal gain. These are huge barriers to internal management and audit.
1.3.1.3. Legal environment
The legal environment is reflected in the synchronization and scientific nature of the legal system, the completeness and uniformity of sub-law documents, and is closely linked to the process of law enforcement and implementation. Law is an indispensable part of a market economy regulated by the state. Only when the subjects participating in credit, payment, investment relations, etc. strictly comply with the law will credit relations bring benefits to all parties, and more favorable banking operations will contribute to reducing pressure on internal audit activities.
Banks are special enterprises that trade in currency, associated with a series of unique characteristics that have been analyzed above. Therefore, to create a legal corridor for banks to operate, banks cannot only rely on legal documents issued in general for non-financial enterprises in the economy but also need a system of legal documents, regimes, and regulations guiding the industry's own operations. The legal environment will directly affect the orientation and development perspective of the banking industry in each period. Changes in policies, mechanisms, standards, regimes, etc. will affect the general operations of the entire banking system, including internal inspection and audit work [13, p.29].
1.3.2. Subjective factors of the bank
1.3.2.1. Responsibility and support of the Board of Directors of the high-ranking company
An essential element of an effective internal control system is a strong control culture. It is the responsibility of the Board of Directors/Shareholders' Meeting/Members' Council and the Board of Management to focus on the importance of internal control through their actions and statements. This includes the ethical values demonstrated in their dealings both inside and outside the bank. Statements
The words, attitudes and actions of senior management reflect the integrity, ethics and other aspects of the bank’s control culture. They, and no one else, are responsible for promoting high standards of honesty and ethics, and for establishing a culture that demonstrates and emphasizes the importance of internal control to all levels of staff. All bank employees should understand their role in the internal control process and be fully involved in it.
As for internal audit, the support of senior leaders is shown in many forms, such as the determination to establish an overall policy, build an effective risk management framework, build a good human resources policy, build a complete bank policy for internal audit from the issue of appointment, promotion, salary, bonus, support of document sources, funding, attention to the conclusions of internal audit, resolutely directing the implementation of those recommendations... will help internal audit have a worthy position and receive good coordination from other departments[80, pp.50-51].
1.3.2.2. Coordination with the audited unit (professional qualifications, awareness of internal audit, level of coordination)
Currently, there are very few studies that suggest that the effectiveness of internal audit is affected by the cooperation of the audited unit, but in fact this is true. Referring to many previous works, the researcher found that there is a topic that is considered quite comprehensive, overall, and of good quality, which is the PhD thesis at the University of Queensland, Australia by researcher Mirhet [80] that seriously addressed this issue. To achieve the effectiveness of the audit, the auditor must have full rights to unrestricted access to all activities, records, assets and be provided with goodwill cooperation from the audited unit. However, Mihret also affirmed that this is not a very strong factor and determines whether the internal audit fails or not.
1.3.2.3. Quality of internal auditors (capacity, qualifications, qualities) Among all resources, human resources are extremely important factors and directly affect the success of each unit and department. Professional capacity, professional attitude, responsibility and ethical qualities of auditors... will greatly determine
greatly to the success of internal audit activities. Internal audit is inherently a complex profession, in addition, the audit subject is commercial banks, so the pressure is often much greater. The difficulties due to auditing complex operations, large number of transactions, branches scattered throughout the country... require meticulousness, science, dedication, independence, and objectivity of auditors.
The survey conducted by Aloulafas in 2010 [49] was conducted by collecting data from questionnaires and interviews on Work Capacity. Internal auditors and external auditors both agreed that the work capacity of internal audit departments is currently the weakest. The lack of training, lack of experience and early transfer to other positions of auditors leads to low work capacity of internal audit departments.
1.3.2.4. The Bank's organizational structure and internal audit apparatus
+ Bank management structure :
Internal audit is a department in the bank, performing the task of evaluating the internal control inspection system of the credit institution. Therefore, the organizational and operational model of the bank will directly affect the quality and effectiveness of internal audit [80]. Bank leaders need to choose for themselves the best and most stable management organization plan to not only bring efficiency to the bank's operations, avoid overlapping functions and tasks, causing waste, but also create conditions and maximum support for the internal audit department.
The diversity of models and ownership structures of commercial banks is also a factor that significantly affects internal audit activities [20, p.28]. The model of a 100% state-owned single-member limited liability company or a joint stock company (joint stock commercial banks), or a joint stock company in which the state holds a controlling stake... will have very different perspectives and orientations for building and developing internal audit. Especially in commercial banks that have not been equitized, the decision-making system is complicated and lacks transparency, and the ownership and control and management rights are not separated, which will inevitably lead to overlapping work, both playing football and blowing the whistle, thus affecting the independence and quality of the internal audit department.
+ Organizational structure of internal audit department [20]
Any organization that wants to operate effectively needs a good organizational structure. The internal audit department is no exception. Building an internal audit system with functions, scope of operations, professionalism and high independence will help the bank evaluate the entire internal control system of the unit, in order to ensure the improvement of the operating efficiency of the entire system.
The internal audit system should be built according to a centralized model, and internal audit activities should be concentrated at the Head Office of the banks. Depending on the development level of the banking network, internal activities can be considered for expansion in the regions... Commercial banks should build a strategic sequence for establishing and operating the internal audit system in both the short and long term to suit the conditions of each bank.
1.4. COMPLETING INTERNAL AUDIT AT COMMERCIAL BANKS
1.4.1. Concept of completing Internal Audit in banking
According to the Vietnamese dictionary, Perfection means “to make better”. So “Perfecting” internal audit means making the internal audit work in commercial banks more complete in content and deeper in quality. In the current context, internal audit work in commercial banks still has many shortcomings, from content, approach, to audit process… all have not been implemented in a meaningful way, not in depth to bring increased benefits to the business activities of banks. In the world, the proper application of internal audit has brought great benefits to businesses, so making internal audit better and better, going in the right direction is a necessary requirement.
In addition, improving internal audit must be a regular, continuous process to overcome limitations, helping commercial banks develop safely and effectively . Banking activities are one of the riskiest types of business. Risk mitigation cannot rely on remote inspection, supervision, independent audit, state audit... but requires proactive management and self-protection from within the organization itself, just like a body needs to strengthen its own resistance. An audit process
Continuous monitoring, supervision and consulting will help banks detect risks early, when they are just potential risks, thereby preventing and minimizing risks effectively.
Completing internal audit must be done comprehensively from the organizational structure, content, approach, audit process in line with international practices on internal audit practice . In order to complete internal audit effectively, commercial banks need to focus on the quality of each element that makes up this activity, including the organizational structure, content, methods, and internal audit process. However, these components are influenced by many factors such as: human resources, professional guidance of the Board of Control, coordination of work of senior management, coordination of work with audited units, ownership model, etc., so there must be solutions to these underlying causes. Thus, completing internal audit requires standardizing basic issues, from:
Organizational structure.
About audit content
About the approach
About the audit process
In addition to the orientation of compliance with the International Standards for the Professional Practice of Internal Auditing issued by the IIA-Institute of Internal Auditors of the United States (Appendix 3), the completion of internal auditing also needs to refer to international practices on auditing and internal control practices such as:
COSO (The Committee of Sponsoring Organizations). This is a committee of the US National Council on Combating Fraudulent Financial Reporting. The goal of COSO is to provide guidance and regulations related to: Enterprise Risk Management, Internal Control and Fraud Prevention.
Basel II Capital Accord. This is the second recommendation of the Basel Committee on Banking Supervision. Regarding internal audit, Basel has issued 20 principles [54] to guide the establishment of an effective internal audit system, in which principles 1 to 15 provide the objectives and basic principles when building internal audit in banks; principle 16 requires the relationship