points. The study uses a scale to measure the effectiveness of internal control with three indicators: effectiveness and efficiency, reliable financial statements, and compliance with laws and regulations. The study also shows the impact of internal control components on the effectiveness of internal control. At the same time, the study also shows that the effectiveness of internal control has an average value of 4.75/7 points.
Nakiyaga and Dinh (2017) studied how organizational culture affects the effectiveness of internal control. The study clarifies the role of top management in regulating effective internal control, especially for organizations operating in emerging economies. They are based on the theoretical framework of monopolistic competition, and use empirical methods, theoretical research methods to examine and understand the key concepts of organizational culture, effective internal control and the role of effective internal control. The study shows that top leaders set goals for the organization and organize work, train and coach employees to perform work thereby affecting organizational culture and having an impact on the composition of internal control, and the effectiveness of internal control. Having a quality internal control system has a significant impact on the correctness and errors of management instructions. The research limitation is limited to qualitative method for data collection and the research results are analyzed using deductive method.
In the context of Vietnam, Nguyen Anh Phong and Ha Ton Trung Hanh (2010) with the topic: "Improving the effectiveness of internal control activities at commercial banks in Ho Chi Minh City" . The authors inherited COSO (1992) and Basel II to build a research model with the independent variable being the 5 elements of internal control; the dependent variable is: the level of assessment of the effectiveness of internal control. The group of authors conducted in-depth interviews and surveyed 10 commercial banks using the Likert 5 scale with 195 responses. The study showed that the factors included in the model explained 87.4% of the impact on the level of assessment of the effectiveness of internal control and there was no multicollinearity (VIF<10) from which the authors gave policy implications for commercial banks.
Maybe you are interested!
-
Research on internal control in non-life insurance enterprises in Vietnam - 29 -
According to you, what are the advantages and disadvantages of Internal Control in Non-Life Insurance Enterprises in Vietnam? -
Initial Research Model on Factors Affecting the Internal Control System on Social Insurance Collection -
Building a Research Model on Factors Affecting the Effectiveness of Internal Control System in Social Insurance Collection -
Enhancing individual customer loyalty to the life insurance brand at Prudential Life Insurance Company Limited - Hue Branch - 1
Ho Tuan Vu (2016) studied the factors affecting the effectiveness of the internal control system in Vietnamese commercial banks. The author combined both qualitative and quantitative methods. The study showed that, in addition to the 5 independent variables according to the 5 constituent elements of COSO, Basel also has two additional variables "political institutions" and "group interests" that affect the effectiveness of the internal control system. The dependent variable of the effectiveness of the internal control system is measured through three indicators: efficiency and effectiveness, reliable financial statements, and compliance with laws and related regulations. The study discovered 2 new factors, in addition to the 5 constituent elements of internal control, that have a positive impact on the effectiveness of internal control in Vietnamese commercial banks.
Nguyen Thi Hoang Lan (2019) studied the impact of internal control structure on the effectiveness of public agencies in Vietnam. The author used a mixed research method and surveyed 123 public service agencies in Vietnam. By considering the internal control structure as a latent variable reflected through 5 elements constituting internal control and the moderating variable being the level of financial autonomy affecting the effectiveness of internal control. The study showed that the internal control structure has a strong and positive impact on the effectiveness of internal control. In addition, the study also found that a high level of financial autonomy has a stronger impact than a low level of financial autonomy.
Hung and Tuan (2019) studied the factors affecting the effectiveness of internal control in joint stock commercial banks in Vietnam. The study is based on the research of Amudo and Inanga (2009), Gamage et al. (2014), Basel II. The study has the same direction as Ho Tuan Vu (2016) on the survey object being Vietnamese commercial banks. However, in addition to considering the factors that are the 5 elements that make up internal control, the two authors also discovered new factors: scale and credit rating; the effectiveness of internal control is measured through the three objectives of internal control. The results show that the factors affect the effectiveness of internal control.
Pham Quoc Thuan and Nguyen Cong Cuong (2020) studied the effectiveness of internal control systems in small and medium enterprises in Vietnam. The study measured the effectiveness of internal control systems according to the COSO (2013) perspective. The study assessed the effectiveness of internal control systems by considering 5 factors constituting internal control systems and the effectiveness of internal control systems through 3 objectives: effectiveness and efficiency, reliable financial statements, compliance with laws and regulations. The scales in the study inherited the Noorvee scale (2016). The results showed that the effectiveness of internal control systems was at an acceptable level with a score of 3.442/5 points.
Recently, Anh and colleagues (2020) studied the factors affecting the effectiveness of internal control in cement manufacturing companies. The study used the factors of 5 elements constituting internal control (COSO, 2013) as independent variables and the dependent variable of internal control effectiveness was measured as in the study of Ho Tuan Vu (2016), Hung and Tuan (2019). The study surveyed 210 managers and employees at Vietnamese cement companies with the support of SPSS software to assess the reliability of the scale through Cronbach's Alpha coefficient and exploratory factor analysis (EFA). The research results showed that the above factors have a positive relationship with the effectiveness of internal control. There are also studies contributing to the theory and reality of internal control in a specific industry or field such as: Ngo Tri Tue (2004), Nguyen Thu Hoai (2011), Pham Binh Ngo (2011), Bui Thi Minh Hai (2012), Nguyen Thi Lan Anh (2013), Pham Thanh Thuy (2015).
Thus, according to previous research, the author found that the assessment of the effectiveness of internal control is based on the perception of managers. The dependent variable of the effectiveness of internal control is measured through three indicators: Efficiency and effectiveness of operations, reliable financial statements, and compliance with relevant laws and regulations. The structure/component of internal control affects the effectiveness of internal control: assessing the impact of each component of internal control or assessing based on the latent variable of the structure/component of internal control on the effectiveness of internal control.
Through the research overview, the author has some comments as follows:
- The term “Internal Control Structure” is used by authors around the world instead of Internal Control/Internal Control Components. The Internal Control Components here are based on the 5 elements of Internal Control of COSO (1992, 2013). When summarizing previous studies, the author found that in addition to the 5 elements of Internal Control, some authors have discovered a number of new factors related to the characteristics of the enterprise that affect the effectiveness of Internal Control.
- Previous studies on internal control are mostly based on the research direction of organizations: COSO, COCO, BASEL... and some prestigious authors to build models and scales.
- The application of contingency theory in organizations to internal control research has not been mentioned much in previous research works. Factors with organizational characteristics are rarely found in internal control research, especially in Vietnam. Those mentioned factors are focused on examining the relationship with management control.
- The research on internal control by authors in the world often rarely mentions the 2-layer model: examining the relationship between factors to the internal control components; the relationship between the internal control components and the effectiveness of internal control. Most of the previous studies follow the single research model and regression testing. Moreover, previous studies on internal control are often focused on the fields of production and banking finance.
2.1.4. Research gap
Through synthesizing both domestic and international studies, the author discovered that there are many studies on internal control under different aspects, in different contexts and associated with different industries. The author found that:
Firstly, previous studies have investigated factors affecting internal control in specific enterprises such as SMEs, as well as necessary recommendations on internal control in Vietnamese SMEs, which are still lacking.
Second, the synthesis of previous studies on factors affecting internal control shows diversity in both breadth and depth. Previous studies mainly focused on studying the effectiveness of internal control through examining the component factors according to the COSO perspective or adding a few new factors related to the specific characteristics of the researched enterprise. Previous studies mostly focused on studying factors affecting the management control system, not many studies mentioned the factors affecting internal control.
Third, the study also pointed out that the factors: culture and information technology have only been mentioned in studies on factors affecting management control systems, and have not been mentioned much in studies on factors affecting internal control. Therefore, the author will clarify the impact of these factors in this study.
Fourth, this study not only clarifies the factors affecting internal control, but also expands the research direction to the impact on the effectiveness of internal control in public non-business enterprises in Vietnam.
Fifth , there are also many studies on internal control in Vietnam. However, most of the studies focus on applied research on internal control for some specific fields and industries. Also following the research direction of previous studies; this study links the research topic to the non-life insurance industry with many specific features; thereby, recommendations will be made to improve the effectiveness of internal control in non-life insurance enterprises in Vietnam.
2.2. Theoretical basis
2.2.1. Internal control
2.2.1.1. Concept of internal control
Before the 1930s, the concept of “internal control” was limited to the scope of “internal control”. Later, internal control was understood as a combination of a system of checks and related departmental procedures, in which a person performs his duties independently and checks the work of others as distinct factors related to the ability to detect fraud (Sawyer et al., 2003). This concept highlighted the issue of separating the performer and the checker with the purpose of checking to detect fraud. By 1929, the term internal control was officially mentioned in the publication of the US Federal Reserve, according to which internal control was understood as a tool to protect money and other assets, while promoting operational efficiency.
With the process of awareness and research on internal control, there have been many different views on internal control. In 1949, the American Institute of Certified Public Accountants (AICPA) introduced the first concept of internal control. In this concept, AICPA mentioned a number of new issues such as internal control is the organization's plan and related measures and methods accepted and implemented in an organization to protect assets, check the accuracy and reliability of accounting data, promote effective operations, and encourage compliance with established management policies . By 1977, the concept of internal control system began to appear in the legal documents of the US House of Representatives, with lessons learned after the scandal with illegal payments to foreign governments. By the 1980s, with the collapse of a series of joint-stock companies in the United States. Legislators pay more attention to internal control and issue many guiding regulations such as: regulations on ethical rules, control and clarification of internal control functions and regulations on prevention of financial statement fraud. In 1992, AICPA revised the concept of internal control to meet management needs. Accordingly, internal control is understood as the organization's planning and all the combinations of methods and measurements recognized within the organization to ensure the safety of assets, check the accuracy and reliability of accounting data, promote the effectiveness of operations, promote participation in regulations in the organization . With the introduction of the improved internal control concept, AICPA has expanded internal control not only related to accounting inspection but also associated with ensuring the safety of assets, compliance with the regulations of the unit, minimizing risks and achieving the goals of the organization.
In 1992, COSO unified the concept of internal control to serve the needs of different subjects to support the US National Council Committee on Fraudulent Financial Reporting of the US National Council (Treadway Commission). COSO gave a complete concept of internal control and used the term internal control instead of internal audit on accounting. COSO's report determined: Internal control is understood as a process, affected by the Board of Directors, managers and other members of the organization, designed to provide reasonable assurance regarding the achievement of objectives of: Effectiveness and efficiency of operations; Reliability of financial statements; Compliance with laws and regulations (COSO, 1992). This report has established a common framework to help the unit achieve the most important goal of improving the effectiveness and efficiency of operations. Internal control consists of 5 components that are closely related to each other, which are: Control environment; Risk assessment; Control activities; Information and communication and Monitoring. In those 5 components, "Monitoring" is mentioned as a process of monitoring and evaluating the quality of internal control to ensure that the contents of the policy are implemented, adjusted and continuously improved so that this system can operate well. With the concept of internal control of COSO, there has been a new step forward compared to
with AICPA such as: considering internal control as a process, not just limited to accounting; Emphasizing the role of managers in internal control; Expanding the 3 goals that internal control aims for .
After a series of frauds leading to the bankruptcy of large enterprises in the world such as: Enron Energy Corporation, Worldcom Telecommunications Corporation, Kmark Retail Corporation... In 2002, the Sarbanes-Oxley Act (SOX) was enacted in the United States, Section 404 of the Act emphasized the importance of corporate internal control. The Act requires enterprises not only to establish and maintain internal control but also to require managers and independent auditors to evaluate and report on the effectiveness of internal control. The US Securities and Exchange Commission (SEC) emphasized the important role of internal control and specified that the COSO framework can be used for the purpose of annual assessment of internal control by management. The COSO report (1992) was not really complete but it established the basic theoretical basis of internal control. With many concepts of organizations and research authors based on the concept of COSO.
In 2003, IFAC issued International Auditing Standard 315 (ISA 315) “ Understanding the business situation, environment of the enterprise and assessing the risk of material misstatement ” on the basis of comprehensively mentioning the concept of risk in auditing. This standard replaced ISA 310 and ISA 400. The view on internal control in ISA 315 has changed a lot compared to previous auditing standards. According to ISA 315, internal control is understood as a process designed and controlled by managers and employees in an organization to provide reasonable assurance about achieving objectives related to the reliability of financial statements, operational efficiency and management efficiency and compliance with regulations and laws . ISA 315, the concept of internal control has many things in common with COSO report (1992) such as: Internal control is a process, emphasizing the participation of members of the organization, emphasizing the role and responsibility of managers and internal control to ensure reasonableness in achieving the objectives of internal control.
Besides the concepts of internal control of associations, some authors also give other internal control concepts such as:
In 2009, Moeller inherited and further developed the concept of COSO for the purpose of internal audit. Moeller (2009) stated that internal control is a process and internal control not only has three goals but also adds other goals such as protecting assets, implementing the mission, goals and results of the unit's activities or programs, ensuring integrity and ethical values. Accordingly, internal control is a process designed by managers and applied in the unit to provide reasonable assurance on: Reliability of financial information and operational information; Compliance with policies, procedures, rules, regulations and laws; Protection of assets; Ensuring effective performance in implementing the unit's mission, goals and results of activities or programs; Ensuring integrity.
Integrity and ethical values . Moeller's concept has many similarities with COSO such as: Internal control is a process; Designed by managers and employees; Ensures the implementation of set goals. The most prominent point of this concept is that the author adds the goal of ensuring integrity and ethical values.
Arens and Loebbecke (2000) to achieve the goal, it is necessary to build an internal control system, according to which the system includes specific policies and procedures designed to provide managers with reasonable assurance to achieve the set goals. Those goals include: Ensuring the reliability of information; Protecting assets and records; Promoting the effectiveness of operations; Strengthening adherence to policies and procedures . With this concept of internal control, there are many similarities with COSO, here the author emphasizes strengthening adherence to policies and procedures; there is a difference in considering internal control as a system.
King (2011) believes that internal control is a process by which the enterprise achieves its goals, results as well as plans to implement power, arrangement, supervision in the entire enterprise or separation of tasks . Barnabas (2011) believes that internal control is a synthesis of enterprise elements (including resources, systems, processes, culture, structure and tasks) that help employees achieve the enterprise's goals . Shim (2011) believes that internal control is a part of the enterprise's management system. It is a plan, a means and ways to protect assets, check the correctness of implementation, ensure operational efficiency . It helps enterprises avoid violations, detect and correct them promptly, and achieve goals as well as predict the contexts in which violations occur. Through studying the concept of internal control of the authors mentioned, the author found the following characteristics: Internal control is a process; structure of internal control; Ensuring the set goals; Internal control is an inseparable structure of corporate governance; Providing additional goals of preventing violations.
In 2011, IFAC introduced the concepts of internal control, in which the broader and deeper concept of internal control is: Internal control is an integral part of the organization's governance and risk management system, understood, influenced and controlled proactively by the board of directors, managers and other personnel to take advantage of opportunities and combat risks, in accordance with the risk management strategy and internal control policy established by the board of directors to achieve the organization's goals, including: Implementing effective operational and strategic processes; Providing useful information to external and internal users to make timely and accurate decisions; Ensuring compliance with applicable laws and regulations as well as the organization's own policies, procedures and guidelines; Protecting the organization's resources from loss, fraud, abuse and destruction; Protecting the ability to access
continuous, secure and complete access to information systems including information technology . This concept is similar to the viewpoint of Arens and Loebbecke (2000) such as: Internal control is a system; Ensures the set objectives; adds information systems including information technology.
After 21 years, in 2013, the COSO Committee updated and improved the report issued in 1992, aiming to increase the understanding, clarity and ease of application in practice. The globalization of the world economy and the development of information technology on a global scale have led to high requirements for information transparency. COSO (2013) inherited the concepts and components of internal control from COSO (1992). It further developed and expanded by providing 17 principles to explain the concepts related to the 5 components of internal control (control environment, risk assessment, control activities, communication and monitoring) and providing guidelines on risk management and measures to minimize fraud, thereby helping to improve operational efficiency as well as enhance the supervision of the unit. However, COSO has provided 17 principles associated with 5 components of internal control for units. When applying to evaluate specific units, depending on the characteristics of the enterprise, there must be appropriate adjustments to evaluate internal control to be appropriate.
Through the process of synthesizing the concepts of authors and organizations around the world, the author has found some common issues: Internal control is the inspection, supervision, maintenance and adjustment of the unit's activities. Internal control is considered a process or a system, designed by managers and employees, to ensure the set goals such as: ensuring reliable and understandable information, protecting assets and documents, ensuring operational efficiency, complying with the law and controlling risks, minimizing future violations of the unit .
In the context of Vietnam, along with the trend of globalization of the world economy, the field of accounting and auditing has also had approaches following international trends. In 2001, the Ministry of Finance issued VSA 400 - Risk assessment and internal control ; and internal control is understood as regulations and control procedures developed and applied by the audited unit to ensure that the unit complies with laws and regulations, to check, control, prevent and detect fraud and errors; to prepare honest and reasonable financial statements; to protect, manage and effectively use the unit's assets". According to VSA 400, internal control is considered a system and emphasizes risk assessment. In 2012, the Ministry of Finance issued VSA 315; Accordingly, internal control is considered as a process designed, implemented and maintained by the Board of Directors, Management and other individuals in the unit to create reasonable assurance about the ability to achieve the unit's objectives in ensuring the reliability of financial statements, ensuring efficiency, effectiveness of operations, compliance with laws and related regulations . Concept of internal control