Third, information and communication of information
Information and communication are the decisive conditions for establishing, maintaining and improving control capacity within the unit through the formation of reports to provide information about activities to stakeholders. objects used both inside and outside the unit. The information is very diverse, including financial and non-financial information. Information is identified, collected, processed and reported through the information system. The unit's information system can be processed manually or through a computer system or a combination of both, but must ensure the information quality requirements are appropriate, timely, updated, and informative. Reliable and convenient access. However, the quality of information depends on the functionality of the control activities carried out in the entity.
Information systems need to provide information to appropriate individuals or departments to perform their jobs to achieve organizational goals. Information and communication within an organization must meet the following requirements:
Firstly, every member of the unit must clearly understand their work and responsibilities, fully and accurately receive instructions from superiors, clearly understand the relationship with other members and be able to use appropriate methods. means of communication within the unit; Second, information from outside (customers, suppliers, banks,...)
Maybe you are interested!
-
The Role and Objectives of Internal Control System in Commercial Banks -
Organizing internal control system in budget units under the Ministry of National Defense - 25 -
Initial Research Model on Factors Affecting the Internal Control System on Social Insurance Collection -
Factors affecting the effectiveness of internal control system in social insurance collection at Binh Duong Provincial Social Insurance - 19 -
Research on Internal Control System in Relation to Risk Management
must be received and recorded honestly and fully, so that the unit can respond promptly. Information reported to external parties (state, shareholders,...) also needs to be communicated promptly, ensuring reliability and compliance with the law.
In business information systems, the focus of ISA 315 emphasizes the accounting information system - an important subsystem of the information system with the goal of financial reporting. An accounting information system includes procedures and documents designed to collect, record, process and report economic transactions that arise, affecting the ability of managers to
Make reasonable decisions in managing and controlling the unit's activities to ensure the reliability of financial reports and operational efficiency.
Fourth, control activities
Control activities under IFAC include control policies and procedures designed to ensure management direction as well as necessary actions to handle and control risks that threaten the process. The process of achieving business goals is implemented. Control activities, whether performed manually or through information technology systems, always aim at many different goals and are implemented differently at all levels and functions of the business. career.
In terms of viewing control activities for audit purposes, the types of control activities illustrated in ISA 315 include: reviewing the implementation of activities, controlling the information processing process, material control, division of tasks,...
Fifth, monitoring activities
Monitoring according to IFAC, is a process of evaluating the quality of internal control operations. The assessment addresses the design and operation of control policies and procedures over time in order to make necessary corrections. The monitoring performed is the basis for ensuring that internal control continues to operate effectively.
Overall, the contents of control environment, risk assessment, information and communication, and control and monitoring activities presented in ISA 315 are very detailed, clear, and truly useful. Useful for financial audit purposes. However, they cannot be considered as elements of the same type in a unified whole that creates the internal control system in a unit or organization. Risk assessment, control, and monitoring are not of the same nature as the control environment or information system. They are activities in the internal control process performed by employees or managers within the unit. In essence, ISA 315 refers to the concept of "internal control" but not "internal control system". The control environment includes factors that affect the design and processing of data under various types of control
different types of control, while risk assessment, control and monitoring activities are manifestations of the operation of various types of control in the unit's internal control process.
According to COSO, internal control is also affected and expressed in the following aspects : Control environment, risk assessment, information and communication , control and supervision activities . Overall, COSO's concept is quite similar to IFAC. The reason for unifying COSO's Internal Control Report is to serve different purposes, not just for use in financial auditing, so COSO approaches and presents aspects on a broader scale. . From COSO's Report on Internal Control, there have been many extensive studies as a basis for applying internal control to fields (both in the public and private sectors) such as the banking system. and credit, programs and projects (such as the World Health Organization project in Vietnam); into specific activities of the unit such as planning, organizing, purchasing, distributing, research and implementation, risk assessment in the enterprise, etc. Although there are still shortcomings in the content of internal control. (such as the content of supervision) but the views of IFAC, COSO or researchers have shown developments in both the role and content of internal control. Internal control does not only stop at activities serving mandatory requirements from superiors or the legal system but also focuses on practical, specific control activities according to the management requirements of the unit. . Internal control not only has the role of ensuring traditional goals but also supports and creates added value for the organization.
1.2. Internal control system in enterprises
1.2.1. The nature and role of the internal control system
1.2.1.1. The nature of the internal control system
According to the Great Vietnamese Dictionary, a system, in the most general sense, is "a unity created by elements of the same type, with the same function, closely related to each other" or "a unity consisting of ideas, principles, and rules are closely and logically linked together" [ 47, p693 ] . According to the English - Vietnamese Business Economics Dictionary, "an internal control system is a system of methods, methods, or inspection regimes within a company to promote efficiency and ensure implementation of policies and preservation of company assets" [ 16, p128 ] Similarly, in the Dictionary of Market Terms
British - Vietnamese Securities, "the internal control system is a method and method established to stimulate productivity, ensure policy completion and ensure asset safety" [ 27, p216 ]
According to the Auditing Standard on Risk Assessment and Internal Control (formerly ISA 400) of the International Federation of Accountants:
“ The internal control system includes all policies and procedures (types of control) applied by the unit's managers to ensure the implementation of specified goals such as: implementing operate effectively and comply with the law, closely following the policies that managers have set; asset protection; prevent and detect fraud and errors; ensure the completeness and accuracy of accounting information; prepare reliable and timely financial reports” [88].
The concept of internal control system according to IFAC is first of all concerned with the effective implementation of the unit's activities on the basis of compliance with the law, then, with a focus on accounting control, the system The entity's internal control needs to ensure objectives related to the fair and accurate presentation and disclosure of financial information.
In the US, one of the first concepts of internal control system was defined by the American Institute of Certified Public Accountants (AICPA ), on the basis of appreciating the importance of in the relationship between the internal control system and the work of auditors (CPA - Certified Public Accountant ). Accordingly, the internal control system is understood as:
“A system of organizational plans and all recognized methods of coordination used in business to protect the assets of organizations, check the accuracy and reliability of accounting information, and promote operational efficiency and encouragement, closely following the proposed management policy" [87].
This concept was also used by the US Securities Exchange Commission (SEC - Security Exchange Commission) as the basis for introducing the Securities Exchange Act in the US in 1934 and for a long time, it had a significant influence. to the actual work of America's independent auditors. In the Standards System of the Institute of Accounting
Canadian Notary Public (CICA - The Institute of Charter Accountants) , the concept of internal control system is also defined similarly. In Vietnam, according to Auditing Standard 400 - Risk assessment and internal control issued by the Ministry of Finance under Decision 143/2001/QD - BTC dated December 21, 2001 , then :
“Internal control system is understood as the regulations and control procedures developed and applied by the audited unit to ensure the unit's compliance with laws and regulations, to inspect and control control, prevent and detect fraud and errors; to prepare honest and fair financial reports; to protect, manage and effectively use the unit's assets".
Thus, the concept of internal control system from the perspective of Vietnam Auditing Standards as a guide to the auditor's practice process is essentially more concerned with accounting internal control than with internal administrative control. This is a common feature that is not only reflected in Vietnamese Auditing Standards but also in the spirit of International Auditing Standards, or auditing standards of each country, such as AICPA Auditing Standards. before ( point 7 mentioned above).
The views of the current VSA 400 and the previous ISA 400 on the internal control system are almost identical. Authors Hugh A. Dams and Do Thuy Linh (2008) based on the comparison between Vietnamese Auditing Standards and International Auditing Standards, concluded that the differences between ISA and VSA are insignificant. significantly [ 25 ] . VSA 400, ISA 400 also show the same spirit. However, after the scandals of Enron Group and many large corporations in the world such as Xerox, Worldcom,... and the collapse of one of the six largest audit firms in the world, Anthur Andersen in 2001, 2002, most recently the financial crisis at the end of 2008 in the US involving banks such as Lemahn Brother,... showed the trend of shifting from traditional auditing approaches to auditing approaches. Accounting based on risk assessment is an inevitable trend. Changes, amendments and supplements to a series of IFAC's international auditing standards in the direction of adapting to changes in an increasingly diverse and complex international business environment on the basis of globalization and globalization. The rapid development of information technology is the premise for a series of changes in audit standards in countries around the world. After ISA 315 comes into effect from
On December 15, 2004, many national associations of practicing auditors drafted and officially issued Standard 315 on the basis of ISA 315 such as England and Ireland, Hong Kong, India, South Africa, Germany, France...
In response to these changes, in Vietnam, the Ministry of Finance has authorized the Vietnam Association of Certified Public Accountants (VACPA) to research, draft and update the Vietnam Auditing Standards System in accordance with the current regulations. Current International Auditing Standards according to Decision 1053 dated May 13, 2008. Up to now in Vietnam there is no Auditing Standard on understanding the business situation, the environment of the enterprise and assessing risks according to ISA 315 and VSA 400 that are still in effect.
According to Alvin A. Arens and colleagues [ 1, p196 ] , the reason for a unit to build a control system is to help that unit achieve its goals. Accordingly, the system includes specific policies and procedures designed to provide managers with reasonable assurance about the realization of stated objectives. These policies and procedures are implemented through the control process. Combining them together forms the internal control structure of that unit. Most generally, managers are interested in the following goals:
Ensuring the reliability of information: Managers need to have information that accurately reflects reality to manage activities in the unit;
Protection of assets and books: including physical assets and immaterial assets (documents storing important information of the unit - the author) need to be protected by the internal control system suitable to prevent and minimize the possibility of them being stolen or damaged;
Promote efficiency in operations: Internal control within a unit needs to ensure the effective use of resources, limit waste and unnecessary effort for the unit;
Strengthen adherence to established policies and procedures: This goal demonstrates the need for individuals and departments within a unit to comply with the rules and regulations that the unit has established. . Furthermore, from the overall perspective of the unit, its activities need to comply with laws and regulations to ensure sustainable development in the economy.
On the basis of synthesizing different views on the internal control system, Associate Professor, Dr. Ngo Tri Tue and his colleagues have come to a general concept of the internal control system: "The internal control system". Internal control is a system of policies and procedures established to achieve four basic goals: protecting the entity's assets; ensure the reliability of information; ensure the implementation of legal regimes and ensure the effectiveness of operations" [ 41 ] . The content of the internal control system is reflected in the control policies and procedures established by managers on the basis of compliance with the law, while also expressing ideas, opinions and philosophies in management and Managing all aspects and areas of activities carried out in that unit or organization. The basis for designing these policies and procedures must be to follow basic principles in organization and control to ensure good implementation of the goals pursued by managers. Thus, in essence, this concept is consistent with the nature of the meaning of the word "system" according to the Great Vietnamese Dictionary, as a "unified whole, including related ideas, principles, and rules." linked together in a coherent and logical way" [ 47, p693 ] . Furthermore, this concept is general and can be used to study the internal control system in all types of units in different fields such as business, administration or career. With high generalization, this concept is applied by the Author to research the internal control system in garment enterprises on the basis of concretizing general theory into a specific field with unique characteristics. enemies of these enterprises (presented in Section 1.3 of the Thesis).
1.2.1.2. The role of the internal control system for businesses
An effective internal control system is the basis for ensuring the success of units, organizations in general and businesses in particular. The effectiveness of the system is first shown in the fact that managers design adequate control policies and procedures that are appropriate to the characteristics of the business, and then communicate them to employees at all levels to operate. practice them continuously during the performance of activities. The basic role of the internal control system is to ensure the realization of the enterprise's goals. Specifically:
First, protect the assets of the enterprise: The assets of the enterprise include both tangible and intangible assets, including information expressed in
different documents. They can be stolen, damaged, or misused if managers do not pay attention to designing control procedures and requiring employees in the unit to implement them to minimize risks. risks related to assets.
Second, ensure the reliability of information: in the process of making decisions and operating business activities, managers need many different types of information (including financial information and operational information). ; official or unofficial information; internal and external information of the enterprise, etc.). Information must be timely and reliable to quickly, fully and objectively reflect the current state of the enterprise's operations. By implementing appropriate control procedures, these characteristics can ensure that information is available and useful for the management process.
Third, ensure compliance with legal regimes: production and business activities represent the enterprise's relationship with relevant parties, both inside and outside the unit. They are regulated and governed by legal regulations. When these regulations are not respected, business operations cannot continue as normal. Appropriate control procedures are the basis for creating and maintaining the awareness of compliance with laws, regimes, rules and regulations of members of the unit, so that the enterprise can survive. and sustainable development.
Fourth, ensure operational efficiency and management efficiency: Operational efficiency is the goal that any manager in any business pursues. Properly implemented enterprise control activities can prevent and minimize the risks of wasting resources or ineffective use of resources at the unit. In addition, through assessing the ability to achieve set goals or plans, combined with a regular or periodic monitoring mechanism of activities, the internal control system contributes to promoting and improving capacity of managers in enterprises.
Thus, an effective internal control system plays a fundamental role in helping businesses realize different goals. However, with the development of awareness of internal control in accordance with the requirements set by practice (analyzed in Section 1.1.3), the role of the internal control system does not stop.