Relation of Internal Audit with Departments of Operational Risk Management Organization at State Banks

Figure 3.5: Relationship of internal audit with departments in the operational risk management organization at state-owned commercial banks

Administrative Council

- Approving the Disaster Risk Management Policy/Framework

- Ensure the right risk strategy

Senior Executive Board Implement Disaster Risk Management Policy/Framework

Maybe you are interested!

Risk Management Committee

-Research and propose the taste of natural hazards

- Uniform regulations on measurement and assessment of natural hazards

-Ensure the level of disaster risk within the allowable framework, the effectiveness of the implementation of the disaster risk management policy and the early warning system.

RRTN – Related functional parts

- Compliance

- Personnel

- Insurance

- IT

- Legislation

Risk management staff at Head Office

Internal audit

- Independently inspect and supervise operational activities

- Give early warnings

- Check and monitor the effectiveness of the disaster risk management system

- Proposing to amend and supplement the disaster risk management policy

-Comment on whether the CS is being followed and effective

Risk management director

Head of Risk Management Department

Running BP business

Risk management staff in business

In the 3rd layer of defense, the internal audit must perform the role of giving an independent opinion on the operational risk management work at the units as well as evaluating the risk management department at the Head Office according to the following criteria: audit principles. Improve skills and capabilities of internal auditors of the State Commercial Bank

To help the internal audit organization operate effectively, the solution to improve internal auditor resources is important. The problem facing SOCBs today is the uneven distribution of audit human resources between the Head Office, regions and representative offices; Specifically, highly qualified human resources are concentrated in the Head Office. At the same time, the lack of formal training and development programs for internal audit leads to the risk of not meeting the quality requirements of internal audit throughout the system and poses challenges to the implementation of resources. human resources in the future (after the restructuring process), especially it is difficult to fire people in SOCBs.

Therefore, the requirement for SOCBs is to develop a strategy for human resource development in general and internal audit personnel in particular. Internal audit work should be performed with proficiency (in terms of knowledge, skills and other required competencies) and professional prudence. This can only be achieved when the bank's internal auditors are enhanced with knowledge and skills through continuous training, suitable for each job level of the internal audit department. Some specific recommendations that can be implemented in the immediate future are:

- Enhance the sharing of experience, information and knowledge management system between the Head Office and the Region and the Branches to close the gap in expertise;

- Increase publicity and transparency of remuneration and reward regimes. The establishment of a Committee on Human Resources, Salary and Rewards of some banks has helped the Board of Directors to closely monitor the management of staff and employees of each branch to effectively deploy human resources throughout the system.

- Enhance / automate / streamline workflow. Using the online system in the exchange and analysis of information and documents. For audit work, it is necessary to invest in building internal audit software of the bank, managing documents for scientific audit work to avoid overlapping work, save time and audit costs; create conditions for auditors to conduct audits.

- Periodically, there should be a program to re-evaluate the skills of the current internal audit based on the actual needs and operational goals of each bank. Assess the need to outsource experts for large, complex thematic internal audits.

- Develop training programs that include strengthening and developing both audit skills and personal skills. Attendance and completion of training programs are mandatory in assessing the quality of internal auditors. The training program is not only for internal auditors, but also pays attention to develop appropriate training programs for banking staff as well as risk managers to help prevent risks from occurring. fraud, error. Thereby making the internal audit work more effective.

- Develop a plan and periodically implement the staff rotation plan between the internal audit department and other specialized departments. This plan should be included in the internal audit policy of the banks. The rotation of staff will reduce conflicts of interest between departments in the bank, and at the same time ensure the harmony between the demand for personnel with audit expertise and those with banking expertise.

- Building capacity model with audit support tools and training system;

- Design policies and procedures for recruiting human resources suitable for the positions to be recruited. The person in charge of the employment department should be allowed to participate in the final recruitment process;

- Develop policies and strategies for training internal auditors suitable for positions ranging from senior management, to middle management and internal audit staff;

- Building a model for calculating the balance score in the management, testing and evaluation of capacity and ability to complete tasks as well as evaluating the effectiveness in the work quality of internal audit staff.

Figure 3.6 below provides an overview of the qualifications and competencies required for a bank's internal audit in accordance with international practices.

Figure 3.6: Qualities and competencies for bank internal auditors [32]

  3.4. basic conditions for finishing the process and organization of internal audit apparatus in 1


3.4.1. On the side of the State management agencies and the State Bank of Vietnam

Firstly, to improve the legal environment towards consistency in the current regulations on bank internal audit, ensuring the effective implementation of the role and objectives of internal audit.

Second, identify the leading role of the State Bank in efforts to encourage the soundness of the financial system by increasing the risk management capacity of banks.

Third, enhance the role of the banking safety supervisor by reforming banking supervision and inspection processes by applying the key principles of effective banking supervision. Basel Committee.

Fourth, improve the capacity of the management agencies, ensure the coordination at the macro level between the State Bank, the Ministry of Finance and other ministries. Continuing to research, develop and issue accounting standards on derivatives, risk prevention, etc., creating a basis for the process of reflecting and recording information on the bank's financial statements. in line with international practices.

3.4.2. To the State Commercial Banks

State-owned commercial banks must make efforts in many aspects to make it possible to perfect the process and organize the internal audit apparatus. Specifically:

Firstly, perfect the internal control system according to international standards, principles and practices. Thereby allowing the control of the bank's internal control objectives to be achieved according to international standards, creating favorable conditions for current and future internal audit work (such as meeting Basel requirements). . Completed content according to the COSO management framework includes:

(1) Completing the control environment

- The important thing in the control environment lies in the honesty and ethics of the Board of Directors, thereby forming the cultural foundation of each bank through the commitment of the Board of Directors;

- In the organizational structure, the bank must ensure the independence between the Board of Directors (orientation department) and the Executive Board; encourage independent members not to participate in the operation; ensure the principle of four eyes in management; creating a transparent environment to help the bank operate in line with the market and protect the interests of shareholders. For non-equitized SOCBs, it is necessary to promote the equitization roadmap at an appropriate time, ensuring consistency in the application of practices and standards among state-owned commercial banks after equitization.

- An appropriate reporting system must be established to ensure the role of the board of policy making; Committees under the Board of Directors put the policy into practice and assign it to the Board of Directors to implement. It is necessary to enhance the role of Committees in receiving and providing information to ensure transparency throughout the system from the top down and from the bottom up in order to establish the control environment and specific culture of each bank. .

- Having policies to attract talented people to create a safe and sustainable working environment.

(2) Perfecting the risk assessment and management system through the design and operation of control points to ensure the prevention and early detection of risks to the system. Thereby providing warning information to the internal audit department.

(3) Completing the information system and information exchange mechanism. In a bank, the operation of the MIS system is important, helping the bank focus its resources on solving major and fundamental problems. The effectiveness of the MIS system is a basic condition for improving risk management, helping internal auditors to collect convenient and accurate information.

(4) Improve control activities and monitoring mechanism. Internal audit is a part of the independent monitoring mechanism and quality assessment process of internal control in the bank. This process is accomplished through continuous monitoring, separate assessments, or a combination of both. Therefore, improving the effectiveness of the supervision mechanism will affect the quality of internal audit activities.

Second, perfect the accounting system according to international standards. Currently, there is still a gap between Vietnamese and international accounting standards in the banking sector. If the accounting system of SOCBs operates based on common standards and practices, the process of information reflection and control is reliable. Thereby helping to reduce the workload, time and cost of internal audit. Therefore, it is necessary to allow SOCBs to re-evaluate assets at market prices and record an increase in charter capital when assets increase. If this condition is fulfilled, it will contribute to increase the equity capital to improve the competitiveness in the integration process of SOCBs in the new period.

3.4.3. On the side of the internal audit organization of the State Commercial Bank

To complete internal audit activities, the organization itself needs to ensure the following conditions:

- Raise awareness, roles and responsibilities of auditors about internal audit activities. Building a careful audit culture right in each professional process and operation of auditors.

- Develop a coordination mechanism in the exchange of information on professions and occupations on the basis of compliance with professional ethics, professional and professional standards; as well as the charters and principles on banking audit as prescribed by relevant organizations at home and abroad.

- Capacity building for internal auditors in terms of skills and abilities. Take professional courses on internal audit.

- Strengthening audit quality control in terms of apparatus, processes, records and audit work papers to ensure that the bank's internal audit activities meet the requirements in accordance with international practices.

Conclusion of chapter 3

From the actual situation of the process and organization of the internal audit apparatus in SOCBs in Chapter 2, on the basis of analyzing the advantages, limitations and pointing out the causes of existence, based on orientations, views, On the principle of perfection, the researcher proposed some basic solutions to improve the quality of internal audit in SOCBs. The new point of chapter 3 is to point out that the urgent requirement to renew the internal audit of banks in the current period is to change the risk management structure of SOCBs to approach international standards and practices. as the basic premise to apply Basel II in the right way to the regional and world integration roadmap. From a modern risk management structure to deal with the relationship between the Board of Directors, Committees (including the Audit Committee), BOM and internal audit as recommended by international organizations, be applied in accordance with the socio-economic characteristics of Vietnam. In which, the NCS clarified the solution on perfecting the risk-based internal audit method and process as a supporting tool for the internal audit in the new period. At the same time, he pointed out that an important condition for perfecting internal audit is through perfecting the internal control system and accounting system of SOCBs in accordance with the SBV's regulations and international practices.


Internal audit is an important part of the inspection and supervision system of the commercial banking system. In recent years, under the impact of the global financial crisis, the world banking system in general and in Vietnam in particular, has revealed great limitations, one of which is the organization of the banking process. The audit process and internal audit apparatus have not been given due attention. Whether internal audit will create added value for commercial banks through an independent and objective audit apparatus and a scientific and effective internal audit process; Does this organization help bank managers achieve their corporate governance, risk control and management goals?

Through understanding and studying the actual situation of the process and organization of the internal audit apparatus in the State-owned commercial banks of Vietnam, with the best efforts in theoretical and practical research and the full support of the State-owned commercial banks. With the love of teachers, instructors, banks and related units, the PhD student has completed the thesis topic: "Improving the process and organization of the internal audit apparatus in State-owned commercial banks. Vietnam" . The following conclusions can be drawn:

Firstly, the thesis clarifies the internal audit content in general (of the Association of Internal Auditors through the years 1978, 1999, 2011; International Federation of Accountants) and the internal audit of banks in particular. Researcher's opinion on internal audit of commercial banks. Indicate the change over time in the concept of internal audit and internal audit of the bank. Clarifying the relationship between management activities and internal control and internal audit. Clarifying the concept of internal audit of commercial banks is a premise to propose solutions to improve the process and apparatus of internal audit of commercial banks.

Secondly, the thesis clarifies the theory about the process and organization of the internal audit apparatus of commercial banks, including: organization of audit content, audit process and audit methods; organizational model and structure, internal auditors. At the same time, learn about internal audit experience at some commercial banks in the world and draw valuable lessons for Vietnam's SOCBs.

Thirdly, the thesis has surveyed, analyzed and evaluated the current status of the process and organization of internal audit apparatus at Vietnam's SOCBs in recent years, including: organization of content, methods, and procedures. internal audit process; organizational structure and internal auditors at five SOCBs in recent years. Since then, the thesis has made important conclusions about the achieved and still limited aspects of the process and organization of the internal audit apparatus of SOCBs. Also indicate the cause of the limitations.

Wednesday,Based on the orientations, views and requirements of the improvement, the thesis has proposed a system of solutions including: Group of solutions to improve the internal audit process and group of solutions to complete the internal audit process. internal audit machine. The solutions point out that the urgent requirement to renew the internal audit of banks in the current period is to change the risk management structure of SOCBs to approach international standards and practices, as a basic premise. to apply Basel II in accordance with the regional and world integration roadmap. From a modern risk management structure to deal with the relationship between the Board of Directors, Committees (with an Audit Committee), BOM and internal audit according to the recommendations of international organizations, with appropriate application. with the socio-economic characteristics of Vietnam. Specifically, the author clarifies the solution to improve the risk-based internal audit method and process as a supporting tool for internal audit in the new period. At the same time, it is pointed out that an important condition for perfecting internal audit is through perfecting the internal control system

Ministries and accounting systems of SOCBs in accordance with regulations of the State Bank and international practices.

The topic: "Improving the process and organization of the internal audit apparatus in the State-owned commercial banks of Vietnam" is a topical topic for Vietnam in both theoretical and practical aspects. the context of banking system reform is taking place strongly in countries around the world and in Vietnam today. Although there have been efforts in research and learning, but due to my own limited experience, the thesis cannot avoid shortcomings. NCS wishes to receive the guidance and suggestions of scientists, teachers and colleagues to improve the thesis.


1. Vu Thuy Linh (2009), "Applying Basel's principles to evaluate the internal control system in auditing financial statements of commercial banks", Auditing Journal , No. 2 (99), pp.48-49.

2. Vu Thuy Linh (2013), “Internal audit in operational risk management at commercial banks”, Journal of Accounting and Finance Research , 07 (120), pp.21-23.

3. Vu Thuy Linh (2013), “Internal audit by risk level at Vietnamese commercial banks - Importance and implementation method”, Banking Review , (16) August 2013, p.36-38.

4. Vu Thuy Linh (2014), “Organizing the internal audit process at the State Commercial Bank of Vietnam”, Journal of Financial and Accounting Research , 03 (128) 2014, pp.27-28, 54.

Date published: 25/01/2023
4.7/5 (1 votes)

Send Message

Agree Privacy Policy *